An ongoing feature of this blog has been, for some time, to highlight ITAR registration press releases where companies breathlessly announce their registration under part 122 of the ITAR as if it were equivalent to having been awarded the Nobel Peace Price, an Oscar, and three Michelin stars on the same day when in fact the State Department routinely hands out Part 122 registration to anyone who can figure out how to fill out a short form, write a check for the registration fee and send both to Washington. Once the check clears, a registration is issued by DDTC without so much as even looking at the registrant’s elevator certificates and corporate cafeteria lunch menu.
So when a friend of the blog pointed out a press release headlined “Xand Earns International Traffic in Arms Regulations (ITAR) Compliance from U.S. Department of State,” it was clear that we had a moral obligation to bring to our readers the latest and greatest in marketing department hyperbole.
Xand, the Northeast’s premier provider of cloud, managed services, colocation and disaster recovery announced today the successful completion of all regulatory requirements required to attain International Traffic in Arms Regulations (ITAR) registration and compliance from the U.S. Department of State, a unique distinction among infrastructure service providers.
Okay, so maybe the “regulatory requirements” meant by Xand were filling out the form and sending the check. Well, you might think that until you see what the company’s Chief Security Officer had to say:
We selected data center facilities in Pennsylvania, New York, and Massachusetts to undergo thorough and exhaustive compliance testing to meet the critical standards of the U.S. Department of State. The end result allows Xand to provide clients with unmatched geographic diversity and redundancy options when it comes to housing, storing, and protecting the data and technology infrastructure needed to power the critically important work of the defense industry.
It seems to me that the State Department ought to tell people that it will revoke the registration of anyone who so fundamentally misunderstands the ITAR as to suggest in public that registration is the result of compliance testing and constitutes a certification that the registrant is compliant.
One other interesting point here is to try to figure out why Xand needed registration in the first place. Registration is required for parties that manufacture items on the USML and for those that export goods or technical data on the USML. Frankly, I’m baffled how a domestic cloud and colocation service provider does either of those things even if it has customers that manufacture or export USML items. Anyone have any thoughts on this?