ASP Makes Sure Software Downloads Don’t Go to Terrorists | Article

military manToday no one buys software on disks that arrive in the mail. They type in their credit card number and download the files from the Internet.

While that push-of-a-button ease is a boon for buyers, it can be a headache for US software manufacturers–an expensive headache if the manufacturer sends the software to a buyer in a country on the verboten lists of either the Commerce or Treasury Departments. “If you can’t ship goods to Cuba, you can’t download software to Cubans, either,” explains Graham Napier, CEO of TradeBeam, an application service provider (ASP) specializing in global trade management. TradeBeam’s trade compliance product ensures a seamless and legal software download or physical shipment for its customers.

Companies that physically ship goods can make sure they don’t print out labels to the do-not-ship countries. But Internet software downloads add complexity to following the rules. If the Bureau of Industry and Security (BIS) starts looking for infractions, the software manufacturer has to prove it screened all requests before shipping. Civil penalties in the $200,000 to $700,000 range are common, depending on what the manufacturer knew and didn’t know.

There are criminal penalties, too: Up to 30 years in prison plus a $10 million fine for corporations or a $1 million fine for individuals. And, obviously, it’s not great publicity for customers to read in the newspaper that your company is selling software to terrorists.

John McKenzie, a partner at Baker & McKenzie, says the worst penalty–what he calls “the atomic bomb of sanctions”–is the export denial order. That’s when the government forbids a company to engage in international trade. He says the prohibition applies not only to direct exports from the US but also reexports of US origin items from one foreign country to another. He’s seen companies forced to close their doors when slapped with an export denial order.

A Major Paradigm Shift in Compliance

While the “specially designated nations” label has been around for years–Americans haven’t been able to enjoy Cuban cigars since the 1960s–enforcement had been a low priority. After the 9/11terrorist attacks, the federal government is serious about compliance says Napier.

There has been a major paradigm shift in export/import compliance, notes McKenzie. He says during the Cold War the federal government was responsible for making the judgment calls on who to deal with. Things were clearer; it was a binary decision–you could trade with Mexico but not with Cuba. Today, however, the government is making fewer of these trade decisions. “Companies must decide who their trade partners are. But they do so at their own peril,” he says.

In addition, in “the old days” the US government passed export laws for just one purpose, according to McKenzie: to keep sensitive technology out of the hands of America’s perceived adversaries in the Soviet bloc. “Today trade objectives are broader and more vague,” he says. “Now it’s a constant challenge to find out who’s on the bad guys list.”

At the same time, downloading as a means of software delivery has become the preferred choice. The two trends have merged to make software compliance a hot issue.

Checking the IP Address in Less Than a Second

Screening, however, takes time. Customers using the Internet are notoriously impatient. “People don’t want to wait to download files; if you take too long you can lose sales. Customers want instant, seamless transactions,” says Napier.

TradeBeam software can screen the request in less than a second. The software first focuses on the email address. For example, the buyer may claim he’s in San Francisco but the email address is Cuba.gov. Then the software performs a reverse IP check to validate the customer’s country of origin.

Finally, the software looks for names of known terrorists or drug traffickers on the SDN list (the “List of Specially Designed Nationals and Blocked Persons” published by the Treasury Department’s Office of Foreign Asset Control). The Commerce Department’s BIS also publishes its own “Denied Persons List.” TradeBeam’s software also checks the Canadian, EU, and UN watch lists. “Since 9/11, the number of bad actors on the watch lists has grown tremendously,” says Napier.

If the download is permissible, the TradeBeam software sends a green light to the software manufacturer to approve the download. A red light triggers an email to the customer which says, “Thanks for being our customer. We will send your software in another email,” reports Napier. That buys the company time to complete the proper screening before making a decision to close the window on a Windows or other software purchase.

Licensing is another issue. US-based companies that distribute software internationally first need to classify their software under the Export Control Classification Number (ECCN) rules. Federal law may require an export license for transfer to non-US customers depending upon the type of software, the final destination, and the type of end user (military, government, etc.) The TradeBeam technology helps companies classify their software under the ECCN and determine the licensing requirements prior to downloads. Then the software checks each order to see if a license is required.

The Benefits of the ASP Model

TradeBeam chose the ASP model because it gives companies the visibility and connectivity to collaborate with internal and partner systems. Firms are realizing they need software to comply with the regulations but don’t want to buy point solutions. “The only way to do global trade management properly is to manage the lifecycle of a trade across domestic and international order, logistics, and settlement activities,” says Napier. “For many corporations that choose to outsource some portion of their trade management process, an ASP solution allows them the visibility to monitor and collaborate with their providers.”

“Any company engaged in international trade needs a system in place to screen its international trading partners,” says McKenzie. “If they don’t have the capital to develop the infrastructure themselves, outsourcing is a good way to achieve the objective.”

Post a Comment

Your email address will not be published.

( required )

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>