HP says its products sold unknowingly to Syria by partner

The partner was not informed that the ultimate destination of the products was Syria, HP said in newly revealed correspondence with the SEC

Hewlett-Packard said in a letter to the U.S. Securities and Exchange Commission that it had determined that its products were procured from a partner that was not informed that their ultimate destination was Syria.

HP was responding to a Sept. 6 letter from the SEC asking the company to comment on news reports in November 2011 that its equipment was allegedly installed in Syria by Italian company Area as part of a nationwide surveillance and tracking system designed to monitor people there, according to documents made public late last week.

The U.S. government has imposed a number of economic sanctions on Syria, including controls on the export of most U.S. products to the country.

In a letter dated Oct. 9 to Cecilia Blye at the SEC's Office of Global Security Risk, HP said it had determined that Area did not procure the HP products believed to have been sold into Syria directly from HP, but instead procured them from an HP partner that was not informed of the ultimate destination for those products.

Area was required under the terms of its contract with HP to comply with all applicable export laws and was specifically prohibited from selling HP's products into embargoed or sanctioned countries, HP vice president and associate general counsel David K. Ritenour wrote in the letter. HP terminated its contract with Area in April this year, he added.

Ritenour said that in June 2009 HP obtained an export license from the U.S. Department of Commerce's Bureau of Industry and Security (BIS) for the sale of HP products worth US$1 million to MTN Syria, a private telecommunications company.

Apart from that sale, he wrote, HP has not directly or indirectly knowingly provided its products and services in Iran or Syria since April 21, 2009, and did not authorize the sale of its products for use in surveillance or tracking activities in Iran or Syria, or to the governments of the two countries.

The SEC's Office of Global Security Risk was also reacting to news reports in April 2012 that products of several U.S. companies, including HP, were sold by Chinese telecommunications equipment vendor ZTE to Iran to be allegedly included in systems used for surveillance and tracking activities. The SEC also referred to June 2012 news reports that HP equipment was acquired by MTN Irancell, possibly through Huawei Technologies, another Chinese telecommunications equipment vendor.

Iran, which is suspected by the U.S. of trying to build a nuclear bomb, also faces a variety of sanctions and exports controls from the U.S. government. ZTE was required under the terms of its contract with HP to comply with all applicable export laws and was specifically prohibited from selling HP's products into embargoed or sanctioned countries, Ritenour said.

The dealings of HP and some other U.S. tech companies with ZTE and Beijing 8-Star International, which was also a party to the Iranian contracts, have come under scrutiny by the U.S. Department of Commerce, according to reports. HP confirmed in the letter that it had been contacted by the BIS, and had provided it with information and documents.

Regarding the alleged sale of HP products to MTN Irancell, HP did not find, however, that it or its subsidiaries, distributors, resellers, retailers or other vendors were involved. If the alleged sale did occur, it was not authorized by the company, Ritenour wrote.

The company's dealings in Sudan, another country that faces U.S. sanctions and export controls, have also come under scrutiny. HP provides IT services for some non-U.S. companies that may have their own business activities within Sudan, but is "mindful of U.S. legal requirements and regulatory restrictions" when providing the services, Ritenour said. HP holds the same position with regard to providing IT services to companies with operations in Iran and Syria.

As HP's products are often distributed through indirect channels, it is always possible that products may be diverted to Iran, Syria, or Sudan after being sold to channel partners, such as distributors and resellers, without HP's knowledge or consent, Ritenour added.

Join the CSO newsletter!

Error: Please check your email address.

Tags Huawei TechnologiesArea SpAregulationsecurityhardware systemsZTEgovernmentHewlett-Packardtrade

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place