13th Advanced Forum on Global Encryption, Cloud & Cyber Export Controls - WEB

13th Annual Advanced Forum on March 29–30, 2023 | Marines Memorial Club & Hotel, San Francisco

GLOBAL ENCRYPTION, CLOUD & CYBER EXPORT CONTROLS

GOVERNMENT SPEAKER FACULTY:

U.S. SEMICONDUCTOR/CYBER RULE GUIDANCE, CLOUD STRATEGIES AND QUANTUM OUTLOOK:

ĉ Supply Chain Impacts of the Semiconductor Rule: Where Will We Find Chips Now?

ĉ Decoding Semiconductor Rule Compliance: ECCNs, FDPRs, and Inter-Department Gap Analysis

ĉ Category 5, Part Two and the Intrusion Software Rule: End-Use Restrictions for Encryption and License

Exceptions

ĉ Quantum Computing and Cryptography: Perspectives on the Next Wave of End-to-End Encryption

ĉ Cloud Encryption and Sharing/Storing of Cloud Data: Mitigating Data Privacy and Technology Transfer Risks

NEW SESSIONS FOR 2023:

ĉ Russia: Managing the Growing Intersection of Sanctions and Encryption Controls

ĉ India: Drone-Related Amendments in SCOMET, CAROTAR Updates

ĉ The Future Multilateral Export Regimes: Digitization and Innovation Impacts

ĉ Sanctioning Source Code Versus Privacy: The Case of Tornado Cash

CONNECT AND BENCHMARK WITH:

• Intel

• FBI

• Cisco (France)

• Texas Instruments

• Honeywell

• European Commission

• NASSCOM (India)

• Microsoft

• Leonardo DRS

• Ericsson AB (Sweden)

• Hewlett Packard Enterprise

Associate Sponsors

• IBM

• McKinsey & Co. (Israel)

• Lam Research

• Micron Technology

• Flex

• Micro Focus

2023 SPEAKERS

U.S. GOVERNMENT AND EUROPEAN UNION FACULTY

Thea D. Rozman Kendler

Assistant Secretary of Commerce for Export Administration, Bureau of Industry and Security (BIS)

U.S. Department of Commerce

Paul Ahern Chief Enforcement Counselor

U.S. Department of the Treasury

G. Tom Winterhalter, Jr.

Supervisory Special Agent Federal Bureau of Investigation – Cyber Division

CO-CHAIRS

Mathilde Latour Global Export Trade Principal Corporate Counsel Cisco (France)

Roszel C. Thomsen II Partner

Thomsen and Burke LLP

DISTINGUISHED FACULTY

David Aaron Senior Counsel

Perkins Coie

Former National Coordinator, NonTraditional Collector Threat, National Security Division, Counterintelligence and Export Control Section

U.S. Department of Justice

Brooks E. Allen Counsel

Skadden, Arps, Slate, Meagher & Flom LLP

Michael F. Angelo Chief Security Architect Micro Focus

Michelle Aragon Senior Manager, Trade Compliance Leonardo DRS

Matt Bell Global Practice Leader, Export Controls, Sanctions & Trade FTI Consulting

Emily Benson Senior Fellow, Scholl Chair in International Business Center for Strategic and International Studies (CSIS)

Michael S. Casey Partner Wilson Sonsini Goodrich & Rosati (UK)

Kevin Cuddy Government & Regulatory Affairs, Export Regulation Office IBM

Sven De Knop Partner

Sidley Austin LLP (Belgium)

Brian J. Egan Partner

Skadden, Arps, Slate, Meagher & Flom LLP

Dr. Amit Elazari Head of Cyber Security Policy Intel

Daniel Fisher-Owens Partner Berliner Corcoran & Rowe LLP

Joshua Fitzhugh Vice President, Global Trade Flex

Michael Gershberg Partner

Fried, Frank, Harris, Shriver & Jacobson LLP

Anne Marie Griffin

Director, Regulatory Affairs, Worldwide Tax & Trade Microsoft

Lloyd Grove Managing Counsel, Sanctions and Compliance Lucid Motors

Doron Hindin

Associate General Counsel, International Trade McKinsey & Company (Israel)

Rohit Jain Partner Economic Laws Practice (India)

Garisma Kadakia

Global Trade Compliance Micron Technology

C. Devi Bengfort Keller Director, Government Relations Texas Instruments

Ajay Kuntamukkala Partner

Hogan Lovells

Veronica Palacios

Senior Manager, Global Trade Compliance Celestica

Garima Prakash Deputy Manager NASSCOM (India)

Dr. Venu Ranganathan Director, Export Compliance Microsoft

Mark Renfeld

Senior Export Compliance Manager Hewlett Packard Enterprise

Jason Rhoades Global Sanctions Director, International Trade Group Intel

Heather Sears Of Counsel Morgan, Lewis & Bockius LLP

Jai Singh Arun

Global Head of Strategy and Product Management, IBM Quantum Safe Solutions, IBM Research

Chris Timura Of Counsel

Gibson, Dunn & Crutcher LLP

Richard Tornberg Group Legal Counsel Trade Compliance

Ericsson AB (Sweden)

Brandon L. Van Grack Partner Morrison & Foerster LLP

Randy Wheeler Regulatory Consultant

Akin Gump Strauss Hauer & Feld LLP

Former Director of the Information Technology Controls Division, Bureau of Industry and Security (BIS) U.S. Department of Commerce

Kevin Wolf Partner

Akin Gump Strauss Hauer & Feld LLP

Christina Zanette Assistant General Counsel, Export Compliance Honeywell

Best conference for legal, technical, operational encryption, cybersecurity issues and best practices.

SENIOR MANAGER, GLOBAL EXPORT TRADE, CISCO

PRE-CONFERENCE WORKSHOPS

Tuesday, March 28, 2023

9:00

WORKSHOP A (Registration opens at 8:30)

A Complete End-to-End Guide to Updating Your U.S. Encryption Compliance Roadmap: Classification, Licensing, Reporting and More Key Requirements

Microphone Randy Wheeler, Regulatory Consultant, Akin Gump Strauss Hauer & Feld LLP Former Director of the Information Technology Controls Division, Bureau of Industry and Security (BIS), U.S. Department of Commerce

Lloyd Grove, Managing Counsel, Sanctions and Compliance, Lucid Motors

This session is designed both for attendees new to encryption controls and for those who would like an in-depth refresher before the more advanced discussions of the main program. Take part in this practical and interactive working group as experts discuss the current state of U.S. encryption controls—with a focus on building and maintaining strong protocols to ensure compliance.

Topics of discussion will include:

• Overview of current U.S. encryption controls and their scope of application

• Nuances of U.S. export control laws for encryption technologies and cyber export controls

• Who to contact and where to look toward mapping out your classification and licensing strategy

• Utilizing early product analysis and evaluating intended use

• Determining classification under the EAR and ITAR

• Classifying public domain or publicly available information containing encryption

• EAR licensing requirements and exceptions: Managing export license conditions and scope limitations on encryption products

• Navigating License Exception ENC

• Breaking down encryption reporting requirements

• ITAR and State Department guidelines on encryption in the cloud to prevent the unauthorized release of technologies

• Summary of recent regulatory changes and impact on legacy classifications/controls

• Best practices for developing and maintaining an effective export compliance program with respect to encryption items

• Unravelling BIS’ semiconductor/advanced computing export controls and encryption impacts

WORKSHOP B (Registration opens at 1:00)

Putting Your U.S. Updated Encryption Compliance Roadmap into Practice: How to Resolve the Most Pressing Classification and Program Implementation Challenges

Microphone Michael Gershberg, Partner, Fried, Frank, Harris, Shriver & Jacobson LLP

Heather Sears, Of Counsel, Morgan, Lewis & Bockius LLP

Building on the previous workshop, learn and problem-solve alongside industry experts via case studies and hypothetical exercises. Take a deep dive into some of the grey areas of U.S. encryption, cloud and cyber controls in practice, including importing and exporting certain encrypted items and technologies from product development to end-use. You will walk away with helpful speakerprepared reference materials and learn how to put a myriad of complex requirements into practice.

Topics of discussion will include:

• Mass market software program case studies

• Impact of new semiconductor/advanced computing export controls

• Telecom items, web-based services, and networking devices

• New rules subject to the EAR on exports and reexports to, and transfers in, Russia and Belarus

• Hong Kong: Special encryption approaches/ITAR impacts

• Working with partners in different countries and incorporating global laws into your product development

• Software and hardware encryption items: Timing and processes around filing paperwork

• If you are travelling from country to country with encrypted items such as a laptop or mobile phone, what are the newest protocols?

• What does an application look like if you’re taking software or hardware internationally?

• When do you need a license if sharing technology and source code?

• U.S. export laws and how they come into play during re-exporting

5:00 | Close of Workshops

CONFERENCE DAY ONE

Wednesday, March 29, 2023

7:30 | Registration and Continental Breakfast

8:45

Co-Chairs’ Opening Remarks

Microphone

Mathilde Latou, Global Export Trade Principal Corporate Counsel, Cisco (France)

Roszel C. Thomsen II, Partner, Thomsen and Burke LLP

9:00

FIRESIDE CHAT: U.S. Encryption Controls and China

Microphone

Thea D. Rozman Kendler, Assistant Secretary of Commerce for Export Administration, Bureau of Industry and Security (BIS), U.S. Department of Commerce

Moderator: Brandon L. Van Grack, Partner, Morrison & Foerster LLP

9:45

Managing the Real-Life Aftermath of the U.S. Semiconductor and Advanced Computing Rule: Practical Insights on Supply Chain Dilemmas and the Compliance Path Ahead

Microphone Joshua Fitzhugh, Vice President, Global Trade, Flex

C. Devi Bengfort Keller, Director, Government Relations, Texas Instruments

Christina Zanette, Assistant General Counsel, Export Compliance, Honeywell

Matt Bell, Global Practice Leader, Export Controls, Sanctions & Trade, FTI Consulting

What are the short and long-term computing supply chain impacts of BIS’ latest China-focused export controls covering semiconductors and supercomputing technology? As with any complex and novel export control rule involving innovative technologies and supply chains, many anticipate that the new rules will likely have unintended consequences.

This panel of experts will address the future of the U.S. microelectronics sector and supply chain amid unprecedented regulatory change. Don’t miss practical takeaways for your compliance work ahead!

10:45 | Networking Break

11:15

Practitioner Recommendations for Next Generation Global Multilateral Export Control Regimes

Microphone Emily Benson, Senior Fellow, Scholl Chair in International Business, Center for Strategic and International Studies (CSIS)

Mathilde Latour, Global Export Trade Principal Corporate Counsel, Cisco (France)

Richard Tornberg, Group Legal Counsel Trade Compliance, Ericsson AB (Sweden)

How can next generation multilateral export control regimes answer current regime limitations? How can new digital technologies close important gaps in multilateral export control compliance and enable exports that would otherwise be denied? Attend this session to gain real-world insights for managing evolving regimes and preparing for anticipated changes.

12:15 | Luncheon

#ACIEncryption twitter: @ACI_Conferences linkedin: ACI: International Trade: Legal, Regulatory and Compliance Professionals

Complying with BIS’ Advanced Computing Controls on China: Decoding Licensing, Impacted ICs, and Gap Analysis

Microphone Mark Renfeld, Senior Export Compliance Manager, Hewlett Packard Enterprise

• Updating licensing requirements for items controlled under ECCNs 5A002 or 5D002 that meet or exceed the performance parameters of the new ECCNs 3A090 or 4A090

• Updating licensing requirements for mass market encryption hardware and software items controlled under ECCNs 5A992 or 5D992

• Restrictions on US persons activities: US persons (citizens, permanent residents, asylees, and refugees) that support the development or production of integrated circuits (IC’s) in China now requires a license

» What kind of ICs are involved?

» What ECCNs are relevant?

» Are any license exceptions available?

• Gap analysis: Updating compliance programs to make sure legal, engineering, and trade compliance are all in the loop with these new controls

» Lontium Semiconductor: A Chinese chipmaker IPO that will test U.S. restrictions and raise questions about ‘U.S. Persons’

• Understanding China’s own encryption requirements

2:30

Navigating the Finer Points of Category 5, Part Two, the Final Cyber Rule

Microphone Michael F. Angelo,

Architect, Micro Focus

Doron Hindin, Associate General Counsel, International Trade, McKinsey & Company (Israel)

The long-anticipated “cyber rule” and debated export controls on intrusion software have balanced U.S. foreign policy and national security concerns with the need for maintaining a regulatory framework that allows for legitimate cybersecurity transactions. The language of the interim rule reflected several years of negotiations codified in the multilateral 1996 Wassenaar Arrangement and incorporated significant U.S. stakeholder input received by BIS. How should industry be applying this rule? What questions should they be asking and what steps should be taken to ensure compliance?

• Are items that are being exported outside the U.S. controlled as cybersecurity items?

• Do other standards apply, e.g., ITAR, certain encryption controls, or surreptitious listening or national security controls?

• Mapping the country of destination for these items and its eligibility under License Exception ACE

• Defining the proposed “end users” of these items and whether they would fall within one of the categories of government end users

• Determining the proposed end use or purpose for these items, including whether any exception would apply

• Regulations being proposed that might require companies to maintain a detailed and up-to-date Software Bill of Materials (SBOM)

• Comparing the Cyber Rule with other countries’ cyber-surveillance mitigation efforts

3:30

4:30

Optimizing Your Encryption Compliance Program: Revisiting Your Organization’s Risk Profile and Detecting Weak Spots

Microphone Jason Rhoades, Global Sanctions Director, International Trade Group, Intel

Garisma Kadakia, Global Trade Compliance, Micron Technology

Michelle Aragon, Senior Manager, Trade Compliance, Leonardo DRS

Ajay Kuntamukkala, Partner, Hogan Lovells

• Delve into certain components that companies have integrated within their current processes

• Industry specific challenges – Semiconductor companies, telecommunication companies, aerospace companies, O&G, etc.

» Differences and similarities between different industries

• Working with verified entities – How much due diligence is enough?

• How to conduct a risk assessment as part of your compliance program

• How to manage your compliance program with remote employees

5:00 |

CONFERENCE DAY TWO

Thursday, March 30, 2023

7:30 | Registration and Continental Breakfast

8:55

Co-Chairs’ Opening Remarks

Microphone

Anne Marie Griffin, Director, Regulatory Affairs, Worldwide Tax & Trade, Microsoft

Roszel C. Thomsen II, Partner, Thomsen and Burke LLP

9:00

Russia Sanctions and Their Intersection and Encryption Controls

Microphone

Michael S. Casey, Partner, Wilson Sonsini Goodrich & Rosati (UK)

Sven De Knop, Partner, Sidley Austin LLP (Belgium)

Brian J. Egan, Partner, Skadden, Arps, Slate, Meagher & Flom LLP

Kevin Wolf, Partner, Akin Gump Strauss Hauer & Feld LLP

10:00

Quantum Computing and Cryptography: Perspectives on the Next Wave of End-to-End Encryption

Microphone

Dr. Venu Ranganathan, Director, Export Compliance, Microsoft

Jai Singh Arun, Global Head of Strategy and Product Management, IBM Quantum Safe Solutions, IBM Research

Dr. Amit Elazari, Head of Cyber Security Policy, Intel

Anne Marie Griffin, Director, Regulatory Affairs, Worldwide Tax & Trade, Microsoft

As computers become more powerful, more resources become available via the cloud, and existing cryptographic systems such as PKI are already susceptible to exploitation, it is only a matter of time before data protection is weakened on a global scale. Where does the future of quantum computing stand as well as quantum-based cryptography?

10:45 | Networking Break

11:00

FIRESIDE CHAT: Sanctioning Source Code Versus Privacy

Microphone Paul Ahern, Chief Enforcement Counselor, U.S. Department of the Treasury

Following two cyber-attacks on digital transaction tools that provide privacy for cryptocurrency transactions, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned these “currency mixers”. Is sanctioning the source-code behind these digital tools in the name of national security more important than personal privacy?

11:30

The Intersection of Export Controls, Sanctions, Human Rights, and Surveillance: Due Diligence Best Practices for Managing Legal and Reputational Risks

Microphone Kevin Cuddy, Government & Regulatory Affairs, Export Regulation Office, IBM

Brooks E. Allen, Counsel, Skadden, Arps, Slate, Meagher & Flom LLP

• Human rights-based denied party list sanctions and the importance of screening

• Understanding your product portfolio for products of potential concern

• Understanding and implementing government guidance for conducting human rights due diligence

• Best practices for standing up a transactional review process for human rights

• Internal and external multi-stakeholder engagement best practices

• BIS human rights end use controls

12:15

India: SCOMET Developments, Encryption Terms of Conditions and Trade Control Updates

Microphone Rohit Jain, Partner, Economic Laws Practice (India)

Garima Prakash, Deputy Manager, NASSCOM (India)

• Department of Transportation and Internet Service Providers encryption terms of conditions

• Developments under SCOMET

» Proposed amendments in SCOMET related to export of Drones and proposed General Authorization for Export of Drones

• Applying license requirements for exchanging information among subsidiaries under India’s Global Authorization for Intra-Company Transfer (GAICT)

• Certification requirements under specific quality control orders

• Updates to India’s customs laws: CAROTAR Rules

• The new anti-absorption regime and quantitative controls

• The DGTR and the first investigation conducted under India’s Safeguard Measures (Quantitative Restrictions) Rules 2012

Cloud Encryption and Sharing and Storing of Cloud Data: Mitigating Data Privacy and International Technology Transfer Risk

Microphone Chris Timura, Of Counsel, Gibson, Dunn & Crutcher LLP

Daniel Fisher-Owens, Partner, Berliner Corcoran & Rowe LLP

3:00

Combatting Ransomware and Deepfakes

Microphone David Aaron, Senior Counsel, Perkins Coie Former National Coordinator, Non-Traditional Collector Threat, National Security Division, Counterintelligence and Export Control Section, U.S. Department of Justice

G. Tom Winterhalter, Jr., Supervisory Special Agent, Federal Bureau of Investigation

– Cyber Division

Even if your organization has not been the targeted victim of a ransomware or deepfake attack, you have likely felt their impact. The cascade of attacks has caused a ripple effect through value chains, straining almost every organization’s ability to deliver their services and products. What can you do to disrupt the ransomware/deepfake business model?

• Proposed regulations requiring new cyber incident reporting: The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)

» Definitions and criteria of various terms, such as “covered entity,” “covered cyber incident,” “substantial cyber incident,” “ransom payment,” “ransom attack,” “supply chain compromise” and “reasonable belief”

» The expected time and costs associated with reporting requirements

• Deepfakes and related data encryption technology export controls to China

• Maintaining appropriate records of ransomware remedial measures

» Communications with regulatory authorities

» Analyses regarding sanctions and export controls

» Accounting for technical data that an attacker could have accessed, so that such information can be shared with the Department of Commerce's Bureau of Industry and Security ("BIS")

» If relevant, payments made

3:45

Closing Roundtable Discussion: More Takeaways for 2023 and Beyond

Led by:

Microphone Roszel C. Thomsen II, Partner, Thomsen and Burke LLP

4:00 | Close of Conference

About us:

The C5 Group, comprising American Conference Institute, The Canadian Institute and C5 in Europe, is a leading global events and business intelligence company.

For over 30 years, C5 Group has proVided the opportunities that bring together business leaders, professionals and international experts from around the world to learn, meet, network and make the contacts that create the opportunities.

Our conferences and related products connect the power of people with the power of information, a powerful combination for business growth and success.

I found all the material to be relevant and it was covered in just about enough depth to keep the audience engaged.

GLOBAL TRADE COMPLIANCE SPECIALIST, HITACHI VANTARA

Venue

Hotel: Marines’ Memorial Club & Hotel

Address: 609 Sutter St, San Francisco, CA 94102, United States

Reservations: 415-673-6672

American Conference Institute is pleased to offer our delegates a limited number of hotel rooms at a negotiated rate. To take advantage of these rates, please contact the hotel directly and quote “ACI’s Global Encryption, Cloud & Cyber Export Controls”.

Please note that the guest room block cut-off date is March 6, 2023. After that date OR when the room block fills, guestroom availability and rate can no longer be guaranteed.

hands-helping

BECOME A SPONSOR

With conferences in the United States, Europe, Asia Pacific, and Latin America, the C5 Group of Companies: American Conference Institute, The Canadian Institute, and C5 Group, provides a diverse portfolio of conferences, events and roundtables devoted to providing business intelligence to senior decision makers responding to challenges around the world.

Don’t miss the opportunity to maximize participation or showcase your organization’s services and talent. For more information please contact us at: SponsorInfo@AmericanConference.com

EARN CLE CREDITS

Continuing Legal Education Credits

Accreditation will be sought in those jurisdictions requested by the registrants which have continuing education requirements. This course is identified as nontransitional for the purposes of CLE accreditation.

ACI certifies this activity has been approved for CLE credit by the New York State Continuing Legal Education Board.

ACI certifies this activity has been approved for CLE credit by the State Bar of California.

ACI has a dedicated team which processes requests for state approval. Please note that event accreditation varies by state and ACI will make every effort to process your request.

Questions about CLE credits for your state? Visit our online CLE Help Center at

Can’t Attend In-Person?

Attend the livestream from the comfort of your home or office.

Immerse yourself in live presentations, panel discussions, specialized breakout sessions and networking opportunities.

Engage in meaningful dialogue with attendees and speakers in an interactive format.

Meet 1-on-1 with attendees you select and exchange contact information for lasting connections and true engagement.

Expand your network to a global audience. Visit solution providers and learn about the latest technologies, services and products.

Passport to Proficiency on the January 31–February 23, 2023 Virtual

All cancellations and changes must be submitted to CustomerService@AmericanConference.com by March 15.

3–4 10% Conference Discount

5–6

8+ Call 888-224-2480

WORKSHOP A: A Complete End-to-End Guide to Updating Your U.S. Encryption Compliance Roadmap

WORKSHOP

ACI offers financial scholarships for government employees, judges, law students, non-profit entities and others. For more information, please email or call customer service.

*Team/group registrations must be from the same organization/firm and register together in one transaction.

To update your contact information and preferences, please visit https://www.AmericanConference.com/preference-center/. Terms & conditions and refund/cancellation policies can be found at AmericanConference.com/company/faq/ All

PLEASE NOTE THE FOLLOWING PANDEMIC-RELATED PROTOCOLS:

ACI conferences and events will be organized in accordance with the latest health and safety regulations, guidelines, and recommendations, directed by the CDC and local government authorities. Attendees are advised to consider their personal health needs.

Attendees are asked to self-screen in the days leading up to, before and after attending an ACI event and/or conference.