Jeff (00:00)
One year ago, I testified before the Senate Permanent Subcommittee on Investigations as Intel's executive responsible for export controls. It was a moment that brought together everything I had learned about risk, responsibility, and the real world impact of compliance decisions. This podcast series is an extension of that experience.

It's about making sense of export controls, where they come from, where they are now, and how we navigate what's next. Whether you're a practitioner, policymaker, or just curious about how global trade intersects with national security, this series is for you.

Jeff (01:04)
Welcome to episode 18 of Rittener Reflections, a forum for addressing the dynamic, complex, and essential nature of cross-border trade in our ever-changing world, and an opportunity to reflect on some of life's most important issues in a world of incredible uncertainty and unpredictability. Today, I begin a three-part series exploring the past, the present, and future of export controls.

A system shaped by history, it's driven by geopolitics and constantly evolving. I'm joined by Bruce Jackson, a long time practitioner and friend whose depth of experience spans government, industry and the multilateral frameworks that define this space. Bruce has not only witnessed the evolution of export controls, he's helped shaped how companies and policy makers respond to it.

In this first episode, we'll trace the long, strange trip from the Cold War's CoCom era to post-Berlin wall rewrites, from the rise of sanctions to satellite liberalization, and into the regulatory shifts of the past two administrations, including Huawei, Russia, and semiconductors. Whether you're a compliance professional, a policymaker, or you're simply trying to make sense of this complex regime,

Our goal is to give you the historical grounding and strategic insight to navigate what's next. So let's dive in. Bruce, welcome to Written Reflections.

Bruce Jackson (02:46)
Thank you very much. Happy to be here.

Jeff (02:48)
I am so glad to be having this discussion with you at a time like this. To start with, why don't you go ahead and give our listeners a brief overview of your history and export controls. How'd you get started, Bruce? ⁓ What are some of your key career moments and what are you doing now?

Bruce Jackson (03:05)
Yeah, so I've been in export controls, kind of stumbled into it. I was fresh out of college, was an intern on Capitol Hill for a little bit, and just happened to stumble into the Department of Commerce one day looking for a job, and was in the personnel department. This is back in the day when you can walk in without security or anything, you just kind of late in the day and was made aware of a position in what was then known as exporter services. I think it still is.

within the Office of Export Administration, OEA, it was part of the International Trade Administration at that time, and interviewed some weeks later after applying and ended up in the exporter services team there at OEA. And it was interesting what kind of happened to me then was that, and then I'll, this is kind of just a fun story, that I one day was working the phone lines and got a call out of the blue from,

from someone I recognized who spoke Swedish. And they were speaking English, but I could tell the accent. And it was someone from the US embassy in Stockholm. And I thought, well, gosh, I know they're a Swede. And since I had studied abroad, I'd been abroad and I'd studied university in Sweden in high school. I've been an exchange student, I speak Swedish. So I just answered in Swedish. And I could tell through the phone that this person was like, what?

I call the US government and they answer me in my language. It was complete, I think, serendipity for them. But little did I know the influence that would have, that moment would have on the rest of my career. Because the next thing you know, I'm getting calls from Sweden all the time, from Swedish exports, because this was during the Reagan administration and you had a lot of...

concerns about the neutral states of Europe with products and technologies going through the neutral states didn't really have robust export control systems and those products ending up in more soft pack countries. And the Reagan administration was kind of putting their thumb down on some of these neutral states, Sweden, Switzerland, Austria, Finland. so and little did I know that as a young punk, I was getting thrown into that. But yeah, so I ended up a year later, I was working for

a law firm in DC that had a lot of Scandinavian clients. And then four years later, one of those clients hired me to move to Europe three weeks after the Berlin Wall came down. And so then I moved to Germany and I was there during the whole transition from the cold world environment to the more than multilateral was in our world and all of that, which we're going to talk about. And I ended up staying in Germany 10 years. So who knew? Never planned to do that.

But that was kind of a big deal. then I eventually, I was working for a Swiss Swedish engineering company at the time. And then I moved back to the States, ended up in Colorado and ⁓ worked in consulting, did a lot of work for consulting companies and eventually went to Virgin Galactic. So was head of ⁓ trade controls there for a while. And then ⁓ later on ⁓ ended up.

going back and going into another aerospace company, a British aerospace company, and then after that into semiconductors where it's where I'm sitting now. So yeah, that's kind of a very rapid ⁓ overview of kind of my trajectory in this field.

Jeff (06:35)
Wow, thanks for sharing that. I have to kind of chuckle because you and I kind of got started around the same time and I stumbled in it as well. I needed a job and there was an ad for a clerk and I found out that meant submitting export license and I had no idea. All I knew about was driver's licenses and export licenses. So same thing. I started way back in that same timeframe and I remember my first event I was invited to, went to their...

Bruce Jackson (06:37)
Mm-hmm.

Mm.

Jeff (07:05)
there was a discussion led by a gentleman named Ian Baird. And I believed that you worked for Ian at the time and you were there. I remember you. You were tall, skinny guy, wavy, blonde hair. And I remember, I never forget that. I remember meeting you then and we've crossed paths. In fact, today, currently we both serve on the RAPTAC, which is a technical advisory committee to the BIS, to the Department of Commerce. And we have a lot of fun ⁓ trying to navigate these rules in that context as well.

Bruce Jackson (07:12)
That's true. Yeah. Yeah.

Not so much anymore.

Jeff (07:34)
So, ⁓ you know, the first part of this series, Bruce, we're going to do a series, and I really appreciate you being willing to meet three different times to talk about this topic. We probably could meet for the rest of the year and talk about this. There's so much. But this particular first part of the series, I'm calling the long strange trip. And it really is. It's been like a trip. I mean, it's if you think about any any trip you want to go back and look at the beginning. How did it start? Right. And ⁓

Bruce Jackson (07:45)
Mm.

Jeff (08:02)
X-bar controls is not new. mean, they've been around a very long time and ⁓ I think it'd be good to maybe help the listeners understand how did they get started and what ⁓ was the original tent of X-bar controls? I think this was during the Cold War, but what was the intent?

Bruce Jackson (08:17)
Yeah, it's, mean, I just thinking back to all the training and education I've done on the topic of export controls. And I actually start much earlier. I start centuries ago. You go back, go back to the middle ages and, and, you know, things like crossbows were controlled for export. Cause if you had your little kingdom, the crossbow anybody could use as opposed to a longbow and the crossbows.

Jeff (08:30)
Okay.

Bruce Jackson (08:45)
had an advantage. could arm all your peasants with them or whatever, you know, and that obviously created an advantage and you didn't want your enemy to get them. So, I mean, you go back to even gunpowder. Think about gunpowder. Think about other things that have happened through the ages. So, export controls aren't new. So, when people think they're new, no, they've been around forever, centuries, you know. So, that's really the point of that is to help educate people on that. But in the

Jeff (08:54)
Yeah. Yeah.

Mmm, yep.

Yeah, yes.

Bruce Jackson (09:13)
In the modern context, really, I think it's after World War II with the formation of the Coordinating Committee for Multilayered Export Controls that was founded in Paris in 1949, was kind of the modern start of it. And it was a focus on, know, basically national security and foreign policy reasons from a US perspective, but, clearly driven by the US in the post...

⁓ World War II environment, the US was kind of the dominant power in many respects, in most respects, fact, but there were big concerns about the Soviet Union and the communist world, so to say. And so as a result of that, the US and its allies implemented a set of controls to try to maintain that technological edge over the Warsaw Pact. And that was really the foundational aspect of it. And the US was...

the big driver then. And one key element that that CoCom had when it was formed was this kind of ⁓ veto concept where only you you couldn't approve a transaction or do something if another country in the within that regime agreed with it. So that was kind of a powerful tool, useful tool during those during those years. ⁓ But again, it was largely US driven. A lot of the key technologies were in the US. So it kind of worked for a while, but as things evolved, we'll talk about that later.

Jeff (10:37)
Yeah,

Bruce Jackson (10:37)
⁓

Jeff (10:37)
yeah.

Bruce Jackson (10:38)
that kind of started to break down a little bit. But yeah, that's kind of how I view it. mean, it's instrumental. There have been interesting cases during that era as well. Obviously, I was pretty young. I wasn't involved in those early days at all. ⁓ Although we know someone, we know someone who was, don't we? So we've got some, there's at least one practitioner out there who's been in...

Jeff (10:56)
Right. Yes, we do.

Bruce Jackson (11:06)
you can say, I was there when those kinds of things were happening. But yeah, that's kind of what I would say about that.

Jeff (11:16)
Yeah, well just to just to give the listeners a sense of what we're talking about is there is a gentleman that sits on the rap. Well, he's not actually officially on the rap tech. He used to be and he's the person you're referring to his name is Bill Root. I'll just go and call him out because he's really just this iconic person who's been involved as you said, and I believe he this year became 102 years old and he still submits comments to the the changing regulations. So really amazing to have that historical context. So

Let's talk about, let's kind of jump into something, because we're going to talk about how these controls have shifted over time. But back during the Cold War, there was one particular case that really kind of rocked the world of export controls. ⁓ It was involved in an ⁓ export control violation and it involved a company in Japan, Toshiba Machine, and a company in Norway called Kongsberg. I'm going to try to pronounce this, Vapenfabrik. Hopefully I got that.

Bruce Jackson (12:14)
Yeah, cool.

Jeff (12:14)
And they are in Norway.

so these companies sold advanced multi-axis machine tools and numerical controlled systems to the Soviet Union. This was a technology that allowed the Soviet Union to produce quieter submarine propellers. And it was a violation. It was contrary to what KOKOM had agreed should be controlled. So ⁓ can you share some thoughts about why this was so consequential at that time?

Bruce Jackson (12:43)
Yeah, was a big case. It was a big incident. And to be clear, it may have been a violation. It wasn't a violation of US export controls. Yes, it was of CoCom, but these were non-US technologies. The restrictions were on, you know, it really a violation of both Norway and Japan's export controls. And so it had significant impact, however, on...

on NATO because this particular transaction allowed the Soviets to make their submarines quieter. It basically allowed, reduced the cavitation of the propellers on the submarines so they were harder to hear. Suddenly we couldn't hear them anymore. The NATO sonar pickets across the North Atlantic suddenly couldn't hear the Soviet submarines. So that became a big concern. And when this was discovered in the

I think it was 1987 or so, 86, 87 when it really broke. Probably there were others who knew about it before then. I don't know the details there, but from my own experience, because I kind of, I remember sitting in the Senate Banking Committee meetings when they were working on ominous trade bill in 88, which included the sanctions targeting Toshiba and Kongsberg. I this was a big deal. mean, you had people in Congress out on the steps of the Capitol or on the lawn.

⁓ smashing Toshiba radios. mean, it was a really, really big deal. And the sanctions that ended up in the legislation, the End of His Trade Act, ⁓ these were basically punitive because there was no violation of US rules. even aside from that, these were aimed at these companies. And I think that was a significant lesson.

to non-US companies that even if we don't violate US law, we can be punished anyway, right? And so, I mean, and I moved to Europe right around that time and was working for a non-US company and this lesson was what everybody was talking about, not just within the company, I worked with other companies, just kind of going, whoa, we've got to be really, really careful here. We have to decide what our, it's a concept I use, space of freedom, kind of what...

Jeff (14:59)
All

Bruce Jackson (15:00)
How

much latitude do we have to do this? Can we just follow our own rules and not worry about anything else? And that's one thing, one of the big lessons I've learned, and it'll probably come up in our discussions ⁓ during this session as well as the forthcoming ones, is I've seen it repeatedly where the left hand does something and the right hand does paying for it because of these kinds of issues.

Jeff (15:03)
Mm-hmm.

Yeah. Yeah.

Bruce Jackson (15:30)
And you look at it, Toshiba had a big contract with the Pentagon at that time. I think they may have lost that for sale of laptops and computers. I don't know. don't recall all the specifics, but it was a big impact. And the US government and NATO estimated that it would cost them billions to be able to catch up again, to be able to hear, you know, that it was going to require installation of more sonar buoys or whatever, whatever the technology was they were going to use to detect submarines. So it was a big deal.

Jeff (15:40)
Mm-hmm. Yeah.

Yeah. Yeah.

Bruce Jackson (15:59)
And obviously it impacted these companies. Toshiba took actions against employees and leaders. And also you had, because I think it was Toshiba Machine Corporation that was involved in this subsidiary. And then in Kongsberg also, these companies had to revise their programs and all that. And even the countries had to, the governments and the exporting authorities had to look at how they were managing it.

So I think there was a real impact there in terms of its longer term impact in terms of the reach of US jurisdiction. The modern. Yeah.

Jeff (16:31)
Yeah, mean, it

clearly was a wake-up call to the exporting community around the world, right? And I think we will talk about this over the next three, over the three-part series, but we'll see this extraterritoriality authority surface in many instances like Huawei, like semiconductors and other strategic tech transfers. So this will be a topic. So I think it's important that we kind of parked on this a little bit and talk about it. But let's move out of the Cold War because...

Bruce Jackson (16:37)
Mm-hmm.

Jeff (17:01)
Even though today feels a little bit like we're back in the Cold War, but let's move out because the Berlin Wall fell. You said you were there. I went across that wall, so I've seen it. It came down. But when the Berlin Wall fell, how did that kind of reshape that diversion landscape and what sort of new risks came about as a result?

Bruce Jackson (17:21)
Okay, so yeah, I moved, as I said previously, I moved to Germany just three weeks after the Berlin Wall came down. I have a few pieces of the wall somewhere laying around here. ⁓ But yeah, the company I worked for had a lot of joint ventures in Eastern Europe. And so the big concern initially was, ⁓ we now are gonna share some technologies. Because again, CoCom still existed, but it was kind of like, what are we gonna do with CoCom now that

Jeff (17:31)
Yeah, yeah, yeah.

Bruce Jackson (17:50)
you know, the Cold War is kind of over or ending. ⁓ And so as with the shift to the east, the concern was all the things, the wild east, you know, Eastern Europe, that you're going to share technology, you're going to upgrade your joint ventures and companies you've acquired. There are lots of companies involved there. I can remember sitting in Prague in a hotel ⁓ restaurant for breakfast and meeting people who worked for other companies, multilateral companies, multinational companies that had come to Prague to

to meet with their joint ventures or recently acquired companies to manage various aspects, to train them, to educate them on Western management practices and do things like what I was doing was training them on export control. No, no, no, you can't keep selling that to Cuba. You can't keep shipping that to Libya. No, we're going to stop. So it was a lot about ⁓ technology going west to east and then the fears of it going south, right? So going to other parts of the world that maybe, you know,

to countries that were in the Comic-Con world in the Warsaw Pact sphere of influence that were beneficiaries of any trade. I mean, ⁓ if you look back on countries that were subject to just to US embargoes back in the 80s, those countries were often trading partners with Russia or with the Soviet Union at the time, and were getting technologies from Eastern Europe. Those were things they could get.

And we didn't want to find ourselves in that supply chain. ⁓ so a big focus was on cutting off that flow to the South and trying to mitigate that to some degree. And also, what to do in this world. I I can remember going to a meeting outside Paris. think a French company had hosted it. And they had a bunch of ⁓ government people and private sector people there to talk about what a future regime might look like. ⁓

You could see, I mean, and I knew this too from all my visits, because I would go around to countries in Eastern Europe, but also in other parts of the European Union and meet and do compliance meetings. And we would invite in someone from the local government authority. So you go to Portugal or you go to Spain or you go to the Czech Republic or Hungary and you'd invite in ⁓ someone from that ministry because I'd say, look, I want them to come in and.

educate the local team on what the local laws are and regulations. But one thing I learned particularly, especially in those early days, was that the reaction was typically, you guys are way ahead of us, is what the government people would say. You're way ahead of us. You've got a program. You're managing it. You're doing fine, which was great. It's a nice lesson to say. But it shows how nascent and how early they were in getting things set up. But it also laid the foundations for the need of something like Wassanar.

Jeff (20:41)
Mm-hmm, right, right. Yeah, think, you know, thinking about the 90s, because that's really post Berlin Wall, right? The 90s, there were a lot of things that really happened in the world of export controls. I mean, this is kind of, I mean, I was just getting started, you know, and I knew how to practice with the way the regs were written. And then all of a sudden, there was this news that we heard that they were going to do a complete rewrite of the regulations. And a lot of that was, I think, probably being motivated because of the change in the

Bruce Jackson (20:48)
Yeah

Mm-hmm.

Jeff (21:10)
in the post-Cold War. And I remember when the new EIR rewrite came out, everybody was so worried to understand what had changed. And I remember I went through that entire rewrite, chapter by chapter, so that I could understand. And it did, it completely changed. But do you have any thoughts on, from your experience, how did that rewrite impact exporters?

Bruce Jackson (21:31)
Well, yeah, one other thing we should mention that happened in the lead up to that rewrite and basically the formation of Wasenar was the Gulf War, the first one, right? And the concerns about technology that ended up in the Middle East and how do we stem that? Because it's not enough to control it from the Western countries. You had to have others involved in that and aligned with that. So I think that helped with the foundation there.

But there was a recognition, think, based on my interactions from sitting in Germany and interacting with people at BIS and others, that they needed a new way or a more expansive way to manage it. And that may have been something, I I wasn't involved in the, I wasn't sitting in government, I was in private industry. So I didn't know exactly what was, how the negotiations were going there. But I think the US by,

really being willing to adopt the EU proposal for the structure for a multilateral control list, which was really the foundation that became the Wassenaar list. I think that was a way of bringing other countries into the fold in agreeing to how we manage things. It allowed still for unilateral controls. You could still do that. So that was good, but.

but it also tried to expand the scope and get greater alignment. And so I think that was a key driver. The rewrite of the EAR, ⁓ it changed the structure completely. For those who were experienced practitioners, it was a little annoying because we already knew where to go to find things. And suddenly they were moving things around and requiring you to go through these steps in the EAR now that they didn't have before. They were changing the control list completely. They had...

completely different nomenclature. So that was something to learn. They created the de minimis rule as part of that. used to, had a parts components rule before that, but they now had a de minimis rule. That's where that came to the fore as well as deemed export requirements. Really understanding that, you know, the sharing of technology with a, with a foreign person ⁓ was like an export to their, was deemed an export to their home, home country. So, I mean, I think those, those kinds of things were really consequential. It also,

led to just conceptually, ⁓ you know, the expectations around a compliance program, because you had that coming out, coming out of the 90s, which was, you know, standards for what a compliance program would have the accountability that they expect of companies and ⁓ to take in that arena. I think all those things kind of contributed to a more robustness. I think there were I do recall a lot of concerns around how are we going to manage

technology controls, how are we going to, I I think there was concern with technology that things were just going to explode and it was going to be hard to manage and track all of that. Well, we now know different, right? It actually enforcement has actually found it probably quite easy to go chase things down because of technology. So the fears, yes, there are those fears, but I think that was, those were some big things. I think that came out of the EAR.

Jeff (24:37)
Yep. Yep.

Yeah. Yeah. Yep. Yeah.

Bruce Jackson (24:51)
rewrite and I will say that BIS or at that time it was still BXA. BXA officials and BXA was created right at the towards the end of my time there but I think there was a recognition of the need to involve industry and so while I was sitting in Germany I was getting calls from BIS officials that were work or BXA officials that were working on the rewrite to get ideas around different topics where

Jeff (24:55)
Mm-hmm.

Bruce Jackson (25:20)
particularly around re-export controls, right? What, you know, those kinds of things, some of the definitional things, so yeah.

Jeff (25:26)
Yeah, I agree with you. think as a practitioner, it was annoying, but at the same time, it was done in such a way that it made a lot of sense compared to what was before. And I think, you know, we may talk about this later, but I almost feel like we are at such a, we've changed so much how expert controls are managed today that we've piled onto this regulation that probably needs another rewrite.

Bruce Jackson (25:36)
Yeah. Right.

Jeff (25:54)
And it certainly would would probably make our lives more simple because some of the rules today are so complex the way they're written. But that could be a discussion for another time. ⁓ Yeah. Yeah. Yeah. Yes. I think it's time. I mean, it's gotten so complex. And I that was probably I think part of the impetus before. I'll also say, you you brought up deemed exports. And I have such a love hate relationship with that because I you know, when that rule got got published,

Bruce Jackson (26:04)
Yeah, we'll talk about that. Let's make sure we talk about that because I agree with you. Yes.

Jeff (26:24)
You know, we had at that time I was at Intel we had to go scour the entire Database of employees to find out who was working as under under a visa and then we had to submit, know their information to to BX a and in those days they had you submit it on a carbon copy license application that you used a typewriter to type and And if you messed up somebody's name from a different company

It was, had to get the little white thing and you know, cause it was a carbon copy. can't tell how many times I had to rip that thing out and do it over. And then when you continued on, you had a license number, but the number was for the company. It wasn't for the individual originally. And so you had to just keep adding individuals. Eventually we got to the point where you would probably have a license per individual. But anyway, it's it's a interest. The deemed export has been an interesting, ⁓

you know practice and I again I think you and I in the rap tech are working a lot on this trying to figure out how can we help BIS be more address steamed exports in a much much better way so yeah yeah yes

Bruce Jackson (27:28)
No, it's challenging too, because once you get your license, that's just the tip of the iceberg. You have to manage

it and you have to. And that's where ⁓ breakdowns occur. Having been a consultant and done audits and assessments of companies and their compliance programs, license management is a gap. And we can see that in all the consent agreements that have occurred over the decades. ⁓ That's often where the breakdown is, is managing the licenses.

Jeff (27:45)
Mm-hmm. Yeah. Yeah.

Yeah. Yeah. Yeah. Yeah.

Yeah. And that's a great lead in to, you know, to talking about kind of post 90s here. ⁓ There was a surge in consent agreements and, you know, how did these change the compliance landscape for exporters from your recollection?

Bruce Jackson (28:14)
Yeah, so kind of thinking back a little bit into the latter half of the 90s for a little bit. mean, that's also with the rise of a lot of trade sanctions. The Iran issues, there were a number of executive orders that came out about Iran. There was the Iran-Libya Sanctions Act. There was the Helms-Burton Act targeting Cuba. There were counter blocking sanctions imposed by other countries, EU and Canada and whatnot.

And because of the concerns about this, ⁓ the need for more expansive compliance programs within companies was very important. And of course, the fiascos over ⁓ technology leakage from the satellite industry when the ⁓ US government decided to ⁓ certain space commercial satellite related ⁓ technologies back under the EAR, basically under

Commerce Department and away from the State Department taking out the ITAR. And then you had these, ⁓ you know, launch failures that happened in China. And as a result, there were sharing of information between the, you know, provider of the launch service versus the one who had the payload and the oversharing of data to do the failure analysis and all of that, the things that were not licensed in a

approved by the government and that led to investigations and ultimately ⁓ to guidance to be given to industry because there weren't good companies. Yay, we got this jurisdiction. We can do it ourselves now and then they don't manage it right. Right. And so that's what really led to a lot of the guidelines that were issued and those consent agreements were instructive because each consent agreement you could go through it and see, okay, what are they telling companies to do? What did the companies agree to do? boy, we have to fold that into our program because if we get caught,

Jeff (29:54)
Right, right.

Bruce Jackson (30:08)
you know, if we have an issue, want to be able to say we're addressing it, try to mitigate that. And that's when you have the Nunn-Wolffwitz report come out where they surveyed a bunch of companies. ⁓ You had the Cox report that came out about the whole issue with China. ⁓ Those are things people can go and Google and look up and get the background on it. But if you look at the tenets of Nunn-Wolffwitz, the key compliance program guidelines, over time there around the end of the 90s and into the early parts of this century,

Jeff (30:16)
Yes.

Bruce Jackson (30:36)
you started to see those things crop up in national guidelines that were issued by, know, well, the State Department has its guidelines. BIS has its guidelines, EMS guidelines, which are in need of updating, by the way. But yeah, so you've got all these guidance. And then other countries do the same thing. I can remember building charts listing, well, do they require corporate policy statement? Do they require record keeping? What are the rules? And of course, none of these really at that time addressed the Internet.

Jeff (30:49)
Yeah ⁓

Bruce Jackson (31:06)
and AI and those kinds of things which we need to deal with today. But ⁓ this was the start of it. So was really those consent agreements laid the ground foundation for it. But I will say one thing I want to say about consent agreements. think it's important is, you know, my, you know, having been involved in a couple of them, usually as a consultant, helping companies implement the corrective actions. ⁓ You know, this is an area once that once you've completed all the things you're supposed to do and, and the

government says to you, you're good to go, you've ticked all the boxes, you've taken care of things. I am concerned, I've seen habits, because you see repeat consent agreements from the same company. And you go like, did they learn their lesson? Not really. And you've got different people involved, different areas of the business, people are human, they make mistakes, that's what happens. But

Jeff (31:47)
Mm-hmm.

Bruce Jackson (32:02)
And you also see in companies where as soon as they get clear of that consent agreement, they start cutting people, they go right back to old behaviors, then they complain next time they have another restriction that comes in. So part of this is, I think, a matter of, it's kind of part of my ethos, own it. Compliance can be in a strategic advantage. Absolutely can be. Because a lot of times when I speak with executive leadership teams,

Jeff (32:18)
Yeah. Yeah.

Absolutely.

Bruce Jackson (32:31)
when I've been involved in this, and this goes back decades, okay? I'll bring up an issue, a senior leader, a CEO, CFO, ⁓ the chief counsel, other key leaders will say to me, ⁓ no one else is bringing this up. Like, it's not really a compliance question you're bringing up, but I'm glad you brought it up. And I'm like, okay, so maybe we have a reason here to raise this because other teams are not bringing up some of these things.

Jeff (32:52)
Mm-hmm.

Bruce Jackson (32:58)
And so I think that is a key lesson to coming out of the consent agreements. I we saw the DOJ, ⁓ the ⁓ sentencing guidelines. That also has been expanded and that is something to be included in your compliance program. You need to be able to address that because there could be consequences from that. Yeah.

Jeff (33:11)
Mm-hmm.

Right, right.

But I think one of the realities of that timeframe, Bruce, was the people in a company that were responsible for trade were kind of off in a corner somewhere, you know, kind of buried under something and just make sure nothing bad happens, right? And there were much more bigger issues for companies. And I think when something bad happened, all of a sudden it did get elevated up to.

the right levels and then of course people took action. as soon as like you said that all got resolved back down into the I mean that's that has been my experience. And I think today we're living in a time where I think it's obvious we companies cannot ignore trade. It's gotten to that level. And so I think there's a lot more attention which is good. You know another thing you mentioned about the transfer of items from the State Department the ITAR over to the the EAR. We can't I don't think we can go further without mentioning encryption.

Bruce Jackson (33:53)
Mm-hmm.

Jeff (34:15)
I mean, encryption was huge. mean, was controlled under the ITAR and they moved it into under the CCL. And now all of a sudden, everybody, because of the birth of the internet and of security, everybody had security and everything, encryption became dominant. I mean, I know as running a compliance group, that seems like that's all we worried about was complying with the encryption rules, getting the CCATs in, know, doing the reporting and so on. So I think encryption was another area that really kind of

Bruce Jackson (34:15)
yeah.

Jeff (34:44)
blossomed in the early 2000s.

Bruce Jackson (34:47)
When I first moved to, so I was in Germany in 1990 and early 90s. And at that point, email was not, corporate email was not that prevalent, right? It was faxes, they faxing everything. And so on one of my trips back to the U.S., because I was living in Germany, but I could come back to the U.S., so I could come back for holiday or for meetings. And at one point I went into a...

Jeff (35:02)
Yeah. Yes.

Bruce Jackson (35:14)
probably a Circuit City electronic store and I was going to buy a copy of ⁓ Delrina's WinFax ⁓ application. Because I could use that. ⁓ so I had because I had a computer, but we really didn't have email yet, but I could use that for sending faxes. And but I took the package off the shelf and there was a sticker on it that said not for export from the US subject to ITAR. So, you know, know.

Jeff (35:20)
Yeah.

Wow, wow,

yeah, yeah, yeah, yeah.

Bruce Jackson (35:42)
Yeah, no, seriously. Yeah,

it was crazy. So yes, no, I didn't export that. But yeah, no, but that's how it was back then. Of course, now it's a totally different situation. And the challenge with encryption is that we've got rules that we have to deal with. problem is the US has implemented a, I actually have to say it's complex.

Jeff (35:47)
Yeah.

Yeah.

Bruce Jackson (36:07)
It's not easy to necessarily for someone new to the novice to really get it, but the license exception ENC and the mechanisms that you have under the EAR to manage and export that, it works. But they don't have that in other allied countries. They don't have that mechanism. And they take a very critical view of it. But encryption is so pervasive, it's so critical to protect our personal data today and to protect everything.

Jeff (36:26)
Yeah. Yeah.

Yeah, yeah.

Bruce Jackson (36:37)
that you want everybody to have it, you just want to know who has what. So in times of conflict, when you need to try to do something about it, you know where it is. And that's the legacy we're doing without all the reporting requirements and everything, at least from a US perspective. And this does pose a lot of challenges, no question.

Jeff (36:41)
Yes. Yep.

Yeah, and I think you're right. It's become less of a control and more of an information gathering exercise, as you say. And I think, you know, if we kind of shift a little bit into the 2000s, you know, I would say maybe up to 2016. When you think about the world of export controls, in my mind, it was really a series of ⁓ rules and relaxations that tried to help exporters, you know,

Bruce Jackson (37:05)
Yeah. Yeah.

Jeff (37:28)
export around the world. mean, it was globalization. Everybody wanted to move things around the world easily. so BIS came out with license exceptions that you could apply. ⁓ Trusted programs like the VEU, which is a validated end user. So you trust the exporter to be able to do the compliance checks and you allow them to go forward. ⁓ Maybe bulk deemed export licenses, so making it more simple to be able to have people at your companies have access. ⁓

Bruce Jackson (37:40)
Mm-hmm.

Jeff (37:54)
you know, there was routine relaxation under Wasanar controls. mean, every time in RAPTEC, every time we had a Wasanar proposal, it usually was trying to remove something from the list, right? So we went through this time, I think, of relaxation, of making it easier for exporters to be able to export. ⁓ And then, you know, there was the entity list that was born during that timeframe as well. And it was really originally put forward as a way to...

Bruce Jackson (37:58)
Mm-hmm.

That's right. Right.

Jeff (38:19)
to notify a company, hey, we suspect you're not doing the right things, please, you're on a list now until you can come back and show us that you're doing everything right. So was less, it was more about a goal of changing behavior and less about being punitive in terms of the entity.

Bruce Jackson (38:34)
wasn't it?

I mean, my recollection, it was really a outgrowth of EPSI, Enhanced Proliferation Control Initiative under the, I think that was a, wasn't that Bush administration? I it was a long time ago. I mean, I've been in this so long. And EPSI really, I mean, the entity list was really, it's just how it's been used really changed under the first Trump administration. I mean, it was not, it was not, you put people on the list because of concerns about ⁓

Jeff (38:45)
Yeah. Yeah. Yeah.

Bruce Jackson (39:04)
proliferation concerns. mean, those were the parties that were on the diversion proliferation concerns. And now it's morphed into being used to just putting anyone on there for other reasons. The naughty list, even if they haven't violated anything, right? ⁓ They might though, so let's put them on the list, which I mean, I'm not judging that. mean, we were living with it, right? I mean, there's an.

Jeff (39:05)
Yeah, diversion. Yeah. Yep.

The naughty list. Yeah, yeah, yeah. But they might, they might, so let's put them on.

Yeah, yeah, yes, yes.

Bruce Jackson (39:30)
You know, so it's something it has changed. I'm sure there were others out there, even a lot of us, a lot of practitioners have been in a long time, probably would have the same comments that I have about it. I mean, it's something we have to deal with. ⁓ US export controls are pervasive. ⁓ And so companies want to comply with them, particularly multilateral larger companies trying to deal with things. So yeah, now it's...

Jeff (39:55)
Yeah. Yeah.

Bruce Jackson (39:57)
The end of list is here to stay. mean, it's growth. I mean, I'm shocked at it. I mean, it's not a cat we can put back in the bag. It's not going to work. No.

Jeff (40:00)
Yeah.

No, I think when it first started, think you could count maybe the number of entities, maybe with your 10 fingers and thumbs in mind. Now I think I saw somewhere it's over 3,000. I mean, it's just incredible.

Bruce Jackson (40:16)
Right? Yeah.

Yeah.

And with the issuance of the recent affiliates rule, that has exponentially grown in terms of the focus there.

Jeff (40:23)
Yeah. Yes. Yeah. Yeah.

Yeah. We'll talk about a little bit more about this when we get into more of the current situation. you know, moving kind of forward, you you mentioned the Trump administration. Let's think about Trump won and Biden, because in my mind, I clearly saw and have seen a shift in how and in the tone and the strategy of BIS when it comes to expert controls.

Any insights into how, and how would you characterize those, that shift that we're seeing?

Bruce Jackson (40:57)
Yeah, it's interesting. mean, the the foreign produced direct product rule. I always say foreign produced because that's kind of what it is. But FPDR, ⁓ not just foreign direct, but foreign produced direct product rule. And ⁓ that rule changed significantly. I mean, that over the last started with, you know, I guess Huawei was the focus there. And, you know, it's interesting. I think that works.

Jeff (41:04)
Yeah.

Mm-hmm.

Bruce Jackson (41:26)
for some product and technology areas, but doesn't necessarily work for others. It works for semiconductors and that kind of technology, those kinds of technology integrated circuits, because US technology in that supply chain are so pervasive. Everybody's using them. And so you couldn't really avoid it. And so it made the rule effective, right? And so that's a change, I think, over the last years. I mean, I think...

Jeff (41:34)
Mm. Mm-hmm.

Mm-hmm, right.

Bruce Jackson (41:53)
And particularly because of the concerns about China and the rise of in the last, in the last decades, but especially an awareness now, you know, a lot of concern about China's ambitions, aspirations in certain corners. I mean, I'm not judging any of that. I mean, I'm just saying we're, this is the world we have to deal with now. And, and so trying to manage the compliance risks associated

Jeff (42:16)
Mm-hmm. Yep.

Bruce Jackson (42:21)
with that in a multi multilateral world. I mean, I don't have, I mean, a specific opinion on, you know, am I seeing a big change in these latest administrations? Because when I look back through history, see like I've seen this in other areas as well. I mean, you could look at, again, the the 90s and the concerns around sanctions and the concerns around aerospace and, and, and those kinds of things. And sometimes I think it, the changes are

Change is going to happen. are going to always be changes because of the geopolitical environment we're in and you need to be prepared to be able to adapt to it.

Jeff (42:58)
Mm-hmm. Yep.

Yep. Yeah. No, I think that's well said. from my perspective, I feel like in the 2000s, in a lot of ways, maybe as exporters, we might have been a little bit lulled to sleep in terms of just managing compliance. It was fairly routine. And then we got hit, you know, starting in 2016 with, I think,

you know, some significant changes and like you said, really trying to contain a technology from from, you know, from China primarily. And I think that really was a challenge for BIS to come up with rules that actually were effective in doing that. And I think it's super challenging for exporters to try to understand and then how to how to build your programs around that to to ensure compliance. So it's definitely I think there's definitely been a much more greater focus these in these these past two administrations.

You know, you mentioned Huawei. We haven't really gone into why we can talk some more maybe in our next sessions of it, because Huawei is just such a watershed moment. I think if you go back to the May of 2019 entity ⁓ listing and there's been so much since then. But when we talked at the beginning, we talked about the, you know, the Toshiba Kong Kongsberg case. And so do you see any parallels between the Huawei case and the extraterritorial moves we saw back then?

Bruce Jackson (43:56)
Yes.

Mm-hmm.

Absolutely.

Absolutely, no. mean, it is all about extraterritorial reach, right? It's about the, you know, in the Toshiba-Consport case, you had violations that were not of US export control laws, but of other countries laws, but the US punished those companies for violating their own laws. I mean, obviously, you could argue it violated COCOM and what those requirements were, but it was clearly a extraterritorial reach action by the US government. And then with Huawei,

Jeff (44:25)
Right.

Mm-hmm.

Bruce Jackson (44:50)
You're talking about a lot of activity that's happening outside the United States. Yes, they're using US tooling. They may be using US software to do some designs, but suddenly that extra territorial reach through the foreign produce direct product rules really did kind of clamp down on that and impact it. It worked because it's semiconductors. And I do think you're right. mean, all the advanced semiconductor rules, the export controls of the last years, that clearly has had a big.

Jeff (45:10)
Mm-hmm. Mm-hmm.

Bruce Jackson (45:18)
big impact on the industry. have to admit when I was coming to my current employer ⁓ in the semiconductor industry, I was coming from aerospace and I was like, this will be a sleepy job. How wrong was I? Wow. But you're right, you'd gone to sleep to some degree in the industry because I don't want to overstate that, from my perspective, was much more straightforward than

Jeff (45:31)
Mm-hmm.

Bruce Jackson (45:45)
aerospace when you you're talking about launching rockets and it just there's a lot of complexity there and missile technology control regime issues and all these other things that were kind of fun to deal with. But no I do see us as consequences. Here's a link. ⁓ You're going to continue to see those kinds of things. We're going to talk hopefully about what we see looking in the crystal ball, what other actions you you can see in this arena.

And there will always be counteractions to try to work around it. mean, with Huawei and all the restrictions on it's not just Huawei, it's other parties that are involved there. there are, I hate to call them loopholes, but the way the rules are structured, once you close off one avenue, it's like whack-a-mole, you have to look for other ways in which they're getting things. And it's not like someone intentionally created a loophole, created that, but.

Jeff (46:31)
Yep. Yep.

Bruce Jackson (46:38)
When there's a desire to get access to a technology or capability, take AI for example, let's say you cut off the ability to build an AI modeling solution and you found a way to rent space to use it, then you go down that path. so yeah, so this is, it is whack-a-mole in many ways.

Jeff (46:47)
Mm-hmm.

Yeah, yeah, yeah.

In many ways, I think that's a really good way to put it. You know, just to kind of, for our listeners to kind of bring some reality to how this all worked, I can tell you, I worked for a semiconductor company, a large one. And ⁓ you know, there was a time not long ago that the bulk of our work was submitting Seacats for encryption and submitting cookie cutter deemed export licenses. And so my licensing people, they did that.

But then you introduce this very complex semiconductor rule, the AI rules, and now all of a sudden a license became critical how you wrote it up, what you actually asked for on the license, how much you asked for. ⁓ All those things had huge, and also the Huawei situation, know? And when you submitted a license for Huawei, you had to be very careful. Otherwise that thing will get stuck in a desk drawer somewhere and you'll never see it.

All of a sudden, the work of an export compliance professional, especially in the licensing side, became very important and it needed a new set of skills, right? Someone that could really look at things more strategically and think through the implications and how do I actually get this license as opposed to just throw, you know, throw in the classifications. Anyway, that's just reality of how it worked. And we saw that play out. And I think today I'm sure it's just the same. mean, it takes a lot of work to be able to figure out how to get something approved.

Bruce Jackson (48:28)
Yeah, it's not only getting the approval once you you get the approval managing the requirements that whatever has been approved and and and I think the biggest the biggest problem ⁓ from licensing perspective is you need to be able you need some predictability right with the tightening of policies just presumption of denial policies on everything. You know, ⁓ it makes it very difficult because obviously maybe maybe that's it.

Jeff (48:32)
Yeah.

Come with it, yes.

Mm-hmm.

Bruce Jackson (48:57)
One can argue that's intentional. Why are you applying for this license when it's a presumption of denial? Well, you're trying to keep a customer happy where some business can be done, but that subject to US jurisdiction cannot. You got to be careful there though, because again, it goes back to my argument that you don't want the left hand doing something the right hand is going to pay for and trying to be mindful of ⁓ those kinds of situations. yeah, licensing.

Jeff (48:59)
Yeah. ⁓

Bruce Jackson (49:24)
and then the management of the licenses is critical and you need predictability. You need rigor around, you you need to be able to count on that a decision will be made on your license by a certain date. And we haven't really seen that in the last decade. I mean, things have been like, yeah, it's very unpredictable and that makes it very difficult to make commercial business decisions.

Jeff (49:46)
Absolutely. Well, that's good. Good lead in to our next ⁓ session, Bruce, because we'll talk a bit more about how to how to understand the the the regulations, how to turn them from being unpredictable to more predictable. And so there's a lot to talk about as we know. So I appreciate all your insights this time. I'm to go ahead and just wrap up and then we'll we'll meet again next week. But let me just close by saying, you know, to our listeners, as you've seen, know, export controls weren't ⁓

Bruce Jackson (49:52)
Okay.

Yeah.

Jeff (50:15)
weren't born in a vacuum. They're the product of decades of policy, conflict, and adaptation. For compliance leaders, understanding that history isn't just academic, it's strategic. It helps us advise senior leadership, define our enterprise's space of freedom, and anticipate the next turn. In our next episode, we'll shift to the present, the realities of China, Russia, emerging technology,

in the post-pandemic world. Stay with us. Until next time, take care.