A U.S.-based Massive Open Online Courses (MOOC) educational services provider, Coursera, felt recently the sanctions regulations pinch. In an unusually public way, as far as cases such as these go, Coursera cut out Cuba, Iran, and Sudan from its service area. You can read the press statement here.
The United States maintains country-based programs (just a handful of countries affected) and, for lack of a better term, list-based sanctions programs (one of the more challenging aspect of compliance in the virtual world). In addition to economic sanctions, certain technologies and services are subject to export controls.
According to Coursera (emphasis added is my own):
interpretation of export control regulations as they relate to MOOCs has been unclear and Coursera has been operating under the interpretation that MOOCs would not be restricted. We recently received information that has led to the understanding that the services offered on Coursera are not in compliance with the law as it stands. Accordingly we have instituted a restriction in compliance with the current export controls to ensure that our business remains in good standing with the law.
For companies doing business on the Internet, the law will always be unclear. Caution is always a good idea, especially when you’re dealing with high-risk country-based sanctions areas. For the list-based sanctions, for example Treasury’s SDN list that includes names and entities that are blocked from the U.S. financial system for a whole variety of policy reasons, the compliance challenge is more daunting.
Many clients become very frustrated with these laws. I’ve counseled many and the decision should be clear cut. When all the legal analysis said and done, the key question to doing business in high risk countries boils down to this: Is the legal risk worth the cost of doing business in a sanctioned country or area of concern?
It is, and never will be, easy to comply with these rules and regulations. You need to take a close look at the line of business you’re in, the product or service you’re selling, and the screening options you have in place to ensure compliance.
The bad guys are clever. Masking an IP is easy to do. Users also lie, use aliases. Certain countries use the Internet to control information flows to its people, or deny usage outright. And much more. As a result, some companies make a business and policy decision to just stay away from certain places.
The United States, through its elected in the Congress as well as the White House, have made policy decisions through the years that result in these laws. Human rights violators, drug smugglers, terrorists, money launderers, state sponsors of terrorism, labor and sex traffickers are the targets of these sanctions. The export control aspect of this issue aims to keep away dual-use and military technology and services from these bad actors.
Coursera is doing the responsible thing, muddling its way through it. While I do not have full information, they should have thought of this before making their services available in sanctioned countries. And, even if they did, these programs evolve with technological and legal developments. Yes, compliance never ends.
In all likelihood, because Coursera is in the education and information arena, they may be able to custom design certain offerings for areas of concern. If the critics have an issue Coursera’s approach, and a few do, they should take it up with the U.S. Congress and the Obama Administration.