Preliminary thoughts on 80 FR 31505, setting out revisions to a number of ITAR definitions. 

There are several proposals which I think are welcome. First, the exemption for encrypted tech data is helpful, not only for US exporters but also for foreign companies storing data on, and downloading it from, U.S. servers. Unfortunately, it may be difficult for foreign companies to comply with U.S. cryptographic requirements because their own governments have different regulatory mandates.

Second, the attempt to narrow the definition of tech data could also be helpful, albeit distinguishing that data which is ‘peculiarly responsible’ for achieving the controlled performance levels may be trickier in practice than in theory.

That said, I do have reservations about the DDTC’s attempt to impose a pre-publication approval requirement before technical data is placed in the public domain (new 120.11(b). It would appear that this is an attempt to create an ex post defensive position in the lawsuit brought by Defense Distributed against the DDTC for trying to prevent them from placing files on line which would enable a 3D printer to produce a primitive plastic gun. This issue looks as if it will be fought out in the US courts over a questionable doctrine under which a government is entitled to prevent publication of material, even if it is neither security classified nor government owned.

My main concerns remain with defense services. The DDTC have taken some account of views expressed, including by EGAD, on the previous draft, but not enough.

In 120.9(a)(1), the criterion that the provider of the service must have knowledge of the relevant US-origin technical data, seems eccentric and illogical. One can easily envisage cases where exactly the same activity might be treated as a defense service or not, depending not on the activity but on who does it. (An example might be someone in a management or an export control role in a submarine manufacturing business).

One assumes that DDTC are taking this line in order to defend their position in Hughes satellite type cases (where DDTC charged Hughes with providing defense services without exporting technical data), but it does not make a lot of sense. It may also be more difficult than DDTC claim to believe, to establish the facts of whether an individual has had access to the relevant technical data. It would be preferable if the DDTC finally bit the bullet, and made the export of technical data a criterion for the provision of a defense service.

I also remain unhappy about (a)(2), and the DDTC’s attempt to assert jurisdiction over the integration of non-USML items into foreign defense articles. Why, for example, do they not use the same criterion ( ie knowledge of the relevant US technical data) as in (a)(1)?
In their commentary, DDTC appear to be arguing that the AECA does not mandate a distinction between US and non-US defense articles. This is a very precarious argument for several reasons:

1. It conflates designation with regulation. The AECA designates ‘defense articles’ as subjects for controls, but regulates ‘exports’ (and imports). It follows as a matter of logic that the defense articles in question must be in (or entering) the U.S.

2. This point is supported by the AECA requirement for ‘persons’ engaged in the manufacture  of  ‘defense  articles’ to register (see (b)(1)(A)(i)).Even the DDTC would not assert that the registration requirement extends to foreign persons engaged in manufacturing foreign defense articles.

3. Finally, the AECA itself distinguishes between ‘defense articles’ and ‘foreign defense articles’. See (b)(1)(A)(i) and (ii) (I):
 ‘As prescribed in regulations issued under this section, every person …who  engages in the business of manufacturing, exporting, or importing any defense articles or defense services designated by the President under subsection (a)(1) shall register…
‘ As prescribed in regulations issued under this section, every person… who engages in the business of brokering activities with respect to the manufacture, export, import, or transfer of any defense article or defense service designated by the President under subsection (a)(1), or in the business of brokering activities with respect to the manufacture, export, import, or transfer of any foreign defense article or defense service , shall register…’

It follows that the only circumstances under which the AECA extends jurisdiction to US persons involved in foreign defense articles or foreign  defense services is when the US person is engaged in brokering. This does not apply here.

The reason why this is important to foreign companies is not so much because of the need to license such activities, which is a nuisance but scarcely a deal breaker, but because of the implications of the ‘derived data’ rule (ITAR 124.8(5)), which would mean that any defense service provided under this head would render the resulting foreign defense article perpetually subject to ITAR retransfer conditions, notwithstanding the absence of any USML content. Furthermore, since one can easily envisage ‘integration’ being required for the increasing volume of 600 series items, as well as minor items like microchips, there is also the danger that this requirement will effectively negate the de minimis rule for CCL content.

It would be preferable if the DDTC accepted that integration of non-ITAR items into foreign defense articles not requiring the export of USML technical data was outside their jurisdiction. As a fallback, however, it has been suggested to me by an authoritative source that the derived data rule applies only to technical data and defense services supplied under agreements, and not under licenses, eg DSP-5s (because 124.8(5) applies only to agreements, while the DSP-5 guidelines refer to the control of integrated technical data but not of derived technical data). If this interpretation were confirmed by DDTC, then a possible way forward might be to press for defense services supplied for the purposes of integration to be approved under licenses rather than agreements, thus mitigating the worst effects of this rule.

There is one final point. The FRN separates ‘retransfers’ from ‘reexports’ (new 120.51) and defines them as follows:

 ‘Except as set forth in § 120.52 of this subchapter, a retransfer is a change in end use or end user of a defense article within the same foreign country.’ 

Unlike the present definition, there is no reference to ‘destinations’. It would appear then that the requirement for prior authorization of retransfers in country to other than different  end users, eg to other partners or subcontractors, has been dropped. This outcome would be very helpful since it would reduce the need for a great deal of tedious and unproductive compliance activity. It seems unlikely, however, that DDTC really intended this in which case there is a need for clarification.

As a member of the Export Group for Aerospace and Defense (EGAD), Michael plays a leading role in advising UK industry on ITAR and export control reform. His comments below, including on DDTC’s asserted jurisdiction over the integration of non-USML items into foreign defense articles, should be of interest to companies on both sides of the Atlantic.