Mar
19
DDTC Keeps Trying to Put the Public Domain Genie Back in the Bottle
Posted by Clif Burns at 10:49 am on March 19, 2009
Category: General
Redmond-based Analytical Methods, Inc., entered into a consent agreement, released earlier this week, with the Directorate of Defense Trade Controls (“DDTC”) in connection with unlicensed provision of defense services to foreign persons and unlicensed exports of software adapted for military purposes. Pursuant to the consent agreement, the company agreed to pay $500,000 in civil penalties, $400,000 of which was suspended provided that this amount is applied to past and future compliance measures. Significantly, this penalty was imposed even though Analytical Methods voluntarily disclosed the export violations.
The company’s problems started with some confusion on its part as to whether its software, which consists of various programs and modules designed to model the conditions present while flying through air or travelling through water, was controlled by the International Traffic in Arms Regulations (“ITAR”). According to the charging letter, counsel for the company initially filed a voluntary disclosure with the DDTC in 2003 indicating that he was investigating whether an export of one of it’s software modules to an “embargoed entity” in the People’s Republic of China was a violation of the ITAR. Subsequently counsel sent a second letter to DDTC stating that he had determined that the software module that was exported was not ITAR-controlled and that the PRC entity that received the module was not on any prohibited end-user list.
The company then filed a commodity jurisdiction request with respect to that module, which the DDTC determined was, indeed, ITAR-controlled:
Respondent failed to notify the Department immediately after this CJ determination that it had exported ITAR controlled MGAERO-FPI software to the PRC. Instead in March of 2004 the Respondent notified the Department that it had ceased manufacturing and exporting the ITAR controlled MGAERO-FPI software and would not re-register with the Department.
And that right there explains, at least in my view, why this voluntary disclosure led to a significant fine. In this instance, the DDTC obviously was annoyed by what appears to have been a disingenuous response by the company to the CJ determination, something made even more disingenuous because it involved an item that the company had previously told DDTC had been exported to the PRC but was not ITAR-controlled. Subsequent voluntary disclosures of these exports won’t be viewed as favorably when they come on the heels of prior attempts by a company to conceal the exports from DDTC.
Two things about the charging documents, however, are of more cause for concern. First, the DDTC appears to be continuing to expand its efforts to require export licenses for public domain material. In the charging letter, DDTC states:
Section 124.1(a) of the ITAR provides that approval from DDTC is required prior to providing a section 120.9(a) defense service, whether or not the information relied upon in providing the defense service is in the public domain or otherwise exempt from license requirements.
The problem here is that section 120.9(a)(2) defines the provision of technical data as a defense service. These two sections read together with DDTC’s gloss on 124.1(a) in the above-quoted section, means that a “disclosure” of public domain information can be seen as a defense service (and not just as an export of technical data) that would require that a Technical Assistance Agreement (“TAA”) be approved by DDTC prior to the disclosure of the public domain material.
Second, language in the charging documents continue to obscure the boundaries of what is and isn’t a defense service. Although all the software modules involved in the specific charges brought by DDTC were modified for military use and were thus defense articles, DDTC throws into the Consent Agreement this language:
[S]oftware designated as dual-use can be used to provide an ITAR regulated defense service. …
Does this mean that a vendor that provides non-ITAR software, say a CAD program, to a foreign defense contractor, and then trains that contractor on using the software, that this might be a defense service if the contractor uses the software to design a military article? The boundaries here have never been clear and the cited language from the DDTC makes them less clear.
Permalink
Copyright © 2009 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)
8 Comments:
124.1 seems to have a logical application if someone is taking publicly available information (such as the instructions for use and maintenance of a commercially available AR-15 rifle) and providing a defense service to foreign persons. For instance, training police in another country. But it gets really troublesome when you consider that it could just as well apply to a firearms safety class conducted in the U.S. if a foreign person attends. And it creates real headaches when you expand the potential applications from there.
I think you missed the ITAR on your statement below–it might be academic because in the settlement situation, companies just get the best deal they can, regardless of the ITAR.
The definition of technical data says tech data does not include “public domain.” So when you export public domain, by defintion, you are not exporting tech data because public domain is not tech data. So the export of public domain does not automatically become a defense service. Now you could use public domain to provide a defense service, just like you could use a screw driver to provide a defense service–but exporting public domain is not by defintion a defense service.
Sorry to be such a nerd on this, but it is important (at least to me).
Keep up the good work. I enjoy your willingness to express your opinion and to be funny and irreverent. Most people are too scared and uptight to do those things.
John Black
from your blog…
“The problem here is that section 120.9(a)(2) defines the provision of
technical data as a defense service. These two sections read together
with DDTC’s gloss on 124.1(a) in the above-quoted section, means that a
“disclosure” of public domain information can be seen as a defense
service (and not just as an export of technical data) that would require
that a Technical Assistance Agreement (“TAA”) be approved by DDTC prior
to the disclosure of the public domain material.
I agree that this is probably how 120.9(a)(2) should be read, but the language in the consent decree saying that something can be a defense service even if public domain information is used is inconsistent with that. The DDTC probably should at a minimum have made clear that its statement in the consent decree applies to defense services defined under 120.9(a)(1) and (a)(3), not under (a)(2).
It should be remembered that DDTC has inserted such language in a number of prior consent agreements, including some of the Boeing consent agreements. That said, while government may constitutionally regulate services, to the extent that the “services” consist solely of providing information, any regulation that purports to regulate the provision of information is subject to First Amendment challenge. The Sixth Circuit in Junger v. Daley held that export controls on encryption source code were subject to First Amendment review, but that the “functionality” of the source code in that case, i.e., the fact that that source code could be used to directly instruct some computers, meant that export controls on that source code were subject only to “intermediate scrutiny”. The clear inference of Junger v. Daley then is that provision of pure information is subject to full First Amendment protection.
I attended an ITAR lecture given by a DDTC employee recently, in which she explained that information in the public domain does not mean that the information “should be” in the public domain. In other words, just because you find it on the internet doesn’t mean it’s allowed to be distributed as public domain. She said if you release something because it’s already (but inappropriately) available via public domain, you’ve committed an ITAR violation.
She kept inserting the phrase “appropriately released into” (the public domain) to talk about the public domain exception.
chris
Chris: Your story is just yet one more example of how DDTC doesn’t believe the law, most especially the , doesn’t apply to DDTC. They mean: How could the Constitution possible apply to them, they are so much superior to mere mortals.
Wasn’t there a case recently where the defendant successfully argued that Apache helicopter drawings he had exported were available in the public domain (on the internet)?
If a company had the resourses to pursue the case, I think judges will have to be skeptical of DoS claims that data available on the internet is not in fact actually in the public domain because the data should not be on the internet in the opinion of the DoS.
Yes, the Axion case. The part involved was a small flange type part called a bifilar weight assembly. The gov’t claimed that it wasn’t PD just because it was on the Internet; the judge said otherwise and, as I’ve heard from the trial participants, was none too pleased with the governments efforts to argue that stuff on the Internet wasn’t PD.