Two years ago the Obama administration issued an executive order that allowed the Treasury Department to sanction any organization engaged in “cyber-enabled activities…that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.” (This was after the Sony hack.)
In late 2016, in retaliation for the Russian interference with the US election, Obama issued another executive order. This one added the Russian security service (FSB) and several other Russian actors to the list of sanctioned organizations.
Today, the Trump administration loosened these sanctions:
All transactions and activities otherwise prohibited pursuant to Executive Order (E.O.) 13694 of April 1, 2015…are authorized that are necessary and ordinarily incident to….
(1) Licenses, permits, certifications, or notifications issued or registered by the [FSB] for the importation, distribution, or use of information technology products in the Russian Federation….
(2) Complying with law enforcement or administrative actions or investigations involving the Federal Security Service; and
(3) Complying with rules and regulations administered by the Federal Security Service.
What does this mean? Payments are limited to $5,000 per calendar year, so the payments themselves are not what’s important. Nor does this order allow the sale or export of goods to the FSB itself. What it does is allow payments to the FSB for the licenses required to sell IT equipment in Russia.
How big a deal is this? What kinds of exports have been held up because it was illegal to pay for the FSB permits that were required? Is this just a minor fix for an unanticipated side-effect of the sanctions, or is it the first small step in loosening other sanctions on Russia? Good question. Perhaps some Russia expert will weigh in on this.
UPDATE: For what it’s worth, conservative sanctions expert Eric Lorber says this is probably just a benign fix to an “unintended consequence” of the original sanctions ordered by Obama.
UPDATE 2: Last year Russia passed a law requiring that metadata for all communications be stored for 3 years (by phone companies) and 1 year (by internet providers). In addition, the content of all communications must be stored for 6 months, and decryption keys have to be provided to the state security authorities. The new rules take effect in 2018.
A reader emails to say that the problem with the Obama sanctions is that they prevent Western companies from engaging with the FSB to understand exactly how the new law will be interpreted. I don’t entirely understand why that requires any money to change hands, but hey. It’s Russia. So maybe this wrinkle is what the easing of the sanctions is really about.
UPDATE 3: I’d sure be interested to hear from the folks who drafted the Obama sanctions. Did they deliberately want to cause Russia pain by preventing the import of IT equipment, or was this just an oversight? Who was responsible for writing and reviewing this stuff, anyway?