Members of five tech and business groups “raised concerns” about the “sensitive data” the Commerce Department seeks in its Sept. 24 request for information about risks in the semiconductor supply chain (see 2109230038), the associations wrote Commerce Secretary Gina Raimondo Wednesday. Members also worry “how the U.S. government intends to use the data it collects,” said the Computer and Communications Industry Association, the Information Technology Industry Council, the Security Industry Association, TechNet and the U.S. Chamber of Commerce. The RFI seeks especially sensitive information from chip companies and their partners upstream and downstream in the supply chain, including confidential sales and sourcing data, plus rundowns on order backlogs and an accounting of specific product shipments in the past month. The associations urge Commerce to treat the information submitted “with the sensitivity and anonymity necessary to avoid jeopardizing the dealings of any given business,” they told Raimondo. Much of the information requested also is “dynamic, with bottlenecks changing on a frequent basis, so we caution that the RFI may not yield information that presents an accurate picture of the semiconductor supply chain,” they said. They encourage Commerce “to consider the nature of this unique challenge and how the information requested through this RFI may unintentionally distort the realities of the semiconductor supply chain,” they said. “This underscores why the ongoing exchange of information and coordination between government and the private sector is vital.” Commerce didn’t comment. With RFI submissions due Monday in docket BIS-2021-0036, ITI, which took the lead in publicizing the letter, didn’t respond to questions about why the groups took more than a month to air their concerns publicly with Raimondo.
The Bureau of Industry and Security will add four companies in Israel, Russia and Singapore to the entity list for "malicious cyber activities" contrary to U.S. foreign policy and national security, BIS said; see also a State Department announcement. The two Israeli companies that include NSO Group supply malicious spyware to foreign governments, and the companies in Russia and Singapore “traffic in cyber exploits” that threaten the “privacy and security of individuals and organizations worldwide.” BIS' parent agency the Commerce Department said these additions -- which take effect Thursday, when they're to be published in the Federal Register -- reflect a government-wide effort to "stem the proliferation of digital tools used for repression." Adding NSO and others is "long overdue," Access Now said. It said the EU and other governments "should implement similar restrictions on surveillance tech companies who facilitate human rights violations. The privacy advocacy group wants the U.S. government to sanction owners and affiliates of NSO Group and Candiru, another company that's being added to the BIS list. NSO "is dismayed by" BIS' decision because "our technologies support US national security interests and policies by preventing terrorism and crime," emailed a company spokesperson. "We will advocate for this decision to be reversed.”
The House Foreign Affairs Committee's release of export licensing information for Huawei and China chipmaker SMIC (see 2110220019) doesn't present an accurate picture, the Commerce Department said. The agency's Bureau of Industry and Security approved more than a combined $100 billion worth of export licenses for shipments to Huawei and SMIC from November 2020 through April. Some pending applications were in BIS' “intent to deny” process and weren't part of the figures. That those denials weren’t included “risks politicizing the licensing process, discouraging good faith industry actors from participating in the licensing process, misrepresenting the thoughtful, evidence-based national security determinations made by BIS and other national security agencies,” a Commerce spokesperson said Friday, “and even undercutting U.S. technology leadership.” Huawei and SMIC didn't comment Monday.
The Bureau of Industry and Security approved $100 billion-plus worth of export licenses for shipments to Huawei and top Chinese chipmaker SMIC Nov. 9 through April 20, per documents released Thursday by the House Foreign Affairs Committee. BIS said it approved 113 licenses for Huawei -- about 70% of applications received -- for more than $61 billion worth of goods. The agency greenlit 188 licenses for SMIC -- about 90% -- for more than $41 billion. BIS denied two applications for Huawei and returned 48 without action during that period. It denied one for SMIC and returned 17. The companies are on the BIS parent agency's Commerce Department entity list.
The Bureau of Industry and Security will issue new export controls on certain cybersecurity items and create a new license exception for those exports, said an interim final rule Wednesday. It will establish more restrictions on items that can be used for “malicious cyber activities” by imposing a license requirement for shipments to certain countries, said BIS, part of the Commerce Department. The changes, effective Jan. 19, will align U.S. cybersecurity restrictions with controls previously agreed to at the multilateral Wassenaar Arrangement. BIS seeks comment on the changes by Dec. 6, says Thursday's Federal Register.
The Bureau of Industry and Security plans a virtual forum 9 a.m. EDT Oct. 29 to gather recommendations on bolstering the resiliency of “critical supply chains” for the U.S. information and communications technology industry “that are at risk of disruption, strain, compromise, or elimination,” says Tuesday’s Federal Register. Requests to give oral statements at the forum are due Friday. Submissions to listen in are due Oct. 27. Information collected at the forum will help the Commerce and Homeland Security departments prepare their report to the White House by the one-year anniversary of President Joe Biden’s Feb. 24 executive order on curing ICT supply chain disruptions. BIS also seeks comment by Nov. 4 on building more resiliency into ICT supply chains (see 2109170042).
The Commerce Department's Bureau of Industry and Security fined a U.S.-based telecom company $1.87 million for illegally exporting goods to Vietnam, BIS said in a Tuesday order. California-based VTA Telecom, a subsidiary of a Vietnamese state-owned telecom company, allegedly included false statements in its export applications to conceal defense end uses for the exports, BIS said. It said it will suspend about $200,000 of the penalty if VTA completes a two-year probationary period outlined in a settlement agreement with BIS, or if it dissolves its business. VTA agreed to spend $25,000 to improve its “ongoing” export compliance efforts and hire a trade compliance director for two years. If VTA doesn’t pay the fine or violates the agreement, BIS may deny the company export privileges. VTA Telecom couldn’t be reached for comment.
Comments are due Nov. 8 at the Commerce Department's Bureau of Industry and Security in docket BIS-2021-0036 to help the secretaries of Commerce and Homeland Security prepare a report to the White House on the global semiconductor shortage by the one-year deadline of President Joe Biden’s Feb. 24 executive order on America's supply chains, says Friday’s Federal Register. BIS put out a separate call for comments this week due Nov. 4 on supply chain disruptions in the broader information and communications technology sector, also under the Feb. 24 EO (see 2109170042).
Comments are due Nov. 4 at the Bureau of Industry and Security in docket BIS-2021-0021 to help the secretaries of Commerce and Homeland Security prepare a report to the White House on supply chain disruptions in the “critical sectors and subsectors” of the information and communications technology “industrial base” by the one-year deadline of President Joe Biden’s Feb. 24 executive order, says Monday’s Federal Register. The notice seeks information on the “needed capacities” of the U.S. for “ICT design and manufacturing of products and services, including the ability to modernize to meet future needs.” The agency wants the public to identify “gaps” in U.S. design and manufacturing capabilities, “including nonexistent, extinct, threatened, or single-point-of failure capabilities,” it says. Commerce and Homeland Security “are specifically interested in comments related to validation standards of component and software integrity, standards and practices ensuring the availability and integrity of software delivery and maintenance,” says the notice. They want to know what “security controls” are in place “during the manufacturing phase of ICT hardware and components.” The agencies seek “specific policy recommendations important for ensuring a resilient supply chain for the ICT industrial base.” The recommendations may include strategies for “sustainably reshoring supply chains," says the notice. It’s not the goal of U.S. chipmakers to “onshore everything,” Semiconductor Industry Association CEO John Neuffer told a Sept. 8 Center for Strategic and International Studies webinar (see 2109090001). “We’re trying to diversify our supply chains and spread out our risk.”
The Commerce Department's Bureau of Industry and Security could consider ways to speed up its emerging and foundational technology control effort, a congressional commission on China was told Wednesday. Acting BIS Undersecretary Jeremy Pelter acknowledged criticism the agency is moving too slowly implementing the 2018 Export Control Reform Act and defended the work BIS has done and said the agency doesn’t plan to change course. “I take your criticism to heart,” Pelter told the U.S.-China Economic and Security Review Commission (USCESRC), which published a report in June saying the Commerce Department “failed” to carry out its export control responsibilities over emerging and foundational technologies. If a technology is widely available, “and we're simply doing a unilateral control,” China will get the technology from elsewhere, “our industry will be harmed, and we will have gained nothing,” he said. How many years should Congress need to wait for action on foundational technology, asked Commissioner Derek Scissors of the American Enterprise Institute. Commissioner Michael Wessel, appointed to the USCESRC by House Speaker Nancy Pelosi, D-Calif., said BIS’ multilateral strategy has been “exceptionally slow.” Pelter pointed to the new EU-U.S. Trade and Technology Council, which is holding its first export control working group this month. "For too long, the U.S. position on digital trade has been to promote continued laissez faire," said Sen. Mark Warner, D-Va., in a statement Thursday as the council was launched. That's "even as we saw the downsides of this approach to technology governance," he added.