POPULARITY
4 episodes with international traffic
5 episodes with international traffic
2 episodes with international traffic
In this episode of the Defence Connect ADSTAR series, Stephen Moore, First Assistant Secretary AUKUS Advanced Capabilities, and Dr Nigel McGinty, Defence Science and Technology Group Chief Technology Officer – Science Strategy, Communications and International Engagement, join Liam Garman to unpack how technology sharing arrangements improve our collective AUKUS security. Moore and Garman begin the podcast discussing the strategic rationale for AUKUS Pillar II, and how sharing insights into AI, electronic warfare, undersea warfare, hypersonics, quantum and cyber make the AUKUS alliance stronger than the sum of its parts. They then discuss how the three governments are enabling technology transfer, including International Traffic in Arms Regulations reform and improved governance frameworks, before analysing efforts on how the three nations can energise their combined industrial base. Dr McGinty wraps up the podcast detailing how AUKUS Pillar II provides unique asymmetric advantages for the Australian Defence Force, and in particular, the role of cyber and information on the modern battlefield. Enjoy the podcast, The Defence Connect team
What happens when a major defense contractor faces scrutiny for ethics and compliance violations? In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into the high-stakes world of corporate accountability, exploring Raytheon's recent $428 million settlement with the U.S. Department of Justice. From fraudulent pricing to bribery and compliance lapses, we uncover the impact of these violations and the tough questions they raise about corporate governance, oversight, and ethical responsibility in high-stakes industries.Hear Michael talk about:Raytheon Company (Raytheon) -- a subsidiary of defense contractor, RTX (formerly known as Raytheon Technologies Corporation) — agreed to pay over $950 million to resolve the Justice Department's investigations into three areas of violation. The settlement addresses three main issues:A major government fraud scheme involving defective pricing on certain government contractsViolations of the Foreign Corrupt Practices Act (FCPA) the Arms Export Control Act (AECA) and its implementing regulations, the International Traffic in Arms Regulations (ITAR)As part of the settlement, Raytheon entered into a three-year deferred prosecution agreement (DPA) and agreed to the filing of criminal information in the District of Massachusetts charging Raytheon with two counts of major fraud against the United States. Raytheon admitted to engaging in two separate schemes to defraud the Department of Defense (DOD) relating to the provision of defense articles and services, including PATRIOT missile systems and a radar system. Separately, Raytheon entered into a three-year DPA in connection with a criminal information in the Eastern District of New York charging Raytheon with two counts: conspiracy to violate the anti-bribery provision of the FCPA for a scheme to bribe a government official in Qatar and conspiracy to violate the AECA for willfully failing to disclose the bribes in export licensing applications with the Department of State as required by part 130 of ITAR.The Justice Department's FCPA and ITAR resolution is coordinated with the Securities and Exchange Commission (SEC). Both DPAs require that Raytheon retain an independent compliance monitor for three years, enhance its internal compliance program, report evidence of additional misconduct to the Justice Department, and cooperate in any ongoing or future criminal investigations. Raytheon also reached a separate False Claims Act settlement with the Justice Department relating to the defective pricing schemes.ResourcesMichael Volkov on LinkedIn | X (Twitter)The Volkov Law Group
For the first time ever a Japanese destroyer sailed through the Taiwan Strait, and on the same day naval vessels from Australia and New Zealand also sailed together through the disputed waterway. Miles Yu gives us the background behind the strait's importance for setting the tone with regard to international partnership against Chinese aggression. Second, in light of Ukrainian President Zelenskyy's trip to the U.S., we ask Miles what the state of the Ukraine war is, but specifically through the lens of how China see's and fuel's the conflict. Lastly, we profile the newly elected Prime Minister of Japan, Shigeru Ishiba.
The Justice Insiders: Giving Outsiders an Insider Perspective on Government
Host Gregg N. Sofer welcomes Husch Blackwell partner Grant Leach to the program to discuss the burgeoning set of requirements and restrictions placed on U.S. businesses in connection with trade law. Gregg and Grant identify the authorities and agencies involved in trade law and the various mechanisms the regulators use to make rules and enforce them. As trade law rapidly evolves to keep pace with geopolitical developments and challenges, corporate leaders and their compliance teams have the task of managing risks that are sometimes difficult to spot, especially as they involve multiple layers of the global supply chain. Our conversation stresses the necessity of diligence and knowing your customers and vendors, as well as exploring what a “reasonable, risk-based” compliance program looks like in practice.We also discuss a key change in the statute of limitations—from five years to ten—in connection with the Office of Foreign Assets Control (OFAC) sanctions enforcement. This expansion of the lookback period has implications not just for compliance programs but could also complicate corporate transactions and the due diligence process.We conclude our discussion by addressing how the evolving trade law regime impacts smaller enterprises that might have difficulty scaling the compliance function to manage trade-based risk. These enterprises face heightened risk as they are often targeted by bad actors seeking to evade sanctions via transshipment or some other means.Gregg N. Sofer BiographyFull BiographyGregg counsels businesses and individuals in connection with a range of criminal, civil and regulatory matters, including government investigations, internal investigations, litigation, export control, sanctions, and regulatory compliance. Prior to entering private practice, Gregg served as the United States Attorney for the Western District of Texas—one of the largest and busiest United States Attorney's Offices in the country—where he supervised more than 300 employees handling a diverse caseload, including matters involving complex white-collar crime, government contract fraud, national security, cyber-crimes, public corruption, money laundering, export violations, trade secrets, tax, large-scale drug and human trafficking, immigration, child exploitation and violent crime.Grant Leach BiographyFull BiographyBased in Husch Blackwell's Omaha office and a member of the firm's International Trade & Supply Chain practice, Grant focuses on trade, export controls, sanctions and anti-corruption compliance. He has extensive experience helping clients navigate complex issues related to international commerce and its associated compliance challenges. As part of his practice, Grant advises clients on requirements under the US Foreign Corrupt Practices Act (FCPA), Export Administration Regulations (EAR) administered by the Bureau of Industry and Security (BIS), International Traffic in Arms Regulations (ITAR) administered by the Directorate of Defense Trade Controls (DDTC), trade sanctions administered by the Office of Foreign Assets Control (OFAC) and other import- and export-related regulations.© 2024 Husch Blackwell LLP. All rights reserved. This information is intended only to provide general information in summary form on legal and business topics of the day. The contents hereof do not constitute legal advice and should not be relied on as such. Specific legal advice should be sought in particular matters.
In this episode, Lisa Mays, an international trade attorney with Sheppard Mullin and leader of the firm's Supply Chain Industry Team, joins host Scott Maberry to discuss the state of the global supply chain, including the impact of the war in Russia, and the intensifying trade war with China. What We Discussed in This Episode: Most trade lawyers are on the East coast. What benefits do you bring to your clients being in California? What roles do the different government agencies play in enforcement, and why is recent inter-agency enforcement cooperation so significant? What is the compliance obligation regarding “diversion” of goods by suppliers, distributors, sales agents, and customers? How are U.S. trade wars playing out in the global supply chain? What specific supply chain issues are created by the war in Ukraine? What recent actions has the U.S. taken as the trade war with China intensifies? How is international trade law impacting the way the solar industry operates? Why has it become critical for companies to trace their supply chains for forced labor? Will supply chain regulation continue to be a priority for the remainder of President Biden's current term? About Lisa Mays An international trade lawyer based in Sheppard Mullin's Orange County office, Lisa Mays leads the firm's Supply Chain Industry Team and is a leading member of the Transportation Industry Team. Lisa's practice focuses on compliance counseling and investigations in the areas of export controls, economic sanctions, anti-corruption, and customs and import regulations. She regularly advises semiconductor manufacturers, automakers, airlines, aerospace and defense firms, importers, and exporters on sanctions; export controls, including the International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR); trade agreements; the Foreign Corrupt Practices Act (FCPA); Customs and imports; antidumping and countervailing duties (AD/CVD); the False Claims Act; Committee on Foreign Investment in the United States (CFIUS); anti-boycott controls; cybersecurity issues; and anti-money laundering (AML) matters. Lisa also represents clients before the U.S. Department of Treasury Office of Foreign Assets Control (OFAC), the Office of the U.S. Trade Representative (USTR), the Department of Commerce Bureau of Industry & Security (BIS), the Department of State Directorate of Defense Trade Controls (DDTC), the Department of Justice (DOJ), the International Trade Commission (ITC), U.S. Customs and Border Protection (CBP), and CFIUS. About Scott Maberry An international trade partner in Governmental Practice, J. Scott Maberry counsels clients on global risk, international trade, and regulation. Scott's practice includes representing clients before the U.S. government agencies and international U.S. Department of Treasury's Office of Foreign Assets Control (OFAC), the Department of Commerce's Bureau of Industry & Security (BIS), the Department of Commerce Import Administration, the Department of Homeland Security (DHS), the Department of State Directorate of Defense Trade Controls (DDTC), the U.S. Department of Justice (DOJ), the International Trade Commission (ITC) and the Committee on Foreign Investment in the U.S. (CFIUS). He also represents clients in federal court and grand jury proceedings, as well as those pursuing negotiations and dispute resolution under the World Trade Organization (WTO), North American Free Trade Agreement (NAFTA) and other multilateral and bilateral agreements. A member of the World Economic Forum Expert Network, Scott also advises the WEF community in the areas of global risk, international trade, artificial intelligence and values. Contact Information Lisa Mays Scott Maberry Thank you for listening! Don't forget to SUBSCRIBE to the show to receive two new episodes delivered straight to your podcast player every month. If you enjoyed this episode, please help us get the word out about this podcast. Rate and Review this show on Apple Podcasts, Amazon Music, or Spotify. It helps other listeners find this show. This podcast is for informational and educational purposes only. It is not to be construed as legal advice specific to your circumstances. If you need help with any legal matter, be sure to consult with an attorney regarding your specific needs.
Changes are coming to how arms manufacturers do business internationally. That is thanks to proposed changes in the International Traffic in Arms Regulations (ITAR). In fact, comments are due by the end of May. For details, Federal Drive Host Tom Temin talked with Stephanie Kostro, Executive Vice President for Policy at the Professional Services Council. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Changes are coming to how arms manufacturers do business internationally. That is thanks to proposed changes in the International Traffic in Arms Regulations (ITAR). In fact, comments are due by the end of May. For details, Federal Drive Host Tom Temin talked with Stephanie Kostro, Executive Vice President for Policy at the Professional Services Council. Learn more about your ad choices. Visit megaphone.fm/adchoices
In today's episode, Izzy discusses the importance of a marketing plan with Amanda Hudswell at Equatorial Launch Australia. A marketing plan provides a blueprint for your communication activities, maximizes your efforts by targeting the most important audiences, and determines the marketing activities that resonate with them. A plan transforms dreams into reality by establishing the steps necessary for an idea to come to fruition and it provides clarity for action for the entire company and its team. Amanda Hudswell Head of Marketing Communications and Public Affairs Equatorial Launch Australia https://ela.space CHAPTERS: 01:17 Importance of a marketing plan 03:01 Eclipse 04:27 Meet Amanda Hudswell 07:54 About ELA 13:59 When to bring in a marketing professional 16:24 The Marketing Plan 19:17 Your audience and crafting a message that resonates 22:25 Strategies and tactics of a marketing plan 24:02 Constructing the plan and getting scrappy 22:37 Measuring and testing 30:24 Non-digital results 32:52 Telling the space story 36:47 Your audience is the hero, your company is the guide 39:53 Marketing challenges 41:59 Marketing successes 44:17 Algorithms - shooting at a moving target 46:34 Bad actors, trolls, and grumpy people 53:59 The future of space 58:57 Final Thoughts MENTIONS: GSA Spaceport Summit - https://www.globalspaceportalliance.com/gsa-spaceport-summit-2/ Building a BrandStory by Donald Miller ITAR regulations - The International Traffic in Arms Regulations (ITAR) are a set of US government regulations that control the import and export of defense products, services, and information. The purpose of ITAR is to protect national security and advance American foreign policy interests. ITAR governs the following: Manufacture, Export, Temporary import, Provision of defense services, and Brokerage activities involving items described on the USML. https://www.pmddtc.state.gov/ddtc_public/ddtc_public?id=ddtc_kb_article_page&sys_id=24d528fddbfc930044f9ff621f961987 ABOUT IZZY Izzy's website - https://izzy.house Author of Space Marketing: Competing in the new commercial space industry AND Space Marketing: Spaceports on Amazon and Audible - https://bit.ly/Space-Marketing Podcast host for Space Marketing Podcast - https://spacemarketingpodcast.com Organizer for Space for Kentucky Roundtable - https://spaceforkentucky.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Boeing continues to struggle with its core business activities. As troubles mount for Boeing, it is clear that it continues to suffer from real and pervasive culture issues that have been reflected in serious safety failures, financial difficulties, regulatory violations, and serious reputational damage. Boeing's troubles permeate every part of its organization -- from the board to senior executives to its operations and overall ethics and compliance commitment. As a result, Boeing stands at an important crossroads -- will it make a real commitment to change, reform, and ethics and compliance, or will it continue to limp along, suffering repeated incidents of harm?In its latest (mis)adventure, Boeing fell victim to a State Department fine for $51 million for violations of a number of export controls, including basic licensing requirements for exports to China and Russia. Boeing voluntarily disclosed the violations to the Directorate of Defense Trade Controls ("DDTC") in the State Department.The violations of the International Traffic in Arms Regulations ("ITAR") included illegal exports to foreign employees and contractors who work in more than 15 countries, a trade compliance specialist fabricating an export license to illegally ship defense items abroad, and violations of the terms and conditions of other export licenses, among other things.The DDTC's $51 million penalty is the largest administrative penalty imposed for ITAR violations since it imposed a $79 million penalty against BAE Systems in 2011. Under the terms of the settlement, Boeing must pay $27 million to the DDTC within two years and use the remaining $24 million to improve its compliance program and procedures. In addition, Boeing is required to hire a DDTC-approved special compliance officer to oversee its compliance with ITAR for the next three years. That officer will regularly report to the DDTC on Boeing's progress.Boeing faced a $51 million settlement for ITAR violations, including unauthorized exports and re-transfers to foreign employees and contractors, notably in China.Violations involved illegal downloads of ITAR-controlled technical data from Boeing's digital repository, which affected Pentagon platforms like the F-18, F-15, and F-22 aircraft and the AH-64 Apache helicopter.Boeing voluntarily disclosed violations to the Directorate of Defense Trade Controls (DDTC) and the State Department, leading to the $51 million penalty, the largest for ITAR violations since 2011.The settlement requires Boeing to pay the DDTC $27 million, improve its compliance program with the remaining $24 million, and hire a DDTC-approved special compliance officer for three years.Boeing must introduce a new automated export compliance system, update the State Department on its progress every six months, and undergo two export control audits by State Department-approved consultants.Despite the violations occurring mostly before 2020, Boeing made significant improvements to its trade compliance program, investigated issues, cooperated with authorities, and expressed regret.The case highlights the State Department and DDTC's aggressive enforcement of administrative controls over military items, signaling a broader crackdown on export control and sanctions violations.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group
In this podcast, Jamey Petri and Jeffrey Thomas discuss recently-issued guidance provided in a fact sheet from the Department of Justice (DOJ) on avoiding discriminatory employment practices when complying with U.S. export control laws. Jeff and Jamey unpack the Immigration and Nationality Act (INA), the International Traffic in Arms Regulations (ITAR), and the Export Administration Regulations (EAR), focusing on their anti-discrimination provisions as they relate to issues affecting employers, including hiring and retention practices, Form I-9 documentation and processes, and employee training.
The US Department of State has concluded an administrative settlement with The Boeing Company to resolve 199 violations of the Arms Export Control Act and the International Traffic in Arms Regulations. High winds and rough seas in the Atlantic have pushed back the launch of SpaceX Crew-8 Saturday at 11.16pm local time at the earliest, and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you'll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest Our guest today is Robert Kurson, author of Rocket Men: The Daring Odyssey of Apollo 8 and the Astronauts Who Made Man's First Journey to the Moon. The US Congress passing a Continuing Resolution which extends the deadlines for passing the FY2024 appropriations bills further into March. You can learn more about Robert Kurson's novels on his website. Selected Reading U.S. Department of State Concludes $51 Million Settlement Resolving Export Violations by The Boeing Company Boeing in talks to buy supplier Spirit AeroSystems, WSJ reports- Reuters Congress Clears New CR, Punting Shutdown Threat Further Into March – SpacePolicyOnline.com https://www.linkedin.com/feed/update/urn:li:activity:7169004907721654274/ NewsSpace ground tracking program to reach key milestone NASA delays space station crew rotation flight, makes way for SpaceX Starlink launch - CBS IM-1 | Intuitive Machines Sidus Space Announces Pricing of Public Offering | Business Wire NASA Selects ACMI as Second Approved Exploration Park Facility UK and France to deepen research and AI links following Horizon association - GOV.UK Funding boost to grow Aussie space sector Former NASA Administrator Richard Truly Passes Away – SpacePolicyOnline.com https://www.youtube.com/watch?v=5iwxO1ZiJ0k T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Gabrielle Griffith, Director BPE Global, is an expert in trade compliance issues. Gabrielle assists clients in implementing effective trade compliance programs by addressing improvements within organizations' people, processes, and systems. In the area of U.S. export controls, she advises clients on compliance with the International Traffic in Arms Regulations, the U.S. Export Administration Regulations, and the various embargo and sanctions programs administered by the Office of Foreign Asset Controls. On import compliance matters, she advises on classification, country of origin, special duty programs such as USMCA, focused assessments, C-TPAT, antidumping/countervailing duty as well as Section 232 and 301 matters. Gabrielle joins Michael to discuss current trade compliance trends and expectations for 2024.The increase in national security risk has heightened the need for creative thinking to identify potential threats that may not be designated within regulations. This means that companies must go beyond traditional compliance measures and think outside the box to proactively address emerging risks to national security.Global companies are facing unprecedented risks and challenges in today's economy, leading to a greater emphasis on robust ethics and compliance programs. These programs are essential for promoting positive corporate citizenship and mitigating legal and economic risks associated with corruption and crime.Trade compliance is no longer a silo within a compliance department but must be integrated into the entire operation of a company. This means that trade compliance considerations should be incorporated into all aspects of a company's business processes, from product development to supply chain management.The Department of Justice is ramping up efforts to prosecute companies for trade compliance violations, particularly in relation to national security. This increased focus on enforcement means that companies need to be proactive in ensuring compliance with export control regulations and other trade compliance requirements.Over-controlling trade compliance can hinder business operations while under-controlling can lead to violations. Finding the right balance is crucial. Companies should strive to implement effective trade compliance measures that align with their specific business needs, avoiding unnecessary restrictions while still ensuring compliance with applicable regulations.The government should collaborate more with industry consultants to bridge the gap between enforcement agencies and companies, ensuring effective communication and guidance. This collaboration can help companies navigate the complex landscape of trade compliance and provide valuable insights to regulators on emerging technologies and industry practices.ResourcesMichael Volkov on LinkedIn | X(Twitter)The Volkov Law GroupGabrielle Griffith on LinkedInBPE Global
In this episode, host Tim O'Toole and guest Scott Gearity, President of the Export Compliance Training Institute (ECTI), talk in-depth about the International Traffic in Arms Regulations (ITAR). They discuss the growing importance of the regulations related to the provision of defense services abroad by U.S. persons, the jurisdictional implications of importing of foreign made defense articles into the U.S., the growing compliance challenges of the deemed export rule, the recently revised Directorate of Defense Trade Controls (DDTC) compliance guidelines and risk matrices, the reorganization of the ITAR, the 10-year anniversary of export control reform (ECR), and the effect ECR has had on the Export Administration Regulations (EAR). Roadmap: Introduction Defense services abroad Subject to the ITAR from coming into the U.S. Deemed export/SpaceX ITAR Part 120 rewrite DDTC revised compliance program guidance/risk matrix 10-year anniversary of ECR Complexity at the Bureau of Industry and Security (BIS) ******* Thanks to Scott Gearity for joining us: https://www.learnexportcompliance.com/people/scott-gearity/ Questions? Contact us at podcasts@milchev.com. EMBARGOED! is not intended and cannot be relied on as legal advice; the content only reflects the thoughts and opinions of its hosts. EMBARGOED! is intelligent talk about sanctions, export controls, and all things international trade for trade nerds and normal human beings alike. Each episode will feature deep thoughts and hot takes about the latest headline-grabbing developments in this area of the law, as well as some below-the-radar items to keep an eye on. Subscribe wherever you get your podcasts for new bi-weekly episodes so you don't miss out!
Dmitry Kagansky, State CTO and Deputy Executive Director for the Georgia Technology Authority, joins Corey on Screaming in the Cloud to discuss how he became the CTO for his home state and the nuances of working in the public sector. Dmitry describes his focus on security and reliability, and why they are both equally important when working with state government agencies. Corey and Dmitry describe AWS's infamous GovCloud, and Dmitry explains why he's employing a multi-cloud strategy but that it doesn't work for all government agencies. Dmitry also talks about how he's focusing on hiring and training for skills, and the collaborative approach he's taking to working with various state agencies.About DmitryMr. Kagansky joined GTA in 2021 from Amazon Web Services where he worked for over four years helping state agencies across the country in their cloud implementations and migrations.Prior to his time with AWS, he served as Executive Vice President of Development for Star2Star Communications, a cloud-based unified communications company. Previously, Mr. Kagansky was in many technical and leadership roles for different software vending companies. Most notably, he was Federal Chief Technology Officer for Quest Software, spending several years in Europe working with commercial and government customers.Mr. Kagansky holds a BBA in finance from Hofstra University and an MBA in management of information systems and operations management from the University of Georgia.Links Referenced: Twitter: https://twitter.com/dimikagi LinkedIn: https://www.linkedin.com/in/dimikagi/ GTA Website: https://gta.ga.gov TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: In the cloud, ideas turn into innovation at virtually limitless speed and scale. To secure innovation in the cloud, you need Runtime Insights to prioritize critical risks and stay ahead of unknown threats. What's Runtime Insights, you ask? Visit sysdig.com/screaming to learn more. That's S-Y-S-D-I-G.com/screaming.My thanks as well to Sysdig for sponsoring this ridiculous podcast.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Technical debt is one of those fun things that everyone gets to deal with, on some level. Today's guest apparently gets to deal with 235 years of technical debt. Dmitry Kagansky is the CTO of the state of Georgia. Dmitry, thank you for joining me.Dmitry: Corey, thank you very much for having me.Corey: So, I want to just begin here because this has caused confusion in my life; I can only imagine how much it's caused for you folks. We're talking Georgia the US state, not Georgia, the sovereign country?Dmitry: Yep. Exactly.Corey: Excellent. It's always good to triple-check those things because otherwise, I feel like the shipping costs are going to skyrocket in one way or the other. So, you have been doing a lot of very interesting things in the course of your career. You're former AWS, for example, you come from commercial life working in industry, and now it's yeah, I'm going to go work in state government. How did this happen?Dmitry: Yeah, I've actually been working with governments for quite a long time, both here and abroad. So, way back when, I've been federal CTO for software companies, I've done other work. And then even with AWS, I was working with state and local governments for about four, four-and-a-half years. But came to Georgia when the opportunity presented itself, really to try and make a difference in my own home state. You mentioned technical debt at the beginning and it's one of the things I'm hoping that helped the state pay down and get rid of some of it.Corey: It's fun because governments obviously are not thought of historically as being the early adopters, bleeding edge when it comes to technical innovation. And from where I sit, for good reason. You don't want code that got written late last night and shoved into production to control things like municipal infrastructure, for example. That stuff matters. Unlike a lot of other walks of life, you don't usually get to choose your government, and, “Oh, I don't like this one so I'm going to go for option B.”I mean you get to do at the ballot box, but that takes significant amounts of time. So, people want above all else—I suspect—their state services from an IT perspective to be stable, first and foremost. Does that align with how you think about these things? I mean, security, obviously, is a factor in that as well, but how do you see, I guess, the primary mandate of what you do?Dmitry: Yeah. I mean, security is obviously up there, but just as important is that reliance on reliability, right? People take time off of work to get driver's licenses, right, they go to different government agencies to get work done in the middle of their workday, and we've got to have systems available to them. We can't have them show up and say, “Yeah, come back in an hour because some system is rebooting.” And that's one of the things that we're trying to fix and trying to have fewer of, right?There's always going to be things that happen, but we're trying to really cut down the impact. One of the biggest things that we're doing is obviously a move to the cloud, but also segmenting out all of our agency applications so that agencies manage them separately. Today, my organization, Georgia Technology Authority—you'll hear me say GTA—we run what we call NADC, the North Atlanta Data Center, a pretty large-scale data center, lots of different agencies, app servers all sitting there running. And then a lot of times, you know, an impact to one could have an impact to many. And so, with the cloud, we get some partitioning and some segmentation where even if there is an outage—a term you'll often hear used that we can cut down on the blast radius, right, that we can limit the impact so that we affect the fewest number of constituents.Corey: So, I have to ask this question, and I understand it's loaded and people are going to have opinions with a capital O on it, but since you work for the state of Georgia, are you using GovCloud over in AWS-land?Dmitry: So… [sigh] we do have some footprint in GovCloud, but I actually spent time, even before coming to GTA, trying to talk agencies out of using it. I think there's a big misconception, right? People say, “I'm government. They called it GovCloud. Surely I need to be there.”But back when I was with AWS, you know, I would point-blank tell people that really I know it's called GovCloud, but it's just a poorly named region. There are some federal requirements that it meets; it was built around the ITAR, which is International Traffic of Arms Regulations, but states aren't in that business, right? They are dealing with HIPAA data, with various criminal justice data, and other things, but all of those things can run just fine on the commercial side. And truthfully, it's cheaper and easier to run on the commercial side. And that's one of the concerns I have is that if the commercial regions meet those requirements, is there a reason to go into GovCloud, just because you get some extra certifications? So, I still spend time trying to talk agencies out of going to GovCloud. Ultimately, the agencies with their apps make the choice of where they go, but we have been pretty good about reducing the footprint in GovCloud unless it's absolutely necessary.Corey: Has this always been the case? Because my distant recollection around all of this has been that originally when GovCloud first came out, it was a lot harder to run a whole bunch of workloads in commercial regions. And it feels like the commercial regions have really stepped up as far as what compliance boxes they check. So, is one of those stories where five or ten years ago, whenever it GovCloud first came out, there were a bunch of reasons to use it that no longer apply?Dmitry: I actually can't go past I'll say, seven or eight years, but certainly within the last eight years, there's not been a reason for state and local governments to use it. At the federal level, that's a different discussion, but for most governments that I worked with and work with now, the commercial regions have been just fine. They've met the compliance requirements, controls, and everything that's in place without having to go to the GovCloud region.Corey: Something I noticed that was strange to me about the whole GovCloud approach when I was at the most recent public sector summit that AWS threw is whenever I was talking to folks from AWS about GovCloud and adopting it and launching new workloads and the rest, unlike in almost any other scenario, they seemed that their first response—almost a knee jerk reflex—was to pass that work off to one of their partners. Now, on the commercial side, AWS will do that when it makes sense, and each one becomes a bit of a judgment call, but it just seemed like every time someone's doing something with GovCloud, “Oh, talk to Company X or Company Y.” And it wasn't just one or two companies; there were a bunch of them. Why is that?Dmitry: I think a lot of that is because of the limitations within GovCloud, right? So, when you look at anything that AWS rolls out, it almost always rolls out into either us-east-1 or us-west-2, right, one of those two regions, and it goes out worldwide. And then it comes out in GovCloud months, sometimes even years later. And in fact, sometimes there are features that never show up in GovCloud. So, there's not parity there, and I think what happens is, it's these partners that know what limitations GovCloud has and what things are missing and GovCloud they still have to work around.Like, I remember when I started with AWS back in 2016, right, there had been a new console, you know, the new skin that everyone's now familiar with. But that old console, if you remember that, that was in GovCloud for years afterwards. I mean, it took them at least two more years to get GovCloud to even look like the current commercial console that you see. So, it's things like that where I think AWS themselves want to keep moving forward and having to do anything with kind of that legacy platform that doesn't have all the bells and whistles is why they say, “Go get a partner [unintelligible 00:08:06] those things that aren't there yet.”Corey: That's it makes a fair bit of sense. What I was always wondering how much of this was tied to technical challenges working within those, and building solutions that don't depend upon things. “Oh, wait, that one's not available in GovCloud,” versus a lack of ability to navigate the acquisition process for a lot of governments natively in the same way that a lot of their customers can.Dmitry: Yeah, I don't think that's the case because even to get a GovCloud account, you have to start off with a commercial account, right? So, you actually have to go through the same purchasing steps and then essentially, click an extra button or two.Corey: Oh, I've done that myself already. I have a shitposting account and a—not kidding—Ministry of Shitposting GovCloud account. But that's also me just kicking the tires on it. As I went through the process, it really felt like everything was built around a bunch of unstated assumption—because of course you've worked within GovCloud before and you know where these things are. And I kept tripping into a variety of different aspects of that. I'm wondering how much of that is just due to the fact that partners are almost always the ones guiding customers through that.Dmitry: Yeah. It is almost always that. There's very few people, even in the AWS world, right, if you look at all the employees they have there, it's small subset that work with that environment, and probably an even smaller subset of those that understand what it's really needed for. So, this is where if there's not good understanding, you're better off handing it off to a partner. But I don't think it is the purchasing side of things. It really is the regulatory things and just having someone else sign off on a piece of paper, above and beyond just AWS themselves.Corey: I am curious, since it seems that people love to talk about multi-cloud in a variety of different ways, but I find there's a reality that, ehh, basically, on a long enough timeline, everyone uses everything, versus the idea of, “Oh, we're going to build everything so we can seamlessly flow from one provider to another.” Are you folks all in on AWS? Are you using a bunch of different cloud providers for different workloads? How are you approaching a cloud strategy?Dmitry: So, when you say ‘you guys,' I'll say—as AWS will always say—“It depends.” So, GTA is multi-cloud. We support AWS, we support OCI, we support Azure, and we are working towards getting Google in as well, GCP. However, on the agency side, I am encouraging agencies to pick a cloud. And part of that is because you do have limited staff, they are all different, right?They'll do similar things, but if it's done in a different way and you don't have people that know those little tips and tricks, kind of how to navigate certain cloud vendors, it just makes things more difficult. So, I always look at it as kind of the car analogy, right? Most people are not multi-car, right? You go you buy a car—Toyota, Ford, whatever it is—and you're committed to that thing for the next 4 or 5, 10 years, however long you own it, right? You may not like where the cupholder is or you need to get used to something, you know, being somewhere else, but you do commit to it.And I think it's the same thing with cloud that, you know, do you have to be in one cloud for the rest of your life? No, but know that you're not going to hop from cloud to cloud. No one really does. No one says, “Every six months, I'm going to go move my application from one cloud to another.” It's a pretty big lift and no one really needs to do that. Just find the one that's most comfortable for you.Corey: I assume that you have certain preferences as far as different cloud providers go. But I've found even in corporate life that, “Well, I like this company better than the other,” is generally not the best basis for making sweeping decisions around this. What frameworks do you give various departments to consider where a given workload should live? Like, how do you advise them to think about this?Dmitry: You know, it's funny, we actually had a call with an agency recently that said, “You know, we don't know cloud. What do you guys think we should do?” And it was for a very small, I don't want to call it workload; it was really for some DNS work that they wanted to do. And really came down to, for that size and scale, right, we're looking at a few dollars, maybe a month, they picked it based on the console, right? They liked one console over another.Not going to get into which cloud they picked, but we wound up them giving them a demo of here's what this looks like in these various cloud providers. And they picked that just because they liked the buttons and the layout of one console over another. Now, having said that, for obviously larger workloads, things that are more important, there is criteria. And in many cases, it's also the vendors. Probably about 60 to 70% of the applications we run are all vendor-provided in some way, and the vendors will often dictate platforms that they'll support over others, right?So, that supportability is important to us. Just like you were saying, no one wants code rolled out overnight and surprise all the constituents one day. We take our vendor relations pretty seriously and we take our cue from them. If we're buying software from someone and they say, “Look, this is better in AWS,” or, “This is better in OCI,” for whatever reasons they have, will go in that direction more often than not.Corey: I made a crack at the beginning of the episode where the state was founded 235 years ago, as of this recording. So, how accurate is that? I have to imagine that back in those days, they didn't really have a whole lot of computers, except probably something from IBM. How much technical debt are you folks actually wrestling with?Dmitry: It's pretty heavy. One of the biggest things we have is, we ourselves, in our data center, still have a mainframe. That mainframe is used for a lot of important work. Most notably, a lot of healthcare benefits are really distributed through that system. So, you're talking about federal partnerships, you're talking about, you know, insurance companies, health care providers, all somehow having—Corey: You're talking about things that absolutely, positively cannot break.Dmitry: Yep, exactly. We can't have outages, we can't have blips, and they've got to be accurate. So, even that sort of migration, right, that's not something that we can do overnight. It's something we've been working on for well over a year, and right now we're targeting probably roughly another year or so to get that fully migrated out. And even there, we're doing what would be considered a traditional lift-and-shift. We're going to mainframe emulation, we're not going cloud-native, we're not going to do a whole bunch of refactoring out of the gate. It's just picking up what's working and running and just moving it to a new venue.Corey: Did they finally build an AWS/400 that you can run that out? I didn't realize they had a mainframe emulation offering these days.Dmitry: They do. There's actually several providers that do it. And there's other agencies in the state that have made this sort of move as well, so we're also not even looking to be innovators in that respect, right? We're not going to be first movers to try that out. We'll have another agency make that move first and now we're doing this with our Department of Human Services.But yeah, a lot of technical debt around that platform. When you look at just the cost of operating these platforms, that mainframe costs the state roughly $15 million a year. We think in the cloud, it's going to wind up costing us somewhere between 3 to 4 million. Even if it's 5 million, that's still considerable savings over what we're paying for today. So, it's worth making that move, but it's still very deliberate, very slow, with a lot of testing along the way. But yeah, you're talking about that workload has been in the state, I want to say, for over 20, 25 years.Corey: So, what's the reason to move it? Because not for nothing, but there's an old—the old saw, “Well, don't fix it if it ain't broke.” Well, what's broke about it?Dmitry: Well, there's a couple of things. First off, the real estate that it takes up as an issue. It is a large machine sitting on a floor of a data center that we've got to consolidate to. We actually have some real estate constraints and we've got to cut down our footprint by next year, contractually, right? We've agreed, we're going to move into a smaller space.The other part is the technical talent. While yes, it's not broke, things are working on it, there are fewer and fewer people that can manage it. What we've found was doing a complete refactor while doing a move anywhere, is really too risky, right? Rewriting everything with a bunch of Lambdas is kind of scary, as well as moving it into another venue. So, there are mainframe emulators out there that will run in the cloud. We've gotten one and we're making this move now. So, we're going to do that lift-and-shift in and then look to refactor it piecemeal.Corey: Specifics are always going to determine, but as a general point, I felt like I am the only voice in the room sometimes advocating in favor of lift-and-shift. Because people say, “Oh, it's terrible for reasons X, Y, and Z.” It's, “Yes, all of your options are terrible and for the common case, this is the one that I have the sneaking suspicion, based upon my lived experience, is going to be the least bad have all of those various options.” Was there a thought given to doing a refactor in flight?Dmitry: So… from the time I got here, no. But I could tell you just having worked with the state even before coming in as CTO, there were constant conversations about a refactor. And the problem is, no one actually has an appetite for it. Everyone talks about it, but then when you say, “Look, there's a risk to doing this,”—right, governments are about minimizing risk—when you say, “Look, there's a risk to rewriting and moving code at the same time and it's going to take years longer,” right, that refactoring every time, I've seen an estimate, it would be as small as three years, as large as seven or eight years, depending on who was doing the estimate. Whereas the lift-and-shift, we're hoping we can get it done in two years, but even if it's two-and-a-half, it's still less than any of the estimates we've seen for a refactor and less risky. So, we're going with that model and we'll tinker and optimize later. But we just need to get out of that mainframe so that we can have more modern technology and more modern support.Corey: It seems like the right approach. I'm sorry, I didn't mean to frame that is quite as insulting as it might have come across. Like, “Did anyone consider other options just out of curi—” of course. Whenever you're making big changes, we're going to throw a dart at a whiteboard. It's not what appears to be Twitter's current product strategy we're talking about here. This is stuff that's very much measure twice, cut once.Dmitry: Yeah. Very much so. And you see that with just about everything we do here. I know, when the state, what now, three years ago, moved their tax system over to AWS, not only did they do two or three trial runs of just the data migration, we actually wound up doing six, right? You're talking about adding two months of testing just to make sure every time we did the data move, it was done correctly and all the data got moved over. I mean, government is very, very much about measure three, four times, cut once.Corey: Which is kind of the way you'd want it. One thing that I found curious whenever I've been talking to folks in the public sector space around things that they care about—and in years past, I periodically tried to, “Oh, should we look at doing some cost consulting for folks in this market?” And by and large, there have been a couple of exceptions, but—generally, in our experience with sovereign governments, more so than municipal or state ones—but saving money is not usually one of the top three things that governments care about when it comes to their AWS's state. Is cost something that's on your radar? And how do you conceptualize around this? And I should also disclose, this is not in any way, shape, or form intended to be a sales pitch.Dmitry: Yeah, no, cost actually, for GTA. Is a concern. But I think it's more around the way we're structured. I have worked with other governments where they say, “Look, we've already gotten an allotment of money. It costs whatever it costs and we're good with it.”With the way my organization is set up, though, we're not appropriated funds, meaning we're not given any tax dollars. We actually have to provide services to the agencies and they pay us for it. And so, my salary and everyone else's here, all the work that we do, is basically paid for by agencies and they do have a choice to leave. They could go find other providers. It doesn't have to be GTA always.So, cost is a consideration. But we're also finding that we can get those cost savings pretty easily with this move to the cloud because of the number of available tools that we now have available. We have—that data center I talked about, right? That data center is obviously locked down, secured, very limited access, you can't walk in, but that also prevents agencies from doing a lot of day-to-day work that now in the cloud, they can do on their own. And so, the savings are coming just from this move of not having to have as much locks away from the agency, but having more locks from the outside world as well, right? There's definitely scaling up in the number of tools that they have available to them to work around their applications that they didn't have before.Corey: It's, on some level, a capability story, I think, when it comes to cloud. But something I have heard from a number of folks is that even more so than in enterprises, budgets tend to be much more fixed things in the context of cloud in government. Often in enterprises, what you'll see is sprawl: someone leaves something running and oops, the bill wound up going up higher than we projected for this given period of time. When we start getting into the realm of government, that stops being a you broke budgeting policy and starts to resemble things that are called crimes. How do you wind up providing governance as a government around cloud usage to avoid, you know, someone going to prison over a Managed NAT Gateway?Dmitry: Yeah. So, we do have some pretty stringent monitoring. I know, even before the show, we talked about fact that we do have a separate security group. So, on that side of it, they are keeping an eye on what are people doing in the cloud. So, even though agencies now have more access to more tooling, they can do more, right, GTA hasn't stepped back from it and so, we're able to centrally manage things.We've put in a lot of controls. In fact, we're using Control Tower. We've got a lot of guardrails put in, even basic things like you can't run things outside of the US, right? We don't want you running things in the India region or anywhere in South America. Like, that's not even allowed, so we're able to block that off.And then we've got some pretty tight financial controls where we're watching the spend on a regular basis, agency by agency. Not enforcing any of it, obviously, agencies know what they're doing and it's their apps, but we do warn them of, “Hey, we're seeing this trend or that trend.” We've been at this now for about a year-and-a-half, and so agencies are starting to see that we provide more oversight and a lot less pressure, but at the same time, there's definitely a lot more collaboration assistance with one another.Corey: It really feels like the entire procurement model is shifted massively. As opposed to going out for a bunch of bids and doing all these other things, it's consumption-based. And that has been—I know for enterprises—a difficult pill for a lot of their procurement teams to wind up wrapping their heads around. I can only imagine what that must be like for things that are enshrined in law.Dmitry: Yeah, there's definitely been a shift, although it's not as big as you would think on that side because you do have cloud but then you also have managed services around cloud, right? So, you look at AWS, OCI, Azure, no one's out there putting a credit card down to open an environment anymore, you know, a tenant or an account. It is done through procurement rules. Like, we don't actually buy AWS directly from AWS; we go through a reseller, right, so there's some controls there as well from the procurement side. So, there's still a lot of oversight.But it is scary to some of our procurement people. Like, AWS Marketplace is a very, very scary place for them, right? The fact that you can go and—you can hire people at Marketplace, you could buy things with a single button-click. So, we've gone out of our way, in my agency, to go through and lock that down to make sure that before anyone clicks one of those purchase buttons, that we at least know about it, they've made the request, and we have to go in and unlock that button for that purchase. So, we've got to put in more controls in some cases. But in other cases, it has made things easier.Corey: As you look across the landscape of effectively, what you're doing is uprooting an awful lot of technical systems that have been in place for decades at this point. And we look at cloud and I'm not saying it's not stable—far from it—but it also feels a little strange to be, effectively, making a similar timespan of commitment—because functionally a lot of us are—when we look at these platforms. Was that something that had already been a pre-existing appetite for when you started the role or is that something that you've found that you've had to socialize in the last couple years?Dmitry: It's a little bit of both. It's been lumpy, agency by agency, I'll say. There are some agencies that are raring to go, they want to make some changes, do a lot of good, so to speak, by upgrading their infrastructure. There are others that will sit and say, “Hey, I've been doing this for 20, 30 years. It's been fine.” That whole, “If it ain't broke, don't fix it,” mindset.So, for them, there's definitely been, you know, a lot more friction to get them going in that direction. But what I'm also finding is the people with their hands on the keyboards, right, the ones that are doing the work, are excited by this. This is something new for them. In addition to actually going to cloud, the other thing we've been doing is providing a lot of different training options. And so, that's something that's perked people up and definitely made them much more excited to come into work.I know, down at the, you know, the operator level, the administrators, the managers, all of those folks, are pretty pleased with the moves we're making. You do get some of the folks in upper management in the agencies that do say, “Look, this is a risk.” We're saying, “Look, it's a risk not to do this.” Right? You've also got to think about staffing and what people are willing to work on. Things like the mainframe, you know, you're not going to be able to hire those people much longer. They're going to be fewer and far between. So, you have to retool. I do tell people that, you know, if you don't like change, IT is probably not the industry to be in, even in government. You probably want to go somewhere else, then.Corey: That is sort of the next topic I want to get into, where companies across the board are finding it challenging to locate and source talent to work in their environments. How has the process of recruiting cloud talent gone for you?Dmitry: It's difficult. Not going to sugarcoat that. It's, it's—Corey: [laugh]. I'm not sure anyone would say otherwise, no matter where you are. You can pay absolutely insane, top-of-market money and still have that exact same response. No one says, “Oh, it's super easy.” Everyone finds it hard. But please continue [laugh].Dmitry: Yeah, but it's also not a problem that we can even afford to throw money at, right? So, that's not something that we'd ever do. But what I have found is that there's actually a lot of people, really, that I'll say are tech adjacent, that are interested in making that move. And so, for us, having a mentoring and training program that bring people in and get them comfortable with it is probably more important than finding the talent exactly as it is, right? If you look at our job descriptions that we put out there, we do want things like cloud certs and certain experience, but we'll drop off things like certain college requirements. Say, “Look, do you really need a college degree if you know what you're doing in the cloud or if you know what you're doing with a database and you can prove that?”So, it's re-evaluating who we're bringing in. And in some cases, can we also train someone, right, bring someone in for a lower rate, but willing to learn and then give them the experience, knowing that they may not be here for 15, 20 years and that's okay. But we've got to retool that model to say, we expect some attrition, but they walk away with some valuable skills and while they're here, they learn those skills, right? So, that's the payoff for them.Corey: I think that there's a lot of folks exploring that where there are people who have the interest and the aptitude that are looking to transition in. So, much of the discussion points around filling the talent pipeline have come from a place of, oh, we're just going to talk to all the schools and make sure that they're teaching people the right way. And well, colleges aren't really aimed at being vocational institutions most of the time. And maybe you want people who can bring an understanding of various aspects of business, of workplace dynamics, et cetera, and even the organization themselves, you can transition them in. I've always been a big fan of helping people lateral from one part of an organization to another. It's nice to see that there's actual formal processes around that for you, folks.Dmitry: Yeah, we're trying to do that and we're also working across agencies, right, where we might pull someone in from another agency that's got that aptitude and willingness, especially if it's someone that already has government experience, right, they know how to work within the system that we have here, it certainly makes things easier. It's less of a learning curve for them on that side. We think, you know, in some cases, the technical skills, we can teach you those, but just operating in this environment is just as important to understand the soft side of it.Corey: No, I hear you. One thing that I've picked up from doing this show and talking to people in the different places that you all tend to come from, has been that everyone's working with really hard problems and there's a whole universe of various constraints that everyone's wrestling with. The biggest lie in our industry across the board that I'm coming to realize is any whiteboard architecture diagram. Full stop. The real world is messy.Nothing is ever quite like it looks like in that sterile environment where you're just designing and throwing things up there. The world is built on constraints and trade-offs. I'm glad to see that you're able to bring people into your organization. I think it gives an awful lot of folks hope when they despair about seeing what some of the job prospects are for folks in the tech industry, depending on what direction they want to go in.Dmitry: Yeah. I mean, I think we've got the same challenge as everyone else does, right? It is messy. The one thing that I think is also interesting is that we also have to have transparency but to some degree—and I'll shift; I know this wasn't meant to kind of go off into the security side of things, but I think one of the things that's most interesting is trying to balance a security mindset with that transparency, right?You have private corporations, other organizations that they do whatever they do, they're not going to talk about it, you don't need to know about it. In our case, I think we've got even more of a challenge because on the one hand, we do want to lock things down, make sure they're secure and we protect not just the data, but how we do things, right, some are mechanisms and methods. But same time, we've got a responsibility to be transparent to our constituents. They've got to be able to see what we're doing, what are we spending money on? And so, to me, that's also one of the biggest challenges we have is how do we make sure we balance that out, that we can provide people and even our vendors, right, a lot of times our vendors [will 00:30:40] say, “How are you doing something? We want to know so that we can help you better in some areas.” And it's really become a real challenge for us.Corey: I really want to thank you for taking the time to speak with me about what you're doing. If people want to learn more, where's the best place for them to find you?Dmitry: I guess now it's no longer called Twitter, but really just about anywhere. Twitter, Instagram—I'm not a big Instagram user—LinkedIn, Dmitry Kagansky, there's not a whole lot of us out there; pretty easy to do a search. But also you'll see there's my contact info, I believe, on the GTA website, just gta.ga.gov.Corey: Excellent. We will, of course, put links to that in the [show notes 00:31:20]. Thank you so much for being so generous with your time. I really appreciate it.Dmitry: Thank you, Corey. I really appreciate it as well.Corey: Dmitry Kagansky, CTO for the state of Georgia. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry, insulting comment telling me that I've got it all wrong and mainframes will in fact rise again.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
In this episode of From the Crows' Nest, we try to make sense of how to navigate the crazy labyrinth of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR) regulatory regime. Host Ken Miller is joined by friend and colleague Steven Casazza, President of Defense Trade Solutions, a company dedicated to helping clients holistically approach international defense business. Ken and Steven discuss best practices, the most common mistakes, and what needs to be done to make this process easier without compromising national security. Whether you're a US company selling abroad or a foreign company trying to do business in the US, this is an episode you don't want to miss. To learn more about today's topics or to stay updated on EMSO and EW developments, visit our homepage.
Related material Main page: https://billatnapier.medium.com/cryptography-fundamentals-8-rsa-rivest-shamir-and-adleman-445b91932bd0 RSA: https://asecuritysite.com/rsa Introduction In August 1977, The Stranglers were in the music charts with “Something Better Change” and something really was changing, and it was something that would change the world forever. This was the month that Martin Gardner in his Scientific American column, posted a challenge of a method that has stood the test of time: RSA. It related to the work of R(ivest), A(dleman) and S(hamir) and was a puzzle on their discovery of a method which allowed two keys to be created, where one could encrypt and the other to decrypt. Their work had been based on a proposal from Whitfield Diffie and Martin Hellman on trapdoor functions that could be used to create the key pair. Mathematical Puzzles introducing RSA In order to explain the RSA concept, Martin's provided a background the Diffie-Hellman method for which he outlined: Then in 1975 a new kind of cipher was proposed that radically altered the situation by supplying a new definition of "unbreakable." a definition that comes from the branch of computer science known as complexity theory. These new ciphers are not absolutely unbreakable in the sense of the one-time pad. but in practice they are unbreakable in a much stronger sense than any cipher previously designed for widespread use. In principle these new ciphers can be broken. but only by computer programs that run for millions of years! Overall the Diffie-Hellman method has had a good run, but it has struggled in recent years to keep up with the processing power for computers, and the millions of years of running is not quite the case in the modern area, and where the original ciphers could now easily be broken with the simplest of computers within minutes. With the RSA method, Martin Gardner outlined: Their work supported by grants from the NSF and the Office of Naval Research. appears in On Digital Signatures and Public-Key Cryptosystems (Technical Memo 82. April. 1977) issued by the Laboratory for Computer Science Massachusetts Institute of Technology 545 Technology Square. Cambridge Mass. 02139.The memorandum is free to anyone who writes Rivest at the above address enclosing a self-addressed. 9-by-12-inch clasp. On receipt the requesters eventually (it took over four months in many cases) received a precious piece of history (Figure ref{fig03}). RSA research paper It seems unbelievable these days, but the original methods were based on two 63-digit prime numbers that would be multiplied to create a 126-digit value: Contrast this with the difficulty of finding the two prime factors of a 125- or 126-digit number obtained by multiplying two 63-digit primes. If the best algorithm known and the fastest of today's computers were used, Rivest estimates that the running time required would be about 40 quadrillion years' A 256-bit number, at its maximum, generates 78-digits: 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665, 640,564,039,457,584,007,913,129,639,936 Web: https://asecuritysite.com/encryption/keys3 The 40 quadrillion years has not quite happened, and where 512-bit keys are easily broken in Cloud. If you are interested, here is a 512-bit integer value and which has 148 digits, such as: 13,407,807,929,942,597,099,574,024,998,205,846,127,479,365,820,592,393,377,723,561,443,721,764,030,073,546,976,801,874,298,166,903,427,690,031,858,186,486,050,853,753,882,811,946,569,946,433,6 49,006,084,096 web: http://asecuritysite.com/encryption/random2 The search for prime numbers, too, has been progressive since 1977, and by 2014, the world discovered a 17,425,170-digit prime number. The finding of prime numbers make the finding of them in the RSA method must easier. So the RSA method has been under attack for years, from both discovering prime numbers and also in factorizing. Along with this computing power has increased massively. If think that 40 years that have passed, and take a quick assumption that computing power doubles every year then we get: 1977 4 Quadrillion Years (4,000,000,000,000,000)1978 2 Quadrillion Year1979 1 Quadrillion Year…2020 227 years2021 113 years2022 57 years2023 28 years and if we get a GPU card with 4,000 processors, we take it to less than a year, and we get of few of them today into a cluster, and we crack it within one day! The FREAK vulnerability was actually caused by the limiting of RSA keys, due to US Export controls, to 512-bits. The factorising of prime numbers too has generated methods which can quickly find the prime number factors The Tension of Crypto and Academic Freedom Once Martin had published the article, the requests for the article came rushing in, especially as the paper had not yet appeared in the Communication of the ACM. Initially there were 4,000 requests for the paper (which rose to 7,000), and it took until December 1977 for them to be posted. Why did it take so long to get the paper published and also to send them out? Well the RSA method caused significant problems within the US defence agencies. This was highlighted in a letter sent from J.A.Meyer to the IEEE Information Theory Group on a viewpoint that cryptography could be violating the 1954 Munitions Control Act, the Arms Export Control Act, and the International Traffic in Arms Regulations (ITAR), and could thus be viewed equivalent to nuclear weapons. In even went on to say that: Atomic weapons and cryptography are also covered by special secrecy laws The main focus of the letter was that any work related to cryptography would have to be cleared by the NSA before publication. In fact, the letter itself had been written by Joseph A Meyer, an employee of the NSA. Joseph had already been embroiled in controversy with a proposal to fit a tracking device to the 20 million US citizens who had been associated with crime. The tag would then be used to monitor the location of the “subscriber”, and to detect when they broke a curfew or committed a crime. In this modern era of GPS tracking of everyone's phones, Joseph's dream has actually become a reality, but now everyone is monitored. The RSA team thus had a major dilemma, as many of the requests for the paper come from outside the US. Martin Hellman, who was a co-author of the Diffie-Hellman method, had already had problems with ITAR, and even decided to present thep aper himself in 1977 at Cornell University rather than the practice of letting his PhD students present the work. His thinking was that the court case would be lengthy, and that it would damage his PhD student's studies (Ralph Merkle and Steve Pohlig), and so he stood up for academic freedoms. Initially the students wanted to present their work, but their families did not think it a good idea. Eventually though, Ralph and Steve stood beside Hellman on the stage to present the paper, but did not utter a word. With this stance the cryptographers held ground, and hoped that a stated exemption on published work within ITAR would see them through. The worry, though, did delay the paper being published, and for the posting of the article. In reply to Meyer's letter, the IEEE stood its ground on their publications being free of export licence controls, with the burden of permissions placed on the authors: RSA research paper and then additional response from the IEEE saying they put in place safeguards for the publishing of material. The scope of the impact of RSA was perhaps not quite known at the time with Len Adleman stating: I thought this would be the least important paper my name would ever appear on In fact, Adleman has said that he did not want his name on the paper, as he had done little work on it, but he did insist that his name went last. Often papers, too, have an alphabet order, and if so the method could have been known as the ARS method … not the kind of thing that you would want to say to audiences on a regular basis. RSA Within cryptography we typically use non-negative integer values, and perform integer operations. The challenge in public key encryption is to find a method which is computationally difficult for a computer to solve, if it does not know a given secret (normally the private key). One such problem is the difficulty in factorizing a value made up of the multiplication of two large prime numbers. In RSA, we take two large prime numbers — typically at least 512 bits long — and then multiply these together to create a modulus value, (N) (often at least 1,024 bits long). From this, we then derive a public exponent (e) and a modulus. The modulus N is thus determine by multiplying the two prime numbers (p and q): N = p x q The core challenge here is that it should be extremely difficult (and costly) to determine the two prime numbers which make up N. Next we select the value of our encryption key value for the public key (e). This is selected so that N and e do not share any factors: gcd(e,PHI)=1, and where PHI = (p-1)(q-1) This is known as Euler's totient function. The most typical value we use for e is 65,537 (0x10001). To produce a cipher (C), we convert our message into the form of an integer (M) and then use e and N to give: C = M^e mod N To decrypt this, we take the cipher (C), and recover the message value using the decryption exponent (d) and the modulus (N): M = C^d mod N To make RSA work, we then need to calculate the private exponent (d) to obey: (d x e) mod{PHI} = 1 and where phi is: PHI = (p-1)(q-1) We determine d by determining the inverse of e modulus phi: d = e^{-1} pmod {phi} So let's take p=11 and q=7, and pick e of 3. N will be: N=p.q = 77 PHI is 6x10=60 We can't pick e of 3 or 5, so we will pick e=7. Now we compute the decryption exponent of d = e^{-1} mod (PHI) >>> pow(7,-1,60) 43 If we select a message of 19, we get a cipher of: C=19⁷ (mod 77) = 68 Now to decrypt: M= 68⁴³ (mod 77) = 19 Our public key is then (e,N) and the private key is (d,N). The usage of the (mod N) operation is the magic that makes this work. Unfortunately, the RSA method has suffered from performance issues as we have increased the size of the prime numbers used. Thus, if researchers can crack a modulus of 1,024 bits, they will factorize the two 512-bit prime numbers used. At the current time, a public modulus of 2,048 bits is recommended. So while a modulus of this size is acceptable within a powerful computer, devices which have limited CPU resources often struggle in creating the keys, and in the encryption and decryption process. RSA Signatures With the mathematical operations involved, RSA is hardly ever used for core encryption, as symmetric key methods are much more efficient in their implementation. But it is fairly efficient when dealing with relatively small data sizes, such as for a symmetric key (typically only 128 bits or 256 bits long). For this, Alice might protect a symmetric key with her public key, and whenever she needs to use it, she will decrypt it with her private key. Another area where we use RSA is to take a hash of a message, and then encrypt this with the private key. As the hash is relatively small (such as 128 bits, 160 bits or 256-bits), it is relatively efficient on the use of the computing resources. Where public key encryption methods come in most use is within creating digital signatures, and where Bob can take a hash of a message, and then encrypt this hash with his private key. Alice can then also take a hash of the received message, and decrypt Bob's encrypted hash with his public key, and compare the values produced. If they match, she determines that it was Bob who sent the message and that it has not been changed by anyone. In Figure ref{fig_trust03} we see that Bob has a key pair (a public key and a private key). He takes a hash of the message and encrypts with his private key, and then appends this to the message. This and then message will be encrypted by the symmetric key that Bob and Alice share (typically this is either a long-term shared key, or has just been negotiated through a hand-shake). When she receives the ciphered message, she decrypts it with the shared symmetric key, and then takes her own hash of the message. She also decrypts the encrypted hash using Bob's public key, and then compares the hashes. As the public key and the private key work together, only the signing by Bob's private key will reveal the hash with his public key. Alice can then tell that the message has not been changed — as the hash would change if Eve has modified it — and that it was produced by Bob (and not by Eve pretending to be Bob). Obviously, we now have a problem in how we get Bob's public key. An important element here, is that they have to find a way for Bob to send Alice her public key in a trusted way, so that Eve cannot intercept it, and change the keys. For this, we introduce Trent, and who is trusted by Bob and Alice to prove their keys. For this Trent signs the public key of Bob with his private key, and then Alice uses Trent's public key to prove Bob's public key. For a few decades, RSA has been the main method in supporting public key encryption. We often use it when we connect to a secure Web site, and where the RSA method is used to prove the identity of the Web site. In this case the RSA public key of the site is presented to the user in the form of a digital certificate — and which is signed by a trusted source. The Web site can then prove its identity by signing a hash of the data with its private key, and the client can check this. A typical size of the public modulus is now 2,048 bits (created by two 1,024 bit prime numbers), and with some sites supporting 4,096 bits. So while desktop computers have the processing power to cope with these large numbers, less able devices (such as for low processing powered IoT — Internet of Things — devices) will often struggle to perform the necessary calculations. Simple example So let's take a simple implementation of RSA key generation, encryption and decryption. In this case the code is: Web: https://asecuritysite.com/encryption/rsa12 In this case, we generate two random prime numbers ($p$ and $q$) for a given number of bits. The more bits we use, the more secure the method is likely to be, as an increase in the number of bits increases the number of prime numbers that can be searched for. Once we have these, we then determine the public modulus ($N$) by multiplying the prime numbers together. The difficulty of the problem is then factorizing this modulus back into the prime numbers. If we have the public modulus, it is fairly simple to then find the decryption exponent value. In most modern examples of RSA, we select a public exponent value ($e$) of 65,537, and so our encryption key becomes $(65,537,N)$. The decryption exponent ($d$) is then the inverse of $e pmod {phi}$ (and where $phi=(p-1)(q-1)$). from Crypto.Util.number import *from Crypto import Randomimport Cryptoimport libnumimport sysbits=60msg="Hello"p = Crypto.Util.number.getPrime(bits, randfunc=Crypto.Random.get_random_bytes)q = Crypto.Util.number.getPrime(bits, randfunc=Crypto.Random.get_random_bytes)n = p*qPHI=(p-1)*(q-1)e=65537d=libnum.invmod(e,PHI)## d=(gmpy2.invert(e, PHI))m= bytes_to_long(msg.encode('utf-8'))c=pow(m,e, n)res=pow(c,d ,n)print ("Message=%snp=%snq=%snnd=%dne=%dnN=%snnPrivate key (d,n)nPublic key (e,n)nncipher=%sndecipher=%s" % (msg,p,q,d,e,n,c,(long_to_bytes(res))))end{lstlisting} A test run using 60-bit prime numbers is: Message=hellop=242648958288128614541925147518101769011q=299356840913214192252590475232148200447N=72638625604016464006874651287120524699932001616388639276131104258310920947917cipher=5847803746095553957863305890801268831081138920772806292673259864173015661385decipher=hello Conclusions RSA has been around for over 46 years, and is still going strong. It can encrypt and it can sign. While the prime numbers involved has got larger, and it needs to have padding applied, it is still one of the best public key methods around, and well used on the Web.
In recent news, the United States and the Dutch government have announced tighter regulations on exports of certain circuit boards and semiconductor chips to China. Tom Dunlap discusses the importance of understanding three essential rules for exporting and importing from the United States.Export Administration Regulations (EAR): Deals with commercial goods and non-controlled, non-military items.International Traffic in Arms Regulations (ITAR): Involves the US Munitions List (USML) and is more stringent, aimed at preventing military-use items from reaching unfriendly foreign countries.Office of Foreign Assets Control (OFAC): Administers economic sanctions against countries and individuals, making it vital to check for prohibited items and persons when dealing with exports to certain countries.To find more information, one can visit export.gov, the state department's website, or the OFAC website. It's crucial to seek advice from an attorney or an expert in ITAR, EAR, and OFAC Rules before exporting anything of potential military value, such as software or items related to space.Overall, understanding these regulations is essential to comply with export and import requirements properly.
Join us as we discuss the U.S. export control system and how it affects your business. This episode provides essential information about the U.S. Export Administration Regulations (EAR), International Traffic in Arms (ITAR), and regulations within OFAC to help reduce your risk of violating these federal laws. Our guest, Jennifer Saak of Traliance, covers export control concepts one needs to understand in order to execute core business operations at a manufacturer, research & development facility, or university in a compliant manner. She provides our audience with an understanding of the basis and scope of the EAR, ITAR, and OFAC; a look at managing license requirements and practical concepts for implementing export controls compliance procedures. We also go into some tips on how to get assistance if you don't know where to start when it comes to getting started with compliance programs. Host: Andy Shiles: https://www.linkedin.com/in/andyshiles/ Host: Lalo Solorzano: https://www.linkedin.com/in/lalosolorzano/ Producer: Juliza Sofia Giron: https://www.linkedin.com/in/juliza-sofia-giron/ Show references: Global Training Center - www.GlobalTrainingCenter.com Simply Trade Podcast - twitter.com/SimplyTradePod Jennifer Saak - https://www.linkedin.com/in/jennifersaak/ Traliance - https://traliance.com/ Contact SimplyTrade@GlobalTrainingCenter.com or message @SimplyTradePod for: Advertising and sponsoring on Simply Trade Requests to be on the show as guest Suggest any topics you would like to hear about Simply Trade is not a law firm or an advisor. The topics and discussions conducted by Simply Trade hosts and guests should not be considered and is not intended to substitute legal advice. You should seek appropriate counsel for your own situation. These conversations and information are directed towards listeners in the United States for informational, educational, and entertainment purposes only and should not be In substitute for legal advice. No listener or viewer of this podcast should act or refrain from acting on the basis of information on this podcast without first seeking legal advice from counsel. Information on this podcast may not be up to date depending on the time of publishing and the time of viewership. The content of this posting is provided as is, no representations are made that the content is error free. The views expressed in or through this podcast are those are the individual speakers not those of their respective employers or Global Training Center as a whole. All liability with respect to actions taken or not taken based on the contents of this podcast are hereby expressly disclaimed.
Blackbaud released its financial results for its second quarter ended June 30, 2022. Second quarter total revenue increased 15.5% year-over-year with the first half of 2022, while non-GAAP organic recurring revenue increased 5.1%. IFS reported its financial results for H1 as of June 30, 2022, with its share of recurring revenue reaching 71% of total revenues and H1 2022 software revenue grew 22% over H1 2021. Salesforce announced Composable Storefront, a fully customizable, headless digital storefront. Features include best-in-class integrations, pricing, and implementation accelerators from across the Salesforce ecosystem, all anchored by Commerce Cloud. QAD introduced the Elevate Program, which provides its ERP customers a simplified upgrade path to QAD adaptive ERP through a rapid, low-cost, automation-powered approach. QAD's program leverages knowledgeable QAD consultants to upgrade to the QAD Cloud in less than six months. ECI Software Solutions, a provider of cloud-based business management solutions, released M1 ITAR – a cloud-based platform for manufacturers who serve the U.S. government's aerospace and defense needs to assist in maintaining compliance with the International Traffic in Arms Regulations (ITAR). Leveraging Microsoft Azure for U.S. Government and AWS GovCloud, M1 ITAR helps manufacturers grow their business capabilities and maintain data in a secure cloud environment.https://www.erpadvisorsgroup.com866-499-8550LinkedIn:https://www.linkedin.com/company/erp-advisors-groupTwitter:https://twitter.com/erpadvisorsgrpFacebook:https://www.facebook.com/erpadvisorsInstagram:https://www.instagram.com/erpadvisorsgroupPinterest:https://www.pinterest.com/erpadvisorsgroupMedium:https://medium.com/@erpadvisorsgroup
Are Covid lockdowns over? The World Health Organization now says we should lift or ease international traffic bans. | Frommer's
Support us on Patreon! News Discussed: Navalny jailed in Russia (also many protests) Successful Coup in Myanmar AZ vaccine less effective against South Africa variant Gina Carano got cancelled for being red tribe Justice Department investigating SpaceX following complaint of hiring discrimination The International Traffic in Arms Regulations (ITAR) Happy News! US is getting vaccines sooner than expected Covid-19 Vaccine Efforts Get a Boost From Black Communities' Pastors Promising weight loss drug Got something to say? Come chat with us on the Bayesian Conspiracy Discord or email us at themindkillerpodcast@gmail.com. Say something smart and we'll mention you on the next show! Follow us! RSS: http://feeds.feedburner.com/themindkiller Apple: https://podcasts.apple.com/us/podcast/the-mind-killer/id1507508029 Google: https://play.google.com/music/listen#/ps/Iqs7r7t6cdxw465zdulvwikhekm Pocket Casts: https://pca.st/vvcmifu6 Stitcher: https://www.stitcher.com/podcast/the-mind-killer Intro/outro music: On Sale by Golden Duck Orchestra This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit mindkiller.substack.com/subscribe
Be unmovably reasonable If a lawyer says it, it must be true! Today we speak with Matthew Larosiere, the Director of Legal Policy at the Firearms Policy Coalition. We discuss why 3D printed guns are protected free speech and the International Traffic in Arms Regulations (ITAR) is unconstitutional against individuals. Matt explains how Heller and […]
What's the difference between ITAR and EAR for space companies? When do the International Traffic in Arms Regulations apply instead of the Export Administration Regulations? Join Cold Star Tech president Jason Kanigan in a brief look at these export regulations and how they are applied. You'll likely hear some surprising things about how ITAR and EAR apply to space companies. I am not an attorney and this is not legal or "professional" advice. All views expressed are my own. Sign up for "Make Space Boring" updates by email: https://www.coldstartech.com/msb
The International Traffic in Arms Regulations (ITAR) regulatory system should be familiar to you if your company is involved in buying or selling services or goods on the United States Munitions List (USML). If you are manufacturing, exporting, distributing or acting as a broker for defense-related items, goods, or data you must be ITAR compliant. Failure to comply can not only ruin your day – it can kill your business. The purpose of the ITAR is to safeguard the security of the US and its allies by controlling the movement of defense-related goods and technologies. The USML has 21 categories of items covered by the ITAR ranging from firearms to missiles, explosives, and biological agents. Arms manufacturers tend to be fully aware of the ITAR compliance rules, but smaller companies can get into trouble when they deal in “dual-use” items that are not primarily intended for military use. For example, an electronic device that’s designed for civilians may also be used in a piece of military equipment – and could trigger a need for ITAR compliance. What Does “Compliance” Involve? As a first step, your company must be registered with the Directorate of Defense Trade Controls (DDTC). By registering with DDTC, you are acknowledging that you understand all of the ITAR requirements and are compliant. The onus is on you to be familiar with the regulations and abide by them. This includes knowing who you can (and can’t) do business with. Upon registration, you’ll pay a fee and be issued with a license or authorization to deal with goods and services governed by the ITAR. Compliance also means following all the necessary steps to prevent the transfer of USML restricted goods, services and technologies to foreign nationals – either within the US or overseas. This requirement includes any defense articles, defense services, or defense-related technical data. Your data needs to be closely guarded and protected, which can be a real challenge for companies that regularly transfer sensitive information over the internet and store data overseas. What Kind of Trouble Could I Get Into? The State Department is extremely serious about controlling the manufacture and export of items on the United States Munitions List. This list, however, contains many goods, services, and technologies that may not be traditionally classified as “military items”. This includes things like commercial satellites, certain photography lenses, and chemicals used on the civilian market. Most importantly, it’s not just the end product that’s restricted – the ITAR applies to all of the components that went into making the final product. If you are found to be in violation of the ITAR, you can face civil fines of up to $500,000, criminal fines of $1,000,000, and be imprisoned for up to 10 years per violation. Before the DDTC comes calling, talk to an experienced attorney with expertise in ITAR compliance. Determine whether or not your company is dealing with goods or services on the USML. If you do, in fact, provide goods or services on the USML, immediately seek legal advice on how to ensure you’re ITAR compliant. This will include not only registering with the DDTC but also becoming fully aware of all the measures you are required to take in order to stay on the right side of the regulations. When it comes to the ITAR, it’s always better to be safe than very, very sorry. https://www.dbllawyers.com/the-itar-and-you/
Just because you’ve built an awesome international e-commerce shop or lead generation website doesn’t mean any of your prospects are going to find it. In this episode of UK Export Advice we’re talking about how to target your international prospects with paid advertising and get them to find and engage with your online offering. My name is David James and once again I’m talking to Charlie Ruigrok, Digital Trade Advisor at the Department for International Trade. You can subscribe to the podcast by searching for UK Export Advice on iTunes or your favourite podcast app. However if you really want to get the most of what we can offer do visit our website http://ukexportadvice.co.uk/ and put your email in the sign up box. We’ll send you every episode of UK Export Advice straight to your inbox along with our quick guide to exporting which includes more resources and contact details for most of our guests. My name is David James do look me up on LinkedIn https://www.linkedin.com/in/davidjamescommunications/ and I look forward to speaking to you next week when we’ll be talking to Susan Hallam of Hallam Internet about how to use LinkedIn for B2B marketing for exporters, it’s going to be a great episode.
Companies involved in the export and import of defense products and services face significant risks surrounding compliance with the International Traffic in Arms (ITAR) statute and regulations. The US State Department's Directorate of Defense Control (DDTC) tightly regulates the defense industry and aggressively enforces ITAR rules and regulations. In this episode, Michael Volkov interviews Colleen Hurson, Of Counsel at The Volkov Law Group, who specializes in ITAR compliance and enforcement matters. Colleen can be reached at churson@volkovlaw.com.
Hey everyone, welcome back to Bionic Bug podcast! You’re listening to episode 16. This is your host Natasha Bajema, fiction author, futurist, and national security expert. I’m recording this episode on August 5, 2018. First off, I have a personal update. Next weekend, I’m headed to the Writer’s Policy Academy in Green Bay Wisconsin. I’ll be participating in two days of an interactive and educational hands-on experience led by police detectives and officers and designed for writers to enhance their understanding of all aspects of law enforcement, firefighting, EMS, and forensics. I’m currently signed up for hands-on sessions on high-speed pursuits, a car set ablaze and door entry/breaching among other things. Stay tuned for my read out in a few weeks. Let’s talk tech news. It’s been an “exciting” week for emerging technologies and their potential risks. 3D printing made the headlines across the country this week, even making it onto the daily show with Trevor Noah. In truth, this is a threat that has been building for more than six years that has largely remained off the public’s radar. This week, a legal battle broke out with 19 states pitted against the State Department and Defense Distributed. In 2012, Cody Wilson, a second year law student at the University of Texas, and his friends got together and named themselves “Defense Distributed” and launched the “Wiki Weapon Project.” The idea was to create a gun that anyone could easily make at home. They used a crowdfunding website to raise funds to develop a 3D printed plastic gun that can be printed by a low-cost, open source 3D printer known as the RepRap. The group successfully produced a plastic gun capable of firing a .22 caliber bullet in 2013. The gun is called “The Liberator”. Cody Wilson and his friends uploaded the blueprint online. The design has two metal components the firing pin and a small piece of steel. The steel part is designed to make the gun detectable with a metal detector. The U.S. Undetectable Firearms Act prohibits weapons that don't set off a metal detector. The design was downloaded 100,000 times in just two days before the State Department stepped in, demanding the removal of the blueprint from the website under the International Traffic in Arms Regulations (ITAR), which governs the export of munitions. Wilson took down the blueprint, but it soon became available on disreputable file-sharing websites such as The Pirates Bay and on the Dark Web. Since this development, many more gun designs have been made available online. So why now? In 2015, Cody Wilson and Defense Distributed filed a law suit against the State Department, claiming his First Amendment rights were being infringed. The State Department settled with Wilson last month, allowing Defense Distributed to release the designs online for downloading. On Tuesday, a federal judge in Seattle granted a temporary restraining order to stop the posting of blueprints that would have legally allowed Americans to make 3D-printed guns in their own homes. Let’s unpack the issues. These guns are called “ghost guns” because they have no serial numbers, untraceable, undetectable They are homemade. Anyone with access to the Internet can download the blueprint and then print the parts using a cheap 3D printer. These guns are not entirely undetectable. “The TSA Has Found 3D-Printed Guns at Airport Checkpoints 4 Times Since 2016” The designs include a small metal part that can be detected by metal detectors. It remains illegal to develop guns that cannot be detected. I’m not sure if I understand why everyone is freaking out about this new development. We already have a gun accessibility problem in this country. Practically anyone can get access to weapons in the U.S., even semi-automatic weapons, including criminals. Plastic guns are not nearly as effective and run the risk of exploding after multiple shots.
Thank you to guest moderator Harvey Rishikof. The black letter law discussed in this episode is: Office of Foreign Assets Control https://www.treasury.gov/about/organizational-structure/offices/Pages/Office-of-Foreign-Assets-Control.aspx International Traffic in Arms Regulation https://www.pmddtc.state.gov/regulations_laws/itar.html Verizon Data Breach Investigations Report (2017) http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/ DOJ announced charges in Yahoo hack https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions US critical infrastructure sectors https://www.dhs.gov/critical-infrastructure-sectors US Senate considered banning auto dial phones (1932) https://www.senate.gov/artandhistory/history/minute/Senate_Considers_Banning_Dial_Phones.htm Carpenter v. United States (including oral arguments) https://www.oyez.org/cases/2017/16-402 Amicus brief filed by technology experts including Verizon http://www.scotusblog.com/wp-content/uploads/2017/08/16-402-tsac-technology-experts.pdf 4th Amendment https://www.law.cornell.edu/constitution/fourth_amendment Smith v Maryland 442 U.S. 735 (1979) on 3rd Party Doctrine https://www.oyez.org/cases/1978/78-5374 ABA Journal and Patriots Debate discussion on 3rd Party Doctrine http://www.abajournal.com/magazine/article/the_data_question_should_the_third-party_records_doctrine_be_revisited/ United States v. Jones 132 S.Ct. 945 (2012) https://www.oyez.org/cases/2011/10-1259 Craig Silliman is the Executive Vice President for Public Policy and General Counsel at Verizon http://www.verizon.com/about/our-company/executive-bios/craig-silliman
AWS GovCloud (US) is an isolated AWS Region designed to help US government agencies and highly regulated organizations meet their compliance needs, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud (US) makes it safe and easy to move sensitive data and regulated IT workloads to the cloud, through its adherence to numerous compliance and regulatory requirements. Join us to learn about AWS GovCloud (US) and how AWS can do the heavy lifting for your government agency or regulated enterprise.
EP103 GunBlog VarietyCast - [BLEEP]ing [BLEEP]ers and their [BLEEP]y Bad-Faith Backdoor Tactics Felons Behaving Badly - Woman sought after 2 dead in shootout during Cumberland County robbery Main Topic - ITAR Power Grab The Bridge - Americans are Dumb? Blue Collar Prepping - Why Prep? This Week in Anti-Gun Nuttery - Mass AG Healey Digs In Plug of the Week - Auphonic Our Sponsor - http://www.lawofselfdefense.com/variety Felons Behaving Badly Woman sought after 2 dead in shootout during Cumberland County robbery - http://wncn.com/2016/07/18/2-killed-in-cumberland-county-attempted-robbery-shootout-woman-wanted-for-questioning/ Suspect 1 - http://webapps6.doc.state.nc.us/opi/viewoffender.do?method=view&offenderID=0633481&searchLastName=Bowman&searchFirstName=Brandon&listurl=pagelistoffendersearchresults&listpage=1 Victim 2 - http://webapps6.doc.state.nc.us/opi/viewoffender.do?method=view&offenderID=0892920&searchLastName=Melvin&searchFirstName=Travis&listurl=pagelistoffendersearchresults&listpage=1 The Main Topic - The State Department, ITAR, and Gunsmiths ITAR - https://en.wikipedia.org/wiki/International_Traffic_in_Arms_Regulations Benjamin M. Blatt, Attourney at Law - https://www.facebook.com/hoosierattorney Applicability of the ITAR Registration Requirement to Firearms Manufacturers (Publish).pdf - https://cdn.fbsbx.com/v/t59.2708-21/13691881_1368514966498222_1579812427_n.pdf/Applicability-of-the-ITAR-Registration-Requirement-to-Firearms-Manufacturers-Publish.pdf?oh=c3b57f2a9d6263a31554041299a76849&oe=57A6514F&dl=1 eCFR ITAR Munitions list.pdf - https://cdn.fbsbx.com/v/t59.2708-21/13711192_10104206500875595_894041325_n.pdf/eCFR-ITAR-Munitions-list.pdf?oh=4139c43a3d26cc44bbaf3a0202b92a36&oe=57A657E2&dl=1 Firearm & Ammunition Excise Tax (FAET) - https://cdn.fbsbx.com/v/t59.2708-21/13586789_10104224358334105_1778550122_n.pdf/If-You-Thought-ITAR-Was-BadFirearm-and...hing-Taxes-_-Prince-Law-Offices-P.pdf?oh=186f32d4723658b821dc3402658c0755&oe=57A6141F&dl=1 Prince Law - http://www.princelaw.com/ The Bridge - Americans are Dumb? How a Secretive Branch of ISIS Built a Global Network of Killers - http://www.nytimes.com/2016/08/04/world/middleeast/isis-german-recruit-interview.html?_r=0 Blue Collar Prepping - Why Prep? What good is it going to do to prepare for the end of the world? Doesn’t your family think you’re crazy? Why are you so selfish? So where can we learn more about prepping? This Week in Anti-Gun Nuttery - Mass AG Healey Digs In AG Healey Defends Letter On Mass. Gun Regulations http://www.wbur.org/radioboston/2016/07/28/healey-gun-regulations No, There Has Not Been a Mass Shooting Every Day This Year – http://www.motherjones.com/politics/2015/12/no-there-were-not-355-mass-shootings-this-year Plug of the Week Auphonic - https://auphonic.com Auphonic Introduction Video - https://youtu.be/Y6uXP-MGt8I
Sanjay Mullick concentrates his practice in export controls, economic sanctions, international dispute resolution and international trade regulation. He is a member of the firm's India practice and is located in the Washington, DC office. Mr. Mullick has a broad range of experience providing counsel to companies on export control matters administered by the Bureau of Industry and Security (BIS) under the Export Administration Regulations (EAR), the Directorate of Defense Trade Controls (DDTC) under the International Traffic in Arms Regulations (ITAR), the Department of Energy’s rules on nuclear exports under Part 810, as well as economic sanctions administered by the Office of Foreign Assets Control (OFAC). He also assists clients with compliance matters concerning foreign trade zones (FTZ) and foreign lobbying rules under the Foreign Agents Registration Act (FARA).
I spoke with Bill O'Brien, the chief operating officer at Brainloop, a cloud-based document management, storage, and collaboration software company. We discussed Brainloop's technology, with a specific focus on how it helps clients ensure compliance with ITAR (International Traffic in Arms Regulations), the ramifications of not adhering to ITAR, and his predictions for the future of cybersecurity in the legal industry.
I spoke with Bill O’Brien, the chief operating officer at Brainloop, a cloud-based document management, storage, and collaboration software company. We discussed Brainloop’s technology, with a specific focus on how it helps clients ensure compliance with ITAR (International Traffic in Arms Regulations), the ramifications of not adhering to ITAR, and his predictions for the future of cybersecurity in the legal industry.
I spoke with Bill O’Brien, the chief operating officer at Brainloop, a cloud-based document management, storage, and collaboration software company. We discussed Brainloop’s technology, with a specific focus on how it helps clients ensure compliance with ITAR (International Traffic in Arms Regulations), the ramifications of not adhering to ITAR, and his predictions for the future of cybersecurity in the legal industry.
I spoke with Bill O’Brien, the chief operating officer at Brainloop, a cloud-based document management, storage, and collaboration software company. We discussed Brainloop’s technology, with a specific focus on how it helps clients ensure compliance with ITAR (International Traffic in Arms Regulations), the ramifications of not adhering to ITAR, and his predictions for the future of cybersecurity in the legal industry.
I spoke with Bill O’Brien, the chief operating officer at Brainloop, a cloud-based document management, storage, and collaboration software company. We discussed Brainloop’s technology, with a specific focus on how it helps clients ensure compliance with ITAR (International Traffic in Arms Regulations), the ramifications of not adhering to ITAR, and his predictions for the future of cybersecurity in the legal industry.
© 2020-2025 Ivy Podcast Discovery LLC
