In August 2023, CFIUS added eight military bases in six states to its list of sensitive military and government installations for potential national security risk intervention. These new protected sites are as follows:
- Air Force Plant 42 in California, a classified aircraft manufacturing facility;
- Dyess Air Force Base in Texas, which flies the B-1 and B-21 bombers;
- Ellsworth Air Force Base in South Dakota, which flies the B-1 and B-21 bombers;
- Grand Forks Air Force Base in North Dakota, which flies the Global Hawk RQ-4 drone;
- Iowa National Guard Joint Force Headquarters in Iowa;
- Lackland Air Force Base in Texas, the sole basic training facility for the Air Force;
- Laughlin Air Force Base in Texas, the largest Air Force undergraduate pilot training base; and
- Luke Air Force Base in Arizona, the Air Force’s advanced pilot training base for F-16s and F-35s.
As a result, transactions involving real estate within 100 miles of these sites now are subject to increased CFIUS scrutiny.
B. State Laws Restricting Foreign Investments in Real Estate
In 2023, thirteen states either enacted legislation for the first time or updated existing state law to limit foreign ownership of real estate. The new state laws restrict certain foreign ownership of the following:
- land within close proximity of military installations and/or critical infrastructure facilities (e.g., Alabama, and Montana);
- agricultural land (e.g., Ohio, North Dakota, and Virginia); and/or
- all real estate within the state (e.g., Tennessee, and Utah).
A Florida law enacted in May 2023 prohibits “foreign principals” (including certain individuals and entities from specified countries such as China) from owning or acquiring Florida real estate. This law is facing a legal challenge and other criticism based on, among other things, civil rights and federal preemption claims.
In 2023, a high-profile real estate transaction in North Dakota brought these issues to the forefront of U.S. national security law and policy debates. The transaction involved a Chinese company’s acquisition of over 300 acres of agricultural land in North Dakota to build a corn processing plant. The U.S. Air Force opposed the purchase, finding that it posed a “significant threat to national security” because nefarious actors from China could use the land to collect data on military drones flying in the vicinity of Grand Forks Air Force Base, which is twelve miles away. However, CFIUS determined in December 2022 that it did not have jurisdiction to review the transaction. The Grand Forks City Council subsequently terminated the development agreement between the city and the planned facility, potentially making the project nonviable, and CFIUS subsequently amended its regulations to assert jurisdiction over the base.
C. Conclusion
More laws are likely to be passed in 2024. Dozens of bills have been introduced in the U.S. Congress and over a dozen states are considering legislation to further restrict foreign ownership of U.S. real estate. Investors should closely follow these developments and ensure their policies, procedures, and due diligence are up-to-date. In addition, investors must ensure they are adequately prepared to analyze new and developing risks and comply with new notice requirements.
II. Biden Administration’s Outbound Investment Program
A. Outbound Investment Executive Order
On August 9, 2023, President Biden issued an Executive Order regarding U.S. investments in certain national security technologies and products in countries of concern, which has frequently been referred to as the “Outbound Investment EO” (EO). The EO is intended to deal with the threat of advancements in military, intelligence, surveillance, and cyber-enabled technologies and products from China and other countries of concern and aims to curb investments from the United States in those sectors and in those countries. The EO directs the U.S. Department of the Treasury (Treasury) to issue regulations prohibiting certain transactions in these sectors (prohibited transactions) and establishing notification requirements for others. Although the EO established no regulations on its own, it provides guidance for how Treasury should implement the EO with room for further expansion of its directives.
In accordance with the EO, Treasury on the same day published an Advance Notice of Proposed Rulemaking (ANPRM) regarding the forthcoming regulations that will prohibit certain transactions in these sectors and establish notification requirements for others. The ANPRM proposed a number of key definitions and invited public comment on over eighty specific issues relating to the implementation of the EO.
B. Scope of the EO
The EO directs Treasury to begin a rulemaking process that will designate specific types of investments by U.S. persons in China or in certain Chinese-affiliated entities that develop or produce semiconductors, quantum computers, and artificial intelligence applications as either prohibited or notifiable transactions.
The forthcoming regulations must cover transactions with “covered foreign persons” from “countries of concern” who engage in activities involving national security technologies or products. This also includes entities owned fifty percent or more by the above parties (which could include, e.g., U.S. subsidiaries of a Chinese parent company). The People’s Republic of China, along with the special administrative regions of Hong Kong and Macau, is currently the only nation listed as a “country of concern,” but that list is subject to change. Covered national security technologies and products are those technologies and products critical for the military, intelligence, surveillance, or cyber-enabled capabilities of a country of concern and are limited to three sectors:
- 1. Semiconductors and microelectronics;
- 2. Quantum information technologies; and
- 3. Artificial intelligence.
Of note, the transaction itself does not need to involve covered national security technologies or products to fall under the EO’s purview. If a foreign party engages in any activities concerning those matters, then any transaction with that party may be subject to the EO.
The forthcoming regulations may also bar U.S. persons from “knowingly directing” transactions by non-U.S. persons if such dealings would be prohibited transactions if engaged in by an U.S. person. This restriction would prohibit corporate officers and directors who are U.S. nationals from ordering or approving investments by foreign branches, subsidiaries, or funds into Chinese entities involved in the covered technology sectors. The restriction would also cover, for example, a U.S. person acting as a general partner of a foreign fund or U.S. venture partners launching and directing a foreign fund.
The EO expressly permits Treasury to exempt certain transactions from the categories of prohibited transactions and notifiable transactions if doing so would “be in the national interest of the United States.” Notable potential exclusions include certain passive or other investments that pose a lower likelihood of conveying intangible benefits. For example, Treasury is considering excepting certain U.S. investments into publicly traded securities, index funds, mutual funds, exchange-traded funds, and certain investments made as a limited partner, committed but uncalled capital investments, and intracompany transfers of funds from a U.S. parent company to its subsidiary.
The EO directs Treasury to issue its regulations in consultation with the Secretary of Commerce and the heads of other relevant departments and agencies. The EO also lists a series of other cooperative steps that Treasury must take in its implementation, including consulting with the Secretary of State on foreign policy considerations and the Secretaries of State, Defense, Commerce, and Energy plus the Director of National Intelligence on the implications for military, intelligence, surveillance, or cyber-enabled capabilities of certain covered national security technologies and products.
C. Advance Notice of Proposed Rulemaking Relating to the EO
The Advance Notice of Proposed Rulemaking Relating to the EO (ANPRM) clarified the intended scope of Treasury’s forthcoming regulations and invited public comment on eighty-three specific issues. In particular, the ANPRM described the types of China-related transactions that the Treasury is considering prohibiting or requiring notification to the U.S. government.
The ANPRM sought comment on proposed definitions for many key terms, including those relating to:
- U.S. Person;
- Covered Foreign Person;
- Person of a Country of Concern; and
- Covered Transaction.
In addition, the ANPRM sought comments on the proposed parameters for the prohibited and notifiable transactions involving the “covered national security technologies and products,” defined as semiconductor and microelectronic technologies and products, quantum information technologies, and AI systems. Specifically, Treasury sought comment regarding any suggested modifications to the definitions under consideration to enhance clarity or close any loopholes, including modifications to the proposed definitions for particular technologies such as “supercomputer,” “electronic design automation software,” “quantum computers and components,” “quantum sensors,” and “AI system.”
The ANPRM also requested comments on the liability standards to be included in the regulations, including the “knowledge” standard, the definition of “knowingly directing” transactions, and potential obligations for U.S. persons regarding foreign entities that they control. Importantly, though, the ANPRM was not intended to be draft regulatory text draft regulations will follow at a later stage in the process.
III. Lawful Responses to Hostage-Taking
On October 7, 2023, Hamas terrorists stormed into Israel, killing 1,200 people and kidnapping 239. The kidnapping victims were transported across the border into Gaza City and held as hostages.
To say the least, the attack sparked strong reactions from all corners and, in short order, calls for Israel to “show restraint” in its response. But much of the discussion about Israel’s response—by individuals and organizations (including the American Bar Association), alike—betrayed fundamental misunderstandings of the scope of lawful actions a country may take in response to its nationals being taken and held hostage.
As with so many areas of law, a full discussion concerning lawful use of force in hostage situations fills volumes, and this present attempt to summarize the factors relevant to Israel’s response to October 7 undoubtedly leaves out a great many details and associated nuance. But it is uncontested that the use of force—even deadly force—is lawful to affect hostage rescues, whether in a law enforcement or military context.
It is also undisputed that taking and holding hostages is a criminal act, both as a matter of domestic law in most, if not all countries, and certainly in international law. U.S. federal law prohibits hostage-taking as: “[1] seize[ing] or detain[ing] and [2] threaten[ing] to kill, to injure, or to continue to detain another person [3] in order to compel a third person or a governmental organization to do or abstain from doing any act [4] as an explicit or implicit condition for the release of the person detained… .” The penalty for hostage-taking can be life imprisonment, or death if the crime results in the death of any person, which could include the hostage, a rescuer, co-conspirator, or bystander. Federal law and states alike also separately prohibit kidnapping, with similar penalties.
The widespread prohibition on hostage-taking in international law spans human rights law, criminal law, and international humanitarian law (i.e., the law of war). Common Article 3 of the Geneva Conventions expressly prohibits taking hostages; the prohibition is repeated in Article 34 of the Fourth Geneva Convention, and its violation is an enumerated “grave breach” in Article 147 of that Convention, which makes it a war crime triable in any number of fora, including the United States. It is also called a “grave” offense in the International Convention Against the Taking of Hostages, which calls for State cooperation regarding prosecution or extradition of hostage-takers. Closely-related prohibitions in various areas of international law include those related to kidnapping or enforced disappearance, and the use of human shields.
Despite the U.N. Charter’s general prohibition on the use of force, States have long employed force for reasons such as self-defense (enshrined in Article 51 of the Charter itself), and protection of their citizens abroad. Such resorts to force have generally been accepted as legitimate by the international community if the factual predicate for the justification is clear and reasonable.
Decisions to use force lawfully—including in hostage situations—normally require determinations regarding the imminence of the threat (e.g., the threat to the hostage), discrimination of the would-be target of the force to be used (generally easier in traditional wars where lawful combatants of opposing forces wear uniforms), and proportionality of force necessary to eliminate the threat posed by the initial aggressor (here, the hostage-taker, or, more accurately the hostage-taking force).
Importantly, the notion of proportionality is regularly invoked in colloquial or political rhetoric in ways that have no relation to the term of art embodying the law of war principle. Whether a nation’s military response to an attack is proportional under the law is an intent-based test rather than effects-based test. Specifically, in war, the law looks to the anticipated military advantage to be gained. In this situation, that may include effecting hostage rescues or recovery, and/or neutralizing the longstanding, lethal, and arguably existential threat that the Hamas terrorist organization poses to the sovereign state of Israel and its citizens. Employing whatever level of force that is reasonably necessary to eliminate the threat is proportionate as a matter of law, even if the effects of the force cause blowback in terms of popular opinion and political will. That is, admittedly, a rather cold way of saying that just because the application of force is legal it does not mean that it is either a good idea politically or morally right. At the same time, a response that causes significant death and destruction is not necessarily illegal.
IV. Nuclear Arms Control 2023
In 2023, states possessing nuclear weapons continued to modernize, and in some cases expand, their arsenals. Russia continued its broad modernization program, with the intent of replacing all Soviet-era weapons by the late 2020s. Russia also proceeded to implement its nuclear sharing agreement with Belarus. The U.S. continued its planned deployment of the B-21 Raider stealth bomber, new missile-launching submarines, and a new generation of silo-based intercontinental ballistic missiles (ICBMs). China continued the modernization and expansion of its arsenal, including deployment of longer range ICBMs, and is now estimated to have about 400 warheads, with more in production. In November, France announced the successful test firing of a longer range ICBM that it anticipates will “contribute to the lasting credibility of France’s oceanic deterrence in coming decades.” India continued to pursue “a slow but steady quantitative and qualitative modernization of the Indian arsenal.” North Korea continued to test fire a variety of nuclear-capable missiles. No states possessing nuclear arms have ratified the Treaty on the Prohibition of Nuclear Weapons (TPNW).
In October, a report by a special Congressional Commission on strategic nuclear posture concluded that the U.S.’s nuclear arsenal is inadequate to deter both Russia and China, and recommended enhancements including additional numbers of bombers, missile submarines, warheads, and the possible addition of multiple warheads on land-based missiles. These recommendations were rejected by the Biden administration, which asserted that the arsenal is adequate to deter both adversaries, that the proposed enlargements could trigger a dangerous arms race, and that “the United States does not need to increase our nuclear forces to outnumber the combined total of our competitors in order to effectively deter them.”
Russia continued its “suspension” of the New START treaty limiting the deployment of strategic nuclear weapons but asserted it would continue to observe the treaty’s numerical limits. No negotiations are currently scheduled to extend or replace the treaty, which is scheduled to expire in early 2026.
Russia revoked its ratification of the Comprehensive Nuclear Test Ban Treaty (CTBT), but said it had no plans to test, and continued its participation in the CTBT Organization’s test detection network. The CTBT has never entered into force, but all states except North Korea have observed a test moratorium since 1996. Russia and the U.S. have accused each other of exceeding treaty limits at extremely low yields, although some experts have questioned whether any state could obtain a competitive advantage by testing at the extremely low yields in question. The U.S. has proposed some verification procedures which could be monitored by international observers, but no formal proposal had been made when this article went to press.
No progress was reported on a new agreement to limit Iran’s civil nuclear program. In November, the International Atomic Energy Agency (IAEA) reported that Iran was still enriching uranium to sixty percent, from which it could be more quickly enriched to weapons grade and was blocking access to IAEA inspectors.
The 2023 NPT Review Conference ended without agreement on a Final Document.
V. Ransomware and Cryptocurrency Developments in 2023
A. White House National Cybersecurity Strategy
The March 2023 White House National Cybersecurity Strategy covered four goals:
- International cooperation to disrupt the ransomware ecosystem and isolate countries that provide safe havens, such as Russia, Iran, and North Korea, for ransomware criminals;
- Law enforcement investigations of ransomware crimes to disrupt ransomware infrastructure and actors;
- Bolstering of critical infrastructure resilience to withstand ransomware attacks; and
- Targeting money laundering through virtual currency abuse.
The U.S. government sought to target ransomware operators’ frequently-employed illicit cryptocurrency exchanges and improve international implementation of standards to combat illegal virtual asset finance. In cooperation with private sector partners, the U.S. government is implementing anti-money laundering and counter-terrorism (“AML” and “CFT”) financing regulations to trace and intercept ransomware payments made through U.S. financial institutions offering cryptocurrency services. The U.S. is seeking to establish global standards for the prevention of ransomware payments, consistent with Executive Order (“EO”) 14067, “Ensuring Responsible Development of Digital Assets,” an initiative based on the principle that government intervention, combined with non-payment of ransoms, and reporting by ransomware victims will effectively deter ransomware criminal groups.
B. Department of the Treasury Illicit Finance Risk Assessment
In April 2023, Treasury issued a risk assessment report on illicit finance practices. Ransomware actors increasingly target high-value enterprises, demanding larger payouts, with a median ransomware-related payment amount of $135,000. The rise of decentralized finance (DeFi) services and decentralized mixers exacerbated the challenge of tracking and disrupting ransomware operations. DeFi tools enable ransomware actors to launder illicit proceeds from ransom payments by exchanging virtual assets and obfuscating the movement of funds. One blockchain analytics firm identified a cross-chain bridge that was used to launder over $50 million ransomware proceeds from over thirteen ransomware strains in the first half of 2022.
Cybercriminals often employ remote desktop protocol (RDP) endpoints and phishing campaigns to gain access to victim networks, often forming partnerships and sharing resources, such as exploit kits, to enhance attacking capabilities. Additionally, the “ransomware-as-a-service” (RaaS) model lowered the barrier to entry for aspiring ransomware actors by providing pre-built malware and support services. The rise of double extortion tactics, whereby criminals steal, decrypt and threaten to publish confidential data, further compounded this threat.
C. IRS Gross Proceeds and Basis Reporting by Brokers and Determination of Amount Realized and Basis for Digital Asset Transactions (REG-122793-19)
In August 2023, The International Revenue Service (IRS) proposed regulations regarding certain digital asset sales and exchanges. The proposed regulations expand and clarify the definition of “broker” for reporting purposes, encompassing any individual or entity facilitating the sale of digital assets. This includes trading platforms, operators of noncustodial trading platforms, payment processors, kiosk owners, wallet hosting providers, and real estate reporting persons. The expansive definition of “person” includes decentralized autonomous organizations, potentially subjecting governance token holders to reporting requirements. Merchants accepting digital assets as payment, cryptocurrency miners, wallet hardware sellers, and wallet software licensors are generally not considered brokers. The rules for determining whether a sale occurs inside or outside the U.S. depend on broker classification, with complex rules for non-U.S. brokers and the location of digital assets.
Further, the proposal expands the definition of a “sale” subject to reporting to include certain dispositions of digital assets for cash, services, property, securities, real estate, and other digital assets. Brokers are required to report gross proceeds for each reportable sale, accounting for the U.S. dollars or other currencies credited to the customer’s account, the fair market value of any property received, the issue price of debt instruments received by the customer, and the allocable digital asset transaction cost. Brokers are also required to report the adjusted basis of covered securities – digital assets acquired on or after January 1, 2023. The proposed regulations modify the general rules for determining the adjusted basis and initial basis for securities to accommodate digital assets. The initial basis for digital assets will generally be determined based on the cost of the digital asset, increased by any allocable digital asset transaction costs. The amount realized from a disposition involving digital assets generally will be the value of any cash, property, or services received, reduced by any allocable digital asset transaction costs. The proposed regulations are effective for taxable years ending on or after August 29, 2023, and the proposed rules on broker reporting for gross proceeds from the sale of digital assets are applicable if the sale is completed on or after January 1, 2025.
D. Crypto-Asset National Security Enhancement and Enforcement Act (S. 2355)
A bipartisan group of U.S. Senators proposed new legislation, the Crypto-Asset National Security Enhancement and Enforcement Act of 2023 (CANSEE), to combat money laundering, crypto-facilitated crime, and sanctions violations, seeking to mandate that DeFi services adhere to the same AML and economic sanctions compliance standards as other financial institutions, such as centralized crypto trading platforms, casinos, and pawn shops. This rule would result in DeFi services implementing AML programs, conducting due diligence on their customers, and report suspicious transactions to FinCEN (Financial Crimes Enforcement Network).
The CANSEE Act would also require crypto kiosk operators (also known as “crypto ATMs”) to improve the traceability of funds by verifying the identities of each counterparty to each transaction using a kiosk. Currently, Treasury Department authorities are limited to transactions conducted in the traditional banking system, but as new technologies like cryptocurrency increasingly enable new ways to conduct financial transactions, CANSEE proposes expanding the Treasury’s authority to crack down on illicit financial activity that may occur outside the banking sector.
E. Notable Cases
1. Poloniex, LLC
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced in May of 2023 that Poloniex, LLC (“Poloniex”) had agreed to pay a $7.59 million settlement to resolve potential civil liability for apparent violations of U.S. sanctions against Crimea, Cuba, Iran, Sudan, and Syria.
Between January 2014 and November 2019, Poloniex allowed customers apparently located in sanctioned jurisdictions to make online transactions involving digital assets, such as trades, deposits, and withdrawals. These transactions totaled $15,335,349. Poloniex knew that these customers were located in sanctioned jurisdictions based on both Know Your Customer (KYC) information and internet protocol (IP) address data. The OFAC determined that Poloniex’s apparent violations were not voluntarily self-disclosed and were not egregious. As a result, Poloniex agreed to remit $7,591,630 to settle its potential civil liability.
2. Ekaterina Zhdanova
In November 2023, OFAC sanctioned Ekaterina Zhdanova, a Russian national, for her role in laundering and moving funds using virtual currency on behalf of Russian elites and ransomware actors. Zhdanova assisted in obfuscating the source of wealth for Russian clients, facilitated large cross-border transactions using virtual currency, provided services to individuals connected with the Russian Ryuk ransomware group, and laundered over $2.3 million of suspected victim payments on behalf of a Ryuk ransomware affiliate. Zhdanova’s actions allowed Russian elites and ransomware actors to evade U.S. and international sanctions and obfuscate their identities.
3. Samuel Bankman-Fried
Sam Bankman-Fried (“SBF”), founder of the cryptocurrency exchange FTX, was arrested December 13, 2022, and charged with seven counts of fraud, conspiracy, and money laundering related to the collapse of FTX. FTX, once one of the largest cryptocurrency exchanges globally, filed for bankruptcy in November 2023 after losing billions of dollars in customer funds.
On November 2, 2023, a Manhattan jury convicted SBF on all counts. His conviction was a significant blow to the cryptocurrency industry, which has frequently faced scams and fraud in recent years. The jury found SBF guilty of stealing customer funds from FTX, which he used to finance personal investments, political contributions, and charitable donations, and for misleading investors about the financial health of the exchange, which contributed to its collapse.
Despite SBF’s conviction, there is still a market for virtual assets. The price of bitcoin has more than doubled in 2023, and large financial institutions increasingly seek to invest in cryptocurrencies. FTX may also be set for a comeback, as its current CEO is working on a plan to repay customers who lost money in the exchange’s collapse. Some argue that SBF’s downfall may ultimately be beneficial for the industry, as it could lead to a more mature and responsible cryptocurrency market.
Orga Cadet and Raul Rangel Miguel served as co-committee editors of this article. Barbara Linney, Scott C. Jansen, and Orga Cadet, co-authored “Real Estate-Related National Security Developments in 2023.” Geoffrey Goodale, Lauren E. Wyszomierski, and Jonathan Meyer, coauthored “Biden Administration Announces Outbound Investment Program.” Adam R. Pearlman, authored “Lawful Responses to Hostage-Taking.” Guy C. Quinlan, authored “Nuclear Arms Control 2023.” Joy Momin, authored “Ransomware and Cryptocurrency in 2023.”