On April 22, 2012, President Obama signed Executive Order 13,606 titled "Blocking the Property and Suspending Entry into the United States of Certain Persons with Respect to Grave Human Rights Abuses by the Governments of Iran and Syria via Information Technology" (the "Order"). The Order is intended to restrict the ability of the Iranian and Syrian governments to intercept, monitor, and disrupt electronic communications. Given pre-existing sanctions on Iran and Syria, the Order is largely a symbolic move to help the Iranian and Syrian people freely communicate among themselves and with the rest of the world. Nevertheless, the Order does effectively expand those sanctions in subtle yet significant ways. With the potential to punish any U.S. and non-U.S. company contributing to the surveillance capabilities of Iran and Syria, companies around the world should take notice.
The Order comes on the heels of widespread reports that repressive regimes, particularly those in the Middle East, have been relying on surveillance technology from Western countries to spy on their own citizens and stifle dissent. Previous efforts by U.S. and other governments to counter the use of surveillance technology by such regimes are described in a WorldECR article available here.
The Order, among other things, blocks the property and interests of any individual or entity designated by the Secretary of Treasury to have:
- operated or directed the operation of "information and communications technology" that facilitates computer or network disruption, monitoring, or tracking that, in turn, could assist or enable serious human rights abuses ("network surveillance for human rights abuses") by or on behalf of the Iranian or Syrian government;
- sold, leased, or otherwise provided any good, service, or technology to Iran or Syria, whether directly or indirectly, to facilitate network surveillance for human rights abuses by or on behalf of the Iranian or Syrian government; or
- materially assisted, sponsored, or supported either of the above activities or any person blocked by the Order, whether financially or technologically or in the form of goods or services.
The term "information and communications technology" is defined broadly to encompass "any hardware, software, or other product or service primarily intended to fulfill or enable the function of information processing and communication by electronic means, including transmission and display, including via the Internet."
The Order also blocks property and interests of any entity owned or controlled by any person or entity blocked by the Order.1 Furthermore, the Order applies to any of the above-described activities regardless of whether the activity: 1) is performed pursuant to a contract established before the effective date of the Order (April 23, 2012), or 2) a license issued by a U.S. government agency before the effective date.
The Order's practical impact on U.S. persons is limited given previously existing sanctions on Iran and Syria. More specifically, the Iranian Transaction Regulations ("ITR") and Executive Orders 13,338 (May 11, 2004) and 13,582 (Aug. 17, 2011) (relating to Syria) already prohibit U.S. persons from directly or indirectly exporting or reexporting almost any good, technology, or service to Iran and Syria, respectively. The ITR also prohibits U.S. persons from facilitating a foreign person's performance of those activities if prohibited when performed by a U.S. person, while Executive Order 13,582 also prohibits U.S. persons from facilitating a foreign person's export, reexport, or transfer of services to Syria. These prohibitions are broad enough to include all activities that may lead to designation and blocking under the Order when performed by U.S. persons.
For non-U.S. persons, the practical implications of the Order are much more significant. Pre-existing sanctions on Iran and Syria generally prohibit foreign persons from reexporting certain U.S.-origin goods, technology, and services to those countries. The Order, however, goes further by capturing the following when related to network surveillance for human rights abuses by the Iranian or Syrian government: 1) other acts besides reexporting, such as the operation, sale, lease, provision, and even material assistance and support to third parties; and 2) almost any good, service, or technology, even if non-U.S.-origin or otherwise excluded under pre-existing sanctions.
Against this background, the Order continues to reinforce pre-existing prohibitions on U.S. and non-U.S. companies under the Iran and Syria sanction programs. Furthermore, the Order prohibits non-U.S.-companies from performing any activity related to a good, service, or technology, even those of non-U.S.-origin, that facilitates network surveillance for human rights abuses by the Iranian and Syrian governments. Although not outright imposing those prohibitions, the Order indirectly does so through its threat of designating and blocking the property of a company that engages in any of those activities. Under the Order, a company would be designated and blocked even if it performed any of the activities pursuant to a valid contract or license existing before the Order's effective date.
Other features of the Order are worth noting. First, although the Order specifies only goods, technology, and services that facilitate network surveillance for human rights abuses by the Iranian and Syrian governments, almost anything related to network surveillance is likely to qualify given the sophisticated nature of and thus the limited number of end users in Iran and Syria for such goods, technology, and services. Moreover, the Order merely requires that the good, technology, or service "could" assist or enable serious human rights abuses – a much lower evidentiary threshold than actual use. Thus, as a practical matter, any product, technology, or service related to network surveillance and sent to Iran or Syria or operated on behalf of a party in Iran or Syria (or the material support of either of those activities) would probably trigger designation and blocking under the Order.
Second, as the Order currently stands, it may lead to designation and blocking on a strict liability basis. This stands in stark contrast to the "know or reason to know" standard applicable to certain pre-existing prohibitions under the Iran and Syria sanction programs. Thus, a company is exposed to liability under the Order even if, before engaging in a transaction, no indication existed that the company would end up facilitating network surveillance for human rights abuses by the Iranian and Syrian governments.
With all this in mind, the Order essentially serves as a broad and stringent end use prohibition against almost any activity by U.S. and non-U.S. companies that contribute to the network surveillance capabilities of the Iranian and Syrian governments.2 As an example, a U.S. company's sale of telecommunication equipment to a third party, which sells the equipment to the Iranian government for network surveillance without the U.S. company's knowledge, could lead to designation and blocking under the Order. A non-U.S. company's provision of tech support to a third party, which relies on that support to operate the Syrian government's network surveillance system without the non-U.S. company's knowledge, could also lead to designation and blocking.
Given the breadth of the Order, companies should refrain from engaging in network surveillance-related activities directly involving Iran and Syria. In the same vein, companies should carefully conduct due diligence before engaging in such activities with a third party, regardless of the third party's location, to ensure that the activities do not involve either of those countries. At a minimum, companies should check OFAC's Specially Designated Nationals list to ensure that the third party is not designated under the Order or any other sanction program. As publicly stated by OFAC, "those providing communications technology to Iran or Syria that has the potential to facilitate computer or network disruption, monitoring, or tracking should exercise great caution given Iran and Syria's use of this technology to assist in the commission of serious human rights abuses."
As mentioned above, the Order represents only the latest move by the U.S. government to crack down on activities that support the network surveillance capabilities of repressive regimes. Given the priority assigned to the issue by the Administration and Congress, affected companies should anticipate additional laws in the United States that may further restrict their business.
An initial list of individuals and entities blocked under the Order was also issued as part of the Order. Those individuals and entities are: Ali Mamluk, Syrian General Intelligence Directorate, Syriatel, Islamic Revolutionary Guard Corps, Iranian Ministry of Intelligence and Security, Law Enforcement Forces of the Islamic Republic of Iran, and Datak Telecom.
2 A narrow set of seemingly captured activities do remain permitted under the Order. For instance, because the Order states that it applies except to the extent provided by statute, exports of "information" and "informational materials" and transactions incidental to such exports, which are authorized under the International Emergency Economic Powers Act, may be allowed under the Order. In addition, the U.S. Department of Treasury, Office of Foreign Assets Control ("OFAC") has publicly stated that the Order is "not designed to prevent the provision of information and communications technology necessary to enable the Iranian and Syrian people to freely communicate with each other and the outside world" -- a likely reference to social media and other on-line communication tools.
For more information, please contact:
Larry Christensen, firstname.lastname@example.org, 202-626-1469
Claire Palmer, email@example.com, 202-626-1575