Export compliance is an issue that will get Defense contractors and employees in trouble. Violating State Department regulations will bring the weight of the US Government not only on the offending company, but persons involved. Cleared employees must not only protect classified information, but also prevent the unauthorized transfer of technical information and data.
A Real Violation Scenario
According to a report made available on the Department Of Commerce website, Sunrise Technologies Trading Corporation is alleged to have committed several export violations. As a result, they face possible repercussions of a $250,000 fine per charge, loss of export privileges and loss of privileges and more. In other words, they could lose the ability to perform their core capabilities.
In the above report, Sunrise Technologies acted with knowledge that a violation would occur as they exported computer components without license or approval. This is serious, but what does it have to do with security clearances and protecting classified information? A lot.
How Does this Apply to Cleared Employees?
If you have a security clearance, you will encounter many requirements to protect classified information. However, are you aware of responsibilities of protecting technology, services, and products protected under the International Traffic In Arms Regulation (ITAR) and the Export Administration Regulation (EAR)?
Chances are that if you are working with classified contracts, there are also additional concerns with unclassified items controlled by Department of State and Department of Commerce Regulations. Though Sunrise Technologies allegedly committed export violations, you should also be aware of the risks of inadvertently committing export violations.
Protect Yourself and Your Company
The best way to protect yourself and your company is to understand what is controlled and how to protect it and/or legally export it. Simply put, an export is the transfer of controlled technology in any form to a non US Person at any location. Export controlled products, services and technologies should only be shared by US Persons. In general, US Persons include people and entities that are US citizens, residents and those who enjoy a protected status. A violation is not only the shipping of controlled technology abroad, but can also occur through presenting, demonstrating or showing to a non-US person right at your US location.
How to Protect Identified Export Controlled Items: Conduct inventory-determine regularly that items are marked properly, are where they should be and protected according to government and company requirements found in ITAR and EAR.
Limit access-provide barriers to export controlled products and services and ensure only authorized persons have access. For example, if you have permission to demonstrate a product, ensure the Non-US Persons only have access to that product. Protect other export controlled items from access. This can be done by escorting, placing signs identifying off limits areas, and locking controlled property away. In other words, limit limiting knowledge and access to only those who need it.
If you are authorized to transfer controlled technology through a license or technical assistance agreement (TAA), understand your responsibilities:
- Understand how technical data can be transferred inadvertently or purposefully through a written note, viewing a computer screen, conducting seminars and etc. Make sure employees know they are only authorized to communicate technical data through a license and or TAA.
- Coordinate with your Facility Security Officer and Export Control Officer. If technical exchange is necessary and you don’t have a license, allow a year to apply for and receive the appropriate licenses and TAAs.
- Once you receive a license or TAA, know the boundaries prior sharing any technical information with non US persons. Help them understand the provisos of licenses and TAAs and exactly what they are allowed to disclose.
- Partition off other technologies not under license or TAA. If traveling to a foreign country, carry a sanitized computer to reduce the threat of exports violations or theft of economic or corporate data. Only take what you are authorized by the permissions. If non-US Persons are visiting or working on site, ensure they only have access to what is allowed.
Export violations can be as serious as unauthorized release of classified information. Do everything within your power to ensure that no technical data or service is exported without proper approval. This means performing due diligence prior to receiving foreign visitor, attending trade shows, and prior to working on teaming agreements with non US persons. Understand your role in protecting US technology.
