Last week the GAO released an unusually critical report which chided both DDTC and BIS over the way both agencies handled deemed export issues posed by university research programs. The report was prompted by an inquiry from Representative James Sensenbrenner, an outspoken critic of immigration. Sensenbrenner asked the agency to review the procedures used by DDTC and BIS to keep sensitive technology out of the hands of foreign students.

The report noted that most universities that it contacted attempted to avoid deemed export issues by relying on the “fundamental research” exception. In order to do that, universities in many instances try to reject research projects where limitations are imposed on the ability of the university to publish the results of the research. On the other hand, the universities complained that in cases where the fundamental research exception was unavailable, it was difficult to determine whether or not particular research was export controlled or not. Although ITAR-controlled technology may be relatively easy to identify, there is certainly some force to the argument that it is difficult for universities to identify dual-use technologies controlled by the EAR.

Compounding this difficulty were the admissions by DDTC that the U.S. export control regulations are “designed for ‘self-compliance,'” which is export bureaucrat-ese for “proceed at your own risk.” Both agencies were candid in stating that their top priority were to consider license applications and not to provide education or outreach to parties subject to the regulations.

University officials complained that agency seminars provided no guidance to the issues confronted by universities:

Several university officials indicated that the agency training and guidance have limited utility for academic institutions. For example, according to some university officials, training provided by Commerce and State does not discuss how export regulations apply to universities that have fundamental research exclusions. One university official characterized the Commerce-sponsored session that he attended as being “entry level” training directed at the corporate community. Commerce officials have acknowledged that about 95 percent of the attendees at their seminars are repeat attendees, primarily from industry. Some university officials stated that the training was too narrowly focused on topics that do not pertain to universities.

Although BIS’s response to the report generally indicated agreement, DDTC had this to say:

We disagree with the GAO’s assertion that we are not presently assesing the risk of unauthorized data exports. While State’s DDTC may not have concretely quantified the potential risk, there is a recognition that a risk exists. We estimate that it would take from one-half to one full man year to conduct an assessment and are presently determining if we can conduct the study, along with the planned outreach to universities in FY 2007, within the limits of existing resources.

Or, we know that there’s a problem, but we don’t know how big it is and may not have the resources to do anything about it.

Permalink


Copyright © 2006 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)