By Courtney E. Howard
BOSTON, 27 March 2007. Dean Young, facility security officer of Celestica Aerospace Technologies Corp., in his presentation, "ITAR and the Subcontractor," at the 2007 Military Technologies Conference (MTC; www.miltechconference.com) in Boston shared information with attendees as to how to reduce risks with dealing with ITAR and how to ensure a company's compliance with International Traffic In Arms Regulations (ITAR).
The proper management and understanding of current U.S. import and export regulations for the defense industry necessitates the digestion of volumes of data, Young admits. Adherence to ITAR, although time consuming, prevents costly mistakes – which can lead to pricey fines and criminal prosecution.
Defense contractors, subcontractors, and systems integrators, in complying with these regulations, must register with the U.S. Department of State, manage ITAR technical data and documentation, set up an IT infrastructure, implement security measures, and, perhaps most importantly, understand 22 CFR 120-130 (ITAR) (Information specific to 22 CFR 120-130 is available online at www.pmddtc.state.gov/reference.html.) That's not all, describes Young, who described many steps to the overall ITAR process. Also involved is the submission of the proper paperwork to the U.S. Dept. of State, along with fees for registration (currently $1750 for one year's registration, and $3500 for two years). After completion and submission of state forms, company executives wait to receive approval and then complete all required shipping and customs documentation – paperwork which Young recommends double-checking.
An export, as described in Young's talk, can be hardware, software, technology, or defense services. In fact, leaving the country with one's laptop – and all the intellectual property sitting on the hard drives of which – can constitute an ITAR infraction. As Young points out, even information deleted from a computer system can be recovered. As a result, he mentions, Celestica issues its personnel a travel-only laptop, free of information that could go against ITAR.
Common pitfalls that defense subcontractors should avoid include: a lack of training and understanding of the proper handling of ITAR technology, no proper record of employee citizenship status, poor handling of foreign visitors, improper export documentation, and ignoring license provisos. Young recommends professionals not only check with the U.S. Dept. of State Excluded Parties List System (www.epls.gov), but also assume that a license is required for the destination, end user, and end use of all ITAR exports.
The most common export violations include: non-compliance with license provisos, documents containing technical data are sent to company's foreign office without export authorization, carrying documents or computer disks containing tech data on international trips without export authorization, marketing presentations to foreign governments, companies, or persons in the U.S. or abroad without export authorization.
In addition to avoiding the most common ITAR pitfalls and violations, Young recommends: defining the organization's ITAR management requirements, developing procedural requirements, and creating a technology control plan. Another beneficial step would be to retain the services of an attorney in the U.S. who specializes only in export issues
