Since our last update, the Department of Commerce, Bureau of Industry and Security (BIS) has released a small flurry of new and proposed technology controls, continuing its review of emerging technologies required by ECRA and ongoing negotiations within the Wassenaar Arrangement.
BIS Expands Controls on Cybersecurity Items, Creates New License Exception ACE
On October 21, 2021, BIS published an interim final rule with request for comments (86 FR 58205) which would expand controls on cybersecurity items, but also creates a new license exception authorizing exports in many circumstances.
The new rule would create new Export Control Classification Numbers (ECCNs) 4A005 and 4D004, new paragraph 4E001.c, and a revised 4E001.a and 5A001.j. According to BIS, “These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it.”
License Exception Authorized Cybersecurity Exports (ACE) would be created in the Export Administration Regulations (EAR) §740.22. The new exception would allow “the export, reexport and transfer (in-country) of ‘cybersecurity items’ to most destinations, except to destinations listed in Country Groups E:1 and E:2” (currently Cuba, Iran, North Korea, and Syria), with some differentiation between government and non-government end-users and end-use restrictions.
For additional information and how to submit comments, please refer to the Federal Register Notice. Comments will be accepted through December 6, 2021.
The interim final rule is effective January 19, 2022 if not revised.
BIS Proposes Restrictions on STA Exception
On October 22, 2021, BIS published a proposed rule (86 FR 58615) which would “clarify and expand restrictions on the availability of License Exception Strategic Trade Authorization” (STA).
The proposed rule would affect certain Category 9 ECCNS, restrict the availability of STA for ECCNs 1E001 and 2E003.f, and make conforming changes to STA and the affected ECCNs. The proposed changes are largely related to gas turbine engine hot section parts and components, but may also affect other industries such as optics.
For additional information and how to submit comments, please refer to the Federal Register Notice. Comments will be accepted through December 6, 2021.
BIS Requests Comments on Brain-Computer Interface Controls
On October 26, 2021, BIS published an Advance Notice of Proposed Rulemaking (ANPRM) (86 FR 59070) regarding potential emerging technologies controls on Brain-Computer Interface (BCI) technology.
Examples of BCI technology include neural-controlled interfaces, mind-machine interfaces, direct neural interfaces, and brain-machine interfaces. This follows a November 19, 2018 ANPRM, the comments of which are summarized in the current notice.
BIS is seeking comments on the impact of BCI on U.S. national security and how to ensure that any controls would be “effective (in terms of protecting U.S. national security interests) and appropriate (with respect to minimizing their potential impact on legitimate commercial or scientific applications).”
Comments are specifically requested on the following topics:
- What specific uniform standards for BCI technology would need to be adopted to ensure their application on a global basis (i.e., as international standards for BCI technology)?
- Where does the development of BCI in the United States stand with respect to other countries (e.g., is the United States on the forefront of BCI technology development)?
- Is BCI technology currently available for commercial use in certain foreign countries and, if so, where and for what specific purposes (e.g., have foreign companies already developed devices or chips for specific commercial applications)?
- Has the current stage of development with respect to invasive and/or non-invasive BCI technology reached the point at which such technology is ready for commercial production and use?
- Is the main progress with respect to non-invasive brain signal sensors being made in terms of real-time algorithms designed to transform neural signals into commands ( i.e., what is developing faster: “software” (algorithms) or hardware (sensors))?
- What impact would the establishment of export controls on BCI technology have on U.S. technological leadership (i.e., not only in the field of BCI technology, but overall) and would this impact be distinctly different if controls were placed primarily on “software” as opposed to hardware, or vice versa?
- How is the future development of artificial intelligence (AI) technology or other emerging technologies likely to impact the development of BCI technology, or vice versa ?
- What types of ethical or policy issues are likely to arise from the use of BCI technology (e.g., for medical or military purposes)?
- What kinds of risks and benefits currently exist, or are likely to arise, as a result of the application of BCI technology?
- What are the potential advantages or disadvantages of using invasive and non-invasive BCI chips/sensors and related “software” (e.g., algorithms for signal processing) for specific applications? To what extent would these advantages or disadvantages correspond (or differ) based upon whether invasive or non-invasive BCI chips/sensors and related “software” were being used?
- Are there any BCI technologies that are significantly more vulnerable than others to cybersecurity threats (e.g., military systems employing BCI technologies that could adversely impact U.S. biodefense)?
- What is the potential for transmitted BCI data to be hacked or manipulated to influence the user or machine? Is such data inherently more vulnerable to hacking or manipulation than other forms of data? Would the invasive or non-invasive characteristics of BCI data have any impact on the potential vulnerability of such data?
BIS also encourages comments that would help it to determine:
- Which aspects of BCI technology would be more likely to require monitoring by the U.S. Government (USG); and
- Whether specific USG policies and regulations, as well as industry standards, need to be established before this technology becomes widely available for use in commercial applications.
Other related comments may also be welcome. For additional information and how to submit comments, please refer to the Federal Register Notice. Comments will be accepted through December 10, 2021.
ITAR Update: Ethiopia Formally Added to 126.1
On November 1, 2021, the Department of State, Directorate of Defense Trade Controls (DDTC) published a rule (86 FR 60165) officially adding Ethiopia to the International Traffic in Arms Regulations (ITAR) §126.1 list of prohibited destinations. This change has been anticipated since September 17, 2021.
Ethiopia is now listed under §126.1(n) with the following policy:
(n) Ethiopia. It is the policy of the United States to deny licenses or other approvals for exports of defense articles or defense services destined to or for the armed forces, police, intelligence, or other internal security forces of Ethiopia.
The entry for Eritrea under §126.1(h) was also revised to reflect a similar policy:
(h) Eritrea. It is the policy of the United States to deny licenses or other approvals for exports of defense articles or defense services destined to or for the armed forces, police, intelligence, or other internal security forces of Eritrea.
Minor revisions were also made to the table heading for §126.1(d)(1) and §126.1(d)(2). The addition of Ethiopia was originally announced on September 17, 2021 on the DDTC website and the new §126.1 entries took effect immediately with the November 1st Federal Register Notice.