|Thursday, 30 January 2014 12:13|
The majority of U.S. economic sanctions laws and regulations designed for the brick and mortar world, continue to present compliance challenges for businesses offering goods and services on the web. The Internet makes it easier to get around and avoid sanctions, and export controls, but compliance remains necessary.
The brick and mortar rules, at a certain level, are almost impossible to enforce in the virtual world. Foreigners can use a variety of tools such to mask identity and place. Take this to the bank, the bad actors always find a way to break the law. This presents many challenges for companies with just about any sort of U.S. nexus.
A U.S.-based Massive Open Online Courses (MOOC) educational services provider, Coursera, felt recently the sanctions regulations pinch. In an unusually public way, as far as cases such as these go, Coursera cut out Cuba, Iran, and Sudan from its service area. You can read the press statement here.
The United States maintains country-based programs (just a handful of countries affected) and, for lack of a better term, list-based sanctions programs (one of the more challenging aspect of compliance in the virtual world). In addition to economic sanctions, certain technologies and services are subject to export controls.
According to Coursera (emphasis added is my own):
For companies doing business on the Internet, the law will always be unclear. Caution is always a good idea, especially when you're dealing with high-risk country-based sanctions areas. For the list-based sanctions, for example Treasury's SDN list that includes names and entities that are blocked from the U.S. financial system for a whole variety of policy reasons, the compliance challenge is more daunting.
Many clients become very frustrated with these laws. I've counseled many and the decision should be clear cut. When all the legal analysis said and done, the key question to doing business in high risk countries boils down to this: Is the legal risk worth the cost of doing business in a sanctioned country or area of concern?
It is, and never will be, easy to comply with these rules and regulations. You need to take a close look at the line of business you're in, the product or service you're selling, and the screening options you have in place to ensure compliance.
The bad guys are clever. Masking an IP is easy to do. Users also lie, use aliases. Certain countries use the Internet to control information flows to its people, or deny usage outright. And much more. As a result, some companies make a business and policy decision to just stay away from certain places.
The United States, through its elected in the Congress as well as the White House, have made policy decisions through the years that result in these laws. Human rights violators, drug smugglers, terrorists, money launderers, state sponsors of terrorism, labor and sex traffickers are the targets of these sanctions. The export control aspect of this issue aims to keep away dual-use and military technology and services from these bad actors.
Coursera is doing the responsible thing, muddling its way through it. While I do not have full information, they should have thought of this before making their services available in sanctioned countries. And, even if they did, these programs evolve with technological and legal developments. Yes, compliance never ends.
In all likelihood, because Coursera is in the education and information arena, they may be able to custom design certain offerings for areas of concern. If the critics have an issue Coursera's approach, and a few do, they should take it up with the U.S. Congress and the Obama Administration.