SAN JOSE, Calif.--Lend your smartphone to a friend, go to jail. Well, it's not quite that drastic, but if that friend is a foreign national, the very act of handing that phone over can violate U.S. technology-export compliance laws.

That's just one of the sobering anecdotes that Larry Disenhof dishes out during his presentations on the complex, sometimes arcane, but deadly serious world of export control regulations. Disenhof, Cadence Group Director, Export Compliance & Government Relations, gave members of the EDAC Consortium his latest overview Wednesday (Sept. 18) here. (The presentation will be available on the EDAC site, registration required).

Export Compliance Overview

Here's another anecdote: Disenhof (pictured right) made clear at the top of his presentation that information he presents is subject to export review, depending on its content and who's in the audience:

"It's my job to know that I'm not going to hand over technology, either verbally or whatever, to someone if it cannot go to their country of citizenship. And this affects us every day of the week because many of us have engineers working for us in the valley on H1B visa. We need to understand what technology we're handing to them. If we do it wrong, it's an export violation."

Not knowing is costly: Fines start at $250,000.

"It adds up very quickly, and I can tell you your legal fees are going to be 2-3X what your fines are," Disenhof told the audience.

Here are some highlights from Disenhof's detailed 90-minute presentation, starting with the difference between export control and restriction. Disenhof said every technology is controlled but few are restricted. Disenhof holds up his Logitech wireless controller and notes that it's controlled if it's destined for a country that the U.S. has sanctioned.

Jail Time

Whatever your views on bureaucracy, export compliance is no laughing matter. Consider the case of Sixing"Steve" Liu. The software engineer went through export compliance training at his company, packed up some software and went to Shanghai for a trade show. He was stopped at the Newark Airport upon return when customs officials noticed the trade show logo among his belongings. He's doing six years in jail.

"The company is off the hook because the company had him take compliance training," Disenhof said.

Disenhof said broadly speaking there are four main areas to focus on:

• Understand the nature of the technology you're handling and transferring, whether it's physical or virtual
• Check destination
• Screen your end user
• Screen the end use

In the last situation, consider Disenhof's example: If you're selling components to an Israeli company whose product will end up in a missile that can travel more than 300km, you need a license to sell your technology to that subcontractor. (Curiously, you don't need the license in the same scenario when it involves a Russian company).

It's All About the Details

Other nuggets: 

• When you buy a company, you need to screen it for export compliance because you buy the violations if the company is out of compliance.
• Pay close attention to the notion of "deemed export" when releasing data to a foreign national. At the time of transfer, an export to their country of citizenship is "deemed" to take place. "This has become a big deal," Disenhof said because so many companies employ foreign nationals in customer support.
• Companies that make encryption technology (above 55 bit) that falls into restricted categories needs to send reports to the U.S. every six months regarding where they've shipped the technology (unless shipping intra-company). (Good news for EDA vendors is that encryption that protects design software from piracy is not subject to export control laws, thanks to some effective industry lobbying efforts 10 years ago).

As an aside on the controversy over NSA surveillance of mobile phones and other digital technologies, Disenhof said:

"Maybe we in the export world didn't communicate this well enough but every time you register an encryption product to get a license or just register that this product exists, one of the things you have to do is send the NSA directly details about what that encryption technology is. And this has been the law for dozens of years. There's no surprise to any of us export people that they know all this stuff." 

• FPGAs can be restricted items. "A lot of people are taking their IP, throwing them on FPGAs and shipping them to customers," Disenhof said. "FPGA is restricted technology because it can reprogrammed in the field, and the government doesn't know what it's going to be."
• Ultra-deep submicron technology (14nm process technology for example) is not controlled. "When you're talking to TSMC or GLOBAL FOUNDRIES about their process technology, the funny thing is it's not controlled," Disenhof said. "It's what you're doing with it that matters."

These are just some of the highlights. Disenhof's presentation and a video of his talk will be available on EDAC's site soon, and it's definitely worth your time. His slide presentation is an excellent primer packed with links to relevant information and sites for anyone responsible or concerned about whether his/her company is following export control laws properly.

As a late colleague of mine used to say, "nothing beats knowing."

Brian Fuller

Related stories:

--Moto X; Noyce Quits; China’s Chromecast (Great Reads 8-2-2013)

--Interview with Lip-Bu Tan, Part 1 – How Cadence is Positioned to Build Upon Success

--Interview with Lip-bu Tan, Part 2: Energizing the Electronics Industry