From Wikipedia, the free encyclopedia
"QIZ" redirects here. For other uses, see .
Qualifying Industrial Zones in Jordan have helped increase the prosperity in the region.
Qualifying Industrial Zones (QIZ) are industrial parks that house manufacturing operations in Jordan and Egypt. They are special
established in collaboration with neighboring
to take advantage of the free trade agreements between the United States and Israel. Under the trade agreements with Jordan as laid down by the United States, goods produced in QIZ-notified areas can directly access US markets without
restrictions, subject to certain conditions. To qualify, goods produced in these zones must contain a small portion of Israeli input. In addition, a minimum 35% value to the goods must be added to the finished product. The concept was invented by Jordanian businessman Omar Salah.[]
The first QIZ, Al-Hassan Industrial Estate in
in northern Jordan, was authorized by the
in 1997. As of January 2009, there are five Qualifying Industrial Zones in Jordan and four QIZ designated regions in Egypt. The idea behind the establishment of QIZs was to foster a sense of prosperity and stability in
through economic cooperation and employment.
The zones differ from other trade zones as they are stand-alone entities within one country and not directly connected to other countries. In addition, their products are for exports and domestic consumption in any country, not limited to specific countries, and most importantly operate only under the authority and conditions laid down by the host government.
Jordan's King Abdullah's support was crucial for the success of Qualifying Industrial Zones in Jordan
The concept behind a Qualifying Industrial Zone is credited to Omar Salah, a Jordanian businessman. In 1993, in anticipation of the , Salah traveled to Israel with the intention of doing business with Israeli businessmen. He was also interested in business ventures that could take advantage of the eight-year-old free
between the United States and Israel that allowed Israeli goods to enter the US markets duty-free. After the treaty was signed in 1994, a business venture was struck between Salah and Delta Galil, where labor was transferred to
in northern Jordan, to take advantage of low labor costs that were forty to seventy percent lower than in Israel. Salah had envisioned that by exploiting Israeli resources such as labor, finances, and contacts, and then leveraging it to produce value-added goods, the economy of Jordan would be benefited. In addition, he surmised that economic cooperation between the two nations would help foster peace in the region.
Salah set up a public share-holding company Century Investments. For doing business with Israel, many Jordanian organizations criticized Salah and
the purchase of output in Jordan. Despite the heavy criticism, Salah nevertheless received tacit support from
of Jordan. To combat the boycott, Salah began to work with
with a larger international stake. He then actively lobbied the Jordanian government to set negotiate a free trade agreement with the United States on the lines of the United States-Israel Free Trade Area Implementation Act of 1985. Faced with little enthusiasm by the Jordanian government, Salah scrutinized the Presidential Proclamation (No. 6955) that was part of the Palestinian agreement signed between the
and Israel in 1993. In the agreement, the areas on the border between Israel and Jordan were designated as "Qualifying Industrial Zones", and goods produced here would not have
restrictions to the US markets. Since the Hassan industrial estate in Irbid, where Salah had factories located, was situated far from the bordering areas, it did not qualify for QIZ status.
Salah then lobbied the Jordanian government for extending these regions into other parts of Jordan. Government officials were luke-warm to the idea and told him that it would be "naive to assume" that the United States would give Jordan this status. Unfazed by this response, Salah traveled to the United States and lobbied hard with the , the , and the US Trade Representative that it was in US interests to extend the QIZ into Jordan's interiors. Lawyers in the United States then told Salah that even if a small portion of Israeli territory was associated with a QIZ, the proposal might materialize. Soon, USTR officials began to travel to Jordan to work on the deal.
Finally, in 1997, an agreement was signed at the
(MENA) conference at
that established a QIZ agreement with Jordan. On 6 March 1998, the Al-Hassan Zone in Irbid was designated the first QIZ in Jordan.
After the setting up of the first QIZ, few Jordanian companies took advantage of QIZ benefits due to the general hostility in doing business with Israel. Instead, Chinese and Indian companies quickly took advantage of the vacuum to set up business establishments. The lack of local enthusiasm was criticized by the
for missing the "golden opportunity". Gradually though, more Jordanian businesses began to set up business establishments as political hostilities began to be overshadowed by business economics. Soon after 1998, an additional twelve sites were given QIZ status by USTR.
Positive results from the Jordanian QIZ led to the Government of Egypt negotiating a separate QIZ protocol with the United States in Cairo on 24 December 2004. The protocol came into effect in February 2005.
Chart of the inputs breakup by country
Under the agreement (P.L. 104–234) requires that articles eligible for QIZ status must be manufactured in or directly imported from the areas administered by the
or another notified QIZ and meet the several conditions.
To quality for this scheme a product must be substantially transformed in the manufacturing process. Material and processing costs incurred in a QIZ must total not less than 35% of the appraised value of the product when imported into the United States. Of this 35%, 15% must be either US materials or materials from Israel, and/or Jordan or Egypt depending on the program. The remaining 20% of the 35% input must come from Israel and Jordan or Egypt. The remaining 65% can come from any part of the world. All importers must also certify that the article meet conditions for duty exemption.
Under the sharing agreements, the manufacturer from the Jordanian side must contribute at least 11.7% of the final produce, and the manufacturer on the Israeli side must contribute 8% (7% on high-tech products). Under the Israeli-Egyptian agreement, 11.7% of the inputs must be made in Israel.
The clothing and
has benefited most from this arrangement. As tariffs on these goods into the United States are relatively high, exporters have used the duty-free benefits of QIZs to gain quick access to markets in the United States.
Main article:
Location of Qualifying Industrial Zones in Jordan
On 6 March 1998, the
(USTR) designated the
in the northern city of
as the first QIZ. Since then, an addition twelve QIZs have been also designated across the country. Prominent QIZs include the
at , owned and operated by the , the
in Irbid, the privately owned
at , Ad-Dulayl Industrial Park and El-Zai Ready-wear Manufacturing Company near . Upcoming industrial parks include the Gateway QIZ on the northern border with Israel, Aqaba Industrial Estate at , and the Mushatta International complex in Amman.
Jordan has seen a substantial economic growth since the QIZ were set up. Exports from Jordan to the United States grew from 15 million USD to over 1 billion USD in 2004. Government sources have estimated that over 40,000 jobs have been created with the set up of QIZs. Investment is currently valued at USD 85–100 million and expected to grow to $180 to $200 million. The success of QIZ have led to the United States and Jordan signing a
in 2001 that was approved by the US Congress.
Between 1998 and 2005 Jordan moved up from the United States' thirteenth to eight largest trading partner among the 20 Middle-East-North African (MENA) entities. In 2005, US exports to and imports from Jordan totalled an estimated $1.9 billion: U.S. exports, at an estimated $646 million, were 1.8 times their 1998 US imports, at $1.3 billion, were 80 times their 1998 level. Despite the 2001 FTA between the United States and Jordan, 75% of Jordanian articles enter the United States through the QIZ program.
The apparel industry dominates both Jordan's QIZs and total exports to the United States, accounting for 99.9% of all QIZ exports and 86% of all Jordanian exports to the United States. The reason for this dominance is that QIZ products enter the United States free of duty, whereas, under the US–Jordan FTA, tariffs will not be fully eliminated until the end of the ten-year phase-in period, in 2011.
Main article:
QIZ locations in Egypt: Green: Central Delta Region, Magenta: Suez Canal Z Orange: Alexandria R and Red: Greater Cairo Zone.
phased out quantitative quotas on textile in 2004 under the Agreement on Textile and Closing, ATC, Egyptian textile and garment producers feared that their industry would be threatened by global competition from China and India. The flood of similar articles from these two nations to the United States could edge out Egyptian exports, and possibly result in the loss of 150,000 job opportunities. This was estimated to cost some of the $3.2 billion in US foreign direct investment in Egypt. Further, Egypt was in search of sources for increased economic growth and trade to provide jobs for its rapidly growing labor force.
Positive results from the Jordanian led to the Government of Egypt negotiating a QIZ protocol in
on 24 December 2004 that came into effect in February 2005. USTR has designated three QIZs in Egypt – the
Zone, and the
(69 CFR 78094). On 4 November 2005, the USTR designated a fourth zone in the Central Delta region and expanded the Greater Cairo and Suez Canal zones.
The protocol signed between the two nations is a non-reciprocal arrangement and is expected to be a step towards the establishment of a Free Trade Agreement (FTA) between the two countries. However negotiations toward a US–Egyptian free trade agreement have recently been suspended over human rights issues.
The results have been positive. Israeli exports to Egypt rose over 30% from USD 29 million in 2004 to USD 93.2 million and exceeded USD 125 million in 2006. As of 2008 ten QIZs have been set up in Egypt. Some estimate that approximately 20% of companies based in QIZs are wholly owned by Jordanians.
Women form a large part of the workforce in the QIZ.
Although most experts note that companies based in QIZs hire foreign laborers, thousands of Jordanians, particularly women from the rural countryside, have found jobs at garment factories in QIZs. In a traditional society such as Jordan, many of these women had little previous work experience and were largely caretakers of their home. Despite the low wages paid by apparel factories in the QIZs, some women have been able to support their families. However, traditional attitudes toward a woman’s place in the home persist, and many families continue to prohibit female members from working in QIZs. (See ) In response, the Jordanian Ministry of Labor has worked to ease the adjustment of women moving from the home to a new job by providing free transportation to work, subsidizing the cost of food in QIZs, and paying for dormitories near factories to cut commuting times. and providing childcare
The long-term effect of female employment in QIZs are yet to be quantified, and there is some concern that over time, Jordanian women may have difficulty in achieving higher wages in a global economy where apparel manufacturers can easily relocate to cheaper labor markets.
When the QIZ program came into being in 1996, observers regarded it as a vehicle to support the development of peaceful relations and normalization of commercial ties between Israel and the two Arab states (Jordan and Egypt) with which it had signed peace treaties. In both cases, however, a tenuous peace continues to prevail between Israel and the two Arab states. Since the conclusion of the Jordan–Israel peace treaty in October 1994, large numbers of Jordanians, particularly fundamentalists, those of Palestinian origin, and members of the professional unions continue to oppose normalization with Israel and resist the expansion of commercial relations. With the establishment of 13 QIZs in Jordan, there has been an increase in the volume of bilateral trade, though the overall totals remain modest.
By far the biggest international criticism of QIZs in Jordan is the humanitarian crisis within the factories. A comprehensive
by the Institute for Global Labour and Human Rights found that Sri Lankan migrant workers were subject to "routine sexual abuse and rape."
The United States Trade Representative (USTR) designation of 13 factories throughout Jordan (under the US-Jordan Free Trade Agreement) has led to disastrous realities, gender inequality and gender based violence:
"There are over 30,000 poor, mostly young women, foreign guest workers toiling in Jordan‘s largely foreign-owned garment factories sewing clothing for export to the United States. Under the Free Trade Agreement, those garments enter the U.S. duty-free.
"The guest workers are from Sri Lanka, Bangladesh, India, China, Nepal and Egypt. They earn less than three-quarters the wage of Jordanian garment workers, who account for only 15 to 25 percent of the total garment workforce. Jordanians earn $1.02 an hour while the foreign guest workers take home 74 1/2
cents an hour. The Jordanians work eight hours a day, while the guest workers toil an average of 12 hours a day."
Mary Jane Bolle, Alfred B. Prados, and Jeremy M. Sharp ().
(PDF). CRS Report for Congress.
. Ministry of Industry, Trade & Labor. Government of Israel.
Carroll, Katherine Blue (2003). . Lexington Books. p. 315.  .
Steinberg, Jessica (). . .
. Ministry of Trade and Industry.
USITC Dataweb
Data source: U.S. International Trade Commission Dataweb
"Trade Without Consent - Choosing Between Free Trade and Democracy in Jordan". . .
, June 12, 2011
: Hidden categories:From Wikipedia, the free encyclopedia
Diagram of an example usage of digital certificate
In , a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a . The certificate includes information about the key, information about its owner's identity, and the
of an entity that has verified the certificate's contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner.
In a typical
(PKI) scheme, the signer is a
(CA), usually a company which charges customers to issue certificates for them. In a
scheme, the signer is either the key's owner (a ) or other users ("endorsements") whom the person examining the certificate might know and trust.
Certificates are an important component of
(TLS, sometimes called by its older name SSL, Secure Sockets Layer), where they prevent an attacker from impersonating a secure
or other server. They are also used in other important applications, such as
Certificates can be created for -based servers with tools such as 's
command, or 's gensslcert. These may be used to issue unmanaged certificates[],
(CA) certificates for managing other certificates, and user or computer certificate requests to be signed by the CA, as well as a number of other certificate related functions.
Similarly,
contains a CA as part of Certificate Services for the creation of digital certificates. In
and later the CA may be installed as part of
Certificate Services. The CA is used to manage and centrally issue certificates to users or computers. Microsoft also provides a number of different certificate utilities, such as SelfSSL.exe for creating unmanaged certificates, and Certreq.exe for creating and submitting certificate requests to be signed by the CA, and certutil.exe for a number of other certificate related functions.
comes with the
program, which is able to perform various certificate-related services.
Serial Number: Used to uniquely identify the certificate.
Subject: The person, or entity identified.
Signature Algorithm: The algorithm used to create the signature.
Signature: The actual signature to verify that it came from the issuer.
Issuer: The entity that verified the information and issued the certificate.
Valid-From: The date the certificate is first valid from.
Valid-To: The expiration date.
Key-Usage: Purpose of the public key (e.g. encipherment, signature, certificate signing...).
Public Key: The public key.
Thumbprint Algorithm: The algorithm used to
the public key certificate.
Thumbprint (also known as ): The hash itself, used as an abbreviated form of the public key certificate.
uses the concept of classes for different types of digital certificates:
Class 1 for individuals, intended for email.
Class 2 for organizations, for which proof of identity is required.
Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing .
Class 4 for online business transactions between companies.
Class 5 for private organizations or governmental security.
Other vendors may choose to use different classes or no classes at all as this is not specified in the PKI standards.
1999/93/EC on "a Community framework for electronic signatures" defines the term qualified certificate as a certificate which meets the requirements of Annex I and is provided by a certification service provider who fulfills the requirements of Annex II.
According to Annex I, qualified certificates must contain:
An indication that the certificate is issued as a qualified certificate
The identification of the certification service provider and the state in which it is established
The name of the signatory or a pseudonym, which shall be identified as such
Provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended
Signature verification data which correspond to signature creation data under the control of the signatory
An indication of the beginning and end of the period of validity of the certificate
The identity code of the certificate
The advanced electronic signature of the certification service provider issuing it
Limitations on the scope of use of the certificate, if applicable
Limits on the value of transactions for which the certificate can be used, if applicable
Annex II requires certification service providers to:
Demonstrate the reliability necessary for providing certification services
Ensure the operation of a prompt and secure directory and a secure and immediate revocation service
Ensure that the date and time when a certificate is issued or revoked can be determined precisely
Verify, by appropriate means in accordance with national law, the identity and, if applicable, any specific attributes of the person to which a qualified certificate is issued
Employ personnel who possess the expert knowledge, experience, and qualifications necessary for the services provided, in particular competence at managerial level, expertise in electronic signature technology and familiarity with proper security procedures. They must also apply administrative and management procedures which are adequate and correspond to recognized standards.
Use trustworthy systems and products which are protected against modification and ensure the technical and cryptographic security of the process supported by them
Take measures against forgery of certificates, and, in cases where the certification service provider generates signature creation data, guarantee confidentiality during the process of generating such data
Maintain sufficient financial resources to operate in conformity with the requirements laid down in the Directive, in particular to bear the risk of liability for damages, for example, by obtaining appropriate insurance
Record all relevant information concerning a qualified certificate for an appropriate period of time, in particular for the purpose of providing evidence of certification for the purposes of legal proceedings. Such recording may be done electronically.
Not store or copy signature creation data of the person to whom the certification service provider provided key management services
Before entering into a contractual relationship with a person seeking a certificate to support their electronic signature, inform that person by a durable means of communication of the precise terms and conditions regarding the use of the certificate, including any limitations on its use, the existence of a voluntary accreditation scheme and procedures for complaints and dispute settlement. Such information, which may be transmitted electronically, must be in writing and in readily understandable language. Relevant parts of this information must also be made available on request to third parties relying on the certificate.
Use trustworthy systems to store certificates in a verifiable form so that:
Only authorized persons can make entries and changes
Information can be checked for authenticity
Certificates are publicly available for retrieval in only those cases for which the certificate holder's consent has been obtained
Any technical changes compromising these security requirements are apparent to the operator
Main article:
In this model of trust relationships, a CA is a trusted third party - trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. According to NetCraft , the industry standard for monitoring Active TLS certificates, states that "Although the global [TLS] ecosystem is competitive, it is dominated by a handful of major CAs — three certificate authorities (Symantec, Comodo, GoDaddy) account for three-quarters of all issued [TLS] certificates on public-facing web servers. The top spot has been held by Symantec (or VeriSign before it was purchased by Symantec) ever since [our] survey began, with it currently accounting for just under a third of all certificates. To illustrate the effect of differing methodologies, amongst the million busiest sites Symantec issued 44% of the valid, trusted certificates in use — significantly more than its overall market share."
The most common use of certificates is for -based web sites. A
validates that a TLS ()
is authentic, so that the user can feel secure that his/her interaction with the
has no eavesdroppers and that the web site is who it claims to be. This security is important for . In practice, a web site operator obtains a certificate by applying to a certificate provider (a
that presents as a commercial retailer of certificates) with a . The certificate request is an electronic document that contains the web site name, contact email address, company information and the public key (for security reasons the private key is not part of the request and is not sent to the certificate authority). The certificate provider signs the request, thus producing a public certificate. During web browsing, this public certificate is served to any web browser that connects to the web site and proves to the web browser that the provider believes it has issued a certificate to the owner of the web site.
Before issuing a certificate, the certificate provider will request the contact email address for the web site from a public , and check that published address against the email address supplied in the certificate request. Therefore, an https web site is only secure to the extent that the end user can be sure that the web site is operated by someone in contact with the person who registered the .
As an example, when a user connects to / with their browser, if the browser does not give any certificate warning message, then the user can be theoretically sure that interacting with / is equivalent to interacting with the entity in contact with the email address listed in the public registrar under "", even though that email address may not be displayed anywhere on the web site. No other surety of any kind is implied. Further, the relationship between the purchaser of the certificate, the operator of the web site, and the generator of the web site content may be tenuous and is not guaranteed. At best, the certificate guarantees uniqueness of the web site, provided that the web site itself has not been compromised (hacked) or the certificate issuing process subverted.
A certificate provider can opt to issue three types of certificates, each requiring its own degree of vetting rigor. In order of increasing rigor (and naturally, cost) they are: Domain Validation, Organization Validation and Extended Validation. These rigors are loosely agreed upon by voluntary participants in the .
Main article:
A certificate provider will issue a Domain Validation (DV) class certificate to a purchaser if the purchaser can demonstrate one straightforward vetting criterion: the right to administratively manage the domain name in question. For example, a domain name registrar might sell (or more accurately, resell) DV certificates through their domain name management system.
A certificate provider will issue an Organization Validation (OV) class certificate to a purchaser if the purchaser can meet two criteria: the right to administratively manage the domain name in question, and perhaps, the organization's actual existence as a legal entity. A certificate provider publishes its OV vetting criteria through its .
Main article:
To acquire an
(EV) certificate, the purchaser must persuade the certificate provider of its legitimacy by surviving a battery of complex vetting criteria, the majority of which are manually performed. As with OV certificates, a certificate provider publishes its EV vetting criteria through its .
Browsers will generally offer users a special visual indication when a site presents an EV certificate. For example, it might change the background color of the URL bar from neutral to green. In this way, the user can decide whether or not to more readily trust the site as being legitimate.
A web browser will give no warning to the user if a web site suddenly presents a different certificate, even if that certificate has a lower number of key bits, even if it has a different provider, and even if the previous certificate had an expiry date far into the future.[] However a change from an EV certificate to a non-EV certificate will be apparent as the green bar will no longer be displayed. Where certificate providers are under the jurisdiction of governments, those governments may have the freedom to order the provider to generate any certificate, such as for the purposes of law enforcement. Subsidiary wholesale certificate providers also have the freedom to generate any certificate.
All web browsers come with an extensive built-in list of trusted , many of which are controlled by organizations that may be unfamiliar to the user. Each of these organizations is free to issue any certificate for any web site and have the guarantee that web browsers that include its root certificates will accept it as genuine. In this instance, end users must rely on the developer of the browser software to manage its built-in list of certificates and on the certificate providers to behave correctly and to inform the browser developer of problematic certificates. While uncommon, there have been incidents in which fraudulent certificates have been issued: in some cases, the browsers hav in others, some time passed before browser developers removed these certificates from their software.
The list of built-in certificates is also not limited to those provided by the browser developer: users (and to a degree applications) are free to extend the list for special purposes such as for company intranets. This means that if someone gains access to a machine and can install a new root certificate in the browser, that browser will recognize websites that use the inserted certificate as legitimate.
For , this reliance on something external to the system has the consequence that any public key certification scheme has to rely on some special setup assumption, such as the existence of a .
In spite of the limitations described above, certificate-authenticated SSL is considered mandatory by all security guidelines whenever a web site hosts confidential information or performs material transactions. This is because, in practice, in spite of the
described above, web sites secured by public key certificates are still more secure than unsecured http:// web sites.
. Official Journal L 013 , 19/01/2000 P. 0012 - 0020. Annex II.
. Mozilla.org 2012.
. Mozilla.org 2012.
. Mozilla.org 2012.
Ran Canetti: Universally Composable Signature, Certification, and Authentication. CSFW 2004,
(18 January 2014).
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
Wikipedia.org Public key certificate details
: Hidden categories: