[Federal Register Volume 84, Number 157 (Wednesday, August 14, 2019)]
[Notices]
[Pages 40427-40430]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-17377]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

U.S. Customs and Border Protection


Notice of Issuance of Final Determination Concerning; Software 
Products

AGENCY: U.S. Customs and Border Protection, Department of Homeland 
Security.

ACTION: Notice of final determination.

-----------------------------------------------------------------------

SUMMARY: This document provides notice that U.S. Customs and Border 
Protection (``CBP'') has issued a final determination concerning the 
country of origin of CIS Secure Computing, Inc.'s software products for 
use on mobile devices and on servers and other similar network devices. 
Based upon the facts presented, CBP has concluded that the software 
products are substantially transformed in the United States for 
purposes of U.S. Government procurement.

DATES: The final determination was issued on August 7, 2019. A copy of 
the final determination is attached. Any party-at-interest, as defined 
in 19 CFR 177.22(d), may seek judicial review of this final 
determination no later than September 13, 2019.

FOR FURTHER INFORMATION CONTACT: James Kim, Valuation and Special 
Programs Branch, Regulations and Rulings, Office of Trade (202) 325-
0158.

SUPPLEMENTARY INFORMATION: Notice is hereby given that on August 7, 
2019, pursuant to subpart B of Part 177, U.S. Customs and Border 
Protection Regulations (19 CFR part 177, subpart

[[Page 40428]]

B), CBP issued a final determination concerning the country of origin 
of CIS Secure Computing, Inc.'s software products, which may be offered 
to the U.S. Government under an undesignated government procurement 
contract. This final determination, HQ H301776, was issued under 
procedures set forth at 19 CFR part 177, subpart B, which implements 
Title III of the Trade Agreements Act of 1979, as amended (19 U.S.C. 
2511-18). In the final determination, CBP concluded that CIS Secure 
Computing, Inc.'s software products are substantially transformed in 
the United States for purposes of U.S. Government procurement.
    Section 177.29, CBP Regulations (19 CFR 177.29), provides that a 
notice of final determination shall be published in the Federal 
Register within 60 days of the date the final determination is issued. 
Section 177.30, CBP Regulations (19 CFR 177.30), provides that any 
party-at-interest, as defined in 19 CFR 177.22(d), may seek judicial 
review of a final determination within 30 days of publication of such 
determination in the Federal Register.

    Dated: August 7, 2019.
Alice A. Kipel,
Executive Director, Regulations and Rulings, Office of Trade.

HQ H301776

August 7, 2019

OT:RR:CTF:VS H301776 JK

CATEGORY: Origin

John Turner, CTO
CIS Secure Computing, Inc.
21050 Ashburn Crossing Drive, Suite 145
Ashburn, VA 20147
RE: U.S. Government Procurement; Title III, Trade Agreements Act of 
1979 (19 U.S.C. Sec.  2511); Subpart B, Part 177, CBP Regulations; 
Substantial Transformation
Dear Mr. Turner:
    This is in response to your letter, dated September 19, 2018, 
requesting a final determination on behalf of CIS Secure Computing, 
Inc. (``CIS Secure Computing'' or ``Company''), pursuant to subpart B 
of Part 177 of the U.S. Customs and Border Protection (CBP) Regulations 
(19 C.F.R. Part 177). As a U.S. importer, CIS Secure Computing is a 
party-at-interest within the meaning of 19 C.F.R. Sec.  177.22(d)(1) 
and is entitled to request this final determination.

FACTS:

    CIS Secure Computing requests a final determination on two software 
products that it intends to produce for government procurement 
purposes: software for use on mobile devices (``Mobile Device 
Software''), and software for use on servers and other similar network 
devices (``Server Software''). The Mobile Device Software includes a 
customized version of the Android operating system and mobile 
configuration management software, which provide advanced security 
features and functions to a mobile device. The Server Software includes 
configuration management software for remotely controlling certain 
functions and operations of a mobile device configured with the Mobile 
Device Software.
    Both software products are produced in a four-step process that 
involves: (1) writing original source code, or modifying open source 
software code in the United States; (2) writing or modifying source 
code in Canada; (3) compiling the source code into executable object 
code in the United States; and (4) delivering the finished software to 
the purchaser. The source code will be written by the Company's 
employees at its offices located in Ashburn, Virginia and in Canada.\1\
---------------------------------------------------------------------------

    \1\ In your original submission dated September 18, 2018, you 
stated that the writing of source code in Canada was performed by a 
contract Canadian software development company. In your submission 
dated May 21, 2019, you stated that CIS Secure Computing had 
completed acquisition of this contract Canadian software development 
company, and that any software writing, software compilation, or 
other operations that were originally described as performed by the 
Canadian software development company are now performed by employees 
of CIS Secure Computing.
---------------------------------------------------------------------------

    In a submission dated May 21, 2019, CIS Secure Computing provided 
additional information on the processes involved in writing source code 
and compiling it into executable object code in steps (1) through (3).
    Writing the source code for the Mobile Device Software will involve 
the following steps:
    1. The Company's software developers in Ashburn, Virginia will 
download certain open source software code for the Android operating 
system, also known as Operating System code (``OS code''). The Company 
will modify the OS code and write original source code in Ashburn, 
Virginia. Modifying the OS code includes deleting or modifying one or 
more portions of the original source code to produce modified OS code.
    2. The Company's software developers in Canada will access the 
modified OS code and the original source code stored in a collaborative 
software development environment and may further modify the OS code and 
write original source code.
    3. In performing steps 1 and 2, software programmers write computer 
code using tools such as Android Studio, Eclipse and Text Editors. The 
software programmers may also write the computer code in C++, C, Java, 
Kotlin, Python and Perl programming languages. User interface designers 
design and write computer code for a graphical layout using tools such 
as Android Studio and Eclipse. Software developers modify Android Open 
Source Code Project (AOSP) build scripts using tools such as GNU Make 
and Blueprint.
    4. Once the modified OS code and the original source code are 
completed, the Company will download all of the modified OS code and 
the original source code to computers located at its offices in 
Ashburn, Virginia. Completed code is checked into the Company's 
software repository for storage. The result of the combination will be 
the source code for the Mobile Device Software; however, it will not be 
executable software code.
    Writing the source code for the Server Software will involve the 
following steps:
    1. The Company's software developers in Ashburn, Virginia will 
write original source code. The original source code will be stored in 
a collaborative software development environment.
    2. The Company's software developers in Canada will also write 
original source code. The original source code written by the Company's 
software developers in Canada will also be stored in the same 
collaborative software development environment.
    3. In performing steps 1 and 2, software programmers write computer 
code using tools such as IntelliJ, Eclipse and Text Editors. The 
software programmers may also write the computer code in Scala, Java 
and JavaScript languages. User interface designers design and write 
computer code for a graphical layout using Angular JS and related tools 
such as Node, NPM, Bower and Grunt.
    4. When the source code is complete, the Company will download all 
of the original source code to one or more computers in Ashburn, 
Virginia. Completed code is checked into the Company's software 
repository for storage. The downloaded original source code will 
comprise the source code for the Server Software; however, it will not 
be executable software code.
    CIS Secure Computing will then perform a software build on 
computers located in its offices in Ashburn, Virginia. During this 
step, the source code for the Mobile Device Software and

[[Page 40429]]

the Server Software will each be compiled into executable object code.
    Compiling the source code into executable object code for the 
Mobile Device Software involves the following steps:
    1. The Company's software developers in Ashburn, Virginia sign into 
a Jenkins build server and schedule a build action to perform the 
compilation process. The Jenkins build server also performs a nightly 
build action.
    2. The Jenkins build server retrieves the latest version of the 
source code from the Company's software repository and, if needed, from 
a source code repository for AOSP.
    3. The build server performs a compilation process using AOSP 
compilation tools such as gcc, Jack, Proguard and Python to compile the 
source code into object code for each relevant platform on Android ARM 
32-bit CPU and ARM 64-bit CPU.
    4. The Company's software developers perform work to address any 
incompatibilities or errors that emerge during compilation. If needed, 
they verify or rectify the source code, and may re-perform steps 1 
through 3.
    Compiling the source code into executable object code for the 
Server Software involves the following steps:
    1. The Company's software developers in Ashburn, Virginia sign into 
the Jenkins build server and schedule a build action to perform the 
compilation process. The Jenkins build server also performs a nightly 
build action.
    2. The Jenkins build server retrieves the latest version of the 
source code from the Company's software repository.
    3. The build server performs a compilation process using a Scala 
build tool or Java compiler for the Linux platform to compile the 
source code into object code.
    4. The build server transcodes and minifies \2\ Javascript using a 
Grunt compiler.
---------------------------------------------------------------------------

    \2\ Minification refers to the process of removing unnecessary 
or redundant data without affecting how the resource is processed by 
the browser - e.g., code comments and formatting, removing unused 
code, using shorter variable and function names, and so on. See 
https://developers.google.com/speed/docs/insights/MinifyResources 
(last accessed August 6, 2019).
---------------------------------------------------------------------------

    5. The Company's software developers perform work to address any 
incompatibilities or errors that emerge during compilation. If needed, 
they verify or rectify the source code, and may re-perform steps 1 
through 4.
    As a final step, CIS Secure Computing will deliver the finished 
software to the purchaser. For the Mobile Device Software, the Company 
will load the object code onto mobile devices at its offices in 
Ashburn, Virginia. Then the Company will provide the mobile devices 
with the object code to the purchaser.
    For the Server Software, CIS Secure Computing will deliver the 
object code to the purchaser in one of the following ways, depending on 
the purchaser's requirements: (1) the Company will load the object code 
onto a server device at its offices in Ashburn, Virginia and may 
provide the server device to a purchaser; (2) the Company will transmit 
the object code electronically to a purchaser server; and/or (3) the 
Company will load the object code to a storage medium, such as a CD or 
a disk drive, and may deliver the CD or disk drive containing the 
object code to the purchaser.

ISSUE:

    Whether the Mobile Device Software and Server Software are 
substantially transformed in the United States for government 
procurement purposes.

LAW AND ANALYSIS:

    CBP issues country of origin advisory rulings and final 
determinations as to whether an article is or would be a product of a 
designated country or instrumentality for the purposes of granting 
waivers of certain ``Buy American'' restrictions in U.S. law or 
practice for products offered for sale to the U.S. Government, pursuant 
to subpart B of Part 177, 19 C.F.R. Sec.  177.21 et seq., which 
implements Title III of the Trade Agreements Act of 1979, as amended 
(19 U.S.C. Sec.  2511 et seq.) (TAA).
    Under the rule of origin set forth under 19 U.S.C. Sec.  
2518(4)(B):

    An article is a product of a country or instrumentality only if 
(i) it is wholly the growth, product, or manufacture of that country 
or instrumentality, or (ii) in the case of an article which consists 
in whole or in part of materials from another country or 
instrumentality, it has been substantially transformed into a new 
and different article of commerce with a name, character, or use 
distinct from that of the article or articles from which it was so 
transformed.

See also 19 C.F.R. Sec.  177.22(a).

    In rendering advisory rulings and final determinations for purposes 
of U.S. Government procurement, CBP applies the provisions of subpart B 
of Part 177 consistent with Federal Acquisition Regulations. See 19 
C.F.R. Sec.  177.21. In this regard, CBP recognizes that the Federal 
Acquisition Regulations restrict the U.S. Government's purchase of 
products to U.S.-made or designated country end products for 
acquisitions subject to the TAA. See 48 C.F.R. Sec.  25.403(c)(1). The 
Federal Acquisition Regulations define ``U.S.-made end product'' as:

    . . . an article that is mined, produced, or manufactured in the 
United States or that is substantially transformed in the United 
States into a new and different article of commerce with a name, 
character, or use distinct from that of the article or articles from 
which it was transformed.

    The issue in this case is whether the source code written for the 
Mobile Device Software and Server Software is substantially transformed 
in the United States when the Company performs a ``software build'' in 
the United States, i.e., compiles the source code written in Canada 
(along with source code written in the United States) into executable 
object code. At the outset, we note that ``source code'' and ``object 
code'' differ in several important ways. Source code is a ``computer 
program written in a high level human readable language.'' See, e.g., 
Daniel S. Lin, Matthew Sag, and Ronald S. Laurie, Source Code versus 
Object Code: Patent Implications for the Open Source Community, 18 
Santa Clara High Tech. L.J. 235, 238 (2001). While it is easier for 
humans to read and write programs in ``high level human readable 
languages,'' computers cannot execute these programs. See Note, 
Copyright Protection of Computer Program Object Code, 96 Harv. L. Rev. 
1723, 1724 (1983). Computers can execute only ``object code,'' which is 
a program consisting of clusters of ``0'' and ``1'' symbols. Id. 
Programmers create object code from source code by feeding it into a 
program known as a ``compiler.'' Id. In this case, the writing of 
source code in Canada (and the United States) involves the creation of 
computer instructions in a high level human readable language, whereas 
the software build performed in the United States involves the 
compilation of those instructions into a format that computers can 
execute.
    CBP has consistently held that conducting a software build--
compiling source code into object code--results in substantial 
transformation. For example, in HQ H268858, dated Feb. 12, 2016, four 
software products were produced using the same three-step process: (1) 
writing the source code in Malaysia; (2) compiling the source code into 
usable object code in the United States; and (3) installing the 
finished software on U.S.-origin discs in the United States. CBP held 
that all four software products were substantially transformed in the 
United States, finding that the software build conducted in the United 
States was sufficient to create a new and different article with a new 
name,

[[Page 40430]]

character, and use. See also HQ H243606, dated Dec. 4, 2013 (source 
code programmed in China and then compiled into object code in the 
United States was substantial transformation).
    Consistent with the rulings cited above, we find that the Mobile 
Device Software and Server Software are substantially transformed in 
the United States as a result of the software build: the name of the 
product changes from source code to object code, the character changes 
from computer code to finished software, and the use changes from 
instructions to an executable program.

HOLDING:

    Based on the information provided, the Mobile Device Software and 
Server Software are substantially transformed in the United States for 
U.S. government procurement purposes.
    Notice of this final determination will be given in the Federal 
Register, as required by 19 C.F.R. Sec.  177.29. Any party-at-interest 
other than the party which requested this final determination may 
request, pursuant to 19 C.F.R. Sec.  177.31, that CBP reexamine the 
matter anew and issue a new final determination. Pursuant to 19 C.F.R. 
Sec.  177.30, any party-at-interest may, within 30 days after 
publication of the Federal Register notice referenced above, seek 
judicial review of this final determination before the Court of 
International Trade.

Sincerely,

Alice A. Kipel,

Executive Director, Regulations and Rulings, Office of Trade.

[FR Doc. 2019-17377 Filed 8-13-19; 8:45 am]
 BILLING CODE 9111-14-P