[Federal Register Volume 81, Number 34 (Monday, February 22, 2016)]
[Notices]
[Pages 8733-8735]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-03552]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

U.S. Customs and Border Protection


Notice of Issuance of Final Determination Concerning Certain Data 
Protection Software Products

AGENCY: U.S. Customs and Border Protection, Department of Homeland 
Security.

ACTION: Notice of final determination.

-----------------------------------------------------------------------

SUMMARY: This document provides notice that U.S. Customs and Border 
Protection (``CBP'') has issued a final determination concerning the 
country of origin of certain data protection software products. Based 
upon the facts presented, CBP has concluded that the country of origin 
of the software products is the United States for purposes of U.S. 
Government procurement.

DATES: The final determination was issued on February 12, 2016. A copy 
of the final determination is attached. Any party-at-interest, as 
defined in 19 CFR 177.22(d), may seek judicial review of this final 
determination no later than March 23, 2016.

FOR FURTHER INFORMATION CONTACT: Ross Cunningham, Valuation and Special 
Programs Branch, Regulations and Rulings, Office of International Trade 
(202) 325-0034.

SUPPLEMENTARY INFORMATION: Notice is hereby given that on February 12, 
2016, pursuant to subpart B of Part 177, U.S. Customs and Border 
Protection Regulations (19 CFR part 177, subpart B), CBP issued a final 
determination concerning the country of origin of certain data 
protection software products known as WebALARM, WebALARM [Embedded], 
TheGRID Basic, and TheGrid Beacon, which may be offered to the U.S. 
Government under an undesignated government procurement contract. This 
final determination, HQ H268858, was issued under procedures set forth 
at 19 CFR part 177, subpart B, which implements Title III of the Trade 
Agreements Act of 1979, as amended (19 U.S.C. 2511-18). In the final 
determination, CBP concluded that the processing in the United States 
results in a substantial transformation. Therefore, the country of 
origin of the software products is the United States for purposes of 
U.S. Government procurement.
    Section 177.29, CBP Regulations (19 CFR 177.29), provides that a 
notice of final determination shall be published in the Federal 
Register within 60 days of the date the final determination is issued. 
Section 177.30, CBP Regulations (19 CFR 177.30), provides that any 
party-at-interest, as defined in 19 CFR 177.22(d), may seek judicial 
review of a final determination within 30 days of publication of such 
determination in the Federal Register.

    Dated: February 12, 2016.
Joanne Roman Stump,
Acting Executive Director, Regulations and Rulings, Office of 
International Trade.
Attachment
HQ H268858
February 12, 2016
OT:RR:CTF:VS H268858 RMC
CATEGORY: Country of Origin
Dan Minutillo
Minutillo: A Law Corporation
841 Blossom Hill Road
Second Floor
P.O. Box 20698
San Jose, CA 95160

Re: U.S. Government Procurement; Country of Origin of Data Protection 
Software; Substantial Transformation

Dear Mr. Minutillo:

    This is in response to your letter dated August 18, 2015, 
requesting a final determination on behalf of e-Lock Corporation (``e-
Lock'') pursuant to Subpart B of Part 177 of the U.S. Customs and 
Border Protection (``CBP'') Regulations (19 C.F.R. part 177). Under 
these regulations, which implement Title III of the Trade Agreements 
Act of 1979 (``TAA''), as amended (19 U.S.C. Sec.  2511 et seq.), CBP 
issues country of origin advisory rulings and final determinations as 
to whether an article is or would be a product of a designated country 
or instrumentality for the purposes of granting waivers of certain 
``Buy American'' restrictions in U.S. law or for products offered for 
sale to the U.S. Government. This final determination concerns the 
country of origin of four data-protection software products. As a U.S. 
importer, e-Lock is a party-at-interest within the meaning of 19 C.F.R. 
Sec.  177.22(d)(1) and is entitled to request this final determination.

FACTS:

    E-Lock is a Malaysia based developer of cyber-security software 
that helps to prevent identity theft and threats to data integrity. 
This request concerns four software products that e-Lock wishes to 
offer for sale to the federal government: (1) WebALARM; (2) WebALARM 
[Embedded]; (3) TheGRID Basic; and (4) TheGRID Beacon. The WebALARM 
products are designed to protect files and data from unauthorized 
changes. The two products are similar except that WebALARM [Embedded] 
is embedded to become part of an integrated security package. TheGRID 
products provide user-identification and authentication functionality 
and are designed to protect against online theft by providing two-
factor authentication and optional mutual authentication. The two 
products are similar except that TheGRID Beacon is designed for mobile 
applications.
    All four software products are produced using the same three-step

[[Page 8734]]

process that essentially involves: (1) Writing the source code in 
Malaysia; (2) compiling the source code into usable object code in the 
United States; and (3) installing the finished software on U.S.-origin 
discs in the United States.
    In a submission dated October 15, 2015, e-Lock provided additional 
information on the processes involved in creating source code and 
compiling it into object code in steps (1) and (2).
    1. Writing e-Lock Source Code
    a. Creating new source code project in e-Lock's source code 
repository server;
    b. Using tools like Microsoft Visual Studio, Android Studio, 
Eclipse, Xcode, and Text Editors, e-Lock's software programmer starts 
writing computer code in C++, Java, and Objective-C languages;
    c. Designing graphical layout using Visual Studio, Android Studio, 
or Xcode; and
    d. (b) and (c) above are prepared and checked into source code 
repository server.
    2. Compiling e-Lock Source Code into Object Code
    a. The software builder signs into the continuous integration 
(``CI'') server and performs a ``build'' action;
    b. The CI server immediately checks out the latest version of 
source code from the repository server and performs compilation 
process;
    c. Source code is then compiled into machine code for each relevant 
platform on Windows, Linux, Android, and iOs;
    d. Incompatibilities or errors during compilation are handed; and
    e. Source code is verified or rectified as needed.
    After e-Lock's engineers compile the source code into object code 
in the United States, the continuous integration server automatically 
constructs installation packages for testing and executable files for 
various platforms. Finally, a plan for testing is developed and 
engineers perform software testing, unit and/or integration testing, 
regressions and/or performance testing, and acceptance testing. If the 
code passes the tests described above, the software-development phase 
is complete.
    E-Lock also provided information on the costs and time associated 
with writing the source code in Malaysia and compiling the object code 
in the United States. E-Lock also noted that U.S.-based subcontracts 
and personnel install, distribute, and provide technical support for 
the finished products after sale.
    E-Lock argues that the Malaysian source code is substantially 
transformed when it is compiled into usable object code in the United 
States and that the country of origin for government-procurement 
purposes is thus the United States.

ISSUE:

    Whether the four software products are products of the United 
States for government-procurement purposes.

LAW & ANALYSIS:

    Pursuant to Subpart B of Part 177, 19 C.F.R. Sec.  177.21 et seq., 
which implements Title III of the Trade Agreements Act of 1979, as 
amended (19 U.S.C. Sec.  2511 et seq.), CBP issues country of origin 
advisory rulings and final determinations as to whether an article is 
or would be a product of a designated country or instrumentality for 
the purposes of granting waivers of certain ``Buy American'' 
restrictions in U.S. law or practice for products offered for sale to 
the U.S. Government.
    Under the rule of origin set forth under 19 U.S.C. Sec.  
2518(4)(B):
    An article is a product of a country or instrumentality only if (i) 
it is wholly the growth, product, or manufacture of that country or 
instrumentality, or (ii) in the case of an article which consists in 
whole or in part of materials from another country or instrumentality, 
it has been substantially transformed into a new and different article 
of commerce with a name, character, or use distinct from that of the 
article or articles from which it was so transformed.
    See also 19 C.F.R. Sec.  177.22(a).
    In rendering advisory rulings and final determinations for purposes 
of U.S. Government procurement, CBP applies the provisions of subpart B 
of Part 177 consistent with the Federal Procurement Regulations. See 19 
C.F.R. Sec.  177.21. In this regard, CBP recognizes that the Federal 
Procurement Regulations restrict the U.S. Government's purchase of 
products to U.S.-made or designated country end products for 
acquisitions subject to the TAA. The Federal Procurement Regulations 
define ``U.S.-made end product'' as:
    [A]n article that is mined, produced, or manufactured in the United 
States or that is substantially transformed in the United States into a 
new and different article of commerce with a name, character, or use 
distin0ct from that of the article or articles from which it was 
transformed.
    See 48 C.F.R. Sec.  25.403(c)(1).
    The issue in this case is whether e-Lock's Malaysian-developed 
source code is substantially transformed in the United States when 
engineers compile it into object code and load it onto U.S.-origin 
disks. E-Lock argues that the source code is ``substantially different 
in nature, function, name and character than the final product after 
code compilation.'' Thus, according to e-Lock, the finished software is 
substantially transformed in the United States and the country of 
origin for government-procurement purposes is the United States.
    The ``source code'' written in Malaysia and the ``object code'' 
compiled in the United States differ in several important ways. Source 
code is a ``computer program written in a high level human readable 
language.'' See, e.g., Daniel S. Lin, Matthew Sag, and Ronald S. 
Laurie, Source Code versus Object Code: Patent Implications for the 
Open Source Community, 18 Santa Clara High Tech. L.J. 235, 238 (2001). 
While it is easier for humans to read and write programs in ``high 
level human readable languages,'' computers cannot execute these 
programs. See Note, Copyright Protection of Computer Program Object 
Code, 96 Harv. L. Rev. 1723, 1724 (1983). Computers can execute only 
``object code,'' which is a program consisting of clusters of ``0'' and 
``1'' symbols. Id. Programmers create object code from source code by 
feeding it into a program known as a ``compiler.'' Id. Thus, step (1), 
the writing of source code in Malaysia, involves the creation of 
computer instructions in a high level human readable language, whereas 
step (2), which is performed in the United States, involves the 
compilation of those instructions into a format that computers can 
execute.
    CBP has consistently held that conducting a ``software build''--
i.e., compiling source code into object code--results in a substantial 
transformation. See, e.g., Headquarters Ruling (``HQ'') H192146, dated 
June 8, 2012 (holding that ``software is substantially transformed into 
a new article with a new name, character and use in the country where 
the software build is performed''). For example, e-Lock cites HQ 
H243606, dated Dec. 4, 2013, in which an importer developed DocAve 
Software, a comprehensive suite of applications for Microsoft 
SharePoint, in both the United States and China. While most of the 
source code was programmed in China, the source code was compiled into 
object code (i.e., ``built'') in the United States. CBP held that ``the 
software build performed in the U.S. substantially transforms the 
software modules developed in China and the U.S. into a new article 
with a new name, character and use . . .''. The country of origin of 
DocAve Software was thus the United States for purposes of U.S. 
Government procurement.

[[Page 8735]]

    As in H192146 and H243606, e-Lock also conducts a software build in 
the United States. This process is sufficient to create a new article 
with a new name, character and use: the name of the product changes 
from source code to object code, the character changes from computer 
code to finished software, and the use changes from instructions to an 
executable program.

HOLDING:

    The country of origin of the finished software products is the 
United States for purposes of government procurement.
    Notice of this final determination will be given in the Federal 
Register, as required by 19 C.F.R. Sec.  177.29. Any party-at-interest 
other than the party which requested this final determination may 
request, pursuant to 19 C.F.R. Sec.  177.31, that CBP reexamine the 
matter anew and issue a new final determination. Pursuant to 19 C.F.R. 
Sec.  177.30, any party-at-interest may, within 30 days of publication 
of the Federal Register Notice referenced above, seek judicial review 
of this final determination before the Court of International Trade.

Sincerely,

Joanne Roman Stump
Acting Executive Director Regulations & Rulings
Office of International Trade

[FR Doc. 2016-03552 Filed 2-19-16; 8:45 am]
BILLING CODE P