Fundamentals of U.S. Encryption Rules: Update on Legal and Compliance Issues and the Key Components of an Effective Compliance Program

Mar 25, 2019 9:00am - 12:30pm

Speakers

Ken Niven
Associate General Counsel
Juniper Networks

Steve Bird
Former Global Export Trade Manager
Cisco Systems

Michael Gershberg
Partner
Fried, Frank, Harris, Shriver & Jacobson LLP

Tammie Rostant
Global Trade Compliance Manager, Legal
McAfee (Plano, TX)

Deep Dive into FIRRMA, ECRA & Emerging and Critical Technologies

Mar 25, 2019 1:30pm - 5:00pm

Speakers

Melissa L. Duffy
Partner
Dechert LLP (Washington, DC)

Day 1 - Tuesday, March 26, 2019

8:00
Registration and Continental Breakfast
8:45
Chair’s Opening Remarks
9:00

KEYNOTE ADDRESS

Export Control Reform and Focus on Emerging Technologies
10:00

INDUSTRY COMPLIANCE THINK TANK

How to Update Your Global Encryption Compliance Strategy and How to Mitigate Risk
11:00
Networking Break
11:15

EU DUAL USE

Assessing the Impact of the Pending EU Dual-Use Cyber Surveillance Rules
12:00

FOCUS ON CLOUD COMPUTING

Recent Developments, New Applications and How to Stay Compliant with Increased Regulation
12:45
Luncheon
1:45

FOCUS ON CHINA

New and Emerging Rules on Encryption, Cyber and Cloud Export Controls
2:45

ITAR & WASSENAAR MUNITION LIST

Best Practices to Stay Current on Latest Military controls on Intelligence Gathering and Cyberattacks
3:15
Networking Break
3:30
EXPANDING REACH OF CFIUS: How Changes to CFIUS Could Affect Your Company
4:00

FOCUS ON INDIA

Regulating Data Privacy, Emerging Technologies and Export Licensing
4:30
Intersection of Cybersecurity and GDPR
5:15
CHAMPAGNE ROUNDTABLES
5:45
End of Day One

Day 2 - Wednesday, March 27, 2019

8:30
Chair’s Opening Remarks
8:35

KEYNOTE

Cybersecurity Risk – Enterprise Responsibility and Leadership
9:15

FOCUS ON RUSSIA

How to Navigate the Import Restrictions and Avoid Potential Sanctions Violations
10:00
Networking Break
10:15

FOCUS ON ENFORCEMENT

What are the Recent Enforcement Trends and Current Predictions for the Future?
11:00

HUMAN RIGHTS COMPLIANCE

5 Strategies to Incorporate Human Rights into Your Export Control Management Program
11:45

FIVE EYES LAW ENFORCEMENT’S CONUNDRUM

Access to Digital Evidence and Encryption
12:00
Luncheon
1:30
Civil Society’s Response to the Five Eyes Encryption Initiative
2:15
FOCUS ON NETHERLANDS
3:00
Refreshment Break
3:15

LESSONS LEARNED

Bringing Human Rights Violators to Justice
4:00

EMERGING TECHNOLOGIES AND EXPORT CONTROLS

Quantum Computing, Post-Quantum Cryptography and Artificial Intelligence
4:45

WHAT’S NEXT

Predictions for Next Steps Around the Globe
5:15
Conference Adjourns

Day 1 - Tuesday, March 26, 2019

8:00
Registration and Continental Breakfast
8:45
Chair’s Opening Remarks
9:00

KEYNOTE ADDRESS

Export Control Reform and Focus on Emerging Technologies

Richard Ashooh
Assistant Secretary of Commerce, Bureau of Industry and Security
U.S. Department of Commerce (Washington, DC)

10:00

INDUSTRY COMPLIANCE THINK TANK

How to Update Your Global Encryption Compliance Strategy and How to Mitigate Risk

Rama Krishna
Export Compliance Manager
Apple Inc. (Cupertino, CA)

Martina de la Torre
Director
Global Trade Compliance

  • Compliance expectations for 2019 and beyond
  • Navigating export controls in the Wassenaar Arrangement countries
  • Managing import controls in Russia, China, France, Israel, and others
  • Brokering controls in the European Union

11:00
Networking Break
11:15

EU DUAL USE

Assessing the Impact of the Pending EU Dual-Use Cyber Surveillance Rules

Magnus Nordeus
Group Head of Trade Compliance
Ericsson (Sweden)

  • Protecting Human Rights: Role of civil society in the cyber surveillance debate
  • Autonomous List: Composition and license requirements
  • Catch-All Controls: Roles of Government and Industry in identifying countries of concern

12:00

FOCUS ON CLOUD COMPUTING

Recent Developments, New Applications and How to Stay Compliant with Increased Regulation

Mathilde Latour
Domestic and Export Control Unit
French Network and Information Security Agency (ANSSI) (France)

Daniel Fisher-Owens
Partner
Berliner Corcoran & Rowe LLP (Washington, DC)

Jasper Helder
Partner
Akin Gump Strauss Hauer & Feld LLP (London)

  • Computing and networking as a service – are they even controlled?
  • Cloud storefronts – who is responsible – the provider or the licensor?
  • Latest guidance from the Netherlands, Germany and UK

12:45
Luncheon
1:45

FOCUS ON CHINA

New and Emerging Rules on Encryption, Cyber and Cloud Export Controls

Matt Bell
Global Practice Co-Leader, Export Controls and Sanctions
FTI Consulting

Eric Carlson
Partner
Covington & Burling LLP (China)

  • Cybersecurity Law “secure and controllable” requirements
  • Draft Encryption Law – is the “core function test” still valid?
  • Interplay with draft export controls
  • Joint venture requirements for cloud providers
  • Interplay with emerging data privacy requirements in China

2:45

ITAR & WASSENAAR MUNITION LIST

Best Practices to Stay Current on Latest Military controls on Intelligence Gathering and Cyberattacks

Mathilde Latour
Domestic and Export Control Unit
French Network and Information Security Agency (ANSSI) (France)

  • “Temporary” controls under ITAR USML Category XI(b)
  • State of the Wassenaar debated on ML 21 Cyber Warfare Software
  • How can you differential “dual use” from “munitions” in the Cyber environment
  • Case studies: surveillance vs breach detection

3:15
Networking Break
3:30
EXPANDING REACH OF CFIUS: How Changes to CFIUS Could Affect Your Company

John Kabealo
Kabealo PLLC (Washington, DC)

Donald Vieira
Partner
Skadden, Arps, Slate, Meagher & Flom LLP (Washington, DC)

  • Changes to the CFIUS jurisdiction
  • New focus on national security considerations
  • Potential impact on new technolgoy

4:00

FOCUS ON INDIA

Regulating Data Privacy, Emerging Technologies and Export Licensing

Rohit Jain
Partner
Economics Laws Practice (Mumbai, India)

  • Impact of new “Digital Communication Policy” on emerging technologies
  • Recent measures and developments regarding “data protection & privacy”
  • Amendments to SCOMET Lists, related compliances & export licensing requirements
  • New Indian legislation that would require decryption of data or require social media to censor content

4:30
Intersection of Cybersecurity and GDPR

Sanjay J. Mullick
Partner
Kirkland & Ellis LLP (Washington, DC)

  • What does the GDPR really require?
  • Is there a conflict with sound cybersecurity practices?
  • Best practices to reconcile

5:15
CHAMPAGNE ROUNDTABLES

End the day informally as you discuss the latest industry development with your peers.

5:45
End of Day One

Day 2 - Wednesday, March 27, 2019

8:30
Chair’s Opening Remarks
8:35

KEYNOTE

Cybersecurity Risk – Enterprise Responsibility and Leadership

M. K. Palmore
Assistant Special Agent-in-Charge (ASAC) Cyber Security Executive and Chief Risk Officer
FBI San Francisco – Cyber Branch

9:15

FOCUS ON RUSSIA

How to Navigate the Import Restrictions and Avoid Potential Sanctions Violations

Beth Beam
Senior Director Sanctions Compliance
Silicon Valley Bank (Santa Clara, CA)

Alexandra Baj
Of Counsel
Steptoe & Johnson LLP (Washington, DC)

  • Update on the Notification and Licensing Requirements in Russia and Eurasia Customs Union
  • U.S. and European Sanctions Affecting Russia
  • Coping with complexity compliance strategies
  • Best practices for due diligence
  • Impact on business plans and growth

10:00
Networking Break
10:15

FOCUS ON ENFORCEMENT

What are the Recent Enforcement Trends and Current Predictions for the Future?

Ajay Kuntamukkala
Partner
Hogan Lovells (Washington, DC)

Clayton Wright
Supervisory Special Agent
Homeland Security Investigations (HSI), Global Trade Investigations (GTI), Joint Terrorism Task Force (JTTF)

  • Fujian Jinhua case – a new paradigm for export control compliance using the Entity List to address Chinese IP theft
  • Increased scrutiny on Chinese companies and implications for the technology industry
  • Criminal indictments under Executive Order on malicious cyber-enabled activities
  • Handing cybersecurity breaches involving export-controlled data
  • Lessons learned from enforcement cases in 2018
  • Best practices for voluntary self-disclosures

11:00

HUMAN RIGHTS COMPLIANCE

5 Strategies to Incorporate Human Rights into Your Export Control Management Program

Andrea Appell
Director, Global Trade Compliance
Net App (Sunnyvale, CA)

Annemieke de Groot
Senior Manager Global Export Trade Legal
Cisco Systems International B.V. (Netherlands)

  • Human Rights and Export Compliance – the roles of Governments and Industry
  • New Dutch Internal Control Program guidelines
  • Best practices for Integrating Human Rights compliance in a corporate ICP

11:45

FIVE EYES LAW ENFORCEMENT’S CONUNDRUM

Access to Digital Evidence and Encryption

Matt Fine

Federal Bureau of Investigation (Washington, DC)

Kevin Metcalfe

United Kingdom National Technical Assistance Centre (UK)

Andrew Warnes
Assistant Secretary, National Security Policy Branch
Department of Home Affairs (Australia)

  • Five Eyes Ministerial Statement on access to encrypted data
  • Australia’s new law requiring technology companies to provide law enforcement and security agencies with access to encrypted communications
  • FBI’s “Going Dark” Initiative
  • CLOUD Act replaces Letters Rogatory – Updating international access to evidence for the information age

12:00
Luncheon
1:30
Civil Society’s Response to the Five Eyes Encryption Initiative

Jon Callas
Senior Technology Fellow
American Civil Liberties Union (ACLU)

Andrew Crocker
Electronic Frontier Foundation

Riana Pfefferkorn
Associate Director of Surveillance and Cybersecurity
Stanford Center for Internet and Society

2:15
FOCUS ON NETHERLANDS

Brian Mulier
Partner
Bird & Bird (The Hague, Netherlands)

Annemieke de Groot
Senior Manager Global Export Trade Legal
Cisco Systems International B.V. (Netherlands)

  • Summary of current cloud computing rules
  • Challenges from existing exporting and brokering regulations
  • Implications of free trade zones and other options

3:00
Refreshment Break
3:15

LESSONS LEARNED

Bringing Human Rights Violators to Justice

Todd Harris
Assistant Special Agent in Charge
Office of Export Enforcement, U.S. Department of Commerce (San Jose, CA)

Roszel Thomsen
Partner
Thomsen & Burke (Baltimore, MD)

  • Cybersurveillance and the Arab Spring – a catalyst for change
  • Anatomy of an Investigation and Lessons Learned
  • Crisis management and response – turning lemons into lemonade

4:00

EMERGING TECHNOLOGIES AND EXPORT CONTROLS

Quantum Computing, Post-Quantum Cryptography and Artificial Intelligence

Anne Marie Griffin
Deputy Director
Microsoft (Seattle, WA)

Adilia F. Koch
Director, Caltech Export Compliance Office
California Institute of Technology

David Lindsay
Senior Technology Advisor, Strategy and Emerging Business
Intel Corporation

  • Existing export controls on quantum computing, quantum  cryptography and AI – why are they insufficient?\
  • What, exactly, is an emerging technology?
  • Foundational technologies – the next challenge

4:45

WHAT’S NEXT

Predictions for Next Steps Around the Globe

Listen as a panel of expert speakers share their predictions for the coming year. This session will focus on providing updates on current trends and expectations.

5:15
Conference Adjourns

Fundamentals of U.S. Encryption Rules: Update on Legal and Compliance Issues and the Key Components of an Effective Compliance Program

Mar 25, 2019 9:00am - 12:30pm

$600

Speakers

Ken Niven
Associate General Counsel
Juniper Networks

Steve Bird
Former Global Export Trade Manager
Cisco Systems

Michael Gershberg
Partner
Fried, Frank, Harris, Shriver & Jacobson LLP

Tammie Rostant
Global Trade Compliance Manager, Legal
McAfee (Plano, TX)

What is it about?

This session is designed both for attendees new to encryption controls and for those who would like an in-depth refresher before the more advanced discussions of the main program. Take part in this practical and interactive
working group as experts discuss the current state of U.S. Encryption Controls—with a focus on building and maintaining strong protocols to ensure compliance. Topics include:

 

  • What is symmetrical and asymmetrical encryption?
  • Technical details of the history and current state of encryption
  • Nuances of U.S. Export Control laws for encryption technologies, cloud computing, and cyber export controls
    • What is an encryption item and how does the EAR treat them differently?
    • The De Minimis Rule for encryption items
    • Publicly-available encryption software and technology
  • Summary of recent regulatory changes and impact on legacy classifications/controls
  • Licensing and License Exceptions
    • License Exception ENC
    • When you need an encryption licensing arrangement (ELA) vs. an individual license?
  • Strategies and best practices for developing and maintaining an effective export compliance program with respect to encryption items

Deep Dive into FIRRMA, ECRA & Emerging and Critical Technologies

Mar 25, 2019 1:30pm - 5:00pm

$600

Speakers

Melissa L. Duffy
Partner
Dechert LLP (Washington, DC)

What is it about?

This timely workshop will provide an update on Export Control Reform. Join your expert leaders for an summary of the important industry changes including:

 

Legislative Overview

  • National Defense Authorization Act for Fiscal Year 2019
  • It reformed the Committee on Foreign Investment in the United States (“CFIUS”), provided for review of investments in U.S. businesses involved in critical technologies related to specific industries, and
    established the basis for new export controls on emerging and foundational technologies
  • Foreign Investment Risk Review Modernization Act (“FIRRMA”)
  • Export Control Reform Act of 2018 (“ECRA”)

 

Deep Dive into FIRRMA

  • Major points – expanded CFIUS jurisdiction, procedural changes to existing rules, and unresolved issues to be address in coming year
  • CFIUS Pilot Program – what new types of transactions are covered, the mechanics of how it works
  • What’s next?

 

Deep Dive into ECRA

  • Major points – replaced statutory authority for the Export Administration Regulations, updated penalties, emerging and foundational technologies
  • Commerce Department rulemaking for emerging and foundational technologies – where the process stands, survey of industry comments, potentially impacted technologies, how the government is evaluating new control criteria
  • What’s next?

 

Intersection of FIRRMA and ECRA, and Strategies for Managing Regulatory Risks

  • Increased regulation of foreign investments and collaboration involving certain industries, emerging and foundational technologies, and countries of concern
  • How to evaluate new technology projects and deals for risk
  • How to engage the regulators
  • Deal protections and planning for the unknown