[Federal Register Volume 80, Number 106 (Wednesday, June 3, 2015)]
[Proposed Rules]
[Pages 31525-31538]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-12844]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF STATE
22 CFR Parts 120, 123, 125, and 127
[Public Notice 9149]
RIN 1400-AD70
International Traffic in Arms: Revisions to Definitions of
Defense Services, Technical Data, and Public Domain; Definition of
Product of Fundamental Research; Electronic Transmission and Storage of
Technical Data; and Related Definitions
AGENCY: Department of State.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: As part of the President's Export Control Reform (ECR)
initiative, the Department of State proposes to amend the International
Traffic in Arms
[[Page 31526]]
Regulations (ITAR) to update the definitions of ``defense article,''
``defense services,'' ``technical data,'' ``public domain,''
``export,'' and ``reexport or retransfer'' in order to clarify the
scope of activities and information that are covered within these
definitions and harmonize the definitions with the Export
Administration Regulations (EAR), to the extent appropriate.
Additionally, the Department proposes to create definitions of
``required,'' ``technical data that arises during, or results from,
fundamental research,'' ``release,'' ``retransfer,'' and ``activities
that are not exports, reexports, or retransfers'' in order to clarify
and support the interpretation of the revised definitions that are
proposed in this rulemaking. The Department proposes to create new
sections detailing the scope of licenses, unauthorized releases of
information, and the ``release'' of secured information, and revises
the sections on ``exports'' of ``technical data'' to U.S. persons
abroad. Finally, the Department proposes to address the electronic
transmission and storage of unclassified ``technical data'' via foreign
communications infrastructure. This rulemaking proposes that the
electronic transmission of unclassified ``technical data'' abroad is
not an ``export,'' provided that the data is sufficiently secured to
prevent access by foreign persons. Additionally, this proposed rule
would allow for the electronic storage of unclassified ``technical
data'' abroad, provided that the data is secured to prevent access by
parties unauthorized to access such data. The revisions contained in
this proposed rule are part of the Department of State's retrospective
plan under Executive Order 13563 first submitted on August 17, 2011.
DATES: The Department of State will accept comments on this proposed
rule until August 3, 2015.
ADDRESSES: Interested parties may submit comments within 60 days of the
date of publication by one of the following methods:
Email: [email protected] with the subject line,
``ITAR Amendment--Revisions to Definitions; Data Transmission and
Storage.''
Internet: At www.regulations.gov, search for this notice
by using this rule's RIN (1400-AD70).
Comments received after that date may be considered, but
consideration cannot be assured. Those submitting comments should not
include any personally identifying information they do not desire to be
made public or information for which a claim of confidentiality is
asserted because those comments and/or transmittal emails will be made
available for public inspection and copying after the close of the
comment period via the Directorate of Defense Trade Controls Web site
at www.pmddtc.state.gov. Parties who wish to comment anonymously may do
so by submitting their comments via www.regulations.gov, leaving the
fields that would identify the commenter blank and including no
identifying information in the comment itself. Comments submitted via
www.regulations.gov are immediately available for public inspection.
FOR FURTHER INFORMATION CONTACT: Mr. C. Edward Peartree, Director,
Office of Defense Trade Controls Policy, Department of State, telephone
(202) 663-1282; email [email protected]. ATTN: ITAR
Amendment--Revisions to Definitions; Data Transmission and Storage. The
Department of State's full retrospective plan can be accessed at http://www.state.gov/documents/organization/181028.pdf.
SUPPLEMENTARY INFORMATION: The Directorate of Defense Trade Controls
(DDTC), U.S. Department of State, administers the International Traffic
in Arms Regulations (ITAR) (22 CFR parts 120 through 130). The items
subject to the jurisdiction of the ITAR, i.e., ``defense articles'' and
``defense services,'' are identified on the ITAR's U.S. Munitions List
(USML) (22 CFR 121.1). With few exceptions, items not subject to the
export control jurisdiction of the ITAR are subject to the jurisdiction
of the Export Administration Regulations (``EAR,'' 15 CFR parts 730
through 774, which includes the Commerce Control List (CCL) in
Supplement No. 1 to part 774), administered by the Bureau of Industry
and Security (BIS), U.S. Department of Commerce. Both the ITAR and the
EAR impose license requirements on exports and reexports. Items not
subject to the ITAR or to the exclusive licensing jurisdiction of any
other set of regulations are subject to the EAR.
BIS is concurrently publishing comparable proposed amendments (BIS
companion rule) to the definitions of ``technology,'' ``required,''
``peculiarly responsible,'' ``published,'' results of ``fundamental
research,'' ``export,'' ``reexport,'' ``release,'' and ``transfer (in-
country)'' in the EAR. A side-by-side comparison on the regulatory text
proposed by both Departments is available on both agencies' Web sites:
www.pmddtc.state.gov and www.bis.doc.gov.
1. Revised Definition of Defense Article
The Department proposes to revise the definition of ``defense
article'' to clarify the scope of the definition. The current text of
Sec. 120.6 is made into a new paragraph (a), into which software is
added to the list of things that are a ``defense article'' because
software is being removed from the definition of ``technical data.''
This is not a substantive change.
A new Sec. 120.6(b) is added to list those items that the
Department has determined should not be a ``defense article,'' even
though they would otherwise meet the definition of ``defense article.''
All the items described were formerly excluded from the definition of
``technical data'' in Sec. 120.10. These items are declared to be not
subject to the ITAR to parallel the EAR concept of ``not subject to the
EAR'' as part of the effort to harmonize the ITAR and the EAR. This
does not constitute a change in policy regarding these items or the
scope of items that are defense articles.
2. Revised Definition of Technical Data
The Department proposes to revise the definition of ``technical
data'' in ITAR Sec. 120.10 in order to update and clarify the scope of
information that may be captured within the definition. Paragraph
(a)(1) of the revised definition defines ``technical data'' as
information ``required'' for the ``development,'' ``production,''
operation, installation, maintenance, repair, overhaul, or refurbishing
of a ``defense article,'' which harmonizes with the definition of
``technology'' in the EAR and the Wassenaar Arrangement. This is not a
change in the scope of the definition, and additional words describing
activities that were in the prior definition are included in
parentheticals to assist exporters.
Paragraph (a)(1) also sets forth a broader range of examples of
formats that ``technical data'' may take, such as diagrams, models,
formulae, tables, engineering designs and specifications, computer-
aided design files, manuals or documentation, or electronic media, that
may constitute ``technical data.'' Additionally, the revised definition
includes certain conforming changes intended to reflect the revised and
newly added defined terms proposed elsewhere in this rule.
The proposed revised definition also includes a note clarifying
that the modification of the design of an existing item creates a new
item and that the ``technical data'' for the modification is
``technical data'' for the new item.
Paragraph (a)(2) of the revised definition defines ``technical
data'' as
[[Page 31527]]
also including information that is enumerated on the USML. This will be
``technical data'' that is positively described, as opposed to
``technical data'' described in the standard catch-all ``technical
data'' control for all ``technical data'' directly related to a
``defense article'' described in the relevant category. The Department
intends to enumerate certain controlled ``technical data'' as it
continues to move the USML toward a more positive control list.
Paragraph (a)(3) of the revised definition defines ``technical
data'' as also including classified information that is for the
``development,'' ``production,'' operation, installation, maintenance,
repair, overhaul, or refurbishing of a ``defense article'' or a 600
series item subject to the EAR. Paragraph (a)(5) of the revised
definition defines ``technical data'' as also including information to
access secured ``technical data'' in clear text, such as decryption
keys, passwords, or network access codes. In support of the latter
change, the Department also proposes to add a new provision to the list
of violations in Sec. 127.1(b)(4) to state that any disclosure of
these decryption keys or passwords that results in the unauthorized
disclosure of the ``technical data'' or software secured by the
encryption key or password is a violation and will constitute a
violation to the same extent as the ``export'' of the secured
information. For example, the ``release'' of a decryption key may
result in the unauthorized disclosure of multiple files containing
``technical data'' hosted abroad and could therefore constitute a
violation of the ITAR for each piece of ``technical data'' on that
server.
Paragraph (b) of the revised definition of ``technical data''
excludes non-proprietary general system descriptions, information on
basic function or purpose of an item, and telemetry data as defined in
Note 3 to USML Category XV(f) (Sec. 121.1). Items formerly identified
in this paragraph, principles taught in schools and ``public domain''
information, have been moved to the new ITAR Sec. 120.6(b).
The proposed definition removes software from the definition of
``technical data.'' Specific and catch-all controls on software will be
added elsewhere throughout the ITAR as warranted, as it will now be
defined as a separate type of ``defense article.''
3. Proposed Definition of Required
The Department proposes a definition of ``required'' in a new Sec.
120.46. ``Required'' is used in the definition of ``technical data''
and has, to this point, been an undefined term in the ITAR. The word is
also used in the controls on technology in both the EAR and the
Wassenaar Arrangement, as a defined term, which the Department is now
proposing to adopt:
. . . [O]nly that portion of [technical data] that is peculiarly
responsible for achieving or exceeding the controlled performance
levels, characteristics, or functions. Such required [technical
data] may be shared by different products.
The proposed definition of ``required'' contains three notes. These
notes explain how the definition is to be applied.
Note 1 provides that the definition explicitly includes information
for meeting not only controlled performance levels, but also
characteristics and functions. All items described on the USML are
identified by a characteristic or function. Additionally, some
descriptions include a performance level. As an example, USML Category
VIII(a)(1) controls aircraft that are ``bombers'' and contains no
performance level. The characteristic of the aircraft that is
controlled is that it is a bomber, and therefore, any ``technical
data'' peculiar to making an aircraft a bomber is ``required.''
Note 2 states that, with the exception of ``technical data''
specifically enumerated on the USML, the jurisdictional status of
unclassified ``technical data'' is the same as that of the commodity to
which it is directly related. Specifically, it explains that
``technical data'' for a part or component of a ``defense article'' is
directly related to that part or component, and if the part or
component is subject to the EAR, so is the ``technical data.''
Note 3 establishes a test for determining if information is
peculiarly responsible for meeting or achieving the controlled
performance levels, characteristics or functions of a ``defense
article.'' It uses the same catch-and-release concept that the
Department implemented in the definition of ``specially designed.'' It
has a similarly broad catch of all information used in or for use in
the ``development,'' ``production,'' operation, installation,
maintenance, repair, overhaul, or refurbishing of a ``defense
article.'' It has four releases that mirror the ``specially designed''
releases, and one reserved paragraph for information that the
Department determines is generally insignificant. The first release is
for information identified in a commodity jurisdiction determination.
The second release is reserved. The third release is for information
that is identical to information used in a non-defense article that is
in ``production,'' and not otherwise enumerated on the ITAR. The fourth
release is for information that was developed with knowledge that it is
for both a ``defense article'' and a non-defense article. The fifth
release is information that was developed for general purpose
commodities.
In the companion rule, BIS proposes to make Note 3 into a stand-
alone definition for ``peculiarly responsible'' as it has application
outside of the definition of ``required.'' The substance of Note 3 and
the BIS definition of ``peculiarly responsible'' are identical. DDTC
asks for comments on the placement of this concept.
4. Proposed Definitions of Development and Production
The Department proposes to add Sec. 120.47 for the definition of
``development'' and Sec. 120.48 for the definition of ``production.''
These definitions are currently in Notes 1 and 2 to paragraph (b)(3) in
Sec. 120.41, the definition of ``specially designed.'' Because
``technical data'' is now defined, in part, as information ``required''
for the ``development'' or ``production'' of a ``defense article,'' and
these words are now used in the definition of a ``defense service,'' it
is appropriate to define these terms. The adoption of these definitions
is also done for the purpose of harmonization because these definitions
are also used in the EAR and by the Wassenaar Arrangement.
5. Revised Definition of Public Domain
The Department proposes to revise the definition of ``public
domain'' in ITAR Sec. 120.11 in order to simplify, update, and
introduce greater versatility into the definition. The existing version
of ITAR Sec. 120.11 relies on an enumerated list of circumstances
through which ``public domain'' information might be published. The
Department believes that this definition is unnecessarily limiting in
scope and insufficiently flexible with respect to the continually
evolving array of media, whether physical or electronic, through which
information may be disseminated.
The proposed definition is intended to identify the characteristics
that are common to all of the enumerated forms of publication
identified in the current rule--with the exception of ITAR Sec.
120.11(a)(8), which is addressed in a new definition for ``technical
data that arises during, or results from, fundamental research''--and
to present those common characteristics in a streamlined definition
that does not require enumerated identification
[[Page 31528]]
within the ITAR of every current or future qualifying publication
scenario. Additionally, the proposed definition incorporates phrases
such as ``generally accessible'' and ``without restriction upon its
further dissemination'' in order to better align the definition found
in the EAR and more closely aligned with the definition in the
Wassenaar Arrangement control lists.
The proposed definition requires that information be made available
to the public without restrictions on its further dissemination. Any
information that meets this definition is ``public domain.'' The
definition also retains an exemplary list of information that has been
made available to the public without restriction and would be
considered ``public domain.'' These include magazines, periodicals and
other publications available as subscriptions, publications contained
in libraries, information made available at a public conference,
meeting, seminar, trade show, or exhibition, and information posted on
public Web sites. The final example deems information that is submitted
to co-authors, editors, or reviewers or conference organizers for
review for publication to be ``public domain,'' even prior to actual
publication. The relevant restrictions do not include copyright
protections or generic property rights in the underlying physical
medium.
Paragraph (b) of the revised definition explicitly sets forth the
Department's requirement of authorization to release information into
the ``public domain.'' Prior to making available ``technical data'' or
software subject to the ITAR, the U.S. government must approve the
release through one of the following: (1) The Department; (2) the
Department of Defense's Office of Security Review; (3) a relevant U.S.
government contracting authority with authority to allow the
``technical data'' or software to be made available to the public, if
one exists; or (4) another U.S. government official with authority to
allow the ``technical data'' or software to be made available to the
public.
The requirements of paragraph (b) are not new. Rather, they are a
more explicit statement of the ITAR's requirement that one must seek
and receive a license or other authorization from the Department or
other cognizant U.S. government authority to release ITAR controlled
``technical data,'' as defined in Sec. 120.10. A release of
``technical data'' may occur by disseminating ``technical data'' at a
public conference or trade show, publishing ``technical data'' in a
book or journal article, or posting ``technical data'' to the Internet.
This proposed provision will enhance compliance with the ITAR by
clarifying that ``technical data'' may not be made available to the
public without authorization. Persons who intend to discuss ``technical
data'' at a conference or trade show, or to publish it, must ensure
that they obtain the appropriate authorization.
Information that is excluded from the definition of ``defense
article'' in the new Sec. 120.6(b) is not ``technical data'' and
therefore does not require authorization prior to release into the
``public domain.'' This includes information that arises during or
results from ``fundamental research,'' as described in the new Sec.
120.49; general scientific, mathematical, or engineering principles
commonly taught in schools, and information that is contained in
patents.
The Department also proposes to add a new provision to Sec. 127.1
in paragraph (a)(6) to state explicitly that the further dissemination
of ``technical data'' or software that was made available to the public
without authorization is a violation of the ITAR, if, and only if, it
is done with knowledge that the ``technical data'' or software was made
publicly available without an authorization described in ITAR Sec.
120.11(b)(2). Dissemination of publicly available ``technical data'' or
software is not an export-controlled event, and does not require
authorization from the Department, in the absence of knowledge that it
was made publicly available without authorization.
``Technical data'' and software that is made publicly available
without proper authorization remains ``technical data'' or software and
therefore remains subject to the ITAR. As such, the U.S. government may
advise a person that the original release of the ``technical data'' or
software was unauthorized and put that person on notice that further
dissemination would violate the ITAR.
6. Proposed Definition of Technical Data That Arises During, or Results
From, Fundamental Research
The Department proposes to move ``fundamental research'' from the
definition of ``public domain'' in ITAR Sec. 120.11(a)(8) and define
``technical data that arises during, or results from, fundamental
research'' in a new ITAR Sec. 120.49. The Department believes that
information that arises during, or results from fundamental research is
conceptually distinguishable from the information that would be
captured in the revised definition of ``public domain'' that is
proposed in this rule. Accordingly, the Department proposes to address
this concept with its own definition. The new definition of ``technical
data that arises during, or results from, fundamental research'' is
consistent with the prior ITAR Sec. 120.11(a)(8), except that the
Department has expanded the scope of eligible research to include
research that is funded, in whole or in part, by the U.S. government.
7. Revised Definition of Export
The Department proposes to revise the definition of ``export'' in
ITAR Sec. 120.17 to better align with the EAR's revised definition of
the term and to remove activities associated with a defense article's
further movement or release outside the United States, which will now
fall within the definition of ``reexport'' in Sec. 120.19. The
definition is revised to explicitly identify that ITAR Sec. Sec.
126.16 and 126.17 (exemptions pursuant to the Australia and UK Defense
Trade Cooperation Treaties) have their own definitions of ``export,''
which apply exclusively to those exemptions. It also explicitly
references the new Sec. 120.49, ``Activities that are Not Exports,
Reexports, or Retransfers,'' which excludes from ITAR control certain
transactions identified therein.
Paragraph (a)(1) is revised to parallel the definition of
``export'' in proposed paragraph (a)(1) of Sec. 734.13 of the EAR.
Although the wording has changed, the scope of the control is the same.
The provision excepting travel outside of the United States by persons
whose personal knowledge includes ``technical data'' is removed, but
the central concept is unchanged. The ``release'' of ``technical data''
to a foreign person while in the United States or while travelling
remains a controlled event.
Paragraph (a)(2) includes the control listed in the current Sec.
120.17(a)(4) (transfer of technical data to a foreign person). The
proposed revisions replace the word ``disclosing'' with ``releasing,''
and the paragraph is otherwise revised to parallel proposed paragraph
(a)(2) of Sec. 734.13 of the EAR. ``Release'' is a newly defined
concept in Sec. 120.50 that encompasses the previously undefined term
``disclose.''
Paragraph (a)(3) includes the control listed in the current Sec.
120.17(a)(2) (transfer of registration, control, or ownership to a
foreign person of an aircraft, vessel, or satellite). It is revised to
parallel proposed paragraph (a)(3) of Sec. 734.13 of the EAR.
Paragraph (a)(4) includes the control listed in the current Sec.
120.17(a)(3) (transfer in the United States to foreign embassies).
Paragraph (a)(5) maintains the control on performing a ``defense
service.''
Paragraph (a)(6) is added for the ``release'' or transfer of
decryption keys,
[[Page 31529]]
passwords, and other items identified in the new paragraph (a)(5) of
the revised definition of ``technical data'' in Sec. 120.10. This
paragraph makes ``release'' or transfer of information securing
``technical data'' an ``export.'' Making the release of decryption keys
and other information securing technical data in an inaccessible or
unreadable format an export allows the Department to propose that
providing someone with encrypted ``technical data'' would not be an
``export,'' under certain circumstances. Provision of a decryption key
or other information securing ``technical data'' is an ``export''
regardless of whether the foreign person has already obtained access to
the secured ``technical data.'' Paragraph (a)(6) of the definitions of
export and reexport in this rule and the BIS companion rule present
different formulations for this control and the agencies request input
from the public on which language more clearly describes the control.
The agencies intend, however, that the act of providing physical access
to unsecured ``technical data'' (subject to the ITAR) will be a
controlled event. The mere act of providing access to unsecured
technology (subject to the EAR) will not, however, be a controlled
event unless it is done with ``knowledge'' that such provision will
cause or permit the transfer of controlled ``technology'' in clear text
or ``software'' to a foreign national.
Paragraph (a)(7) is added for the release of information to a
public network, such as the Internet. This makes more explicit the
existing control in (a)(4), which includes the publication of
``technical data'' to the Internet due to its inherent accessibility by
foreign persons. This means that before posting information to the
Internet, you should determine whether the information is ``technical
data.'' You should review the USML, and if there is doubt about whether
the information is ``technical data,'' you may request a commodity
jurisdiction determination from the Department. If so, a license or
other authorization, as described in Sec. 120.11(b), will generally be
required to post such ``technical data'' to the Internet. Posting
``technical data'' to the Internet without a Department or other
authorization is a violation of the ITAR even absent specific knowledge
that a foreign national will read the ``technical data.''
Paragraph (b)(1) is added to clarify existing ITAR controls to
explicitly state that disclosing ``technical data'' to a foreign person
is deemed to be an ``export'' to all countries in which the foreign
person has held citizenship or holds permanent residency.
8. Revised Definition of Reexport
The Department proposes to revise the definition of ``reexport'' in
ITAR Sec. 120.19 to better align with the EAR's revised definition and
describe transfers of items subject to the jurisdiction of the ITAR
between two foreign countries. The activities identified are the same
as those in paragraphs (a)(1) through (4) of the revised definition of
``export,'' except that the shipment, release or transfer is between
two foreign countries or is to a third country national foreign person
outside of the United States.
9. Proposed Definition of Release
The Department proposes to add Sec. 120.50, the definition of
``release.'' This term is added to harmonize with the EAR, which has
long used the term to cover activities that disclose information to
foreign persons. ``Release'' includes the activities encompassed within
the undefined term ``disclose.'' The activities that are captured
include allowing a foreign person to inspect a ``defense article'' in a
way that reveals ``technical data'' to the foreign persons and oral or
written exchanges of ``technical data'' with a foreign person. The
adoption of the definition of ``release'' does not change the scope of
activities that constitute an ``export'' and other controlled
transactions under the ITAR.
10. Proposed Definition of Retransfer
The Department proposes to add Sec. 120.51, the definition of
``retransfer.'' ``Retransfer'' is moved out of the definition of
``reexport'' in Sec. 120.19 to better harmonize with the EAR, which
controls ``exports,'' ``reexports'' and ``transfers (in country)'' as
discrete events. Under this new definition, a ``retransfer'' occurs
with a change of end use or end user within the same foreign territory.
Certain activities may fit within the definition of ``reexport'' and
``retransfer,'' such as the disclosure of ``technical data'' to a third
country national abroad. Requests for both ``reexports'' and
``retransfers'' of ``defense articles'' will generally be processed
through a General Correspondence or an exemption.
11. Proposed Activities That Are Not Exports, Reexports, or Retransfers
The Department proposes to add Sec. 120.52 to describe those
``activities that are not exports, reexports, or retransfers'' and do
not require authorization from the Department. It is not an ``export''
to launch items into space, provide ``technical data'' or software to
U.S. persons while in the United States, or move a ``defense article''
between the states, possessions, and territories of the United States.
The Department also proposes to add a new provision excluding from ITAR
licensing requirements the transmission and storage of encrypted
``technical data'' and software.
The Department recognizes that ITAR-controlled ``technical data''
may be electronically routed through foreign servers unbeknownst to the
original sender. This presents a risk of unauthorized access and
creates a potential for inadvertent ITAR violations. For example, email
containing ``technical data'' may, without the knowledge of the sender,
transit a foreign country's Internet service infrastructure en route to
its intended and authorized final destination. Any access to this data
by a foreign person would constitute an unauthorized ``export'' under
ITAR Sec. 120.17. Another example is the use of mass data storage
(i.e., ``cloud storage''). In this case, ``technical data'' intended to
be resident in cloud storage may, without the knowledge of the sender,
be physically stored on a server or servers located in a foreign
country or multiple countries. Any access to this data, even if
unintended by the sender, would constitute an ``export'' under ITAR
Sec. 120.17.
The intent of the proposed ITAR Sec. 120.52(a)(4) is to clarify
that when unclassified ``technical data'' transits through a foreign
country's Internet service infrastructure, a license or other approval
is not mandated when such ``technical data'' is encrypted prior to
leaving the sender's facilities and remains encrypted until received by
the intended recipient or retrieved by the sender, as in the case of
remote storage. The encryption must be accomplished in a manner that is
certified by the U.S. National Institute for Standards and Technology
(NIST) as compliant with the Federal Information Processing Standards
Publication 140-2 (FIPS 140-2). Additionally, the Department proposes
that the electronic storage abroad of ``technical data'' that has been
similarly encrypted would not require an authorization, so long as it
is not stored in a Sec. 126.1 country or in the Russian Federation.
This will allow for cloud storage of encrypted data in foreign
countries, so long as the ``technical data'' remains continuously
encrypted while outside of the United States.
[[Page 31530]]
12. Revised Exemption for the Export of Technical Data for U.S. Persons
Abroad
The Department proposes to revise Sec. 125.4(b)(9) to better
harmonize controls on the ``release'' of controlled information to U.S.
persons abroad and to update the provisions. The most significant
update is that foreign persons authorized to receive ``technical data''
in the United States will be eligible to receive that same ``technical
data'' abroad, when on temporary assignment on behalf of their
employer. The proposed revisions clarify that a person going abroad may
use this exemption to ``export'' ``technical data'' for their own use
abroad. The proposed revisions also clarify that the ``technical data''
must be secured while abroad to prevent unauthorized ``release.'' It
has been long-standing Department practice to hold U.S. persons
responsible for the ``release'' of ``technical data'' in their
possession while abroad. However, given the nature of ``technical
data'' and the proposed exception from licensing for transmission of
secured ``technical data,'' the Department has determined it is
necessary to implement an affirmative obligation to secure data while
abroad.
13. Proposed Scope of License
The Department proposes to add Sec. 123.28 to clarify the scope of
a license, in the absence of a proviso, and to state that
authorizations are granted based on the information provided by the
applicant. This means that while providing false information to the
U.S. government as part of the application process for the ``export,''
``reexport,'' or ``retransfer'' of a ``defense article'' is a violation
of the ITAR, it also may void the license.
14. Revised Definition of Defense Service
Proposed revisions of the ``defense service'' definition were
published on April 13, 2011, RIN 1400-AC80 (see ``International Traffic
in Arms Regulations: Defense Services,'' 76 FR 20590) and May 24, 2013
(see 78 FR 31444, RIN 1400-AC80). In those rules, the Department
explained its determination that the scope of the current definition is
overly broad, capturing certain forms of assistance or services that no
longer warrant ITAR control.
The Department reviewed comments on that first proposed definition
and, when the recommended changes added to the clarity of the
regulation, the Department accepted them. For the Department's
evaluation of those public comments and recommendations regarding the
April 13, 2011, proposed rule (the first revision), see 78 FR 31444,
May 24, 2013. The Department's evaluation of the written comments and
recommendations in response to the May 24, 2013 proposed rule (the
second revision) follows.
Parties commenting on the second revision expressed concern that
the definition of ``defense service'' in paragraph (a)(1) was premised
on the use of ``other than public domain information.'' The observation
was made that with the intent of removing from the definition of a
``defense service'' the furnishing of assistance using ``public
domain'' information, but not basing the assistance on the use of
``technical data,'' the Department was continuing to require the
licensing of activities akin to those that were based on the use of
``public domain'' information. The Department has fully revised
paragraph (a)(1) to remove the use of the ``other than public domain
information'' or ``technical data'' from the determination of whether
an activity is a ``defense service.'' Furthermore, the Department has
added a new provision declaring that the activities described in
paragraph (a)(1) are not a ``defense service'' if performed by a U.S.
person or foreign person in the United States who does not have
knowledge of U.S.-origin ``technical data'' directly related to the
``defense article'' that is the subject of the assistance or training
or another ``defense article'' described in the same USML paragraph
prior to performing the service. A note is added to clarify that a
person will be deemed to have knowledge of U.S.-origin ``technical
data'' if the person previously participated in the ``development'' of
a ``defense article'' described in the same USML paragraph, or accessed
(physically or electronically) that ``technical data.'' A note is also
added to clarify that those U.S. persons abroad who only received U.S.-
origin ``technical data'' as a result of their activities on behalf of
a foreign person are not included within the scope of paragraph (a)(1).
A third note is added to clarify that DDTC-authorized foreign person
employees in the United States who provide ``defense services'' on
behalf of their U.S. employer are considered to be included with the
U.S. employer's authorization, and need not be listed on the U.S.
employer's technical assistance agreement or receive a separate
authorization for those services. The Department also removed the
activities of design, development, and engineering from paragraph
(a)(1) and moved them to paragraph (a)(2).
Commenting parties recommended revising paragraph (a)(1) to remove
the provision of ``technical data'' as a ``defense service,'' because
there are already licensing requirements for the ``export'' of
``technical data.'' The Department confirms that it eliminated from the
definition of a ``defense service'' the act of furnishing ``technical
data'' to a foreign person. Such activity still constitutes an
``export'' and would require an ITAR authorization. New paragraph
(a)(1) is concerned with the furnishing of assistance, whereas the
``export'' of ``technical data'' alone, without the furnishing of
assistance, is not a ``defense service.'' The ``export'' of ``technical
data'' requires an authorization (Department of State form DSP-5 or
DSP-85) or the use of an applicable exemption.
Commenting parties recommended the definition be revised to
explicitly state that it applies to the furnishing of assistance by
U.S. persons, or by foreign persons in the United States. The
Department partially accepted this recommendation. However, the
Department notes that ITAR Sec. 120.1(c) provides that only U.S.
persons and foreign governmental entities in the United States may be
granted a license or other approval pursuant to the ITAR, and that
foreign persons may only receive a ``reexport'' or ``retransfer''
approval or approval for brokering activities. Therefore, approval for
the performance of a defense service in the United States by a foreign
person must be obtained by a U.S. person, such as an employer, on
behalf of the foreign person. Regarding a related recommendation, the
Department also notes that the furnishing of a type of assistance
described by the definition of a ``defense service'' is not an activity
within the Department's jurisdiction when it is provided by a foreign
person outside the United States to another foreign person outside the
United States on a foreign ``defense article'' using foreign-origin
``technical data.''
In response to commenting parties, the Department specified that
the examples it provided for activities that are not ``defense
services'' are not exhaustive. Rather, they are provided to answer the
more frequent questions the Department receives on the matter. The
Department removed these examples from paragraph (b) and included them
as a note to paragraph (a).
A commenting party recommended that paragraphs (a)(5) and (a)(6),
regarding the furnishing of assistance in the integration of a
spacecraft to a launch vehicle and in the launch failure analysis of a
spacecraft or launch vehicle, respectively, be removed, and that those
activities be described in the USML categories covering spacecraft
[[Page 31531]]
and launch vehicles, on the basis that a general definition should not
have such program-specific clauses. As discussed in the May 13, 2014
interim final rule revising USML Category XV (79 FR 27180), the
Department accepted this recommendation and revised paragraph (f) of
USML Category XV and paragraph (i) of USML Category IV accordingly. The
revision includes the recommendation of commenting parties to
specifically provide that the service must be provided to a foreign
person in order for it to be a licensable activity.
Commenting parties recommended the Department define the term
``tactical employment,'' so as to clarify what services would be
captured by paragraph (a)(3). The Department determined that employment
of a ``defense article'' should remain a controlled event, due to the
nature of items now controlled in the revised USML categories. After
ECR, those items that remain ``defense articles'' are the most
sensitive and militarily critical equipment that have a significant
national security or intelligence application. Allowing training and
other services to foreign nationals in the employment of these
``defense articles'' without a license would not be appropriate.
Therefore, the Department removed the word ``tactical'' and converted
the existing exemption for basic operation of a ``defense article,''
authorized by the U.S. government for ``export'' to the same recipient,
into an exclusion from paragraph (a)(3).
A commenting party recommended the Department address the instance
of the integration or installation of a ``defense article'' into an
item, much as it addressed the instance of the integration or
installation of an item into a ``defense article.'' Previously, the
Department indicated this would be the subject of a separate rule, and
addressed the ``export'' of such items in a proposed rule (see 76 FR
13928), but upon review the Department accepted this recommendation,
and revised paragraph (a)(2), the note to paragraph (a)(2), and the
note to paragraph (a) accordingly. In addition, the Department has
changed certain terminology used in the paragraph: instead of referring
to the ``transfer'' of ``technical data,'' the paragraph is premised on
the ``use'' of ``technical data.'' This change is consistent with
removing from the definition of a ``defense service'' the furnishing of
``technical data'' to a foreign person when there is not also the
furnishing of assistance related to that ``technical data.''
A commenting party requested clarification of the rationale behind
selectively excepting from the ``defense services'' definition the
furnishing of services using ``public domain'' information. The
Department did so in paragraph (a)(1), and now excludes those services
performed by U.S. persons who have not previously had access to any
U.S. origin ``technical data'' on the ``defense article'' being
serviced. In contrast, the Department did not do so in paragraphs
(a)(2) and (a)(3) and former paragraphs (a)(5) and (a)(6). In the case
of paragraph (a)(2), the rationale for not doing so is that the
activities involved in the development of a ``defense article,'' or in
integrating a ``defense article'' with another item, inherently involve
the advancement of the military capacity of another country and
therefore constitute activities over which the U.S. government has
significant national security and foreign policy concerns. To the
extent that an activity listed in paragraph (a)(1), such as
modification or testing, is done in the ``development'' of a ``defense
article,'' such activities constitute ``development'' and are within
the scope of paragraph (a)(2). With regard to paragraph (a)(3), the
furnishing of assistance (including training) in the employment of a
``defense article'' is a type of activity that the Department believes
warrants control as a ``defense service,'' due to the inherently
military nature of providing training and other services in the
employment of a ``defense article'' (changes to paragraph (a)(3) are
described above). The services described in former paragraphs (a)(5)
and (a)(6) (and now in USML Categories IV(i) and XV(f)) are pursuant to
Public Law 105-261.
A commenting party recommended limiting paragraph (a)(2) to the
integration of ECCN 9A515 and 600 series items into defense articles,
saying that the regulations should focus on items subject to the EAR
with a military or space focus. The Department's focus with this
provision is in fact the ``defense article.'' Items that are to be
integrated with a ``defense article,'' which may not themselves be
defense articles, may be beyond the authority of the Department to
regulate. The Department did not accept this recommendation.
A commenting party recommended limiting the definition of
integration to changes in the function of the ``defense article,'' and
to exclude modifications in fit. For the purposes of illustration, this
commenting party used one of the examples provided by the Department in
the note to paragraph (a)(2): The manufacturer of the military vehicle
will need to know the dimensions and electrical requirements of the
dashboard radio when designing the vehicle. In this instance, paragraph
(a)(2) would not apply, as this example addresses the manufacture of a
``defense article,'' which is covered by paragraph (a)(1). If the radio
to be installed in this vehicle is subject to the EAR, the provision to
the manufacturer of information regarding the radio is not within the
Department's licensing jurisdiction. In an instance of a service
entailing the integration of an item with a ``defense article,'' where
there would be modification to any of the items, the Department
believes such assistance would inherently require the use of
``technical data.'' Therefore, this exclusion would be unacceptably
broad. However, the Department has accepted the recommendation to
clarify the definition and exclude changes to fit to any of the items
involved in the integration activity, provided that such services do
not entail the use of ``technical data'' directly related to the
``defense article.'' Upon review, changes to fit are not an aspect of
integration, which is the ``engineering analysis needed to unite a
`defense article' and one or more items,'' and therefore are not
captured in paragraph (a)(2). The modifications of the ``defense
article'' to accommodate the fit of the item to be integrated, which
are within the activity covered by installation, are only those
modifications to the ``defense article'' that allow the item to be
placed in its predetermined location. Any modifications to the design
of a ``defense article'' are beyond the scope of installation.
Additionally, while minor modifications may be made to a ``defense
article'' without the activity being controlled under (a)(2) as an
integration activity, all modifications of defense articles, regardless
of sophistication, are activities controlled under (a)(1) if performed
by someone with prior knowledge of U.S.-origin ``technical data.''
``Fit'' is defined in ITAR Sec. 120.41: ``The fit of a commodity is
defined by its ability to physically interface or connect with or
become an integral part of another commodity'' (see, Note 4 to
paragraph (b)(3)).
Commenting parties recommended revising paragraph (a)(2) to provide
that such assistance described therein would be a ``defense service''
only if U.S.-origin ``technical data'' is exported. The law and
regulations do not mandate this limitation. Section 38 of the Arms
Export Control Act provides that the President is authorized to control
the ``export'' of defense articles and defense services. The ITAR, in
defining ``defense article,'' ``technical data,'' and ``export,'' does
not provide the qualifier ``U.S.-
[[Page 31532]]
origin'' (see ITAR Sec. Sec. 120.6, 120.10, and 120.17, respectively).
In the instance described by the commenting party, of the integration
of a commercial item into a foreign-origin ``defense article,'' the
Department retains jurisdiction when the service is provided by a U.S.
person.
A commenting party recommended revising paragraph (a)(2) so that
the paragraph (a)(1) exception of the furnishing of assistance using
``public domain'' information is not nullified by paragraph (a)(2), as
most of the activities described in paragraph (a)(1) involve
integration as defined in the note to paragraph (a)(2). The Department
believes each of the activities described in paragraphs (a)(1) and
(a)(2) are sufficiently well defined to distinguish them one from the
other. Therefore, the Department does not agree that paragraph (a)(2)
nullifies the intention of paragraph (a)(1), and does not accept this
recommendation.
A commenting party requested clarification that providing an item
subject to the EAR for the purposes of integration into a ``defense
article'' is not a ``defense service.'' The provision of the item in
this instance, unaccompanied by assistance in the integration of the
item into a ``defense article,'' is not within the scope of ``the
furnishing of assistance,'' and therefore is not a defense service.
Commenting parties recommended clarification on whether the
servicing of an item subject to the EAR that has been integrated with a
``defense article'' would be a ``defense service.'' The Department
notes that such activity is not a ``defense service,'' provides it as
an example of what is not a ``defense service'' in the note to
paragraph (a), and also notes that it would be incumbent on the
applicant to ensure that in providing this service, ``technical data''
directly related to the ``defense article'' is not used.
Commenting parties expressed concern over the potential negative
effect of paragraph (a)(2) and the definition in general on university-
based educational activities and scientific communication, and
recommended clarification of the relationship between the definition of
``defense services'' and the exemption for the ``export'' of
``technical data'' at ITAR Sec. 125.4(b)(10). Disclosures of
``technical data'' to foreign persons who are bona-fide and full time
regular employees of universities continue to be exports for which ITAR
Sec. 125.4(b)(10) is one licensing exemption. The Department believes
that, in most cases, the normal duties of a university employee do not
encompass the furnishing of assistance to a foreign person, in the
activities described in paragraph (a). Therefore, in the context of
employment with the university, the Department does not perceive that
the foreign person's use of the ``technical data'' would be described
by ITAR Sec. 120.9(a)(2), or any part of paragraph (a).
In response to the recommendation of one commenting party, the
Department added a note clarifying that the installation of an item
into a ``defense article'' is not a ``defense service,'' provided no
``technical data'' is used in the rendering of the service.
A commenting party recommended clarification of the licensing
process for the ``export'' of an EAR 600 series item that is to be
integrated into a ``defense article.'' The Department of Commerce has
``export'' authority over the 600 series item, and the exporter must
obtain a license from the Department of Commerce, if necessary. The
exporter must also obtain an approval from the Department of State to
provide any ``defense service,'' including integration assistance
pursuant to paragraph (a)(2).
A commenting party recommended removing ``testing'' as a type of
``defense service,'' stating it was not included in the definition of
``organizational-level maintenance.'' In including testing as part of
the former definition but not of the latter, the Department does not
perceive an inconsistency or conflict. To the extent that certain
testing is within the definition of organization-level maintenance,
that testing is explicitly excluded, as organizational-level
maintenance is not covered under the definition of a ``defense
service.'' However, all other testing remains a ``defense service.''
The Department intends for the furnishing of assistance to a foreign
person, whether in the United States or abroad, in the testing of
defense articles to be an activity requiring Department approval under
the conditions of paragraph (a)(1). The Department did not accept this
recommendation.
Commenting parties provided recommendations for revising the
definitions of ``public domain'' information and ``technical data.''
Those definitions are proposed in this rule as well. To the extent that
evaluation of the proposed changes to ``defense services'' hinges on
these terms, the Department invites commenting parties to submit
analyses of the impact of these revised definitions on the revised
``defense service'' definition in this proposed rule.
Commenting parties recommended clarification of the regulation
regarding the furnishing of assistance and training in organizational-
level (basic-level) maintenance. The Department harmonized paragraph
(a)(1) and the example regarding organizational-level maintenance by
revising the Note to Paragraph (a), which sets forth activities that
are not ``defense services,'' so that it specifically provides that
``the furnishing of assistance (including training) in organizational-
level (basic-level) maintenance of a defense article'' is an example of
an activity that is not a defense service.
In response to commenting parties, the Department clarifies that
the example of employment by a foreign person of a natural U.S. person
as not constituting a ``defense service'' is meant to address, among
other scenarios, the instance where such a person is employed by a
foreign defense manufacturer, but whose employment in fact does not
entail the furnishing of assistance as described in ITAR Sec.
120.9(a). By ``natural person,'' the Department means a human being, as
may be inferred from the definition of ``person'' provided in ITAR
Sec. 120.14.
In response to the recommendation of a commenting party, the
Department confirms that, as stated in a Department of Commerce notice,
``Technology subject to the EAR that is used with technical data
subject to the ITAR that will be used under the terms of a Technical
Assistance Agreement (TAA) or Manufacturing License Agreement (MLA) and
that would otherwise require a license from [the Department of
Commerce] may all be exported under the TAA or MLA'' (see 78 FR 22660).
In DDTC publication Guidelines for Preparing Electronic Agreements
(Revision 4.2), Section 20.1.d., the following conditions are
stipulated: The technology subject to the EAR will be used with
``technical data'' subject to the ITAR and described in the agreement,
and the technology subject to the EAR will be used under the terms of a
TAA or MLA (see http://www.pmddtc.state.gov/licensing/agreement.html).
Request for Comments
The Department invites public comment on any of the proposed
definitions set forth in this rulemaking. With respect to the revisions
to ITAR Sec. 120.17, the Department recognizes the increasingly
complex nature of telecommunications infrastructure and the manner in
which data is transmitted, stored, and accessed, and accordingly seeks
public comment with special emphasis on: (1) How adequately the
proposed regulations address the technical aspects of data transmission
and storage; (2) whether
[[Page 31533]]
the proposed regulations mitigate unintended or unauthorized access to
transmitted or stored data; and (3) whether the proposed regulations
impose an undue financial or compliance burden on the public.
The public is also asked to comment on the effective date of the
final rule. Export Control Reform rules that revised categories of the
USML and created new 600 series ECCN have had a six-month delayed
effective date to allow for exporters to update the classification of
their items. In general, rules effecting export controls have been
effective on the date of publication, due to the impact on national
security and foreign policy. As this proposed rule and the companion
proposed rule from the Bureau of Industry and Security revise
definitions within the ITAR and the EAR and do not make any changes to
the USML or CCL, the Department proposes (should the proposed rule be
adopted) a 30-day delayed effective date to allow exporters to ensure
continued compliance.
Regulatory Analysis and Notices
Administrative Procedure Act
The Department of State is of the opinion that controlling the
import and export of defense articles and services is a foreign affairs
function of the U.S. government and that rules implementing this
function are exempt from sections 553 (rulemaking) and 554
(adjudications) of the Administrative Procedure Act (APA). Although the
Department is of the opinion that this proposed rule is exempt from the
rulemaking provisions of the APA, the Department is publishing this
rule with a 60-day provision for public comment and without prejudice
to its determination that controlling the import and export of defense
services is a foreign affairs function.
Regulatory Flexibility Act
Since the Department is of the opinion that this proposed rule is
exempt from the rulemaking provisions of 5 U.S.C. 553, there is no
requirement for an analysis under the Regulatory Flexibility Act.
Unfunded Mandates Reform Act of 1995
This proposed amendment does not involve a mandate that will result
in the expenditure by State, local, and tribal governments, in the
aggregate, or by the private sector, of $100 million or more in any
year and it will not significantly or uniquely affect small
governments. Therefore, no actions were deemed necessary under the
provisions of the Unfunded Mandates Reform Act of 1995.
Small Business Regulatory Enforcement Fairness Act of 1996
For purposes of the Small Business Regulatory Enforcement Fairness
Act of 1996 (the ``Act''), a major rule is a rule that the
Administrator of the OMB Office of Information and Regulatory Affairs
finds has resulted or is likely to result in: (1) An annual effect on
the economy of $100,000,000 or more; (2) a major increase in costs or
prices for consumers, individual industries, federal, state, or local
government agencies, or geographic regions; or (3) significant adverse
effects on competition, employment, investment, productivity,
innovation, or on the ability of United States-based enterprises to
compete with foreign-based enterprises in domestic and foreign markets.
The Department does not believe this rulemaking will have an annual
effect on the economy of $100,000,000 or more, nor will it result in a
major increase in costs or prices for consumers, individual industries,
federal, state, or local government agencies, or geographic regions, or
have significant adverse effects on competition, employment,
investment, productivity, innovation, or on the ability of United
States-based enterprises to compete with foreign-based enterprises in
domestic and foreign markets. The proposed means of solving the issue
of data protection are both familiar to and extensively used by the
affected public in protecting sensitive information.
Executive Orders 12372 and 13132
This proposed amendment will not have substantial direct effects on
the States, on the relationship between the national government and the
States, or on the distribution of power and responsibilities among the
various levels of government. Therefore, in accordance with Executive
Order 13132, it is determined that this proposed amendment does not
have sufficient federalism implications to require consultations or
warrant the preparation of a federalism summary impact statement. The
regulations implementing Executive Order 12372 regarding
intergovernmental consultation on Federal programs and activities do
not apply to this proposed amendment.
Executive Orders 12866 and 13563
Executive Orders 12866 and 13563 direct agencies to assess costs
and benefits of available regulatory alternatives and, if regulation is
necessary, to select regulatory approaches that maximize net benefits
(including potential economic, environmental, public health and safety
effects, distributed impacts, and equity). The executive orders stress
the importance of quantifying both costs and benefits, of reducing
costs, of harmonizing rules, and of promoting flexibility. This
proposed rule has been designated a ``significant regulatory action,''
although not economically significant, under section 3(f) of Executive
Order 12866. Accordingly, the proposed rule has been reviewed by the
Office of Management and Budget (OMB).
Executive Order 12988
The Department of State has reviewed the proposed amendment in
light of sections 3(a) and 3(b)(2) of Executive Order 12988 to
eliminate ambiguity, minimize litigation, establish clear legal
standards, and reduce burden.
Executive Order 13175
The Department of State has determined that this rulemaking will
not have tribal implications, will not impose substantial direct
compliance costs on Indian tribal governments, and will not preempt
tribal law. Accordingly, Executive Order 13175 does not apply to this
rulemaking.
Paperwork Reduction Act
This rule does not impose any new reporting or recordkeeping
requirements subject to the Paperwork Reduction Act, 44 U.S.C. Chapter
35; however, the Department of State seeks public comment on any
unforeseen potential for increased burden.
List of Subjects
22 CFR 120 and 125
Arms and munitions, Classified information, Exports.
22 CFR 123
Arms and munitions, Exports, Reporting and recordkeeping
requirements.
22 CFR Part 127
Arms and munitions, Exports, Crime, Law, Penalties, Seizures and
forfeitures.
Accordingly, for the reasons set forth above, title 22, chapter I,
subchapter M, parts 120, 123, 125, and 127 are proposed to be amended
as follows:
PART 120--PURPOSE AND DEFINITIONS
0
1. The authority citation for part 120 continues to read as follows:
[[Page 31534]]
Authority: Secs. 2, 38, and 71, Pub. L. 90-629, 90 Stat. 744 (22
U.S.C. 2752, 2778, 2797); 22 U.S.C. 2794; 22 U.S.C. 2651a; Pub. L.
105-261, 112 Stat. 1920; Pub. L. 111-266; Section 1261, Pub. L. 112-
239; E.O. 13637, 78 FR 16129.
0
2. Section 120.6 is amended by designating the current text as
paragraph (a), revising the first sentence of newly designated
paragraph (a), and adding paragraph (b) to read as follows:
Sec. 120.6 Defense article.
(a) Defense article means any item, software, or technical data
designated in Sec. 121.1 of this subchapter. * * *
(b) The following are not defense articles and thus not subject to
the ITAR:
(1) [Reserved]
(2) [Reserved]
(3) Information and software that:
(i) Are in the public domain, as described in Sec. 120.11;
(ii) Arise during, or result from, fundamental research, as
described in Sec. 120.46;
(iii) Concern general scientific, mathematical, or engineering
principles commonly taught in schools, and released by instruction in a
catalog course or associated teaching laboratory of an academic
institution; or
(iv) Appear in patents or open (published) patent applications
available from or at any patent office, unless covered by an invention
secrecy order.
Note to paragraph (b): Information that is not within the scope
of the definition of technical data (see Sec. 120.10) and not
directly related to a defense article, or otherwise described on the
USML, is not subject to the ITAR.
0
3. Section 120.9 is revised to read as follows:
Sec. 120.9 Defense service.
(a) Defense service means:
(1) The furnishing of assistance (including training) to a foreign
person (see Sec. 120.16), whether in the United States or abroad, in
the production, assembly, testing, intermediate- or depot-level
maintenance (see Sec. 120.38), modification, demilitarization,
destruction, or processing of a defense article (see Sec. 120.6), by a
U.S. person or foreign person in the United States, who has knowledge
of U.S.-origin technical data directly related to the defense article
that is the subject of the assistance, prior to performing the service;
Note 1 to paragraph (a)(1): ``Knowledge of U.S.-origin
technical data'' for purposes of paragraph (a)(1) can be established
based on all the facts and circumstances. However, a person is
deemed to have ``knowledge of U.S.-origin technical data'' directly
related to a defense article if the person participated in the
development of a defense article described in the same USML
paragraph or accessed (physically or electronically) technical data
directly related to the defense article that is the subject of the
assistance, prior to performing the service.
Note 2 to paragraph (a)(1): U.S. persons abroad who only
receive U.S.-origin technical data as a result of their activities
on behalf of a foreign person are not included within paragraph
(a)(1).
Note 3 to paragraph (a)(1): Foreign person employees in the
United States providing defense services as part of Directorate of
Defense Trade Controls-authorized employment need not be listed on
the U.S. employer's technical assistance agreement or receive
separate authorization to perform defense services on behalf of
their authorized U.S. employer.
(2) The furnishing of assistance (including training) to a foreign
person (see Sec. 120.16), whether in the United States or abroad, in
the development of a defense article, or the integration of a defense
article with any other item regardless of whether that item is subject
to the ITAR or technical data is used;
Note to paragraph (a)(2): ``Integration'' means any engineering
analysis (see Sec. 125.4(c)(5) of this subchapter) needed to unite
a defense article and one or more items. Integration includes the
introduction of software to enable operation of a defense article,
and the determination during the design process of where an item
will be installed (e.g., integration of a civil engine into a
destroyer that requires changes or modifications to the destroyer in
order for the civil engine to operate properly; not plug and play).
Integration is distinct from ``installation.'' Installation means
the act of putting an item in its predetermined place without the
use of technical data or any modifications to the defense article
involved, other than to accommodate the fit of the item with the
defense article (e.g., installing a dashboard radio into a military
vehicle where no modifications (other than to accommodate the fit of
the item) are made to the vehicle, and there is no use of technical
data.). The ``fit'' of an item is defined by its ability to
physically interface or connect with or become an integral part of
another item. (see Sec. 120.41).
(3) The furnishing of assistance (including training) to a foreign
person (see Sec. 120.16), regardless of whether technical data is
used, whether in the United States or abroad, in the employment of a
defense article, other than basic operation of a defense article
authorized by the U.S. government for export to the same recipient;
(4) Participating in or directing combat operations for a foreign
person (see Sec. 120.16), except as a member of the regular military
forces of a foreign nation by a U.S. person who has been drafted into
such forces; or
(5) The furnishing of assistance (including training) to the
government of a country listed in Sec. 126.1 of this subchapter in the
development, production, operation, installation, maintenance, repair,
overhaul or refurbishing of a defense article or a part component,
accessory or attachments specially designed for a defense article.
Note to paragraph (a): The following are examples of activities
that are not defense services:
1. The furnishing of assistance (including training) in
organizational-level (basic-level) maintenance (see Sec. 120.38) of
a defense article;
2. Performance of services by a U.S. person in the employment of
a foreign person, except as provided in this paragraph;
3. Servicing of an item subject to the EAR (see Sec. 120.42)
that has been integrated or installed into a defense article, or the
servicing of an item subject to the EAR into which a defense article
has been installed or integrated, without the use of technical data,
except as described in paragraph (a)(5) of this section;
4. The installation of any item into a defense article, or the
installation of a defense article into any item;
5. Providing law enforcement, physical security, or personal
protective services (including training and advice) to or for a
foreign person (if such services necessitate the export of a defense
article a license or other approval is required for the export of
the defense article, and such services that entail the employment or
training in the employment of a defense article are addressed in
paragraph (a)(3) of this section);
6. The furnishing of assistance by a foreign person not in the
United States;
7. The furnishing of medical, logistical (other than
maintenance), translation, financial, legal, scheduling, or
administrative services;
8. The furnishing of assistance by a foreign government to a
foreign person in the United States, pursuant to an arrangement with
the Department of Defense; and
9. The instruction in general scientific, mathematical, or
engineering principles commonly taught in schools, colleges, and
universities.
(b) [Reserved]
0
4. Section 120.10 is revised to read as follows:
Sec. 120.10 Technical data.
(a) Technical data means, except as set forth in paragraph (b) of
this section:
(1) Information required for the development (see Sec. 120.47)
(including design, modification, and integration design), production
(see Sec. 120.48) (including manufacture, assembly, and integration),
operation, installation, maintenance, repair, overhaul, or refurbishing
of a defense article. Technical data may be in any tangible or
intangible form, such as written or
[[Page 31535]]
oral communications, blueprints, drawings, photographs, plans,
diagrams, models, formulae, tables, engineering designs and
specifications, computer-aided design files, manuals or documentation,
electronic media or information gleaned through visual inspection;
Note to paragraph (a)(1): The modification of an existing item
creates a new item and technical data for the modification is
technical data for the development of the new item.
(2) Information enumerated on the USML (i.e., not controlled
pursuant to a catch-all USML paragraph);
(3) Classified information for the development, production,
operation, installation, maintenance, repair, overhaul, or refurbishing
of a defense article or a 600 series item subject to the EAR;
(4) Information covered by an invention secrecy order; or
(5) Information, such as decryption keys, network access codes, or
passwords, that would allow access to other technical data in clear
text or software (see Sec. 127.1(b)(4) of this subchapter).
(b) Technical data does not include:
(1) Non-proprietary general system descriptions;
(2) Information on basic function or purpose of an item; or
(3) Telemetry data as defined in note 3 to USML Category XV(f) (see
Sec. 121.1 of this subchapter).
0
5. Section 120.11 is revised to read as follows:
Sec. 120.11 Public domain.
(a) Except as set forth in paragraph (b) of this section,
unclassified information and software are in the public domain, and are
thus not technical data or software subject to the ITAR, when they have
been made available to the public without restrictions upon their
further dissemination such as through any of the following:
(1) Subscriptions available without restriction to any individual
who desires to obtain or purchase the published information;
(2) Libraries or other public collections that are open and
available to the public, and from which the public can obtain tangible
or intangible documents;
(3) Unlimited distribution at a conference, meeting, seminar, trade
show, or exhibition, generally accessible to the interested public;
(4) Public dissemination (i.e., unlimited distribution) in any form
(e.g., not necessarily in published form), including posting on the
Internet on sites available to the public; or
(5) Submission of a written composition, manuscript or presentation
to domestic or foreign co-authors, editors, or reviewers of journals,
magazines, newspapers or trade publications, or to organizers of open
conferences or other open gatherings, with the intention that the
compositions, manuscripts, or publications will be made publicly
available if accepted for publication or presentation.
(b) Technical data or software, whether or not developed with
government funding, is not in the public domain if it has been made
available to the public without authorization from:
(1) The Directorate of Defense Trade Controls;
(2) The Department of Defense's Office of Security Review;
(3) The relevant U.S. government contracting entity with authority
to allow the technical data or software to be made available to the
public; or
(4) Another U.S. government official with authority to allow the
technical data or software to be made available to the public.
Note 1 to Sec. 120.11: Section 127.1(a)(6) of this subchapter
prohibits, without written authorization from the Directorate of
Defense Trade Controls, U.S. and foreign persons from exporting,
reexporting, retransfering, or otherwise making available to the
public technical data or software if such person has knowledge that
the technical data or software was made publicly available without
an authorization described in paragraph (b) of this section.
Note 2 to Sec. 120.11: An export, reexport, or retransfer of
technical data or software that was made publicly available by
another person without authorization is not a violation of this
subchapter, except as described in Sec. 127.1(a)(6) of this
subchapter.
0
6. Section 120.17 is revised to read as follows:
Sec. 120.17 Export.
(a) Except as set forth in Sec. 120.52, Sec. 126.16, or Sec.
126.17 of this subchapter, export means:
(1) An actual shipment or transmission out of the United States,
including the sending or taking of a defense article outside of the
United States in any manner;
(2) Releasing or otherwise transferring technical data or software
(source code or object code) to a foreign person in the United States
(a ``deemed export'');
(3) Transferring by a person in the United States of registration,
control, or ownership of any aircraft, vessel, or satellite subject to
the ITAR to a foreign person;
(4) Releasing or otherwise transferring a defense article to an
embassy or to any agency or subdivision of a foreign government, such
as a diplomatic mission, in the United States;
(5) Performing a defense service on behalf of, or for the benefit
of, a foreign
person, whether in the United States or abroad;
(6) Releasing or otherwise transferring information, such as
decryption keys, network access codes, passwords, or software, or
providing physical access, that would allow access to other technical
data in clear text or software to a foreign person regardless of
whether such data has been or will be transferred; or
(7) Making technical data available via a publicly available
network (e.g., the Internet).
(b) Any release in the United States of technical data or software
to a foreign person is a deemed export to all countries in which the
foreign person has held citizenship or holds permanent residency.
0
7. Section 120.19 is revised to read as follows:
Sec. 120.19 Reexport.
(a) Except as set forth in Sec. 120.52, reexport means:
(1) An actual shipment or transmission of a defense article from
one foreign country to another foreign country, including the sending
or taking of a defense article to or from such countries in any manner;
(2) Releasing or otherwise transferring technical data or software
to a foreign person of a country other than the foreign country where
the release or transfer takes place (a ``deemed reexport'');
(3) Transferring by a person outside of the United States of
registration, control, or ownership of any aircraft, vessel, or
satellite subject to the ITAR to a foreign person outside the United
States; or
(4) Releasing or otherwise transferring outside of the United
States information, such as decryption keys, network access codes,
password, or software, or providing physical access, that would allow
access to other technical data in clear text or software to a foreign
person regardless of whether such data has been or will be transferred.
(b) [Reserved]
Sec. 120.41 [Amended]
0
8. Section 120.41 is amended by reserving Note 1 to paragraph (b)(3)
and Note 2 to paragraph (b)(3).
0
9. Section 120.46 is added to read as follows:
Sec. 120.46 Required.
(a) As applied to technical data, the term required refers to only
that portion
[[Page 31536]]
of technical data that is peculiarly responsible for achieving or
exceeding the controlled performance levels, characteristics, or
functions. Such required technical data may be shared by different
products.
Note 1 to paragraph (a): The references to ``characteristics''
and functions'' are not limited to entries on the USML that use
specific technical parameters to describe the scope of what is
controlled. The ``characteristics'' and ``functions'' of an item
listed are, absent a specific regulatory definition, a standard
dictionary's definition of the item. For example, USML Category
VIII(a)(1) controls aircraft that are ``bombers.'' No performance
level is identified in the entry, but the characteristic of the
aircraft that is controlled is that it is a bomber. Thus, any
technical data, regardless of significance, peculiar to making an
aircraft a bomber as opposed to, for example, an aircraft controlled
under ECCN 9A610.a or ECCN 9A991.a, would be technical data required
for a bomber and thus controlled under USML Category VIII(i).
Note 2 to paragraph (a): The ITAR and the EAR often divide
within each set of regulations or between each set of regulations:
1. Controls on parts, components, accessories, attachments, and
software; and
2. Controls on the end items, systems, equipment, or other items
into which those parts, components, accessories, attachments, and
software are to be installed or incorporated.
With the exception of technical data specifically enumerated on
the USML, the jurisdictional status of unclassified technical data
is the same as the jurisdictional status of the defense article or
item subject to the EAR to which it is directly related. Thus, if
technology is directly related to the production of an ECCN 9A610.x
aircraft component that is to be integrated or installed in a USML
Category VIII(a) aircraft, the technology is controlled under ECCN
9E610, not USML Category VIII(i).
Note 3 to paragraph (a): Technical data is ``peculiarly
responsible for achieving or exceeding the controlled performance
levels, characteristics, or functions'' if it is used in or for use
in the development (including design, modification, and integration
design), production (including manufacture, assembly, and
integration), operation, installation, maintenance, repair,
overhaul, or refurbishing of a defense article unless:
1. The Department of State has determined otherwise in a
commodity jurisdiction determination;
2. [Reserved];
3. It is identical to information used in or with a commodity or
software that:
i. Is or was in production (i.e., not in development); and
ii. Is not a defense article;
4. It was or is being developed with knowledge that it is for or
would be for use in or with both defense articles and commodities
not on the U.S. Munitions List; or
5. It was or is being developed for use in or with general
purpose commodities or software (i.e., with no knowledge that it
would be for use in or with a particular commodity).
(b) [Reserved]
0
10. Section 120.47 is added to read as follows:
Sec. 120.47 Development.
Development is related to all stages prior to serial production,
such as: design, design research, design analyses, design concepts,
assembly and testing of prototypes, pilot production schemes, design
data, process of transforming design data into a product, configuration
design, integration design, and layouts. Development includes
modification of the design of an existing item.
0
11. Section 120.48 is added to read as follows:
Sec. 120.48 Production.
Production means all production stages, such as product
engineering, manufacture, integration, assembly (mounting), inspection,
testing, and quality assurance. This includes ``serial production''
where commodities have passed production readiness testing (i.e., an
approved, standardized design ready for large scale production) and
have been or are being produced on an assembly line for multiple
commodities using the approved, standardized design.
0
12. Section 120.49 is added to read as follows:
Sec. 120.49 Technical data that arises during, or results from,
fundamental research.
(a) Technical Data arising during, or resulting from, fundamental
research. Unclassified information that arises during, or results from,
fundamental research and is intended to be published is not technical
data when the research is:
(1) Conducted in the United States at an accredited institution of
higher learning located; or
(2) Funded, in whole or in part, by the U.S. government.
Note 1 to paragraph (a): The inputs used to conduct fundamental
research, such as information, equipment, or software, are not
``technical data that arises during or results from fundamental
research'' except to the extent that such inputs are technical data
that arose during or resulted from earlier fundamental research.
Note 2 to paragraph (a): There are instances in the conduct of
research, whether fundamental, basic, or applied, where a
researcher, institution, or company may decide to restrict or
protect the release or publication of technical data contained in
research results. Once a decision is made to maintain such technical
data as restricted or proprietary, the technical data becomes
subject to the ITAR.
(b) Prepublication review. Technical data that arises during, or
results from, fundamental research is intended to be published to the
extent that the researchers are free to publish the technical data
contained in the research without any restriction or delay, including
U.S. government-imposed access and dissemination controls or research
sponsor proprietary information review.
Note 1 to paragraph (b): Although technical data arising during
or resulting from fundamental research is not considered ``intended
to be published'' if researchers accept restrictions on its
publication, such technical data will nonetheless qualify as
technical data arising during or resulting from fundamental research
once all such restrictions have expired or have been removed.
Note 2 to paragraph (b): Research that is voluntarily subjected
to U.S. government prepublication review is considered intended to
be published for all releases consistent with any resulting
controls.
Note 3 to paragraph (b): Technical data resulting from U.S.
government funded research which is subject to government-imposed
access and dissemination or other specific national security
controls qualifies as technical data resulting from fundamental
research, provided that all government-imposed national security
controls have been satisfied.
(c) Fundamental research definition. Fundamental research means
basic or applied research in science and engineering, the results of
which ordinarily are published and shared broadly within the scientific
community. This is distinguished from proprietary research and from
industrial development, design, production, and product utilization,
the results of which ordinarily are restricted for proprietary or
national security reasons.
(1) Basic research means experimental or theoretical work
undertaken principally to acquire new knowledge of the fundamental
principles of phenomena or observable facts, not primarily directed
towards a specific practical aim or objective.
(2) Applied research means the effort that:
(i) Normally follows basic research, but may not be severable from
the related basic research;
(ii) Attempts to determine and exploit the potential of scientific
discoveries or improvements in technology, materials, processes,
methods, devices, or techniques; and
(iii) Attempts to advance the state of the art.
[[Page 31537]]
0
13. Section 120.50 is added to read as follows:
Sec. 120.50 Release.
(a) Except as set forth in Sec. 120.52, technical data and
software are released through:
(1) Visual or other inspection by foreign persons of a defense
article that reveals technical data or software to a foreign person; or
(2) Oral or written exchanges with foreign persons of technical
data in the United States or abroad.
(b) [Reserved]
0
14. Section 120.51 is added to read as follows:
Sec. 120.51 Retransfer.
Except as set forth in Sec. 120.52 of this subchapter, a
retransfer is a change in end use or end user of a defense article
within the same foreign country.
0
15. Section 120.52 is added to read as follows:
Sec. 120.52 Activities that are not exports, reexports, or
retransfers.
(a) The following activities are not exports, reexports, or
retransfers:
(1) Launching a spacecraft, launch vehicle, payload, or other item
into space;
(2) While in the United States, releasing technical data or
software to a U.S. person;
(3) Shipping, moving, or transferring defense articles between or
among the United States, the District of Columbia, the Commonwealth of
Puerto Rico, the Commonwealth of the Northern Mariana Islands or any
territory, dependency, or possession of the United States as listed in
Schedule C, Classification Codes and Descriptions for U.S. Export
Statistics, issued by the Bureau of the Census; and
(4) Sending, taking, or storing technical data or software that is:
(i) Unclassified;
(ii) Secured using end-to-end encryption;
(iii) Secured using cryptographic modules (hardware or software)
compliant with the Federal Information Processing Standards Publication
140-2 (FIPS 140-2) or its successors, supplemented by software
implementation, cryptographic key management and other procedures and
controls that are in accordance with guidance provided in current U.S.
National Institute for Standards and Technology publications; and
(iv) Not stored in a country proscribed in Sec. 126.1 of this
subchapter or the Russian Federation.
(b) For purposes of this section, end-to-end encryption means the
provision of uninterrupted cryptographic protection of data between an
originator and an intended recipient, including between an individual
and himself or herself. It involves encrypting data by the originating
party and keeping that data encrypted except by the intended recipient,
where the means to access the data in unencrypted form is not given to
any third party, including to any Internet service provider,
application service provider or cloud service provider.
(c) The ability to access technical data or software in encrypted
form that satisfies the criteria set forth in paragraph (a)(4) of this
section does not constitute the release or export of such technical
data or software.
Note to Sec. 120.52: See Sec. 127.1 of this subchapter for
prohibitions on the release or transfer of technical data or
software, in any form, to any person with knowledge that a violation
will occur.
PART 123--LICENSES FOR THE EXPORT AND TEMPORARY IMPORT OF DEFENSE
ARTICLES
0
16. The authority citation for part 123 continues to read as follows:
Authority: Secs. 2, 38, and 71, 90, 90 Stat. 744 (22 U.S.C.
2752, 2778, 2797); 22 U.S.C. 2753; 22 U.S.C. 2651a; 22 U.S.C. 2776;
Pub. L. 105-261, 112 Stat. 1920; Sec. 1205(a), Pub. L. 107-228;
Section 1261, Pub. L. 112-239; E.O. 13637, 78 FR 16129.
0
17. Section 123.28 is added to read as follows:
Sec. 123.28 Scope of a license.
Unless limited by a condition set out in a license, the export,
reexport, retransfer, or temporary import authorized by a license is
for the item(s), end-use(s), and parties described in the license
application and any letters of explanation. DDTC grants licenses in
reliance on representations the applicant made in or submitted in
connection with the license application, letters of explanation, and
other documents submitted.
PART 124--AGREEMENTS, OFF-SHORE PROCUREMENT, AND OTHER DEFENSE
SERVICES
0
18. The authority citation for part 124 continues to read as follows:
Authority: Secs. 2, 38, and 71, 90, 90 Stat. 744 (22 U.S.C.
2752, 2778, 2797); 22 U.S.C. 2651a; 22 U.S.C. 2776; Section 1514,
Pub. L. 105-261; Pub. L. 111-266; Section 1261, Pub. L. 112-239;
E.O. 13637, 78 FR 16129.
0
19. Section 124.1 is amended by adding paragraph (e) to read as
follows:
Sec. 124.1 Manufacturing license agreements and technical assistance
agreements.
* * * * *
(e) Unless limited by a condition set out in an agreement, the
export, reexport, retransfer, or temporary import authorized by a
license is for the item(s), end-use(s), and parties described in the
agreement, license, and any letters of explanation. DDTC approves
agreements and grants licenses in reliance on representations the
applicant made in or submitted in connection with the agreement,
letters of explanation, and other documents submitted.
PART 125--LICENSES FOR THE EXPORT OF TECHNICAL DATA AND CLASSIFIED
DEFENSE ARTICLES
0
20. The authority citation for part 125 continues to read as follows:
Authority: Secs. 2 and 38, 90, 90 Stat. 744 (22 U.S.C. 2752,
2778); 22 U.S.C. 2651a; E.O. 13637, 78 FR 16129.
0
21. Section 125.4 is amended by revising paragraph (b)(9) to read as
follows:
Sec. 125.4 Exemptions of general applicability.
* * * * *
(b) * * *
(9) Technical data, including classified information, regardless of
media or format, exported by or to a U.S. person or a foreign person
employee of a U.S. person, travelling or on temporary assignment abroad
subject to the following restrictions:
(i) Foreign persons may only export or receive such technical data
as they are authorized to receive through a separate license or other
approval.
(ii) The technical data exported under this authorization is to be
possessed or used solely by a U.S. person or authorized foreign person
and sufficient security precautions must be taken to prevent the
unauthorized release of the technology. Such security precautions
include encryption of the technical data, the use of secure network
connections, such as virtual private networks, the use of passwords or
other access restrictions on the electronic device or media on which
the technical data is stored, and the use of firewalls and other
network security measures to prevent unauthorized access.
(iii) The U.S. person is an employee of the U.S. government or is
directly employed by a U.S. person and not by a foreign subsidiary.
(iv) Technical data authorized under this exception may not be used
for foreign production purposes or for defense services unless
authorized through a license or other approval.
(v) The U.S. employer of foreign persons must document the use of
this exemption by foreign person employees,
[[Page 31538]]
including the reason that the technical data is needed by the foreign
person for their temporary business activities abroad on behalf of the
U.S. person.
(vi) Classified information is sent or taken outside the United
States in accordance with the requirements of the Department of Defense
National Industrial Security Program Operating Manual (unless such
requirements are in direct conflict with guidance provided by the
Directorate of Defense Trade Controls, in which case such guidance must
be followed).
* * * * *
PART 127--VIOLATIONS AND PENALTIES
0
22. The authority citation for part 127 continues to read as follows:
Authority: Sections 2, 38, and 42, 90, 90 Stat. 744 (22 U.S.C.
2752, 2778, 2791); 22 U.S.C. 401; 22 U.S.C. 2651a; 22 U.S.C. 2779a;
22 U.S.C. 2780; E.O. 13637, 78 FR 16129.
0
23. Section 127.1 is amended by adding paragraphs (a)(6) and (b)(4) to
read as follows:
Sec. 127.1 Violations.
(a) * * *
(6) To export, reexport, retransfer, or otherwise make available to
the public technical data or software if such person has knowledge that
the technical data or software was made publicly available without an
authorization described in Sec. 120.11(b) of this subchapter.
(b) * * *
(4) To release or otherwise transfer information, such as
decryption keys, network access codes, or passwords, that would allow
access to other technical data in clear text or to software that will
result, directly or indirectly, in an unauthorized export, reexport, or
retransfer of the technical data in clear text or software. Violation
of this provision will constitute a violation to the same extent as a
violation in connection with the export of the controlled technical
data or software.
* * * * *
Dated: May 20, 2015.
Rose E. Gottemoeller,
Under Secretary, Arms Control and International Security, Department of
State.
[FR Doc. 2015-12844 Filed 6-2-15; 8:45 am]
BILLING CODE 4710-25-P