Notice of Issuance of Final Determination Concerning; Software Products, 40427-40430 [2019-17377]
Download as PDF
<![CDATA[
40427
Federal Register / Vol. 84, No. 157 / Wednesday, August 14, 2019 / Notices
research participants to anyone not
connected with the research, except in
limited circumstances specified in the
statute. At NIH, the issuance of CoCs
has been delegated to the NIH OER in
the NIH Office of the Director. NIH
received 529 requests for CoCs from
April 2017 through March 2018 and
expects to receive approximately the
same number of requests in subsequent
years. The NIH has been using an online
CoC system to review requests and issue
CoCs since 2015. The current CoC
request form includes 15 sections of
information collected from research
organizations. The streamlined NIH CoC
electronic system will have seven
sections of structured or short text
fields. The information provided will be
used to determine eligibility for a CoC
and to issue the CoC to the requesting
organization. Eligible requesting
organizations that provide legally
binding affirmations that they will abide
by the terms of the CoC would be issued
a Certificate of Confidentiality. This
system is expected to increase efficiency
and reduce burden for both requestors
and NIH staff who currently process
these requests.
OMB approval is requested for three
years. There are no costs to respondents
other than their time. The total
estimated annualized burden hours are
177.
ESTIMATED ANNUALIZED BURDEN HOURS
CoC
CoC
CoC
CoC
Average time
per response
(in hours)
Total annual
burden hours
Applicants—Private .................................................................................
Applicants—State/local ............................................................................
Applicants—Small business ....................................................................
Applicants—Federal ................................................................................
372
26
53
78
1
1
1
1
20/60
20/60
20/60
20/60
124
9
18
26
Total ..........................................................................................................
529
........................
........................
177
Dated: August 7, 2019.
Lawrence Tabak,
Principal Deputy Director, National Institutes
of Health.
[FR Doc. 2019–17358 Filed 8–13–19; 8:45 am]
BILLING CODE 4140–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
National Institutes of Health
Center for Scientific Review; Amended
Notice of Meeting
Notice is hereby given of a change in
the meeting of the Center for Scientific
Review Special Emphasis Panel, July 26,
2019, 10:00 a.m. to 5:00 p.m., National
Institutes of Health, 6701 Rockledge
Drive, Bethesda, MD 20892 which was
published in the Federal Register on
July 03, 2019, 84 FR 31878.
The meeting will be held on August
20, 2019 at 9:00 a.m. to 5:00 p.m. The
meeting location remains the same. The
meeting is closed to the public.
Dated: August 8, 2019.
Melanie J. Pantoja,
Program Analyst, Office of Federal Advisory
Committee Policy.
[FR Doc. 2019–17400 Filed 8–13–19; 8:45 am]
jspears on DSK3GMQ082PROD with NOTICES
Number of responses per
respondent
Number of
respondents
Type of respondents
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
DEPARTMENT OF HOMELAND
SECURITY
National Institutes of Health
U.S. Customs and Border Protection
National Cancer Institute; Amended
Notice of Meeting
Notice of Issuance of Final
Determination Concerning; Software
Products
Notice is hereby given of a change in
the meeting of the National Cancer
Advisory Board, September 4, 2019,
8:30 a.m. to September 5, 2019, 12:00
p.m., National Institutes of Health,
National Cancer Institute Shady Grove,
9609 Medical Center Drive, Room
TE406 & 408, Rockville, MD 20817
which was published in the Federal
Register on February 11, 2019, 84 FR
3203.
This meeting notice is amended to
change the meeting from a face-to-face
meeting on September 4, 2019, 8:30 a.m.
to September 5, 2019, 12:00 p.m. to a
virtual meeting on September 4, 2019
from 1:00 p.m. to 4:30 p.m. The open
session will be held from 1:00 p.m. to
3:15 p.m. and the closed session will be
held from 3:30 p.m. to 4:30 p.m. The
open session will be videocast and can
be accessed from the NIH Videocasting
and Podcasting website (https://
videocast.nih.gov). The meeting is
partially closed to the public.
AGENCY:
Dated: August 8, 2019.
Melanie J. Pantoja,
Program Analyst, Office of Federal Advisory
Committee Policy.
BILLING CODE 4140–01–P
[FR Doc. 2019–17399 Filed 8–13–19; 8:45 am]
BILLING CODE 4140–01–P
VerDate Sep<11>2014
18:56 Aug 13, 2019
Jkt 247001
PO 00000
Frm 00046
Fmt 4703
Sfmt 4703
U.S. Customs and Border
Protection, Department of Homeland
Security.
ACTION: Notice of final determination.
This document provides
notice that U.S. Customs and Border
Protection (‘‘CBP’’) has issued a final
determination concerning the country of
origin of CIS Secure Computing, Inc.’s
software products for use on mobile
devices and on servers and other similar
network devices. Based upon the facts
presented, CBP has concluded that the
software products are substantially
transformed in the United States for
purposes of U.S. Government
procurement.
DATES: The final determination was
issued on August 7, 2019. A copy of the
final determination is attached. Any
party-at-interest, as defined in 19 CFR
177.22(d), may seek judicial review of
this final determination no later than
September 13, 2019.
FOR FURTHER INFORMATION CONTACT:
James Kim, Valuation and Special
Programs Branch, Regulations and
Rulings, Office of Trade (202) 325–0158.
SUPPLEMENTARY INFORMATION: Notice is
hereby given that on August 7, 2019,
pursuant to subpart B of Part 177, U.S.
Customs and Border Protection
Regulations (19 CFR part 177, subpart
SUMMARY:
E:\FR\FM\14AUN1.SGM
14AUN1
40428
Federal Register / Vol. 84, No. 157 / Wednesday, August 14, 2019 / Notices
B), CBP issued a final determination
concerning the country of origin of CIS
Secure Computing, Inc.’s software
products, which may be offered to the
U.S. Government under an
undesignated government procurement
contract. This final determination, HQ
H301776, was issued under procedures
set forth at 19 CFR part 177, subpart B,
which implements Title III of the Trade
Agreements Act of 1979, as amended
(19 U.S.C. 2511–18). In the final
determination, CBP concluded that CIS
Secure Computing, Inc.’s software
products are substantially transformed
in the United States for purposes of U.S.
Government procurement.
Section 177.29, CBP Regulations (19
CFR 177.29), provides that a notice of
final determination shall be published
in the Federal Register within 60 days
of the date the final determination is
issued. Section 177.30, CBP Regulations
(19 CFR 177.30), provides that any
party-at-interest, as defined in 19 CFR
177.22(d), may seek judicial review of a
final determination within 30 days of
publication of such determination in the
Federal Register.
Dated: August 7, 2019.
Alice A. Kipel,
Executive Director, Regulations and Rulings,
Office of Trade.
HQ H301776
August 7, 2019
OT:RR:CTF:VS H301776 JK
CATEGORY: Origin
John Turner, CTO
CIS Secure Computing, Inc.
21050 Ashburn Crossing Drive, Suite
145
Ashburn, VA 20147
jspears on DSK3GMQ082PROD with NOTICES
RE: U.S. Government Procurement; Title
III, Trade Agreements Act of 1979 (19
U.S.C. § 2511); Subpart B, Part 177, CBP
Regulations; Substantial Transformation
Dear Mr. Turner:
This is in response to your letter,
dated September 19, 2018, requesting a
final determination on behalf of CIS
Secure Computing, Inc. (‘‘CIS Secure
Computing’’ or ‘‘Company’’), pursuant
to subpart B of Part 177 of the U.S.
Customs and Border Protection (CBP)
Regulations (19 C.F.R. Part 177). As a
U.S. importer, CIS Secure Computing is
a party-at-interest within the meaning of
19 C.F.R. § 177.22(d)(1) and is entitled
to request this final determination.
FACTS:
CIS Secure Computing requests a final
determination on two software products
that it intends to produce for
VerDate Sep<11>2014
18:56 Aug 13, 2019
Jkt 247001
government procurement purposes:
software for use on mobile devices
(‘‘Mobile Device Software’’), and
software for use on servers and other
similar network devices (‘‘Server
Software’’). The Mobile Device Software
includes a customized version of the
Android operating system and mobile
configuration management software,
which provide advanced security
features and functions to a mobile
device. The Server Software includes
configuration management software for
remotely controlling certain functions
and operations of a mobile device
configured with the Mobile Device
Software.
Both software products are produced
in a four-step process that involves: (1)
writing original source code, or
modifying open source software code in
the United States; (2) writing or
modifying source code in Canada; (3)
compiling the source code into
executable object code in the United
States; and (4) delivering the finished
software to the purchaser. The source
code will be written by the Company’s
employees at its offices located in
Ashburn, Virginia and in Canada.1
In a submission dated May 21, 2019,
CIS Secure Computing provided
additional information on the processes
involved in writing source code and
compiling it into executable object code
in steps (1) through (3).
Writing the source code for the
Mobile Device Software will involve the
following steps:
1. The Company’s software
developers in Ashburn, Virginia will
download certain open source software
code for the Android operating system,
also known as Operating System code
(‘‘OS code’’). The Company will modify
the OS code and write original source
code in Ashburn, Virginia. Modifying
the OS code includes deleting or
modifying one or more portions of the
original source code to produce
modified OS code.
2. The Company’s software
developers in Canada will access the
modified OS code and the original
source code stored in a collaborative
software development environment and
may further modify the OS code and
write original source code.
1 In your original submission dated September 18,
2018, you stated that the writing of source code in
Canada was performed by a contract Canadian
software development company. In your
submission dated May 21, 2019, you stated that CIS
Secure Computing had completed acquisition of
this contract Canadian software development
company, and that any software writing, software
compilation, or other operations that were
originally described as performed by the Canadian
software development company are now performed
by employees of CIS Secure Computing.
PO 00000
Frm 00047
Fmt 4703
Sfmt 4703
3. In performing steps 1 and 2,
software programmers write computer
code using tools such as Android
Studio, Eclipse and Text Editors. The
software programmers may also write
the computer code in C++, C, Java,
Kotlin, Python and Perl programming
languages. User interface designers
design and write computer code for a
graphical layout using tools such as
Android Studio and Eclipse. Software
developers modify Android Open
Source Code Project (AOSP) build
scripts using tools such as GNU Make
and Blueprint.
4. Once the modified OS code and the
original source code are completed, the
Company will download all of the
modified OS code and the original
source code to computers located at its
offices in Ashburn, Virginia. Completed
code is checked into the Company’s
software repository for storage. The
result of the combination will be the
source code for the Mobile Device
Software; however, it will not be
executable software code.
Writing the source code for the Server
Software will involve the following
steps:
1. The Company’s software
developers in Ashburn, Virginia will
write original source code. The original
source code will be stored in a
collaborative software development
environment.
2. The Company’s software
developers in Canada will also write
original source code. The original
source code written by the Company’s
software developers in Canada will also
be stored in the same collaborative
software development environment.
3. In performing steps 1 and 2,
software programmers write computer
code using tools such as IntelliJ, Eclipse
and Text Editors. The software
programmers may also write the
computer code in Scala, Java and
JavaScript languages. User interface
designers design and write computer
code for a graphical layout using
Angular JS and related tools such as
Node, NPM, Bower and Grunt.
4. When the source code is complete,
the Company will download all of the
original source code to one or more
computers in Ashburn, Virginia.
Completed code is checked into the
Company’s software repository for
storage. The downloaded original source
code will comprise the source code for
the Server Software; however, it will not
be executable software code.
CIS Secure Computing will then
perform a software build on computers
located in its offices in Ashburn,
Virginia. During this step, the source
code for the Mobile Device Software and
E:\FR\FM\14AUN1.SGM
14AUN1
Federal Register / Vol. 84, No. 157 / Wednesday, August 14, 2019 / Notices
jspears on DSK3GMQ082PROD with NOTICES
the Server Software will each be
compiled into executable object code.
Compiling the source code into
executable object code for the Mobile
Device Software involves the following
steps:
1. The Company’s software
developers in Ashburn, Virginia sign
into a Jenkins build server and schedule
a build action to perform the
compilation process. The Jenkins build
server also performs a nightly build
action.
2. The Jenkins build server retrieves
the latest version of the source code
from the Company’s software repository
and, if needed, from a source code
repository for AOSP.
3. The build server performs a
compilation process using AOSP
compilation tools such as gcc, Jack,
Proguard and Python to compile the
source code into object code for each
relevant platform on Android ARM 32bit CPU and ARM 64-bit CPU.
4. The Company’s software
developers perform work to address any
incompatibilities or errors that emerge
during compilation. If needed, they
verify or rectify the source code, and
may re-perform steps 1 through 3.
Compiling the source code into
executable object code for the Server
Software involves the following steps:
1. The Company’s software
developers in Ashburn, Virginia sign
into the Jenkins build server and
schedule a build action to perform the
compilation process. The Jenkins build
server also performs a nightly build
action.
2. The Jenkins build server retrieves
the latest version of the source code
from the Company’s software repository.
3. The build server performs a
compilation process using a Scala build
tool or Java compiler for the Linux
platform to compile the source code into
object code.
4. The build server transcodes and
minifies 2 Javascript using a Grunt
compiler.
5. The Company’s software
developers perform work to address any
incompatibilities or errors that emerge
during compilation. If needed, they
verify or rectify the source code, and
may re-perform steps 1 through 4.
As a final step, CIS Secure Computing
will deliver the finished software to the
purchaser. For the Mobile Device
2 Minification refers to the process of removing
unnecessary or redundant data without affecting
how the resource is processed by the browser - e.g.,
code comments and formatting, removing unused
code, using shorter variable and function names,
and so on. See https://developers.google.com/
speed/docs/insights/MinifyResources (last accessed
August 6, 2019).
VerDate Sep<11>2014
18:56 Aug 13, 2019
Jkt 247001
Software, the Company will load the
object code onto mobile devices at its
offices in Ashburn, Virginia. Then the
Company will provide the mobile
devices with the object code to the
purchaser.
For the Server Software, CIS Secure
Computing will deliver the object code
to the purchaser in one of the following
ways, depending on the purchaser’s
requirements: (1) the Company will load
the object code onto a server device at
its offices in Ashburn, Virginia and may
provide the server device to a purchaser;
(2) the Company will transmit the object
code electronically to a purchaser
server; and/or (3) the Company will load
the object code to a storage medium,
such as a CD or a disk drive, and may
deliver the CD or disk drive containing
the object code to the purchaser.
ISSUE:
Whether the Mobile Device Software
and Server Software are substantially
transformed in the United States for
government procurement purposes.
LAW AND ANALYSIS:
CBP issues country of origin advisory
rulings and final determinations as to
whether an article is or would be a
product of a designated country or
instrumentality for the purposes of
granting waivers of certain ‘‘Buy
American’’ restrictions in U.S. law or
practice for products offered for sale to
the U.S. Government, pursuant to
subpart B of Part 177, 19 C.F.R. § 177.21
et seq., which implements Title III of the
Trade Agreements Act of 1979, as
amended (19 U.S.C. § 2511 et seq.)
(TAA).
Under the rule of origin set forth
under 19 U.S.C. § 2518(4)(B):
An article is a product of a country or
instrumentality only if (i) it is wholly the
growth, product, or manufacture of that
country or instrumentality, or (ii) in the case
of an article which consists in whole or in
part of materials from another country or
instrumentality, it has been substantially
transformed into a new and different article
of commerce with a name, character, or use
distinct from that of the article or articles
from which it was so transformed.
See also 19 C.F.R. § 177.22(a).
In rendering advisory rulings and
final determinations for purposes of
U.S. Government procurement, CBP
applies the provisions of subpart B of
Part 177 consistent with Federal
Acquisition Regulations. See 19 C.F.R. §
177.21. In this regard, CBP recognizes
that the Federal Acquisition Regulations
restrict the U.S. Government’s purchase
of products to U.S.-made or designated
country end products for acquisitions
subject to the TAA. See 48 C.F.R. §
PO 00000
Frm 00048
Fmt 4703
Sfmt 4703
40429
25.403(c)(1). The Federal Acquisition
Regulations define ‘‘U.S.-made end
product’’ as:
. . . an article that is mined, produced, or
manufactured in the United States or that is
substantially transformed in the United
States into a new and different article of
commerce with a name, character, or use
distinct from that of the article or articles
from which it was transformed.
The issue in this case is whether the
source code written for the Mobile
Device Software and Server Software is
substantially transformed in the United
States when the Company performs a
‘‘software build’’ in the United States,
i.e., compiles the source code written in
Canada (along with source code written
in the United States) into executable
object code. At the outset, we note that
‘‘source code’’ and ‘‘object code’’ differ
in several important ways. Source code
is a ‘‘computer program written in a
high level human readable language.’’
See, e.g., Daniel S. Lin, Matthew Sag,
and Ronald S. Laurie, Source Code
versus Object Code: Patent Implications
for the Open Source Community, 18
Santa Clara High Tech. L.J. 235, 238
(2001). While it is easier for humans to
read and write programs in ‘‘high level
human readable languages,’’ computers
cannot execute these programs. See
Note, Copyright Protection of Computer
Program Object Code, 96 Harv. L. Rev.
1723, 1724 (1983). Computers can
execute only ‘‘object code,’’ which is a
program consisting of clusters of ‘‘0’’
and ‘‘1’’ symbols. Id. Programmers
create object code from source code by
feeding it into a program known as a
‘‘compiler.’’ Id. In this case, the writing
of source code in Canada (and the
United States) involves the creation of
computer instructions in a high level
human readable language, whereas the
software build performed in the United
States involves the compilation of those
instructions into a format that
computers can execute.
CBP has consistently held that
conducting a software build—compiling
source code into object code—results in
substantial transformation. For example,
in HQ H268858, dated Feb. 12, 2016,
four software products were produced
using the same three-step process: (1)
writing the source code in Malaysia; (2)
compiling the source code into usable
object code in the United States; and (3)
installing the finished software on U.S.origin discs in the United States. CBP
held that all four software products
were substantially transformed in the
United States, finding that the software
build conducted in the United States
was sufficient to create a new and
different article with a new name,
E:\FR\FM\14AUN1.SGM
14AUN1
40430
Federal Register / Vol. 84, No. 157 / Wednesday, August 14, 2019 / Notices
character, and use. See also HQ
H243606, dated Dec. 4, 2013 (source
code programmed in China and then
compiled into object code in the United
States was substantial transformation).
Consistent with the rulings cited
above, we find that the Mobile Device
Software and Server Software are
substantially transformed in the United
States as a result of the software build:
the name of the product changes from
source code to object code, the character
changes from computer code to finished
software, and the use changes from
instructions to an executable program.
HOLDING:
Based on the information provided,
the Mobile Device Software and Server
Software are substantially transformed
in the United States for U.S. government
procurement purposes.
Notice of this final determination will
be given in the Federal Register, as
required by 19 C.F.R. § 177.29. Any
party-at-interest other than the party
which requested this final
determination may request, pursuant to
19 C.F.R. § 177.31, that CBP reexamine
the matter anew and issue a new final
determination. Pursuant to 19 C.F.R. §
177.30, any party-at-interest may,
within 30 days after publication of the
Federal Register notice referenced
above, seek judicial review of this final
determination before the Court of
International Trade.
Sincerely,
Alice A. Kipel,
Executive Director, Regulations and
Rulings, Office of Trade.
[FR Doc. 2019–17377 Filed 8–13–19; 8:45 am]
BILLING CODE 9111–14–P
DEPARTMENT OF HOMELAND
SECURITY
U.S. Customs and Border Protection
Modification of the National Customs
Automation Program Test Regarding
Post-Summary Corrections for
Extensions of Liquidation
U.S. Customs and Border
Protection, Department of Homeland
Security.
ACTION: General notice.
AGENCY:
This document announces
U.S. Customs and Border Protection’s
(CBP’s) modification to the National
Customs Automation Program (NCAP)
test pertaining to the processing of postsummary corrections (PSCs). The
modification in this notice expands the
time period in which a PSC must be
filed by allowing a PSC to be
jspears on DSK3GMQ082PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
18:56 Aug 13, 2019
Jkt 247001
transmitted up to 15 days prior to the
scheduled date of liquidation when
liquidation has been extended. Except
to the extent expressly announced or
modified by this document, all aspects,
rules, terms and conditions announced
in previous notices regarding the PSC
test remain in effect.
DATES: The modifications announced in
this test will become operational on
August 14, 2019.
ADDRESSES: Comments concerning this
notice and any aspect of this test may
be submitted at any time during the test
via email to Randy Mitchell, Director,
Commercial Operations, Revenue and
Entry Division, Trade Policy and
Programs, Office of Trade, via email at
OTENTRYSUMMARY@cbp.dhs.gov.
FOR FURTHER INFORMATION CONTACT: For
policy-related questions, contact Randy
Mitchell, Director, Commercial
Operations, Revenue and Entry
Division, Trade Policy and Programs,
Office of Trade, via email at
OTENTRYSUMMARY@cbp.dhs.gov. For
technical questions related to
Automated Broker Interface
transmissions, contact your assigned
client representative. Interested parties
without an assigned client
representative should direct their
questions to the Client Representative
Branch at CLIENTREPOUTREACH@
cbp.dhs.gov.
SUPPLEMENTARY INFORMATION:
I. Background
The National Customs Automation
Program (NCAP) was established by
Subtitle B of Title VI—Customs
Modernization in the North American
Free Trade Agreement (NAFTA)
Implementation Act (Customs
Modernization Act) (Pub. L. 103–182,
107 Stat. 2057, 2170, December 8, 1993)
(19 U.S.C. 1411). Through NCAP, the
thrust of customs modernization was on
trade compliance and the development
of the Automated Commercial
Environment (ACE), the planned
successor to the Automated Commercial
System (ACS) as the CBP-authorized
electronic data interchange (EDI)
system. ACE is an automated and
electronic system for commercial trade
processing which is intended to
streamline business processes, facilitate
growth in trade, ensure cargo security,
and foster participation in global
commerce, while ensuring compliance
with U.S. laws and regulations and
reducing costs for U.S. Customs and
Border Protection (CBP) and all of its
communities of interest. The ability to
meet these objectives depends on
successfully modernizing CBP’s
business functions and the information
PO 00000
Frm 00049
Fmt 4703
Sfmt 4703
technology that supports those
functions.
CBP’s modernization efforts are
accomplished through phased releases
of ACE component functionality
designed to replace specific legacy ACS
functions and add new functionality.
Section 101.9(b) of title 19 of the Code
of Federal Regulations (19 CFR 101.9(b))
provides for the testing of NCAP
components. See T.D. 95–21, 60 FR
14211 (March 16, 1995).
On June 24, 2011, CBP published a
notice in the Federal Register (76 FR
37136) that announced a plan to
conduct an NCAP test concerning new
ACE capabilities allowing importers to
file a post-summary correction (PSC) for
certain entry summaries using the
Automated Broker Interface. Through a
series of subsequent Federal Register
notices, CBP has modified and clarified
various aspects of the PSC test.
Originally, a PSC had to be transmitted
within 270 days after the date of entry,
but could not be filed within 20 days
prior to the scheduled date of
liquidation. However, on November 1,
2017, CBP published a notice in the
Federal Register (82 FR 50656)
modifying the PSC test to require filing
within 300 days after the date of entry
or up to 15 days prior to the scheduled
liquidation date, whichever date is
earlier. In the event that liquidation was
extended, there was no change to the
PSC deadline.
II. Modification of the PSC Test
This document announces that CBP is
extending the deadline for filing a PSC
in cases where an importer requests and
is granted an extension of liquidation
pursuant to 19 CFR 159.12. With this
modification, after an importer is
granted an extension of liquidation, a
PSC must be transmitted up to 15 days
prior to the scheduled liquidation date.
Accordingly, for test participants, a PSC
must be transmitted within 300 days
after the date of entry or up to 15 days
prior to the scheduled liquidation date,
whichever is earlier, except in situations
involving an extension of liquidation, in
which case a PSC must be transmitted
up to 15 days prior to the scheduled
liquidation date.
This change is being made to increase
the amount of time a filer has to submit
a PSC in situations involving extensions
of liquidation. Except to the extent
expressly announced or modified by
this document, all aspects, rules, terms,
requirements, obligations and
conditions announced in previous
notices regarding the PSC test remain in
effect.
E:\FR\FM\14AUN1.SGM
14AUN1
]]>Agencies
[Federal Register Volume 84, Number 157 (Wednesday, August 14, 2019)]
[Notices]
[Pages 40427-40430]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-17377]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
U.S. Customs and Border Protection
Notice of Issuance of Final Determination Concerning; Software
Products
AGENCY: U.S. Customs and Border Protection, Department of Homeland
Security.
ACTION: Notice of final determination.
-----------------------------------------------------------------------
SUMMARY: This document provides notice that U.S. Customs and Border
Protection (``CBP'') has issued a final determination concerning the
country of origin of CIS Secure Computing, Inc.'s software products for
use on mobile devices and on servers and other similar network devices.
Based upon the facts presented, CBP has concluded that the software
products are substantially transformed in the United States for
purposes of U.S. Government procurement.
DATES: The final determination was issued on August 7, 2019. A copy of
the final determination is attached. Any party-at-interest, as defined
in 19 CFR 177.22(d), may seek judicial review of this final
determination no later than September 13, 2019.
FOR FURTHER INFORMATION CONTACT: James Kim, Valuation and Special
Programs Branch, Regulations and Rulings, Office of Trade (202) 325-
0158.
SUPPLEMENTARY INFORMATION: Notice is hereby given that on August 7,
2019, pursuant to subpart B of Part 177, U.S. Customs and Border
Protection Regulations (19 CFR part 177, subpart
[[Page 40428]]
B), CBP issued a final determination concerning the country of origin
of CIS Secure Computing, Inc.'s software products, which may be offered
to the U.S. Government under an undesignated government procurement
contract. This final determination, HQ H301776, was issued under
procedures set forth at 19 CFR part 177, subpart B, which implements
Title III of the Trade Agreements Act of 1979, as amended (19 U.S.C.
2511-18). In the final determination, CBP concluded that CIS Secure
Computing, Inc.'s software products are substantially transformed in
the United States for purposes of U.S. Government procurement.
Section 177.29, CBP Regulations (19 CFR 177.29), provides that a
notice of final determination shall be published in the Federal
Register within 60 days of the date the final determination is issued.
Section 177.30, CBP Regulations (19 CFR 177.30), provides that any
party-at-interest, as defined in 19 CFR 177.22(d), may seek judicial
review of a final determination within 30 days of publication of such
determination in the Federal Register.
Dated: August 7, 2019.
Alice A. Kipel,
Executive Director, Regulations and Rulings, Office of Trade.
HQ H301776
August 7, 2019
OT:RR:CTF:VS H301776 JK
CATEGORY: Origin
John Turner, CTO
CIS Secure Computing, Inc.
21050 Ashburn Crossing Drive, Suite 145
Ashburn, VA 20147
RE: U.S. Government Procurement; Title III, Trade Agreements Act of
1979 (19 U.S.C. Sec. 2511); Subpart B, Part 177, CBP Regulations;
Substantial Transformation
Dear Mr. Turner:
This is in response to your letter, dated September 19, 2018,
requesting a final determination on behalf of CIS Secure Computing,
Inc. (``CIS Secure Computing'' or ``Company''), pursuant to subpart B
of Part 177 of the U.S. Customs and Border Protection (CBP) Regulations
(19 C.F.R. Part 177). As a U.S. importer, CIS Secure Computing is a
party-at-interest within the meaning of 19 C.F.R. Sec. 177.22(d)(1)
and is entitled to request this final determination.
FACTS:
CIS Secure Computing requests a final determination on two software
products that it intends to produce for government procurement
purposes: software for use on mobile devices (``Mobile Device
Software''), and software for use on servers and other similar network
devices (``Server Software''). The Mobile Device Software includes a
customized version of the Android operating system and mobile
configuration management software, which provide advanced security
features and functions to a mobile device. The Server Software includes
configuration management software for remotely controlling certain
functions and operations of a mobile device configured with the Mobile
Device Software.
Both software products are produced in a four-step process that
involves: (1) writing original source code, or modifying open source
software code in the United States; (2) writing or modifying source
code in Canada; (3) compiling the source code into executable object
code in the United States; and (4) delivering the finished software to
the purchaser. The source code will be written by the Company's
employees at its offices located in Ashburn, Virginia and in Canada.\1\
---------------------------------------------------------------------------
\1\ In your original submission dated September 18, 2018, you
stated that the writing of source code in Canada was performed by a
contract Canadian software development company. In your submission
dated May 21, 2019, you stated that CIS Secure Computing had
completed acquisition of this contract Canadian software development
company, and that any software writing, software compilation, or
other operations that were originally described as performed by the
Canadian software development company are now performed by employees
of CIS Secure Computing.
---------------------------------------------------------------------------
In a submission dated May 21, 2019, CIS Secure Computing provided
additional information on the processes involved in writing source code
and compiling it into executable object code in steps (1) through (3).
Writing the source code for the Mobile Device Software will involve
the following steps:
1. The Company's software developers in Ashburn, Virginia will
download certain open source software code for the Android operating
system, also known as Operating System code (``OS code''). The Company
will modify the OS code and write original source code in Ashburn,
Virginia. Modifying the OS code includes deleting or modifying one or
more portions of the original source code to produce modified OS code.
2. The Company's software developers in Canada will access the
modified OS code and the original source code stored in a collaborative
software development environment and may further modify the OS code and
write original source code.
3. In performing steps 1 and 2, software programmers write computer
code using tools such as Android Studio, Eclipse and Text Editors. The
software programmers may also write the computer code in C++, C, Java,
Kotlin, Python and Perl programming languages. User interface designers
design and write computer code for a graphical layout using tools such
as Android Studio and Eclipse. Software developers modify Android Open
Source Code Project (AOSP) build scripts using tools such as GNU Make
and Blueprint.
4. Once the modified OS code and the original source code are
completed, the Company will download all of the modified OS code and
the original source code to computers located at its offices in
Ashburn, Virginia. Completed code is checked into the Company's
software repository for storage. The result of the combination will be
the source code for the Mobile Device Software; however, it will not be
executable software code.
Writing the source code for the Server Software will involve the
following steps:
1. The Company's software developers in Ashburn, Virginia will
write original source code. The original source code will be stored in
a collaborative software development environment.
2. The Company's software developers in Canada will also write
original source code. The original source code written by the Company's
software developers in Canada will also be stored in the same
collaborative software development environment.
3. In performing steps 1 and 2, software programmers write computer
code using tools such as IntelliJ, Eclipse and Text Editors. The
software programmers may also write the computer code in Scala, Java
and JavaScript languages. User interface designers design and write
computer code for a graphical layout using Angular JS and related tools
such as Node, NPM, Bower and Grunt.
4. When the source code is complete, the Company will download all
of the original source code to one or more computers in Ashburn,
Virginia. Completed code is checked into the Company's software
repository for storage. The downloaded original source code will
comprise the source code for the Server Software; however, it will not
be executable software code.
CIS Secure Computing will then perform a software build on
computers located in its offices in Ashburn, Virginia. During this
step, the source code for the Mobile Device Software and
[[Page 40429]]
the Server Software will each be compiled into executable object code.
Compiling the source code into executable object code for the
Mobile Device Software involves the following steps:
1. The Company's software developers in Ashburn, Virginia sign into
a Jenkins build server and schedule a build action to perform the
compilation process. The Jenkins build server also performs a nightly
build action.
2. The Jenkins build server retrieves the latest version of the
source code from the Company's software repository and, if needed, from
a source code repository for AOSP.
3. The build server performs a compilation process using AOSP
compilation tools such as gcc, Jack, Proguard and Python to compile the
source code into object code for each relevant platform on Android ARM
32-bit CPU and ARM 64-bit CPU.
4. The Company's software developers perform work to address any
incompatibilities or errors that emerge during compilation. If needed,
they verify or rectify the source code, and may re-perform steps 1
through 3.
Compiling the source code into executable object code for the
Server Software involves the following steps:
1. The Company's software developers in Ashburn, Virginia sign into
the Jenkins build server and schedule a build action to perform the
compilation process. The Jenkins build server also performs a nightly
build action.
2. The Jenkins build server retrieves the latest version of the
source code from the Company's software repository.
3. The build server performs a compilation process using a Scala
build tool or Java compiler for the Linux platform to compile the
source code into object code.
4. The build server transcodes and minifies \2\ Javascript using a
Grunt compiler.
---------------------------------------------------------------------------
\2\ Minification refers to the process of removing unnecessary
or redundant data without affecting how the resource is processed by
the browser - e.g., code comments and formatting, removing unused
code, using shorter variable and function names, and so on. See
https://developers.google.com/speed/docs/insights/MinifyResources
(last accessed August 6, 2019).
---------------------------------------------------------------------------
5. The Company's software developers perform work to address any
incompatibilities or errors that emerge during compilation. If needed,
they verify or rectify the source code, and may re-perform steps 1
through 4.
As a final step, CIS Secure Computing will deliver the finished
software to the purchaser. For the Mobile Device Software, the Company
will load the object code onto mobile devices at its offices in
Ashburn, Virginia. Then the Company will provide the mobile devices
with the object code to the purchaser.
For the Server Software, CIS Secure Computing will deliver the
object code to the purchaser in one of the following ways, depending on
the purchaser's requirements: (1) the Company will load the object code
onto a server device at its offices in Ashburn, Virginia and may
provide the server device to a purchaser; (2) the Company will transmit
the object code electronically to a purchaser server; and/or (3) the
Company will load the object code to a storage medium, such as a CD or
a disk drive, and may deliver the CD or disk drive containing the
object code to the purchaser.
ISSUE:
Whether the Mobile Device Software and Server Software are
substantially transformed in the United States for government
procurement purposes.
LAW AND ANALYSIS:
CBP issues country of origin advisory rulings and final
determinations as to whether an article is or would be a product of a
designated country or instrumentality for the purposes of granting
waivers of certain ``Buy American'' restrictions in U.S. law or
practice for products offered for sale to the U.S. Government, pursuant
to subpart B of Part 177, 19 C.F.R. Sec. 177.21 et seq., which
implements Title III of the Trade Agreements Act of 1979, as amended
(19 U.S.C. Sec. 2511 et seq.) (TAA).
Under the rule of origin set forth under 19 U.S.C. Sec.
2518(4)(B):
An article is a product of a country or instrumentality only if
(i) it is wholly the growth, product, or manufacture of that country
or instrumentality, or (ii) in the case of an article which consists
in whole or in part of materials from another country or
instrumentality, it has been substantially transformed into a new
and different article of commerce with a name, character, or use
distinct from that of the article or articles from which it was so
transformed.
See also 19 C.F.R. Sec. 177.22(a).
In rendering advisory rulings and final determinations for purposes
of U.S. Government procurement, CBP applies the provisions of subpart B
of Part 177 consistent with Federal Acquisition Regulations. See 19
C.F.R. Sec. 177.21. In this regard, CBP recognizes that the Federal
Acquisition Regulations restrict the U.S. Government's purchase of
products to U.S.-made or designated country end products for
acquisitions subject to the TAA. See 48 C.F.R. Sec. 25.403(c)(1). The
Federal Acquisition Regulations define ``U.S.-made end product'' as:
. . . an article that is mined, produced, or manufactured in the
United States or that is substantially transformed in the United
States into a new and different article of commerce with a name,
character, or use distinct from that of the article or articles from
which it was transformed.
The issue in this case is whether the source code written for the
Mobile Device Software and Server Software is substantially transformed
in the United States when the Company performs a ``software build'' in
the United States, i.e., compiles the source code written in Canada
(along with source code written in the United States) into executable
object code. At the outset, we note that ``source code'' and ``object
code'' differ in several important ways. Source code is a ``computer
program written in a high level human readable language.'' See, e.g.,
Daniel S. Lin, Matthew Sag, and Ronald S. Laurie, Source Code versus
Object Code: Patent Implications for the Open Source Community, 18
Santa Clara High Tech. L.J. 235, 238 (2001). While it is easier for
humans to read and write programs in ``high level human readable
languages,'' computers cannot execute these programs. See Note,
Copyright Protection of Computer Program Object Code, 96 Harv. L. Rev.
1723, 1724 (1983). Computers can execute only ``object code,'' which is
a program consisting of clusters of ``0'' and ``1'' symbols. Id.
Programmers create object code from source code by feeding it into a
program known as a ``compiler.'' Id. In this case, the writing of
source code in Canada (and the United States) involves the creation of
computer instructions in a high level human readable language, whereas
the software build performed in the United States involves the
compilation of those instructions into a format that computers can
execute.
CBP has consistently held that conducting a software build--
compiling source code into object code--results in substantial
transformation. For example, in HQ H268858, dated Feb. 12, 2016, four
software products were produced using the same three-step process: (1)
writing the source code in Malaysia; (2) compiling the source code into
usable object code in the United States; and (3) installing the
finished software on U.S.-origin discs in the United States. CBP held
that all four software products were substantially transformed in the
United States, finding that the software build conducted in the United
States was sufficient to create a new and different article with a new
name,
[[Page 40430]]
character, and use. See also HQ H243606, dated Dec. 4, 2013 (source
code programmed in China and then compiled into object code in the
United States was substantial transformation).
Consistent with the rulings cited above, we find that the Mobile
Device Software and Server Software are substantially transformed in
the United States as a result of the software build: the name of the
product changes from source code to object code, the character changes
from computer code to finished software, and the use changes from
instructions to an executable program.
HOLDING:
Based on the information provided, the Mobile Device Software and
Server Software are substantially transformed in the United States for
U.S. government procurement purposes.
Notice of this final determination will be given in the Federal
Register, as required by 19 C.F.R. Sec. 177.29. Any party-at-interest
other than the party which requested this final determination may
request, pursuant to 19 C.F.R. Sec. 177.31, that CBP reexamine the
matter anew and issue a new final determination. Pursuant to 19 C.F.R.
Sec. 177.30, any party-at-interest may, within 30 days after
publication of the Federal Register notice referenced above, seek
judicial review of this final determination before the Court of
International Trade.
Sincerely,
Alice A. Kipel,
Executive Director, Regulations and Rulings, Office of Trade.
[FR Doc. 2019-17377 Filed 8-13-19; 8:45 am]
BILLING CODE 9111-14-P
