HP says its products sold unknowingly to Syria by partner

The partner was not informed that the ultimate destination of the products was Syria, HP said in newly revealed correspondence with the SEC
  • John Ribeiro (IDG News Service)
  • — 26 November, 2012 11:17

Hewlett-Packard said in a letter to the U.S. Securities and Exchange Commission that it had determined that its products were procured from a partner that was not informed that their ultimate destination was Syria.

HP was responding to a Sept. 6 letter from the SEC asking the company to comment on news reports in November 2011 that its equipment was allegedly installed in Syria by Italian company Area as part of a nationwide surveillance and tracking system designed to monitor people there, according to documents made public late last week.

The U.S. government has imposed a number of economic sanctions on Syria, including controls on the export of most U.S. products to the country.

In a letter dated Oct. 9 to Cecilia Blye at the SEC's Office of Global Security Risk, HP said it had determined that Area did not procure the HP products believed to have been sold into Syria directly from HP, but instead procured them from an HP partner that was not informed of the ultimate destination for those products.

Area was required under the terms of its contract with HP to comply with all applicable export laws and was specifically prohibited from selling HP's products into embargoed or sanctioned countries, HP vice president and associate general counsel David K. Ritenour wrote in the letter. HP terminated its contract with Area in April this year, he added.

Ritenour said that in June 2009 HP obtained an export license from the U.S. Department of Commerce's Bureau of Industry and Security (BIS) for the sale of HP products worth US$1 million to MTN Syria, a private telecommunications company.

Apart from that sale, he wrote, HP has not directly or indirectly knowingly provided its products and services in Iran or Syria since April 21, 2009, and did not authorize the sale of its products for use in surveillance or tracking activities in Iran or Syria, or to the governments of the two countries.

The SEC's Office of Global Security Risk was also reacting to news reports in April 2012 that products of several U.S. companies, including HP, were sold by Chinese telecommunications equipment vendor ZTE to Iran to be allegedly included in systems used for surveillance and tracking activities. The SEC also referred to June 2012 news reports that HP equipment was acquired by MTN Irancell, possibly through Huawei Technologies, another Chinese telecommunications equipment vendor.

Iran, which is suspected by the U.S. of trying to build a nuclear bomb, also faces a variety of sanctions and exports controls from the U.S. government. ZTE was required under the terms of its contract with HP to comply with all applicable export laws and was specifically prohibited from selling HP's products into embargoed or sanctioned countries, Ritenour said.

The dealings of HP and some other U.S. tech companies with ZTE and Beijing 8-Star International, which was also a party to the Iranian contracts, have come under scrutiny by the U.S. Department of Commerce, according to reports. HP confirmed in the letter that it had been contacted by the BIS, and had provided it with information and documents.

Regarding the alleged sale of HP products to MTN Irancell, HP did not find, however, that it or its subsidiaries, distributors, resellers, retailers or other vendors were involved. If the alleged sale did occur, it was not authorized by the company, Ritenour wrote.

The company's dealings in Sudan, another country that faces U.S. sanctions and export controls, have also come under scrutiny. HP provides IT services for some non-U.S. companies that may have their own business activities within Sudan, but is "mindful of U.S. legal requirements and regulatory restrictions" when providing the services, Ritenour said. HP holds the same position with regard to providing IT services to companies with operations in Iran and Syria.

As HP's products are often distributed through indirect channels, it is always possible that products may be diverted to Iran, Syria, or Sudan after being sold to channel partners, such as distributors and resellers, without HP's knowledge or consent, Ritenour added.

Tags: Huawei Technologies, Area SpA, security, regulation, ZTE, hardware systems, government, trade, Hewlett-Packard

Review: File Recovery Tools

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Security and Control

Protect your users on the web

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.