Capabilities in the defence industry, DDAC 2020.
Do you know if your Technical data is subject to ITAR – and do you mark them properly?
Do you know your ITAR as good as you should – Vol. 2
Last week we attended an ITAR training arranged in Las Vegas by Federal Publications Seminars. This article is Vol. 2 from the course, digging deeper into the regulations, building a better understanding of the rules and consequences.
The” teacher” quickly challenged the class by asking everybody to consider “What routines do you have in place and how are you marking your Technical data controlled under ITAR?. Thereafter emphasizing that “If you do not mark your data properly and ensure that this marking and information flows down your entire supply chain, then you will be liable”. First, you must determine if the Technical data is subject to ITAR § 120.10 or in the public domain (ITAR § 120.11). You should ask the following questions
- Is it “Technical data”?
- Is there and Export?
- Is the information in the Public Domain?
- Is it Basic information, Engineering or Mathematical Principles?
- Is it Basic Marketing Information?
- Is there and Applicable Exemption?
Is the data (blueprints, drawings, photographs, plans, instructions, documentation) required for design, development, production, manufacturing, assembly, operation, repair, testing, or modification of defense articles. If the response to any of these questions is yes, then you have identified your Technical data. When considering if it is Basic Marketing information, which you are allowed to share, then you can just ask yourself. Does the marketing information explain what it does or how it operates? What it does is ok, but sharing how it does it, is controlled Technical Data.
What is the export? Sharing of data through email, verbal exchange, visual inspection, and social media to a foreign person is deemed as export of technical data. However, theoretical or potential access to this technical data is not a release. This is an important distinction as it places the burden of proof on the entity, which might claim that it is a release of technical data. However, remember that even though the information is on the open internet, it might still be a release violation as you do not know if the original data was released properly.
A release to a foreign person in the US is deemed to be an expert to all countries in which the foreign person with dual citizenship has held or holds citizenship or holds permanent residency. However, if this person becomes a US citizen, then it is not deemed as export, but remember that you still need to do a security clearance of the person.
Violations of AECA and ITAR and penalties are controlled under AECA 22 U.S.C § 2778(c)-(d). The criminal violation is up to §1 000 000 USD per violation or imprisonment of no more than 20 years or both. Civil fines are up to 1 134 602 USD per violation, adjusted each year. The administration penalties in ITAR § 127.6-8 is debarment, seizure, external audits, and criminal penalties and let’s not forget about the lawyer and internal cost, which can be even higher. Hence make sure you know what you are doing and who you are doing it with.
Tomorrow I will dive further into subjects from the “Advanced ITAR Workshop class” and examine aspects as “specifically designed”, ITAR Compliance programs and case studies in further detail.
Did you miss our Vol.1 about our ITAR training? Fear not – find it here.