Day 1 - Tuesday, March 29, 2016

9:00
How to Find and Make Sense of Evolving Encryption Controls across Multiple Jurisdictions: Who to Contact and Where to Look Toward Mapping Out Your Global Classification and Licensing Strategy
1:30
“What Would You Do If…” Live Mock Encryption Product Case Studies and Hypotheticals

Day 2 - Wednesday, March 30, 2016

8:30
Conference Co-Chairs’ Opening Remarks
8:45
U.S. AND EU GOVERNMENT KEYNOTE PANEL – Export Controls, Cybersecurity, Intrusion Software and Network Surveillance
9:45
INDUSTRY ROUNDTABLE DISCUSSION – Export Compliance, Intrusion Software, Network Surveillance and Cybersecurity in Practice
10:45
Networking Break
11:00
WASSENAAR – How New Proposals, 2015 Controls, and Countries’ Adoption of Note 4 and OAM Affect Your Global Encryption Compliance Strategy
12:00
CHINA – Status Report on New Security Regulations, Big Encryption Controls Changes and Their Impact on Multinationals Operating in China
1:00
Networking Luncheon
2:15
CHINA – Revisiting the Compliance Status of Your Products in China: How to Update Your Encryption Controls to Satisfy “Secure and Controllable Encryption” and Cybersecurity Requirements
3:15
KEYNOTE ADDRESS – New, Emerging Technologies & the “Mass Market” Exception: Status Report on Possible Reforms to EAR Licensing in Response to Technological Advances
3:45
Networking Coffee Break
4:00
HONG KONG & TAIWAN – Best Practices for Managing Your Supply Chain and Import/Export of Strategic Products
4:45
SINGAPORE & MALAYSIA – The Latest Strategies for Addressing Permit, Transshipment and Re-Export Challenges
5:30
SMALLER GROUP BENCHMARKING & NETWORKING
6:00
Conference Adjourns to Day Two

Day 3 - Thursday, March 31, 2016

9:00
Conference Co-Chairs’ Opening Remarks
9:15
KEYNOTE ADDRESS and Q&A – The Changing Face of U.S. Encryption and Cyber Enforcement: New Investigative Techniques, Priorities and Penalties Post-Wind River
9:45
ROUNDTABLE DISCUSSION – How to Define an “Export” in the Context of Cloud Computing: The Latest on Proposed Changes Impacting Transfers of Encryption Software
11:00
Networking Coffee Break
11:15
ANSSI KEYNOTE ADDRESS – Updates on French Encryption Controls and Their Interplay with EU Regulations
12:00
Networking Luncheon
1:15
INDIA – Clarifying Current Encryption Standards and the Status of a Revised Draft National Encryption Policy following Industry Concerns
2:00
ISRAEL – Status Report on the Regulation of Cyber Exports
2:30
INDUSTRY BENCHMARKING SESSIONRUSSIA – When and How to Secure Permits, Notification and Authorizations: What Can Now Trigger Rejections and How to Handle Them
3:30
OPEN Q & A SESSION – Town Hall
4:30
Co-Chairs’ Closing Remarks & Conference Concludes

Day 1 - Tuesday, March 29, 2016

9:00
How to Find and Make Sense of Evolving Encryption Controls across Multiple Jurisdictions: Who to Contact and Where to Look Toward Mapping Out Your Global Classification and Licensing Strategy

Jaelyn Edwards Judelson
Counsel
Akin Gump Strauss Hauer & Feld LLP (Washington, DC)

Marwa M. Hassoun
Attorney
Arent Fox LLP (Los Angeles, CA)

This opening session will serve as a primer that will lay the groundwork for the rest of the event. The focus will be on how to find the applicable requirements in emerging markets, key agencies and how to stay on their good sides. Special focus will be on:

  • Countries with laws and regulations that currently being enforced
  • Jurisdictions with new, untested or no requirements, and how
    to decipher local government compliance expectations
  • Reconciling conflicting regulations across jurisdictions

Topics include:

  • Who to contact for what: A review of key agencies and how to stay on their good sides
  • How to work with partners in different countries and incorporate
    global encryption regulations into your product development
  • How to stay on top of Wassenaar and national laws as they change
  • Traveling with encrypted software or hardware: Steps to take when bringing a laptop, thumb drive, or smart phone into a country that requires a license
  • How U.S. export laws come into play when re-exporting
  • Knowing what a “restricted” product is for purposes of resale to a government end-user without a BIS license
  • Understanding record retention requirements across multiple jurisdictions

9:00 a.m.–12:30 p.m. (Registration begins at 8:30 a.m.)

1:30
“What Would You Do If…” Live Mock Encryption Product Case Studies and Hypotheticals

Melissa Duffy
Partner
Hughes Hubbard & Reed LLP (Washington, DC)

Steve Bird
Export Compliance Manager
Cisco Systems (San Jose, CA)

Lillian Norwood
Manager, Technology Transfers, Export Regulation Office
IBM (Washington, DC)

Through hypothetical exercises and case studies, this “nuts and bolts” working group will provide a step-by-step discussion on how to overcome key challenges to importing and exporting certain encrypted items and technologies from product development to end-use, including mass market software programs, networking devices, web-based services and telecom Items.

In addition to helpful reference materials prepared by the expert speakers, take this opportunity to hear “war stories” from seasoned professionals and learn how to put a myriad of complex requirements into practice. Topics of discussion will include:

  • Cases studies on:
    • Mass market software programs
    • Networking device (i.e. a router)
    • Web-based service (Google, Yahoo, Hotmail)
    • Telecom item (i.e. a Blackberry)
  • Working with partners in different countries and incorporating global laws into your product development
  • When and how to file paperwork for software and hardware
    encryption items
  • What to do if you are travelling from country to country with
    encrypted items such as a laptop, thumb-drive or Blackberry
  • How to take software or hardware internationally: What does
    the application look like?
  • Who are the end-users or “crypto consumers”
  • Sharing of tech and source code—when do you need a license?
  • How to manage chips with encryption issues when re-exporting
    to third parties
  • How US export laws come into play during re-exporting

1:30 p.m. – 5:00 p.m. (Registration begins at 1:00 p.m.)

Day 2 - Wednesday, March 30, 2016

8:30
Conference Co-Chairs’ Opening Remarks

Roszel Thomsen
Partner
Thomsen and Burke LLP (Baltimore, MD)

Michael Maney
Senior Manager, Trade Compliance
Veritas Technologies, LLC (Mountain View, CA)

8:45
U.S. AND EU GOVERNMENT KEYNOTE PANEL – Export Controls, Cybersecurity, Intrusion Software and Network Surveillance

Stéphane Chardon
DG Trade, Dual Use Export Controls
European Commission (Brussels, Belgium)

For the first time at this event, benefit from an invaluable opportunity to hear first-hand insights and ask your questions to U.S. and E U Government cybersecurity and U.S. encryption compliance landscapes going forward.

9:45
INDUSTRY ROUNDTABLE DISCUSSION – Export Compliance, Intrusion Software, Network Surveillance and Cybersecurity in Practice

Michael Angelo
Chief Security Architect
Micro Focus, NetIQ Corporation (Houston, TX)

Neil Martin
Export Compliance Counsel
Google Inc. (Mountain View, CA)

Michael Vatis
Partner
Steptoe & Johnson LLP (New York, NY)

As industry grapples with emerging encryption compliance challenges, gain best practices from leading international trade and cybersecurity experts, who will discuss how they are managing the impact of new and proposed regulations, and what they mean in practice for your global security and trade operations. Topics will include:

  • Status and impact of the proposed BIS rule that would control intrusion software and network surveillance systems
  • How to navigate the overlap between government surveillance
    systems used to monitor communications and your industry
    equipment
  • Adjusting your global encryption compliance strategy in response
    to contrasting U.S. Commerce and State Department approaches
  • How the new, proposed U.S. rules will affect companies’ ability to
    defend their networks
  • Dovetailing your export compliance and cybersecurity strategies
    to combat the risks of network breaches and EAR violations

10:45
Networking Break
11:00
WASSENAAR – How New Proposals, 2015 Controls, and Countries’ Adoption of Note 4 and OAM Affect Your Global Encryption Compliance Strategy

Michael Maney
Senior Manager, Trade Compliance
Veritas Technologies, LLC (Mountain View, CA)

Josephine Aiello LeBeau
Partner
Wilson Sonsini Goodrich & Rosati LLP (Washington, DC)

Kathleen Gebeau
Senior Director, Export Compliance
Qualcomm (San Diego, CA)

  • Practical impact of new decisions on controlled technologies and end-use
  • How to address Wassenaar implementation challenges on the ground
  • Key differences in member countries’ implementation of Note 4
  • Anticipated proposals going forward
  • How the proposed U.S. cybersecurity export rules fit into the international trade framework

12:00
CHINA – Status Report on New Security Regulations, Big Encryption Controls Changes and Their Impact on Multinationals Operating in China

Eric Carlson
Partner
Covington & Burling LLP (Shanghai, China)

Shanshan Xu
Senior Partner
Hiways Law Offices (Shanghai, China)

  • Interpreting new controls requiring “secure and controllable encryption”
  • Recent changes to banking and cybersecurity regulations, and how they affect the existing encryption controls landscape in China
  • Impact of new controls on Decree 273
  • What to change in your encryption controls strategy based on recent and anticipated developments
  • How broadly is MOFCOM enforcing the rules? The costs of non-compliance with current and anticipated requirements
  • Practical steps to prevent product confiscation and forfeiture of income, and criminal prosecution

1:00
Networking Luncheon
2:15
CHINA – Revisiting the Compliance Status of Your Products in China: How to Update Your Encryption Controls to Satisfy “Secure and Controllable Encryption” and Cybersecurity Requirements

Nelson G. Dong
Partner
Dorsey & Whitney LLP (Seattle, WA)

Lillian Norwood
Manager, Technology Transfers, Export Regulation Office
IBM (Washington, DC)

Roszel Thomsen
Partner
Thomsen and Burke LLP (Baltimore, MD)

  • Determining when and to what extent you need to modify products toward qualifying under China’s new “Secure and Controllable Encryption” definition
  • Tailoring your analysis to the unique Chinese context while still ensuring compliance worldwide.
  • How to apply the core function test for crypto products under Chinese regulations
  • When to submit a CCATS
  • Strengthening your cybersecurity and international trade programs in response to new U.S. and Chinese requirements
  • Obtaining necessary permits from SEMB for:
    • Importation and use of encryption technology
    • Manufacturing of commercial encryption products for export
    • Foreign-invested enterprises (FIEs)
    • R&D restrictions
    • Foreign developed encryption products

3:15
KEYNOTE ADDRESS – New, Emerging Technologies & the “Mass Market” Exception: Status Report on Possible Reforms to EAR Licensing in Response to Technological Advances
3:45
Networking Coffee Break
4:00
HONG KONG & TAIWAN – Best Practices for Managing Your Supply Chain and Import/Export of Strategic Products

John Larkin
President
Larkin Trade International (Alpharetta, GA)

Steve Bird
Export Compliance Manager
Cisco Systems (San Jose, CA)

  • How to apply Hong Kong import laws as they relate to encryption
  • Hong Kong as a portal to doing business in China: Importing encrypted products from Hong Kong into mainland China
  • Working with TID to secure licenses
  • Streamlining your encryption filing and paperwork in Taiwan
  • Best practices for manufacturers
  • Managing your supply chain, including re-sellers, customs brokers and customers
  • How to establish a good working relationship with key government agencies

4:45
SINGAPORE & MALAYSIA – The Latest Strategies for Addressing Permit, Transshipment and Re-Export Challenges

Karmi Leiman
Senior Director, Trade Compliance
GlobalFoundries (Santa Clara, CA)

  • Key pitfalls to avoid when applying import/export permits from Singapore
  • Securing necessary end-user certificates
  • Status report on regulations in Malaysia
  • Emerging compliance challenges that are unique to the region
  • To what extent government agencies are enforcing the regulations, and what triggers suspicion
  • Scope of liability for non-compliance

5:30
SMALLER GROUP BENCHMARKING & NETWORKING

As a first for this program, take this worthwhile opportunity to divide up into smaller groups and further compare best practices in a more intimate setting. You will be able to sign up for your table of choice.

6:00
Conference Adjourns to Day Two

Day 3 - Thursday, March 31, 2016

9:00
Conference Co-Chairs’ Opening Remarks

Roszel Thomsen
Partner
Thomsen and Burke LLP (Baltimore, MD)

Michael Maney
Senior Manager, Trade Compliance
Veritas Technologies, LLC (Mountain View, CA)

9:15
KEYNOTE ADDRESS and Q&A – The Changing Face of U.S. Encryption and Cyber Enforcement: New Investigative Techniques, Priorities and Penalties Post-Wind River

Joseph P. Whitehead
Special Agent in Charge Office of Export Enforcement
Bureau of Industry and Security U.S. Department of Commerce (San Jose, CA)

9:45
ROUNDTABLE DISCUSSION – How to Define an “Export” in the Context of Cloud Computing: The Latest on Proposed Changes Impacting Transfers of Encryption Software

Shiva Aminian
Partner
Akin Gump (Washington, D.C.)

Dan Fisher-Owens
Partner
Berliner, Corcoran & Rowe LLP (San Francisco, CA)

Ramakrishna Dasari
Product & Technology Classification Manager
Apple Inc. (Cupertino, CA)

Michael A. Lutz
Trade Compliance Manager
Google, Inc. (Mountain View, CA)

Anne Marie Griffin
Deputy Director, Global Trade Policy
Microsoft (Redmond, WA)

  • How industry is addressing new security and export compliance issues affecting cloud computing
  • Status and impact of the proposed BIS rule: Defining “export” to exclude transfers of encrypted software or technology through the cloud
  • Handling technical data that is encrypted “at rest” and “on the move” at a certain specified level
  • Managing the growing intersection of cybersecurity and export controls
  • When and how to report cybersecurity incidents to U.S. export agencies, and when such reports could be treated as voluntary
    disclosures of export violations
  • What constitutes acceptable encryption policies and cybersecurity precautions in the cloud
  • When a U.S. export agency might deem an exporter negligent in its cloud and IT security measures

11:00
Networking Coffee Break
11:15
ANSSI KEYNOTE ADDRESS – Updates on French Encryption Controls and Their Interplay with EU Regulations

Mathilde Latour
Domestic and Export Control Unit
French Network and Information Security Agency (ANSSI)

  • Plans and priorities for 2016, and anticipated policy and regulatory changes
  • Which items require prior declaration or authorization
  • How France has implemented Wassenaar
  • Working effectively with ANSSI

12:00
Networking Luncheon
1:15
INDIA – Clarifying Current Encryption Standards and the Status of a Revised Draft National Encryption Policy following Industry Concerns

Sanjay Mullick
Special Counsel, India Practice
Pillsbury Winthrop Shaw Pittman LLP (Washington, DC)

  • How industry comments have impacted the draft encryption policy– and their aftermath
  • Key policy developments and the potential risks to your compliance status
  • Preparing for new, emerging compliance challenges posed by the anticipated final policy
  • Common misinterpretations of current encryption standards and recent changes
  • How to work with the Department of Information Technology, Ministry of Communications and Information Technology

2:00
ISRAEL – Status Report on the Regulation of Cyber Exports

Heather A. Stone

Gross, Kleinhendler, Hodak, Halevy, Greenberg & Co. (Tel Aviv, Israel)

2:30
INDUSTRY BENCHMARKING SESSIONRUSSIA – When and How to Secure Permits, Notification and Authorizations: What Can Now Trigger Rejections and How to Handle Them

Led by the Conference Co-Chairs, this interactive roundtable discussion is designed to impart best practices and practical guidance for complying with Russian laws and regulations. Members of our industry and private practice faculty will impart first-hand experiences and concrete examples of how to resolve complex challenges and work with local government decision-makers.

  • How the Russian Government has been cracking down on notifications of products
  • What triggers a notification rejection and how to handle it
  • When you still need a permit or authorization vs. when you don’t
  • Permit requirements and challenges that are specific to laptops and cell phones
  • Key mistakes to avoid when filing and using import licenses
  • When screening has to be done for embedded software
  • Satisfying broad license requirements for protecting confidential information and communications

3:30
OPEN Q & A SESSION – Town Hall

At this interactive closing session, faculty members will take your questions and provide further insights on how to manage complex compliance challenges in practice. Take this invaluable opportunity to ask any outstanding questions and for clarification on complex topics
discussed over the course of the two-day event.

4:30
Co-Chairs’ Closing Remarks & Conference Concludes