Export controls

Most people would intuitively expect the export of defense-related items to be tightly regulated by the U.S. government. However, unless they have studied the applicable laws, few would anticipate the extent to which such rules apply.

The export of arms and related goods and services is governed by the Arms Export Control Act of 1976, which authorized the president to control the export and import of defense articles and defense services.

In 1977, in an executive order, the president delegated most of this authority to the secretary of State, who has promulgated the International Traffic in Arms Regulation (ITAR) to provide detailed guidance in the area.

The ITAR includes a detailed list of defense articles and services, known as the Munitions List. Notably, the listing of an item as a defense article includes not just the item itself, but also "technical data" on the item, including information recorded or stored in any physical form, such as models, mockups, and other formats that reveal significant attributes about the item.

The only things excluded from this definition are basic marketing information on the general function or purpose of the item and general system descriptions with limited details.

When an item is listed in the Munitions List, it may not be exported without the approval of the State Department. Most significantly, an "export" in this context includes not just sending or taking the article out of the United States, but also disclosing through oral, visual or other means technical data on the item to any foreign person, whether in the United States or abroad.

An export also occurs when defense services are performed on behalf of or for the benefit of any foreign person, whether in the United States or abroad. In this context, "defense services" include the furnishing of any assistance, including training, to any foreign persons, whether in the United States or abroad, in the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing or use of any defense articles.

Under the ITAR, a "foreign person" includes naturalized persons who are not permanent residents of the United States, as well as foreign corporations, partnerships and other business entities not incorporated or organized to do business in the United States. The category also applies to all international organizations, foreign governments, and agencies and subdivisions of foreign governments.

Before any defense article can be exported under the ITAR, an export registration must first be obtained from the State Department, and in most cases, an additional, more specific license for the particular export must be obtained.

Under these rules, it is improper to allow a nonpermanent resident of the United States even to access a computer network on which technical data on defense articles is stored.

For this reason, many computer networks are restricted to "U.S. persons" only. Obviously, this can be a significant issue for companies that provide information technology-related services to U.S. government defense agencies and defense contractors.

Many companies in the information technology business employ significant numbers of persons who are not permanent residents of the United States. Generally, for most purposes, these companies treat their nonpermanent residents the same as other employees.

If access to a computer network would include access to technical data on defense articles, however, the company must comply with the export licensing requirements of the ITAR, even if all of the work is to be performed within the United States.

Peckinpaugh is corporate counsel for DynCorp in Reston, Va. This column represents his personal views.

Materials discussed in this column include the Arms Export Control Act, 22 U.S.C. 2778; Executive Order 11958 (delegating export control authority to the secretary of State); and International Traffic in Arms Regulation (ITAR), 22 CFR parts 120-130.


  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.