Notice of Issuance of Final Determination Concerning; Software Products, 40427-40430 [2019-17377]

Download as PDF 40427 Federal Register / Vol. 84, No. 157 / Wednesday, August 14, 2019 / Notices research participants to anyone not connected with the research, except in limited circumstances specified in the statute. At NIH, the issuance of CoCs has been delegated to the NIH OER in the NIH Office of the Director. NIH received 529 requests for CoCs from April 2017 through March 2018 and expects to receive approximately the same number of requests in subsequent years. The NIH has been using an online CoC system to review requests and issue CoCs since 2015. The current CoC request form includes 15 sections of information collected from research organizations. The streamlined NIH CoC electronic system will have seven sections of structured or short text fields. The information provided will be used to determine eligibility for a CoC and to issue the CoC to the requesting organization. Eligible requesting organizations that provide legally binding affirmations that they will abide by the terms of the CoC would be issued a Certificate of Confidentiality. This system is expected to increase efficiency and reduce burden for both requestors and NIH staff who currently process these requests. OMB approval is requested for three years. There are no costs to respondents other than their time. The total estimated annualized burden hours are 177. ESTIMATED ANNUALIZED BURDEN HOURS CoC CoC CoC CoC Average time per response (in hours) Total annual burden hours Applicants—Private ................................................................................. Applicants—State/local ............................................................................ Applicants—Small business .................................................................... Applicants—Federal ................................................................................ 372 26 53 78 1 1 1 1 20/60 20/60 20/60 20/60 124 9 18 26 Total .......................................................................................................... 529 ........................ ........................ 177 Dated: August 7, 2019. Lawrence Tabak, Principal Deputy Director, National Institutes of Health. [FR Doc. 2019–17358 Filed 8–13–19; 8:45 am] BILLING CODE 4140–01–P DEPARTMENT OF HEALTH AND HUMAN SERVICES National Institutes of Health Center for Scientific Review; Amended Notice of Meeting Notice is hereby given of a change in the meeting of the Center for Scientific Review Special Emphasis Panel, July 26, 2019, 10:00 a.m. to 5:00 p.m., National Institutes of Health, 6701 Rockledge Drive, Bethesda, MD 20892 which was published in the Federal Register on July 03, 2019, 84 FR 31878. The meeting will be held on August 20, 2019 at 9:00 a.m. to 5:00 p.m. The meeting location remains the same. The meeting is closed to the public. Dated: August 8, 2019. Melanie J. Pantoja, Program Analyst, Office of Federal Advisory Committee Policy. [FR Doc. 2019–17400 Filed 8–13–19; 8:45 am] jspears on DSK3GMQ082PROD with NOTICES Number of responses per respondent Number of respondents Type of respondents DEPARTMENT OF HEALTH AND HUMAN SERVICES DEPARTMENT OF HOMELAND SECURITY National Institutes of Health U.S. Customs and Border Protection National Cancer Institute; Amended Notice of Meeting Notice of Issuance of Final Determination Concerning; Software Products Notice is hereby given of a change in the meeting of the National Cancer Advisory Board, September 4, 2019, 8:30 a.m. to September 5, 2019, 12:00 p.m., National Institutes of Health, National Cancer Institute Shady Grove, 9609 Medical Center Drive, Room TE406 & 408, Rockville, MD 20817 which was published in the Federal Register on February 11, 2019, 84 FR 3203. This meeting notice is amended to change the meeting from a face-to-face meeting on September 4, 2019, 8:30 a.m. to September 5, 2019, 12:00 p.m. to a virtual meeting on September 4, 2019 from 1:00 p.m. to 4:30 p.m. The open session will be held from 1:00 p.m. to 3:15 p.m. and the closed session will be held from 3:30 p.m. to 4:30 p.m. The open session will be videocast and can be accessed from the NIH Videocasting and Podcasting website (http:// videocast.nih.gov). The meeting is partially closed to the public. AGENCY: Dated: August 8, 2019. Melanie J. Pantoja, Program Analyst, Office of Federal Advisory Committee Policy. BILLING CODE 4140–01–P [FR Doc. 2019–17399 Filed 8–13–19; 8:45 am] BILLING CODE 4140–01–P VerDate Sep<11>2014 18:56 Aug 13, 2019 Jkt 247001 PO 00000 Frm 00046 Fmt 4703 Sfmt 4703 U.S. Customs and Border Protection, Department of Homeland Security. ACTION: Notice of final determination. This document provides notice that U.S. Customs and Border Protection (‘‘CBP’’) has issued a final determination concerning the country of origin of CIS Secure Computing, Inc.’s software products for use on mobile devices and on servers and other similar network devices. Based upon the facts presented, CBP has concluded that the software products are substantially transformed in the United States for purposes of U.S. Government procurement. DATES: The final determination was issued on August 7, 2019. A copy of the final determination is attached. Any party-at-interest, as defined in 19 CFR 177.22(d), may seek judicial review of this final determination no later than September 13, 2019. FOR FURTHER INFORMATION CONTACT: James Kim, Valuation and Special Programs Branch, Regulations and Rulings, Office of Trade (202) 325–0158. SUPPLEMENTARY INFORMATION: Notice is hereby given that on August 7, 2019, pursuant to subpart B of Part 177, U.S. Customs and Border Protection Regulations (19 CFR part 177, subpart SUMMARY: E:\FR\FM\14AUN1.SGM 14AUN1 40428 Federal Register / Vol. 84, No. 157 / Wednesday, August 14, 2019 / Notices B), CBP issued a final determination concerning the country of origin of CIS Secure Computing, Inc.’s software products, which may be offered to the U.S. Government under an undesignated government procurement contract. This final determination, HQ H301776, was issued under procedures set forth at 19 CFR part 177, subpart B, which implements Title III of the Trade Agreements Act of 1979, as amended (19 U.S.C. 2511–18). In the final determination, CBP concluded that CIS Secure Computing, Inc.’s software products are substantially transformed in the United States for purposes of U.S. Government procurement. Section 177.29, CBP Regulations (19 CFR 177.29), provides that a notice of final determination shall be published in the Federal Register within 60 days of the date the final determination is issued. Section 177.30, CBP Regulations (19 CFR 177.30), provides that any party-at-interest, as defined in 19 CFR 177.22(d), may seek judicial review of a final determination within 30 days of publication of such determination in the Federal Register. Dated: August 7, 2019. Alice A. Kipel, Executive Director, Regulations and Rulings, Office of Trade. HQ H301776 August 7, 2019 OT:RR:CTF:VS H301776 JK CATEGORY: Origin John Turner, CTO CIS Secure Computing, Inc. 21050 Ashburn Crossing Drive, Suite 145 Ashburn, VA 20147 jspears on DSK3GMQ082PROD with NOTICES RE: U.S. Government Procurement; Title III, Trade Agreements Act of 1979 (19 U.S.C. § 2511); Subpart B, Part 177, CBP Regulations; Substantial Transformation Dear Mr. Turner: This is in response to your letter, dated September 19, 2018, requesting a final determination on behalf of CIS Secure Computing, Inc. (‘‘CIS Secure Computing’’ or ‘‘Company’’), pursuant to subpart B of Part 177 of the U.S. Customs and Border Protection (CBP) Regulations (19 C.F.R. Part 177). As a U.S. importer, CIS Secure Computing is a party-at-interest within the meaning of 19 C.F.R. § 177.22(d)(1) and is entitled to request this final determination. FACTS: CIS Secure Computing requests a final determination on two software products that it intends to produce for VerDate Sep<11>2014 18:56 Aug 13, 2019 Jkt 247001 government procurement purposes: software for use on mobile devices (‘‘Mobile Device Software’’), and software for use on servers and other similar network devices (‘‘Server Software’’). The Mobile Device Software includes a customized version of the Android operating system and mobile configuration management software, which provide advanced security features and functions to a mobile device. The Server Software includes configuration management software for remotely controlling certain functions and operations of a mobile device configured with the Mobile Device Software. Both software products are produced in a four-step process that involves: (1) writing original source code, or modifying open source software code in the United States; (2) writing or modifying source code in Canada; (3) compiling the source code into executable object code in the United States; and (4) delivering the finished software to the purchaser. The source code will be written by the Company’s employees at its offices located in Ashburn, Virginia and in Canada.1 In a submission dated May 21, 2019, CIS Secure Computing provided additional information on the processes involved in writing source code and compiling it into executable object code in steps (1) through (3). Writing the source code for the Mobile Device Software will involve the following steps: 1. The Company’s software developers in Ashburn, Virginia will download certain open source software code for the Android operating system, also known as Operating System code (‘‘OS code’’). The Company will modify the OS code and write original source code in Ashburn, Virginia. Modifying the OS code includes deleting or modifying one or more portions of the original source code to produce modified OS code. 2. The Company’s software developers in Canada will access the modified OS code and the original source code stored in a collaborative software development environment and may further modify the OS code and write original source code. 1 In your original submission dated September 18, 2018, you stated that the writing of source code in Canada was performed by a contract Canadian software development company. In your submission dated May 21, 2019, you stated that CIS Secure Computing had completed acquisition of this contract Canadian software development company, and that any software writing, software compilation, or other operations that were originally described as performed by the Canadian software development company are now performed by employees of CIS Secure Computing. PO 00000 Frm 00047 Fmt 4703 Sfmt 4703 3. In performing steps 1 and 2, software programmers write computer code using tools such as Android Studio, Eclipse and Text Editors. The software programmers may also write the computer code in C++, C, Java, Kotlin, Python and Perl programming languages. User interface designers design and write computer code for a graphical layout using tools such as Android Studio and Eclipse. Software developers modify Android Open Source Code Project (AOSP) build scripts using tools such as GNU Make and Blueprint. 4. Once the modified OS code and the original source code are completed, the Company will download all of the modified OS code and the original source code to computers located at its offices in Ashburn, Virginia. Completed code is checked into the Company’s software repository for storage. The result of the combination will be the source code for the Mobile Device Software; however, it will not be executable software code. Writing the source code for the Server Software will involve the following steps: 1. The Company’s software developers in Ashburn, Virginia will write original source code. The original source code will be stored in a collaborative software development environment. 2. The Company’s software developers in Canada will also write original source code. The original source code written by the Company’s software developers in Canada will also be stored in the same collaborative software development environment. 3. In performing steps 1 and 2, software programmers write computer code using tools such as IntelliJ, Eclipse and Text Editors. The software programmers may also write the computer code in Scala, Java and JavaScript languages. User interface designers design and write computer code for a graphical layout using Angular JS and related tools such as Node, NPM, Bower and Grunt. 4. When the source code is complete, the Company will download all of the original source code to one or more computers in Ashburn, Virginia. Completed code is checked into the Company’s software repository for storage. The downloaded original source code will comprise the source code for the Server Software; however, it will not be executable software code. CIS Secure Computing will then perform a software build on computers located in its offices in Ashburn, Virginia. During this step, the source code for the Mobile Device Software and E:\FR\FM\14AUN1.SGM 14AUN1 Federal Register / Vol. 84, No. 157 / Wednesday, August 14, 2019 / Notices jspears on DSK3GMQ082PROD with NOTICES the Server Software will each be compiled into executable object code. Compiling the source code into executable object code for the Mobile Device Software involves the following steps: 1. The Company’s software developers in Ashburn, Virginia sign into a Jenkins build server and schedule a build action to perform the compilation process. The Jenkins build server also performs a nightly build action. 2. The Jenkins build server retrieves the latest version of the source code from the Company’s software repository and, if needed, from a source code repository for AOSP. 3. The build server performs a compilation process using AOSP compilation tools such as gcc, Jack, Proguard and Python to compile the source code into object code for each relevant platform on Android ARM 32bit CPU and ARM 64-bit CPU. 4. The Company’s software developers perform work to address any incompatibilities or errors that emerge during compilation. If needed, they verify or rectify the source code, and may re-perform steps 1 through 3. Compiling the source code into executable object code for the Server Software involves the following steps: 1. The Company’s software developers in Ashburn, Virginia sign into the Jenkins build server and schedule a build action to perform the compilation process. The Jenkins build server also performs a nightly build action. 2. The Jenkins build server retrieves the latest version of the source code from the Company’s software repository. 3. The build server performs a compilation process using a Scala build tool or Java compiler for the Linux platform to compile the source code into object code. 4. The build server transcodes and minifies 2 Javascript using a Grunt compiler. 5. The Company’s software developers perform work to address any incompatibilities or errors that emerge during compilation. If needed, they verify or rectify the source code, and may re-perform steps 1 through 4. As a final step, CIS Secure Computing will deliver the finished software to the purchaser. For the Mobile Device 2 Minification refers to the process of removing unnecessary or redundant data without affecting how the resource is processed by the browser - e.g., code comments and formatting, removing unused code, using shorter variable and function names, and so on. See https://developers.google.com/ speed/docs/insights/MinifyResources (last accessed August 6, 2019). VerDate Sep<11>2014 18:56 Aug 13, 2019 Jkt 247001 Software, the Company will load the object code onto mobile devices at its offices in Ashburn, Virginia. Then the Company will provide the mobile devices with the object code to the purchaser. For the Server Software, CIS Secure Computing will deliver the object code to the purchaser in one of the following ways, depending on the purchaser’s requirements: (1) the Company will load the object code onto a server device at its offices in Ashburn, Virginia and may provide the server device to a purchaser; (2) the Company will transmit the object code electronically to a purchaser server; and/or (3) the Company will load the object code to a storage medium, such as a CD or a disk drive, and may deliver the CD or disk drive containing the object code to the purchaser. ISSUE: Whether the Mobile Device Software and Server Software are substantially transformed in the United States for government procurement purposes. LAW AND ANALYSIS: CBP issues country of origin advisory rulings and final determinations as to whether an article is or would be a product of a designated country or instrumentality for the purposes of granting waivers of certain ‘‘Buy American’’ restrictions in U.S. law or practice for products offered for sale to the U.S. Government, pursuant to subpart B of Part 177, 19 C.F.R. § 177.21 et seq., which implements Title III of the Trade Agreements Act of 1979, as amended (19 U.S.C. § 2511 et seq.) (TAA). Under the rule of origin set forth under 19 U.S.C. § 2518(4)(B): An article is a product of a country or instrumentality only if (i) it is wholly the growth, product, or manufacture of that country or instrumentality, or (ii) in the case of an article which consists in whole or in part of materials from another country or instrumentality, it has been substantially transformed into a new and different article of commerce with a name, character, or use distinct from that of the article or articles from which it was so transformed. See also 19 C.F.R. § 177.22(a). In rendering advisory rulings and final determinations for purposes of U.S. Government procurement, CBP applies the provisions of subpart B of Part 177 consistent with Federal Acquisition Regulations. See 19 C.F.R. § 177.21. In this regard, CBP recognizes that the Federal Acquisition Regulations restrict the U.S. Government’s purchase of products to U.S.-made or designated country end products for acquisitions subject to the TAA. See 48 C.F.R. § PO 00000 Frm 00048 Fmt 4703 Sfmt 4703 40429 25.403(c)(1). The Federal Acquisition Regulations define ‘‘U.S.-made end product’’ as: . . . an article that is mined, produced, or manufactured in the United States or that is substantially transformed in the United States into a new and different article of commerce with a name, character, or use distinct from that of the article or articles from which it was transformed. The issue in this case is whether the source code written for the Mobile Device Software and Server Software is substantially transformed in the United States when the Company performs a ‘‘software build’’ in the United States, i.e., compiles the source code written in Canada (along with source code written in the United States) into executable object code. At the outset, we note that ‘‘source code’’ and ‘‘object code’’ differ in several important ways. Source code is a ‘‘computer program written in a high level human readable language.’’ See, e.g., Daniel S. Lin, Matthew Sag, and Ronald S. Laurie, Source Code versus Object Code: Patent Implications for the Open Source Community, 18 Santa Clara High Tech. L.J. 235, 238 (2001). While it is easier for humans to read and write programs in ‘‘high level human readable languages,’’ computers cannot execute these programs. See Note, Copyright Protection of Computer Program Object Code, 96 Harv. L. Rev. 1723, 1724 (1983). Computers can execute only ‘‘object code,’’ which is a program consisting of clusters of ‘‘0’’ and ‘‘1’’ symbols. Id. Programmers create object code from source code by feeding it into a program known as a ‘‘compiler.’’ Id. In this case, the writing of source code in Canada (and the United States) involves the creation of computer instructions in a high level human readable language, whereas the software build performed in the United States involves the compilation of those instructions into a format that computers can execute. CBP has consistently held that conducting a software build—compiling source code into object code—results in substantial transformation. For example, in HQ H268858, dated Feb. 12, 2016, four software products were produced using the same three-step process: (1) writing the source code in Malaysia; (2) compiling the source code into usable object code in the United States; and (3) installing the finished software on U.S.origin discs in the United States. CBP held that all four software products were substantially transformed in the United States, finding that the software build conducted in the United States was sufficient to create a new and different article with a new name, E:\FR\FM\14AUN1.SGM 14AUN1 40430 Federal Register / Vol. 84, No. 157 / Wednesday, August 14, 2019 / Notices character, and use. See also HQ H243606, dated Dec. 4, 2013 (source code programmed in China and then compiled into object code in the United States was substantial transformation). Consistent with the rulings cited above, we find that the Mobile Device Software and Server Software are substantially transformed in the United States as a result of the software build: the name of the product changes from source code to object code, the character changes from computer code to finished software, and the use changes from instructions to an executable program. HOLDING: Based on the information provided, the Mobile Device Software and Server Software are substantially transformed in the United States for U.S. government procurement purposes. Notice of this final determination will be given in the Federal Register, as required by 19 C.F.R. § 177.29. Any party-at-interest other than the party which requested this final determination may request, pursuant to 19 C.F.R. § 177.31, that CBP reexamine the matter anew and issue a new final determination. Pursuant to 19 C.F.R. § 177.30, any party-at-interest may, within 30 days after publication of the Federal Register notice referenced above, seek judicial review of this final determination before the Court of International Trade. Sincerely, Alice A. Kipel, Executive Director, Regulations and Rulings, Office of Trade. [FR Doc. 2019–17377 Filed 8–13–19; 8:45 am] BILLING CODE 9111–14–P DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Modification of the National Customs Automation Program Test Regarding Post-Summary Corrections for Extensions of Liquidation U.S. Customs and Border Protection, Department of Homeland Security. ACTION: General notice. AGENCY: This document announces U.S. Customs and Border Protection’s (CBP’s) modification to the National Customs Automation Program (NCAP) test pertaining to the processing of postsummary corrections (PSCs). The modification in this notice expands the time period in which a PSC must be filed by allowing a PSC to be jspears on DSK3GMQ082PROD with NOTICES SUMMARY: VerDate Sep<11>2014 18:56 Aug 13, 2019 Jkt 247001 transmitted up to 15 days prior to the scheduled date of liquidation when liquidation has been extended. Except to the extent expressly announced or modified by this document, all aspects, rules, terms and conditions announced in previous notices regarding the PSC test remain in effect. DATES: The modifications announced in this test will become operational on August 14, 2019. ADDRESSES: Comments concerning this notice and any aspect of this test may be submitted at any time during the test via email to Randy Mitchell, Director, Commercial Operations, Revenue and Entry Division, Trade Policy and Programs, Office of Trade, via email at OTENTRYSUMMARY@cbp.dhs.gov. FOR FURTHER INFORMATION CONTACT: For policy-related questions, contact Randy Mitchell, Director, Commercial Operations, Revenue and Entry Division, Trade Policy and Programs, Office of Trade, via email at OTENTRYSUMMARY@cbp.dhs.gov. For technical questions related to Automated Broker Interface transmissions, contact your assigned client representative. Interested parties without an assigned client representative should direct their questions to the Client Representative Branch at CLIENTREPOUTREACH@ cbp.dhs.gov. SUPPLEMENTARY INFORMATION: I. Background The National Customs Automation Program (NCAP) was established by Subtitle B of Title VI—Customs Modernization in the North American Free Trade Agreement (NAFTA) Implementation Act (Customs Modernization Act) (Pub. L. 103–182, 107 Stat. 2057, 2170, December 8, 1993) (19 U.S.C. 1411). Through NCAP, the thrust of customs modernization was on trade compliance and the development of the Automated Commercial Environment (ACE), the planned successor to the Automated Commercial System (ACS) as the CBP-authorized electronic data interchange (EDI) system. ACE is an automated and electronic system for commercial trade processing which is intended to streamline business processes, facilitate growth in trade, ensure cargo security, and foster participation in global commerce, while ensuring compliance with U.S. laws and regulations and reducing costs for U.S. Customs and Border Protection (CBP) and all of its communities of interest. The ability to meet these objectives depends on successfully modernizing CBP’s business functions and the information PO 00000 Frm 00049 Fmt 4703 Sfmt 4703 technology that supports those functions. CBP’s modernization efforts are accomplished through phased releases of ACE component functionality designed to replace specific legacy ACS functions and add new functionality. Section 101.9(b) of title 19 of the Code of Federal Regulations (19 CFR 101.9(b)) provides for the testing of NCAP components. See T.D. 95–21, 60 FR 14211 (March 16, 1995). On June 24, 2011, CBP published a notice in the Federal Register (76 FR 37136) that announced a plan to conduct an NCAP test concerning new ACE capabilities allowing importers to file a post-summary correction (PSC) for certain entry summaries using the Automated Broker Interface. Through a series of subsequent Federal Register notices, CBP has modified and clarified various aspects of the PSC test. Originally, a PSC had to be transmitted within 270 days after the date of entry, but could not be filed within 20 days prior to the scheduled date of liquidation. However, on November 1, 2017, CBP published a notice in the Federal Register (82 FR 50656) modifying the PSC test to require filing within 300 days after the date of entry or up to 15 days prior to the scheduled liquidation date, whichever date is earlier. In the event that liquidation was extended, there was no change to the PSC deadline. II. Modification of the PSC Test This document announces that CBP is extending the deadline for filing a PSC in cases where an importer requests and is granted an extension of liquidation pursuant to 19 CFR 159.12. With this modification, after an importer is granted an extension of liquidation, a PSC must be transmitted up to 15 days prior to the scheduled liquidation date. Accordingly, for test participants, a PSC must be transmitted within 300 days after the date of entry or up to 15 days prior to the scheduled liquidation date, whichever is earlier, except in situations involving an extension of liquidation, in which case a PSC must be transmitted up to 15 days prior to the scheduled liquidation date. This change is being made to increase the amount of time a filer has to submit a PSC in situations involving extensions of liquidation. Except to the extent expressly announced or modified by this document, all aspects, rules, terms, requirements, obligations and conditions announced in previous notices regarding the PSC test remain in effect. E:\FR\FM\14AUN1.SGM 14AUN1

Agencies

[Federal Register Volume 84, Number 157 (Wednesday, August 14, 2019)]
[Notices]
[Pages 40427-40430]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-17377]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

U.S. Customs and Border Protection


Notice of Issuance of Final Determination Concerning; Software 
Products

AGENCY: U.S. Customs and Border Protection, Department of Homeland 
Security.

ACTION: Notice of final determination.

-----------------------------------------------------------------------

SUMMARY: This document provides notice that U.S. Customs and Border 
Protection (``CBP'') has issued a final determination concerning the 
country of origin of CIS Secure Computing, Inc.'s software products for 
use on mobile devices and on servers and other similar network devices. 
Based upon the facts presented, CBP has concluded that the software 
products are substantially transformed in the United States for 
purposes of U.S. Government procurement.

DATES: The final determination was issued on August 7, 2019. A copy of 
the final determination is attached. Any party-at-interest, as defined 
in 19 CFR 177.22(d), may seek judicial review of this final 
determination no later than September 13, 2019.

FOR FURTHER INFORMATION CONTACT: James Kim, Valuation and Special 
Programs Branch, Regulations and Rulings, Office of Trade (202) 325-
0158.

SUPPLEMENTARY INFORMATION: Notice is hereby given that on August 7, 
2019, pursuant to subpart B of Part 177, U.S. Customs and Border 
Protection Regulations (19 CFR part 177, subpart

[[Page 40428]]

B), CBP issued a final determination concerning the country of origin 
of CIS Secure Computing, Inc.'s software products, which may be offered 
to the U.S. Government under an undesignated government procurement 
contract. This final determination, HQ H301776, was issued under 
procedures set forth at 19 CFR part 177, subpart B, which implements 
Title III of the Trade Agreements Act of 1979, as amended (19 U.S.C. 
2511-18). In the final determination, CBP concluded that CIS Secure 
Computing, Inc.'s software products are substantially transformed in 
the United States for purposes of U.S. Government procurement.
    Section 177.29, CBP Regulations (19 CFR 177.29), provides that a 
notice of final determination shall be published in the Federal 
Register within 60 days of the date the final determination is issued. 
Section 177.30, CBP Regulations (19 CFR 177.30), provides that any 
party-at-interest, as defined in 19 CFR 177.22(d), may seek judicial 
review of a final determination within 30 days of publication of such 
determination in the Federal Register.

    Dated: August 7, 2019.
Alice A. Kipel,
Executive Director, Regulations and Rulings, Office of Trade.

HQ H301776

August 7, 2019

OT:RR:CTF:VS H301776 JK

CATEGORY: Origin

John Turner, CTO
CIS Secure Computing, Inc.
21050 Ashburn Crossing Drive, Suite 145
Ashburn, VA 20147
RE: U.S. Government Procurement; Title III, Trade Agreements Act of 
1979 (19 U.S.C. Sec.  2511); Subpart B, Part 177, CBP Regulations; 
Substantial Transformation
Dear Mr. Turner:
    This is in response to your letter, dated September 19, 2018, 
requesting a final determination on behalf of CIS Secure Computing, 
Inc. (``CIS Secure Computing'' or ``Company''), pursuant to subpart B 
of Part 177 of the U.S. Customs and Border Protection (CBP) Regulations 
(19 C.F.R. Part 177). As a U.S. importer, CIS Secure Computing is a 
party-at-interest within the meaning of 19 C.F.R. Sec.  177.22(d)(1) 
and is entitled to request this final determination.

FACTS:

    CIS Secure Computing requests a final determination on two software 
products that it intends to produce for government procurement 
purposes: software for use on mobile devices (``Mobile Device 
Software''), and software for use on servers and other similar network 
devices (``Server Software''). The Mobile Device Software includes a 
customized version of the Android operating system and mobile 
configuration management software, which provide advanced security 
features and functions to a mobile device. The Server Software includes 
configuration management software for remotely controlling certain 
functions and operations of a mobile device configured with the Mobile 
Device Software.
    Both software products are produced in a four-step process that 
involves: (1) writing original source code, or modifying open source 
software code in the United States; (2) writing or modifying source 
code in Canada; (3) compiling the source code into executable object 
code in the United States; and (4) delivering the finished software to 
the purchaser. The source code will be written by the Company's 
employees at its offices located in Ashburn, Virginia and in Canada.\1\
---------------------------------------------------------------------------

    \1\ In your original submission dated September 18, 2018, you 
stated that the writing of source code in Canada was performed by a 
contract Canadian software development company. In your submission 
dated May 21, 2019, you stated that CIS Secure Computing had 
completed acquisition of this contract Canadian software development 
company, and that any software writing, software compilation, or 
other operations that were originally described as performed by the 
Canadian software development company are now performed by employees 
of CIS Secure Computing.
---------------------------------------------------------------------------

    In a submission dated May 21, 2019, CIS Secure Computing provided 
additional information on the processes involved in writing source code 
and compiling it into executable object code in steps (1) through (3).
    Writing the source code for the Mobile Device Software will involve 
the following steps:
    1. The Company's software developers in Ashburn, Virginia will 
download certain open source software code for the Android operating 
system, also known as Operating System code (``OS code''). The Company 
will modify the OS code and write original source code in Ashburn, 
Virginia. Modifying the OS code includes deleting or modifying one or 
more portions of the original source code to produce modified OS code.
    2. The Company's software developers in Canada will access the 
modified OS code and the original source code stored in a collaborative 
software development environment and may further modify the OS code and 
write original source code.
    3. In performing steps 1 and 2, software programmers write computer 
code using tools such as Android Studio, Eclipse and Text Editors. The 
software programmers may also write the computer code in C++, C, Java, 
Kotlin, Python and Perl programming languages. User interface designers 
design and write computer code for a graphical layout using tools such 
as Android Studio and Eclipse. Software developers modify Android Open 
Source Code Project (AOSP) build scripts using tools such as GNU Make 
and Blueprint.
    4. Once the modified OS code and the original source code are 
completed, the Company will download all of the modified OS code and 
the original source code to computers located at its offices in 
Ashburn, Virginia. Completed code is checked into the Company's 
software repository for storage. The result of the combination will be 
the source code for the Mobile Device Software; however, it will not be 
executable software code.
    Writing the source code for the Server Software will involve the 
following steps:
    1. The Company's software developers in Ashburn, Virginia will 
write original source code. The original source code will be stored in 
a collaborative software development environment.
    2. The Company's software developers in Canada will also write 
original source code. The original source code written by the Company's 
software developers in Canada will also be stored in the same 
collaborative software development environment.
    3. In performing steps 1 and 2, software programmers write computer 
code using tools such as IntelliJ, Eclipse and Text Editors. The 
software programmers may also write the computer code in Scala, Java 
and JavaScript languages. User interface designers design and write 
computer code for a graphical layout using Angular JS and related tools 
such as Node, NPM, Bower and Grunt.
    4. When the source code is complete, the Company will download all 
of the original source code to one or more computers in Ashburn, 
Virginia. Completed code is checked into the Company's software 
repository for storage. The downloaded original source code will 
comprise the source code for the Server Software; however, it will not 
be executable software code.
    CIS Secure Computing will then perform a software build on 
computers located in its offices in Ashburn, Virginia. During this 
step, the source code for the Mobile Device Software and

[[Page 40429]]

the Server Software will each be compiled into executable object code.
    Compiling the source code into executable object code for the 
Mobile Device Software involves the following steps:
    1. The Company's software developers in Ashburn, Virginia sign into 
a Jenkins build server and schedule a build action to perform the 
compilation process. The Jenkins build server also performs a nightly 
build action.
    2. The Jenkins build server retrieves the latest version of the 
source code from the Company's software repository and, if needed, from 
a source code repository for AOSP.
    3. The build server performs a compilation process using AOSP 
compilation tools such as gcc, Jack, Proguard and Python to compile the 
source code into object code for each relevant platform on Android ARM 
32-bit CPU and ARM 64-bit CPU.
    4. The Company's software developers perform work to address any 
incompatibilities or errors that emerge during compilation. If needed, 
they verify or rectify the source code, and may re-perform steps 1 
through 3.
    Compiling the source code into executable object code for the 
Server Software involves the following steps:
    1. The Company's software developers in Ashburn, Virginia sign into 
the Jenkins build server and schedule a build action to perform the 
compilation process. The Jenkins build server also performs a nightly 
build action.
    2. The Jenkins build server retrieves the latest version of the 
source code from the Company's software repository.
    3. The build server performs a compilation process using a Scala 
build tool or Java compiler for the Linux platform to compile the 
source code into object code.
    4. The build server transcodes and minifies \2\ Javascript using a 
Grunt compiler.
---------------------------------------------------------------------------

    \2\ Minification refers to the process of removing unnecessary 
or redundant data without affecting how the resource is processed by 
the browser - e.g., code comments and formatting, removing unused 
code, using shorter variable and function names, and so on. See 
https://developers.google.com/speed/docs/insights/MinifyResources 
(last accessed August 6, 2019).
---------------------------------------------------------------------------

    5. The Company's software developers perform work to address any 
incompatibilities or errors that emerge during compilation. If needed, 
they verify or rectify the source code, and may re-perform steps 1 
through 4.
    As a final step, CIS Secure Computing will deliver the finished 
software to the purchaser. For the Mobile Device Software, the Company 
will load the object code onto mobile devices at its offices in 
Ashburn, Virginia. Then the Company will provide the mobile devices 
with the object code to the purchaser.
    For the Server Software, CIS Secure Computing will deliver the 
object code to the purchaser in one of the following ways, depending on 
the purchaser's requirements: (1) the Company will load the object code 
onto a server device at its offices in Ashburn, Virginia and may 
provide the server device to a purchaser; (2) the Company will transmit 
the object code electronically to a purchaser server; and/or (3) the 
Company will load the object code to a storage medium, such as a CD or 
a disk drive, and may deliver the CD or disk drive containing the 
object code to the purchaser.

ISSUE:

    Whether the Mobile Device Software and Server Software are 
substantially transformed in the United States for government 
procurement purposes.

LAW AND ANALYSIS:

    CBP issues country of origin advisory rulings and final 
determinations as to whether an article is or would be a product of a 
designated country or instrumentality for the purposes of granting 
waivers of certain ``Buy American'' restrictions in U.S. law or 
practice for products offered for sale to the U.S. Government, pursuant 
to subpart B of Part 177, 19 C.F.R. Sec.  177.21 et seq., which 
implements Title III of the Trade Agreements Act of 1979, as amended 
(19 U.S.C. Sec.  2511 et seq.) (TAA).
    Under the rule of origin set forth under 19 U.S.C. Sec.  
2518(4)(B):

    An article is a product of a country or instrumentality only if 
(i) it is wholly the growth, product, or manufacture of that country 
or instrumentality, or (ii) in the case of an article which consists 
in whole or in part of materials from another country or 
instrumentality, it has been substantially transformed into a new 
and different article of commerce with a name, character, or use 
distinct from that of the article or articles from which it was so 
transformed.

See also 19 C.F.R. Sec.  177.22(a).

    In rendering advisory rulings and final determinations for purposes 
of U.S. Government procurement, CBP applies the provisions of subpart B 
of Part 177 consistent with Federal Acquisition Regulations. See 19 
C.F.R. Sec.  177.21. In this regard, CBP recognizes that the Federal 
Acquisition Regulations restrict the U.S. Government's purchase of 
products to U.S.-made or designated country end products for 
acquisitions subject to the TAA. See 48 C.F.R. Sec.  25.403(c)(1). The 
Federal Acquisition Regulations define ``U.S.-made end product'' as:

    . . . an article that is mined, produced, or manufactured in the 
United States or that is substantially transformed in the United 
States into a new and different article of commerce with a name, 
character, or use distinct from that of the article or articles from 
which it was transformed.

    The issue in this case is whether the source code written for the 
Mobile Device Software and Server Software is substantially transformed 
in the United States when the Company performs a ``software build'' in 
the United States, i.e., compiles the source code written in Canada 
(along with source code written in the United States) into executable 
object code. At the outset, we note that ``source code'' and ``object 
code'' differ in several important ways. Source code is a ``computer 
program written in a high level human readable language.'' See, e.g., 
Daniel S. Lin, Matthew Sag, and Ronald S. Laurie, Source Code versus 
Object Code: Patent Implications for the Open Source Community, 18 
Santa Clara High Tech. L.J. 235, 238 (2001). While it is easier for 
humans to read and write programs in ``high level human readable 
languages,'' computers cannot execute these programs. See Note, 
Copyright Protection of Computer Program Object Code, 96 Harv. L. Rev. 
1723, 1724 (1983). Computers can execute only ``object code,'' which is 
a program consisting of clusters of ``0'' and ``1'' symbols. Id. 
Programmers create object code from source code by feeding it into a 
program known as a ``compiler.'' Id. In this case, the writing of 
source code in Canada (and the United States) involves the creation of 
computer instructions in a high level human readable language, whereas 
the software build performed in the United States involves the 
compilation of those instructions into a format that computers can 
execute.
    CBP has consistently held that conducting a software build--
compiling source code into object code--results in substantial 
transformation. For example, in HQ H268858, dated Feb. 12, 2016, four 
software products were produced using the same three-step process: (1) 
writing the source code in Malaysia; (2) compiling the source code into 
usable object code in the United States; and (3) installing the 
finished software on U.S.-origin discs in the United States. CBP held 
that all four software products were substantially transformed in the 
United States, finding that the software build conducted in the United 
States was sufficient to create a new and different article with a new 
name,

[[Page 40430]]

character, and use. See also HQ H243606, dated Dec. 4, 2013 (source 
code programmed in China and then compiled into object code in the 
United States was substantial transformation).
    Consistent with the rulings cited above, we find that the Mobile 
Device Software and Server Software are substantially transformed in 
the United States as a result of the software build: the name of the 
product changes from source code to object code, the character changes 
from computer code to finished software, and the use changes from 
instructions to an executable program.

HOLDING:

    Based on the information provided, the Mobile Device Software and 
Server Software are substantially transformed in the United States for 
U.S. government procurement purposes.
    Notice of this final determination will be given in the Federal 
Register, as required by 19 C.F.R. Sec.  177.29. Any party-at-interest 
other than the party which requested this final determination may 
request, pursuant to 19 C.F.R. Sec.  177.31, that CBP reexamine the 
matter anew and issue a new final determination. Pursuant to 19 C.F.R. 
Sec.  177.30, any party-at-interest may, within 30 days after 
publication of the Federal Register notice referenced above, seek 
judicial review of this final determination before the Court of 
International Trade.

Sincerely,

Alice A. Kipel,

Executive Director, Regulations and Rulings, Office of Trade.

[FR Doc. 2019-17377 Filed 8-13-19; 8:45 am]
 BILLING CODE 9111-14-P