[Federal Register Volume 84, Number 157 (Wednesday, August 14, 2019)]
[Notices]
[Pages 40427-40430]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-17377]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
U.S. Customs and Border Protection
Notice of Issuance of Final Determination Concerning; Software
Products
AGENCY: U.S. Customs and Border Protection, Department of Homeland
Security.
ACTION: Notice of final determination.
-----------------------------------------------------------------------
SUMMARY: This document provides notice that U.S. Customs and Border
Protection (``CBP'') has issued a final determination concerning the
country of origin of CIS Secure Computing, Inc.'s software products for
use on mobile devices and on servers and other similar network devices.
Based upon the facts presented, CBP has concluded that the software
products are substantially transformed in the United States for
purposes of U.S. Government procurement.
DATES: The final determination was issued on August 7, 2019. A copy of
the final determination is attached. Any party-at-interest, as defined
in 19 CFR 177.22(d), may seek judicial review of this final
determination no later than September 13, 2019.
FOR FURTHER INFORMATION CONTACT: James Kim, Valuation and Special
Programs Branch, Regulations and Rulings, Office of Trade (202) 325-
0158.
SUPPLEMENTARY INFORMATION: Notice is hereby given that on August 7,
2019, pursuant to subpart B of Part 177, U.S. Customs and Border
Protection Regulations (19 CFR part 177, subpart
[[Page 40428]]
B), CBP issued a final determination concerning the country of origin
of CIS Secure Computing, Inc.'s software products, which may be offered
to the U.S. Government under an undesignated government procurement
contract. This final determination, HQ H301776, was issued under
procedures set forth at 19 CFR part 177, subpart B, which implements
Title III of the Trade Agreements Act of 1979, as amended (19 U.S.C.
2511-18). In the final determination, CBP concluded that CIS Secure
Computing, Inc.'s software products are substantially transformed in
the United States for purposes of U.S. Government procurement.
Section 177.29, CBP Regulations (19 CFR 177.29), provides that a
notice of final determination shall be published in the Federal
Register within 60 days of the date the final determination is issued.
Section 177.30, CBP Regulations (19 CFR 177.30), provides that any
party-at-interest, as defined in 19 CFR 177.22(d), may seek judicial
review of a final determination within 30 days of publication of such
determination in the Federal Register.
Dated: August 7, 2019.
Alice A. Kipel,
Executive Director, Regulations and Rulings, Office of Trade.
HQ H301776
August 7, 2019
OT:RR:CTF:VS H301776 JK
CATEGORY: Origin
John Turner, CTO
CIS Secure Computing, Inc.
21050 Ashburn Crossing Drive, Suite 145
Ashburn, VA 20147
RE: U.S. Government Procurement; Title III, Trade Agreements Act of
1979 (19 U.S.C. Sec. 2511); Subpart B, Part 177, CBP Regulations;
Substantial Transformation
Dear Mr. Turner:
This is in response to your letter, dated September 19, 2018,
requesting a final determination on behalf of CIS Secure Computing,
Inc. (``CIS Secure Computing'' or ``Company''), pursuant to subpart B
of Part 177 of the U.S. Customs and Border Protection (CBP) Regulations
(19 C.F.R. Part 177). As a U.S. importer, CIS Secure Computing is a
party-at-interest within the meaning of 19 C.F.R. Sec. 177.22(d)(1)
and is entitled to request this final determination.
FACTS:
CIS Secure Computing requests a final determination on two software
products that it intends to produce for government procurement
purposes: software for use on mobile devices (``Mobile Device
Software''), and software for use on servers and other similar network
devices (``Server Software''). The Mobile Device Software includes a
customized version of the Android operating system and mobile
configuration management software, which provide advanced security
features and functions to a mobile device. The Server Software includes
configuration management software for remotely controlling certain
functions and operations of a mobile device configured with the Mobile
Device Software.
Both software products are produced in a four-step process that
involves: (1) writing original source code, or modifying open source
software code in the United States; (2) writing or modifying source
code in Canada; (3) compiling the source code into executable object
code in the United States; and (4) delivering the finished software to
the purchaser. The source code will be written by the Company's
employees at its offices located in Ashburn, Virginia and in Canada.\1\
---------------------------------------------------------------------------
\1\ In your original submission dated September 18, 2018, you
stated that the writing of source code in Canada was performed by a
contract Canadian software development company. In your submission
dated May 21, 2019, you stated that CIS Secure Computing had
completed acquisition of this contract Canadian software development
company, and that any software writing, software compilation, or
other operations that were originally described as performed by the
Canadian software development company are now performed by employees
of CIS Secure Computing.
---------------------------------------------------------------------------
In a submission dated May 21, 2019, CIS Secure Computing provided
additional information on the processes involved in writing source code
and compiling it into executable object code in steps (1) through (3).
Writing the source code for the Mobile Device Software will involve
the following steps:
1. The Company's software developers in Ashburn, Virginia will
download certain open source software code for the Android operating
system, also known as Operating System code (``OS code''). The Company
will modify the OS code and write original source code in Ashburn,
Virginia. Modifying the OS code includes deleting or modifying one or
more portions of the original source code to produce modified OS code.
2. The Company's software developers in Canada will access the
modified OS code and the original source code stored in a collaborative
software development environment and may further modify the OS code and
write original source code.
3. In performing steps 1 and 2, software programmers write computer
code using tools such as Android Studio, Eclipse and Text Editors. The
software programmers may also write the computer code in C++, C, Java,
Kotlin, Python and Perl programming languages. User interface designers
design and write computer code for a graphical layout using tools such
as Android Studio and Eclipse. Software developers modify Android Open
Source Code Project (AOSP) build scripts using tools such as GNU Make
and Blueprint.
4. Once the modified OS code and the original source code are
completed, the Company will download all of the modified OS code and
the original source code to computers located at its offices in
Ashburn, Virginia. Completed code is checked into the Company's
software repository for storage. The result of the combination will be
the source code for the Mobile Device Software; however, it will not be
executable software code.
Writing the source code for the Server Software will involve the
following steps:
1. The Company's software developers in Ashburn, Virginia will
write original source code. The original source code will be stored in
a collaborative software development environment.
2. The Company's software developers in Canada will also write
original source code. The original source code written by the Company's
software developers in Canada will also be stored in the same
collaborative software development environment.
3. In performing steps 1 and 2, software programmers write computer
code using tools such as IntelliJ, Eclipse and Text Editors. The
software programmers may also write the computer code in Scala, Java
and JavaScript languages. User interface designers design and write
computer code for a graphical layout using Angular JS and related tools
such as Node, NPM, Bower and Grunt.
4. When the source code is complete, the Company will download all
of the original source code to one or more computers in Ashburn,
Virginia. Completed code is checked into the Company's software
repository for storage. The downloaded original source code will
comprise the source code for the Server Software; however, it will not
be executable software code.
CIS Secure Computing will then perform a software build on
computers located in its offices in Ashburn, Virginia. During this
step, the source code for the Mobile Device Software and
[[Page 40429]]
the Server Software will each be compiled into executable object code.
Compiling the source code into executable object code for the
Mobile Device Software involves the following steps:
1. The Company's software developers in Ashburn, Virginia sign into
a Jenkins build server and schedule a build action to perform the
compilation process. The Jenkins build server also performs a nightly
build action.
2. The Jenkins build server retrieves the latest version of the
source code from the Company's software repository and, if needed, from
a source code repository for AOSP.
3. The build server performs a compilation process using AOSP
compilation tools such as gcc, Jack, Proguard and Python to compile the
source code into object code for each relevant platform on Android ARM
32-bit CPU and ARM 64-bit CPU.
4. The Company's software developers perform work to address any
incompatibilities or errors that emerge during compilation. If needed,
they verify or rectify the source code, and may re-perform steps 1
through 3.
Compiling the source code into executable object code for the
Server Software involves the following steps:
1. The Company's software developers in Ashburn, Virginia sign into
the Jenkins build server and schedule a build action to perform the
compilation process. The Jenkins build server also performs a nightly
build action.
2. The Jenkins build server retrieves the latest version of the
source code from the Company's software repository.
3. The build server performs a compilation process using a Scala
build tool or Java compiler for the Linux platform to compile the
source code into object code.
4. The build server transcodes and minifies \2\ Javascript using a
Grunt compiler.
---------------------------------------------------------------------------
\2\ Minification refers to the process of removing unnecessary
or redundant data without affecting how the resource is processed by
the browser - e.g., code comments and formatting, removing unused
code, using shorter variable and function names, and so on. See
https://developers.google.com/speed/docs/insights/MinifyResources
(last accessed August 6, 2019).
---------------------------------------------------------------------------
5. The Company's software developers perform work to address any
incompatibilities or errors that emerge during compilation. If needed,
they verify or rectify the source code, and may re-perform steps 1
through 4.
As a final step, CIS Secure Computing will deliver the finished
software to the purchaser. For the Mobile Device Software, the Company
will load the object code onto mobile devices at its offices in
Ashburn, Virginia. Then the Company will provide the mobile devices
with the object code to the purchaser.
For the Server Software, CIS Secure Computing will deliver the
object code to the purchaser in one of the following ways, depending on
the purchaser's requirements: (1) the Company will load the object code
onto a server device at its offices in Ashburn, Virginia and may
provide the server device to a purchaser; (2) the Company will transmit
the object code electronically to a purchaser server; and/or (3) the
Company will load the object code to a storage medium, such as a CD or
a disk drive, and may deliver the CD or disk drive containing the
object code to the purchaser.
ISSUE:
Whether the Mobile Device Software and Server Software are
substantially transformed in the United States for government
procurement purposes.
LAW AND ANALYSIS:
CBP issues country of origin advisory rulings and final
determinations as to whether an article is or would be a product of a
designated country or instrumentality for the purposes of granting
waivers of certain ``Buy American'' restrictions in U.S. law or
practice for products offered for sale to the U.S. Government, pursuant
to subpart B of Part 177, 19 C.F.R. Sec. 177.21 et seq., which
implements Title III of the Trade Agreements Act of 1979, as amended
(19 U.S.C. Sec. 2511 et seq.) (TAA).
Under the rule of origin set forth under 19 U.S.C. Sec.
2518(4)(B):
An article is a product of a country or instrumentality only if
(i) it is wholly the growth, product, or manufacture of that country
or instrumentality, or (ii) in the case of an article which consists
in whole or in part of materials from another country or
instrumentality, it has been substantially transformed into a new
and different article of commerce with a name, character, or use
distinct from that of the article or articles from which it was so
transformed.
See also 19 C.F.R. Sec. 177.22(a).
In rendering advisory rulings and final determinations for purposes
of U.S. Government procurement, CBP applies the provisions of subpart B
of Part 177 consistent with Federal Acquisition Regulations. See 19
C.F.R. Sec. 177.21. In this regard, CBP recognizes that the Federal
Acquisition Regulations restrict the U.S. Government's purchase of
products to U.S.-made or designated country end products for
acquisitions subject to the TAA. See 48 C.F.R. Sec. 25.403(c)(1). The
Federal Acquisition Regulations define ``U.S.-made end product'' as:
. . . an article that is mined, produced, or manufactured in the
United States or that is substantially transformed in the United
States into a new and different article of commerce with a name,
character, or use distinct from that of the article or articles from
which it was transformed.
The issue in this case is whether the source code written for the
Mobile Device Software and Server Software is substantially transformed
in the United States when the Company performs a ``software build'' in
the United States, i.e., compiles the source code written in Canada
(along with source code written in the United States) into executable
object code. At the outset, we note that ``source code'' and ``object
code'' differ in several important ways. Source code is a ``computer
program written in a high level human readable language.'' See, e.g.,
Daniel S. Lin, Matthew Sag, and Ronald S. Laurie, Source Code versus
Object Code: Patent Implications for the Open Source Community, 18
Santa Clara High Tech. L.J. 235, 238 (2001). While it is easier for
humans to read and write programs in ``high level human readable
languages,'' computers cannot execute these programs. See Note,
Copyright Protection of Computer Program Object Code, 96 Harv. L. Rev.
1723, 1724 (1983). Computers can execute only ``object code,'' which is
a program consisting of clusters of ``0'' and ``1'' symbols. Id.
Programmers create object code from source code by feeding it into a
program known as a ``compiler.'' Id. In this case, the writing of
source code in Canada (and the United States) involves the creation of
computer instructions in a high level human readable language, whereas
the software build performed in the United States involves the
compilation of those instructions into a format that computers can
execute.
CBP has consistently held that conducting a software build--
compiling source code into object code--results in substantial
transformation. For example, in HQ H268858, dated Feb. 12, 2016, four
software products were produced using the same three-step process: (1)
writing the source code in Malaysia; (2) compiling the source code into
usable object code in the United States; and (3) installing the
finished software on U.S.-origin discs in the United States. CBP held
that all four software products were substantially transformed in the
United States, finding that the software build conducted in the United
States was sufficient to create a new and different article with a new
name,
[[Page 40430]]
character, and use. See also HQ H243606, dated Dec. 4, 2013 (source
code programmed in China and then compiled into object code in the
United States was substantial transformation).
Consistent with the rulings cited above, we find that the Mobile
Device Software and Server Software are substantially transformed in
the United States as a result of the software build: the name of the
product changes from source code to object code, the character changes
from computer code to finished software, and the use changes from
instructions to an executable program.
HOLDING:
Based on the information provided, the Mobile Device Software and
Server Software are substantially transformed in the United States for
U.S. government procurement purposes.
Notice of this final determination will be given in the Federal
Register, as required by 19 C.F.R. Sec. 177.29. Any party-at-interest
other than the party which requested this final determination may
request, pursuant to 19 C.F.R. Sec. 177.31, that CBP reexamine the
matter anew and issue a new final determination. Pursuant to 19 C.F.R.
Sec. 177.30, any party-at-interest may, within 30 days after
publication of the Federal Register notice referenced above, seek
judicial review of this final determination before the Court of
International Trade.
Sincerely,
Alice A. Kipel,
Executive Director, Regulations and Rulings, Office of Trade.
[FR Doc. 2019-17377 Filed 8-13-19; 8:45 am]
BILLING CODE 9111-14-P