12th Annual Advanced Forum on Global Encryption, Cloud & Cyber Export Controls - DS by C5Group

All Secure

WORRY FREE

C5’s All Secure Safety Plan

Registration

GUARANTEE

12th Annual Advanced Forum on

GLOBAL ENCRYPTION, CLOUD & CYBER EXPORT CONTROLS

Book with Confidence!

LEARN MORE

March 30–31, 2022 • Marines' Memorial Club & Hotel • San Francisco, CA + Livestream Option Available EARN CLE

The only comprehensive, practical event on U.S. and international regulatory changes affecting your program and compliance strategy GOVERNMENT FACULTY: G. Tom Winterhalter, Jr. Supervisory Special Agent Federal Bureau of Investigation – Cyber Division Beau Woods Senior Advisor and Strategist, Cyber Security and Infrastructure Security Agency (CISA) U.S. Department of Homeland Security

ALSO LEARN AND BENCHMARK WITH: y Arconic y Boeing y Cardinal Health y Cisco y Cognizant y Electronic Frontier Foundation

y General Atomics Aeronautical Systems y Intel y Microsoft y Rapid7 y Salesforce

CREDITS

NEW, INDUSTRY-DRIVEN DISCUSSIONS FOR 2022: CHINA

COMBATTING RANSOMWARE

China’s New Data Security and Export Control Laws: The Finer Points of Navigating Grey Areas Affecting Data Transfers, Classification and More High Stakes Issues

Foundational mitigation recommendations from the Ransomware Task Force

EUROPEAN UNION

AI, BCI and more technological perspectives around the next wave of export controls

The Recast in Real Life: The Most Critical Takeaways from The New EU Dual-Use Regulations and New Catch-All Cyber Surveillance Clause

THE PRACTICAL IMPACT OF 2021 EAR/ITAR CHANGES Modified self-classification requirements and leveraging ITAR encryption carveouts

EMERGING TECHNOLOGIES

HUMAN RIGHTS: A DRONE SURVEILLANCE CASE STUDY Assessing the public policies and human rights impacts of Chinese drone maker, DJI ASSOCIATE SPONSORS:

THE INTERIM FINAL “INTRUSION SOFTWARE” RULE Results of BIS’ stakeholder engagement exercise, inviting industry comments on the expected impacts of this rule

AmericanConference.com/Encryption • 888 224 2480

a C5 Group Company Business Information in a Global Context

Speaker Faculty Andrés Arrieta Director of Consumer Privacy Engineering Electronic Frontier Foundation Matt Bell Global Practice Leader, Export Controls, Sanctions & Trade FTI Consulting Cindy Cohn Executive Director Electronic Frontier Foundation Melissa Duffy Partner, Trade and National Security Fenwick & West LLP Daniel Fisher-Owens Partner Berliner Corcoran & Rowe LLP Marwa Hassoun Partner Arent Fox LLP Keith Huffman Chief Legal Counsel, Export Controls U.S. SAP Kostas Katsoulis Director – Global Trade Compliance Cardinal Health (Switzerland)

Thea D. Rozman Kendler Assistant Secretary of Commerce for Export Administration U.S. Department of Commerce

Sarah O'Hare O'Neal Partner, Associate General Counsel, Global Trade Microsoft

Sven De Knop Partner Sidley Austin LLP (Belgium)

Jeff Rittener Chief Trade Officer, General Manager, International Trade Group Intel

David Kovar Founder and CEO URSA Inc. Mathilde Latour Global Export Trade Corporate Counsel Cisco (France) Josephine Aiello LeBeau Partner Wilson Sonsini Goodrich & Rosati Yan Luo Partner Covington & Burling (China) Laura Molinari Director, Global Trade Policy Boeing Christopher Millward President and Managing Director United States Information Technology Office (USITO) (China)

Waqas Shahid Senior Managing Director Ankura Consulting

Caroline Murray Walsh Senior Director & Associate General Counsel, Enterprise Services Global Trade Raytheon Technologies Randy Wheeler Regulatory Consultant Akin Gump Strauss Hauer & Feld LLP G. Tom Winterhalter, Jr. Supervisory Special Agent Federal Bureau of Investigation – Cyber Division

Arthur Shulman Senior Director, International Trade Compliance General Atomics Aeronautical Systems

Kevin J. Wolf Partner Akin Gump Strauss Hauer & Feld LLP

Julia Slovak Senior Manager, Global Trade Salesforce Leesa Smith-Papier Chief of Staff, Under Secretary of Defense for Intelligence U.S. Department of Defense

Beau Woods Senior Advisor and Strategist, Cyber Security and Infrastructure Security Agency (CISA) U.S. Department of Homeland Security

Megan Stifel Chief Strategy Officer Institute for Security and Technology (IST)

Wendy Wysong Partner Steptoe & Johnson LLP (Hong Kong)

Roszel C. Thomsen II Partner Thomsen and Burke LLP

MEDIA & ASSOCIATION PARTNERS:

RAVE REVIEWS FROM PAST ATTENDEES!

Best conference for legal, technical, operational encryption, cybersecurity issues and best practices. Senior Manager, Global Export Trade, Cisco

Appreciated the workshops and the depth of information along with the topics covered. Trade Control Specialist, The Boeing Company

2 | #ACIEncryption



Join Our Email List to Stay Connected SIGN UP TO RECEIVE EXCLUSIVE DISCOUNTS, OFFERS AND PROGRAM UPDATES AmericanConference.com/join-our-email-list/

twitter: @ACI_IntTrade linkedin: ACI: International Trade: Legal, Regulatory and Compliance Professionals

PRE-CONFERENCE WORKSHOPS | Tuesday, March 29, 2022 Cogs 9:00

WORKSHOP A (Registration opens at 8:30)

A Complete, Updated Roadmap to U.S. Encryption Compliance: Demystifying Key Definitions, Requirements and Compliance Program Expectations

Microphone Keith Huffman, Chief Legal Counsel, Export Controls U.S., SAP Julia Slovak, Senior Manager, Global Trade, Salesforce Marwa Hassoun, Partner, Arent Fox LLP This session is designed both for attendees new to encryption controls and for those who would like an in-depth refresher before the more advanced discussions of the main program. Take part in this practical and interactive working group as experts discuss the current state of U.S. Encryption Controls—with a focus on building and maintaining strong protocols to ensure compliance. Topics of discussion will include: • Roadmap of current U.S. encryption controls and their scope of application • Nuances of U.S. export control laws for encryption technologies, cloud computing, and cyber export controls • Who to contact and where to look toward mapping out your classification and licensing strategy • Utilizing early product analysis and evaluating intended use • Determining classification under the EAR and ITAR • Summary of recent regulatory changes and impact on legacy classifications/controls • Classifying public domain or publicly available information containing encryption • EAR licensing requirements and exceptions: Managing export license conditions and scope limitations on encryption products • Requirements for obtaining a mass market cryptography classification • ITAR’s encryption carveout: What does not constitute an “export” • ITAR and State Department guidelines on encryption in the cloud to prevent the unauthorized release of technologies • Preparing a CJ request for encryption products subject to ITAR regulations: What you need to submit, what supporting materials to include and other key elements • Strategies and best practices for developing and maintaining an effective export compliance program with respect to encryption items

1:30

WORKSHOP B (Registration opens at 1:00)

What Would You Do If…Applying EAR and ITAR Encryption Requirements in Practice — Cyber and Cloud Controls in Real-Life: How to Resolve the Most Pressing Classification and Program Implementation Challenges Microphone Randy Wheeler, Regulatory Consultant, Akin Gump Strauss Hauer & Feld LLP Daniel Fisher-Owens, Partner, Berliner Corcoran & Rowe LLP Building on the previous workshop, learn and problem solve alongside industry experts via case studies and hypothetical exercises. Navigate the grey areas of U.S. encryption, cloud and cyber controls in practice, including importing and exporting certain encrypted items and technologies from product development to end-use. You will walk away with helpful speaker-prepared reference materials and learn how to put a myriad of complex requirements into practice. Topics of discussion will include: • Mass market software program case studies • Telecom items, web-based services, and networking devices • Working with partners in different countries and incorporating global laws into your product development » China’s Data Security Law: Data classification challenges under Article 21 » Managing ambiguous, and more restrictive cross-border transfer rules » National security review requirements • Software and hardware encryption items: Timing and processes around filing paperwork • If you are travelling from country to country with encrypted items such as a laptop or mobile phone, what are the protocols? • What does an application look like if you’re taking software or hardware internationally? • End-users: Who are the “crypto consumers”? • When do you need a license if sharing technology and source code? • Re-exporting to third parties: Managing chips with encryption issues • U.S. export laws and how they come into play during re-exporting 5:00 | Close of Workshops

12:30 | End of Workshop A

AmericanConference.com/Encryption • 888 224 2480

a C5 Group Company Business Information in a Global Context

DAY ONE | Wednesday, March 30, 2022

10:45 | Extended Networking Break 11:15

7:30 | Registration and Continental Breakfast 8:45

Chair's Opening Remarks Microphone Roszel C. Thomsen II, Partner, Thomsen and Burke LLP 9:00

KEYNOTE ADDRESS Microphone Thea D. Rozman Kendler, Assistant Secretary of Commerce for Export Administration, U.S. Department of Commerce 9:45

The Aftermath of Recent EAR and ITAR Changes and How Industry is Navigating the Finer Points of the ICTS Supply Chain/Licensing Interim Rule Microphone Sarah O'Hare O'Neal, Partner, Associate General Counsel, Global Trade, Microsoft Laura Molinari, Director, Global Trade Policy, Boeing Kevin J. Wolf, Partner, Akin Gump Strauss Hauer & Feld LLP Arthur Shulman, Senior Director, International Trade Compliance, General Atomics Aeronautical Systems • Practical impact of BIS changes: Expected reduced regulatory requirements for U.S. software and technology companies. » Elimination of most mass market annual self-classification reports » Certain encryption products no longer require formal classification by BIS » Removal of notification requirement for publicly available encryption source code » Encryption changes for software development » Overall impacts on business operations and investments • Securing the Information and Communications Technology and Services Supply Chain (ICTS) Interim Rule and licensing ANPRM » Industry concerns around the broad scope of covered ICTS transactions, unclear definitions and terms, duplicate agency review, and retroactive application » Responses to the ANPRM: Would a voluntary process reduce industry licensing burden? Should safe harbor provisions be created? • ITAR: Temporary modifications to Category XI of USML » Overall impacts on business operations and investments » Risk mitigation around leveraging ITAR encryption carveout

4 | #ACIEncryption

SPECIAL ADDRESS AND Q&A: New EU Dual-Use Regulation and the Recast 12:00

The Recast in Real Life: The Most Critical Takeaways from The New EU Dual-Use Regulations and New Catch-All Cyber Surveillance Clause Microphone Sven De Knop, Partner, Sidley Austin LLP (Belgium) Kostas Katsoulis, Director – Global Trade Compliance, Cardinal Health (Switzerland) On September 9th, 2021, the EU’s recast of the Dual-Use Regulation (Council Regulation No. 2021/821, hereinafter the “Regulation”) entered into force. The recast represents the culmination of five years of consultation at the EU, leading to the formal endorsement of the revised text to the Regulation by the European Council in May 2021. The Regulation replaces the previous EU dual use regulation, Council Regulation (EC) 428/2009. • Reconciling the previously applicable EU regulations of EC Dual-Use Regulation 428/2009 with those of the new Dual-Use Regulation • The new catch-all provision requiring authorization for the export of non-listed cyber-surveillance items » The definition of “cyber-surveillance items” • Article 8: Authorization requirements for provision of technical assistance related to dual-use items related to weapons of mass destruction • Article 9: National authorization requirements for dual-use items that can promote human rights abuses. How will such measures impact exports from other member states? • The new definition of “provider of technical assistance” captures scenarios • Unilateral export controls for non-listed items where the Member State deems those controls necessary • Expansion of controls on "brokering services" involving dual-use items • New General Export Authorizations (“GEAs”) with regards to the intra-group export of software and technology (GEA EU007); and encryption items (GEA EU008) • Export control compliance program requirements • What positive/negative issues does the new regulation present for exporters? 1:00 | Networking Lunch 2:15

Insights into the Present and Future of U.S.-China Trade Relations Microphone Jeff Rittener, Chief Trade Officer, General Manager, International Trade Group, Intel Christopher Millward, President and Managing Director, United States Information Technology Office (USITO) (China) Matt Bell, Global Practice Leader, Export Controls, Sanctions & Trade, FTI Consulting

twitter: @ACI_IntTrade linkedin: ACI: International Trade: Legal, Regulatory and Compliance Professionals

3:15

How Companies are Implementing China’s New Data Security and Export Control Laws: The Finer Points of Navigating Grey Areas Affecting Data Transfers, Classification and More High Stakes Issues Microphone Yan Luo, Partner, Covington & Burling (China) Wendy Wysong , Partner, Steptoe & Johnson LLP (Hong Kong) With complex requirements affecting usage, collection, and protection of data, China’s Data Security Law came into effect on September 1, 2021. How can industry navigate murky, grey areas of the law? Which data processing activities might trigger national security review requirements? • Cross border data transfer requirements: Compliance requirements for data intermediary service providers. What are the penalties for violation? • Data classification challenges under Article 21 • Managing ambiguous, and more restrictive cross-border transfer rules • National security review requirements • Which Chinese regulator will be in charge? Why this is burdensome for business

DAY TWO | Thursday, March 31, 2022 7:30 | Registration and Continental Breakfast 8:55

Chair's Opening Remarks Microphone Roszel C. Thomsen II, Partner, Thomsen and Burke LLP 9:00

AI, BCI and More Emerging Technologies: Perspectives on the Next Wave of New, Anticipated Export Controls Microphone Mathilde Latour, Global Export Trade Corporate Counsel, Cisco (France) Josephine Aiello LeBeau, Partner, Wilson Sonsini Goodrich & Rosati

• How does the Data Security Law differ from the Personal Information Protection Law (effective November 1, 2021)?

• Brain computer interface technologies (BCI): BIS’ Advance notice of proposed rulemaking (ANPRM) that would question BCI’s ethical and policy issues

• What are strategies businesses should keep in mind to ensure compliance?

• Potential new license requirements for surveillance technologies used for crowd control, facial recognition, machine learning, and biometric/AI technologies

• Updates on China’s Export Control Law (ECL) and China’s Catalog of Technologies Prohibited and Restricted from Export 4:15 | Networking Break

» Potential controls around quantum computing • State of BIS’ review of China-related export controls for surveillance technologies 10:00

4:30

U.S. Cyber-Rule Update: Status and Impact of The BIS Interim Final “Intrusion Software” Rule Microphone Melissa Duffy, Partner, Trade and National Security, Fenwick & West LLP

Combatting Ransomware: Practical Know-How for Mitigation and Resilience Microphone G. Tom Winterhalter, Jr., Supervisory Special Agent, Federal Bureau of Investigation – Cyber Division

Caroline Murray Walsh, Senior Director & Associate General Counsel, Enterprise Services Global Trade, Raytheon Technologies

Beau Woods, Senior Advisor and Strategist, Cyber Security and Infrastructure Security Agency (CISA), U.S. Department of Homeland Security

Waqas Shahid, Senior Managing Director, Ankura Consulting

Megan Stifel, Chief Strategy Officer, Institute for Security and Technology (IST)

It has been almost a decade in the making and new U.S. export controls on “cybersecurity items” have arrived, including products and technology involving “intrusion software” and IP network communications surveillance. What are the compliance obligations and practical implementation challenges-and how to resolve them? • What is a covered “cybersecurity item”? • Does License Exception ACE apply? • Results of BIS’ stakeholder engagement exercise, inviting industry comments on the expected impacts of the rule, including how it may deter, restrict or overburden legitimate cybersecurity research, defensive activity, and incident response.

Even if your organization has not been the targeted victim of a ransomware attack, you have likely felt their impact. The cascade of attacks has caused a ripple effect through value chains, straining almost every organization’s ability to deliver their services and products. What can you do to disrupt the ransomware business model? • Colonial Pipeline ransomware attack case study: DOJ seizes $2.3 million in cryptocurrency paid to ransomware extortionists Darkside • The Ransomware Task Force: Foundational mitigation recommendations • Voluntary self-disclosures: Avoiding violations of sanctions or export controls that arise from a ransomware attack response

5:30 | Close of Day One

AmericanConference.com/Encryption • 888 224 2480

a C5 Group Company Business Information in a Global Context

• Maintaining appropriate records of ransomware remedial measures

12:15 | Networking Lunch

» Communications with regulatory authorities

1:45

» Analyses regarding sanctions and export controls » Accounting for technical data that an attacker could have accessed, so that such information can be shared with the Department of Commerce's Bureau of Industry and Security ("BIS") » If relevant, payments made

DRONE SURVEILLANCE CASE STUDY: DJI Microphone Andrés Arrieta Director of Consumer Privacy Engineering, Electronic Frontier Foundation

• A victim’s advocate perspective on mitigation measures

David Kovar, Founder and CEO, URSA Inc.

11:00 | Networking Break

Leesa Smith-Papier, Chief of Staff, Under Secretary of Defense for Intelligence, U.S. Department of Defense

11:15

Human Rights Due Diligence and Surveillance and Risk Mitigation Considerations: Five Eyes, Entity List Additions, State Department and BIS Guidance Microphone Roszel C. Thomsen II, Partner, Thomsen and Burke LLP

Surveillance drones or unmanned aerial systems (UASs) raise significant issues for privacy and civil liberties. What are the risks that drone technology can pose to security, privacy, and human rights? In this case study, we will zero in on Chinese drone manufacturer DJI and assess their public policies, troubling drone mechanisms, and their addition to the BIS Entity List. 3:00 | Close of Conference

Cindy Cohn, Executive Director, Electronic Frontier Foundation • Five Eyes: Is the alliance in trouble over China? • BIS’ latest additions to the Entity List • U.S. Department of State guidance on implementing the “UN Guiding Principles” for transactions linked to foreign government end-users of surveillance capabilities • Using data to provide insights into future crises: Developing what has been called "anticipatory intelligence" • Due diligence and risk mitigation considerations: BIS’ Know Your Customer guidance

VENUE INFORMATION Hotel: Address: Reservations:

Marines' Memorial Club & Hotel 609 Sutter St, San Francisco, CA 94102, United States 800-562-7463 or 415-673-6672

American Conference Institute is pleased to offer our delegates a limited number of hotel rooms at a negotiated rate. To take advantage of these rates, please contact the hotel directly and quote “Global 2022”. Please note that the guest room block cut-off date is February 27th, 2022. After that date OR when the room block fills, guestroom availability and rate can no longer be guaranteed.

6 | #ACIEncryption

EARN CLE CREDITS

Accreditation will be sought in those jurisdictions requested by the registrants which have continuing education requirements. This course is identified as nontransitional for the purposes of CLE accreditation.

ACI certifies this activity has been approved for CLE credit by the State Bar of California. ACI certifies this activity has been approved for CLE credit by the New York State Continuing Legal Education Board. ACI has a dedicated team which processes requests for state approval. Please note that event accreditation varies by state and ACI will make every effort to process your request. Questions about CLE credits for your state? Visit our online CLE Help Center at www.americanconference.com/accreditation/cle/

twitter: @ACI_IntTrade linkedin: ACI: International Trade: Legal, Regulatory and Compliance Professionals

Planning Ahead for Live Conferences: C5’s All Secure Safety Plan As American Conference Institute and our partners plan for in-person events, we are committed to building and enhancing the planning and preparation with a view to offering our guests a safe place for live conference delivery. In addition, to ensure your safety, our event staff is fully vaccinated. All our events will adhere to official government and local authority guidance in addition to venue or location-specific regulations, and will follow the commitments below. Attendance Screening All attendees will need to assert that at the time that they first attend the conference and for the 14 days prior: y Have not experienced any COVID-19 symptoms now or within the last 14 days. y Have not had close contact with any person with or suspected of having COVID-19 within the last 14 days. y Have not had a positive COVID-19 test within the last 14 days. y Have not been advised by any health authority, government agency or regulatory body, within the last 14 days, to self-isolate due to possible exposure to COVID-19. Link to COVID-19 symptoms: https://www.cdc.gov/coronavirus/2019-ncov/symptoms-testing/symptoms.html We are closely monitoring industry best practices and will be evaluating further additional measures pertaining to vaccinations and on-site screening based on the advice of health authorities.

Enhanced Communication y Advance communication to all attendees on what to expect and prepare for at the conference: from registration to conference materials to room layout to food and beverage options and more. y Education and training for the team to ensure we provide a safe and secure conference experience. y Distribution of local health-resource information in advance of the event. y Ongoing communication and advance planning with the venue regarding enhanced cleaning and sanitizing measures, response strategies and other onsite protocols.

Increased Cleaning and Sanitation y Placement of hygiene stations throughout the conference including the registration area, meeting spaces and high frequency areas. y Availability of personal hygiene and safety products including facial coverings where available.

Safety and Physical Distancing y Physical distancing protocols such as limiting attendance, directional signage and markers throughout the conference.

Reduced Touchpoints

y A conference room layout with planned seating for appropriate physical distancing.

y Reduction of the physical distribution of onsite materials.

y We continue to work closely with our venue partners to ensure the safety of our attendees. Please check back frequently as we monitor and evolve our plan in the weeks ahead.

AmericanConference.com/Encryption • 888 224 2480

y Food and beverage options that ensure minimal handling and exposure.

a C5 Group Company Business Information in a Global Context

Yanette Ching, American Conference Institute

Looking to Register?

Contact our Customer Service Representatives:

Brian Currie, American Conference Institute



Y.Ching@AmericanConference.com



B.Currie@AmericanConference.com



1 212 352 3220 x5499



1 212 352 3220 x7370

Use Registration Code: B00-999-YCG22

SAVE $300

PRICING

SAVE $200

Use Registration Code: B00-999-BCE22

CONFERENCE CODE:

885L22-SNF

Bringing a Team?*

IN-PERSON Conference Only

$1,995

$2,095

Workshops A or B

$2,295

$595 each

LIVESTREAM Conference Only

$1,695

$1,795

WORRY FREE Registration

Olivia Thomson Chief Compliance Officer

Luis Santos Director

Jean Roux VP, Business Development

Patricia Harden Head of Sanctions Miyuki Johnson VP, Manufacturing

G. Tom Winterhalter, Jr. Supervisory Special Agent Federal Bureau of Investigation – Cyber Division

Don’t miss the opportunity to maximize participation or showcase your organization’s services and talent. For more information please contact us at: SponsorInfo@AmericanConference.com

20% Conference Discount Call 888-224-2480

Book with confidence! Register and pay to lock in your early rate and be eligible for a full refund until March 21. If you are unable to attend for any reason, you will have the following options:

y A full refund.

Beau Woods Senior Advisor and Strategist, Cyber Security and Infrastructure Security Agency (CISA) U.S. Department of Homeland Security

With conferences in the United States, Europe, Asia Pacific, and Latin America, the C5 Group of Companies: American Conference Institute, The Canadian Institute, and C5 Group, provides a diverse portfolio of conferences, events and roundtables devoted to providing business intelligence to senior decision makers responding to challenges around the world.

7 8+

y A full credit note for you, or a colleague to attend another event.

Ramesh Kumar Partner

GOVERNMENT FACULTY:

hands-helping BECOME A SPONSOR

GUARANTEE

Janet Smith VP, General Counsel

15% Conference Discount

* Team/group registrations must be from the same organization/firm and register together in one transaction.

To update your contact information and preferences, please visit https://www.AmericanConference.com/preference-center/. Terms & conditions and refund/cancellation policies can be found at AmericanConference.com/company/faq/

Emma McAdam VP, Government Affairs

5–6

ACI offers financial scholarships for government employees, judges, law students, non-profit entities and others. For more information, please email or call customer service.

All program participants will receive an online link to access the conference materials as part of their registration fee. Additional copies of the Conference Materials available for $199 per copy.

If you choose to attend via livestream you can expect true interaction virtually — from start to finish. Contact our customer service team at 1-888-224-2480 or customerservice@americanconference.com to learn more about this option.

10% Conference Discount

Special Discount

$1,995

Interested in attending virtually?

3–4

All cancellations and changes must be submitted to customerservice@americanconference.com by March 21.

About Us

The C5 Group, comprising American Conference Institute, The Canadian Institute and C5 in Europe, is a leading global events and business intelligence company. For over 35 years, C5 Group has proVided the opportunities that bring together business leaders, professionals and international experts from around the world to learn, meet, network and make the contacts that create the opportunities. Our conferences and related products connect the power of people with the power of information, a powerful combination for business growth and success.