Export Controls Department of State Confirms Prior Approval Requirement for Electronic Exports to Public Domain in Case of 3D-Printable

Gun
By Matthew A. Goldstein (Matthew A. Goldstein PLLC) Introduction The International Traffic in Arms Regulations (ITAR), administered by the Department of State Directorate of Defense Trade Controls (DDTC), requires prior DDTC authorization for exports and temporary imports of defense articles and technical data described on the ITAR U.S. Munitions List (USML) unless an exemption or exclusion from the ITAR applies. Information otherwise falling under the definition of technical data is excluded from ITAR control if it is already published and available to the public through one of several means listed at 22 C.F.R. 120.11. This is known as the ITAR public domain exclusion. Posting technical data on the Internet is the most common and effective means of making information available to the public. However, DDTC does not recognize information on the Internet as per se within the public domain exclusion. Instead, DDTC focuses on whether such information was validly placed on the Internet, emphasizing that prior approval from the U.S. Government is required prior to transmitting technical data into the public domain regardless of whether the information is privately generated technical data, technical data subject to government contract restrictions on dissemination, or national security classified information. This means that not only may the original transmission into the Internet constitute a violation of the ITAR, but further transmissions of otherwise ITAR technical data found on the Internet by third parties may constitute additional violations. Informal DDTC advisements have long confirmed that prior approval by the U.S. Government agency with cognizance is required before privately generated technical data can be transmitted into the public domain without a DDTC license. However, the absence of a written agency position on the requirement, and the history behind removal of the previous clearly stated ITAR requirement for preapproval before transmission has led some practitioners to question the existence of the requirement. This issue now seems resolved by a letter sent in May from DDTC to Defense Distributed (defdist.org), the poster of Computer Assisted Drafting (CAD) files for 3D printer manufacturing of a firearm and firearm parts and components. 3D Printing Technology Innovations in 3D printing technology, also known as additive manufacturing, use CAD files to layer various raw materials (most commonly thermoplastic) into usable shapes. To date, 3D printers have been used in a variety of indus-

The Defense Distributed posting has also recieved significant government attention with Congressional calls to renew of the Undetectable Firearms Act.

tries to make prototypes and items of limited distribution, to include small household goods and machine parts. Applications of this technology are growing fast and, as with many other innovative technologies, harmful applications of 3D printing technology have emerged to challenge traditional forms of government regulation. In May, Defense Distributed, a Texas corporation, posted CAD files for a 3D printable gun on the Internet. The gun, nicknamed the Liberator, is easily pieced together from sixteen 3D printed plastic parts and a metal nail. It is untraceable and can reportedly slip by metal detectors unnoticed (likely when not accompanied by the nail). Since its posting on the Internet, the Liberator has become the focus of national media attention, with coverage on Forbes, CNN, NBC News, the Wall Street Journal, and even an episode of The Colbert Report. YouTube videos showing the gun in action have logged over a million views. The Defense Distributed posting has also recieved significant government attention. It prompted Congressional calls to renew of the Undetectable Firearms Act and, on May 8, 2013, the Department of State stepped in when the DDTC Compliance and Enforcement Division sent DeElectronic Exports, continued on page 4 Thomson Reuters/WorldTrade Executive 2013 

Practical Trade & Customs Strategies

Export Controls
Electronic Exports from page 3

fense Distributed a letter instructing the company to remove the Liberator and other CAD files from the Internet.1 In doing so, DDTC noted: DTCC/END is conducting a review of technical data made publicly available by Defense Distributed through its 3D printing website, DEFCAD.org, the majority of which appear to be related to items in Category I of the USML. Defense Distributed may have released ITAR-controlled technical data without the required prior authorization from the Directorate of Defense Trade Controls (DDTC), a violation of the ITAR.2 Defense Distributed complied with the Department of State request and removed the CAD files from its website. However, the Liberator files were reportedly downloaded over 100,000

The present definition of ITAR technical data includes information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles.
times from U.S. and non-U.S. locations before their removal and have now been re-uploaded to the Internet by other users. ITAR Technical Data and Public Domain The Department of States authority to control the export of munitions would be of little practical value if applying only to the export of a defense article, but not the plans and specifications to build said article. This is why the present definition of ITAR technical data includes information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles.3 This includes information in the form of blueprints, drawings, photographs, plans, instructions or documentation.4 The definition also includes unclassified privately generated technical data not developed under a government contract (private sector technical data), such as the Liberator CAD files but does not include information in the public domain as such is defined in 22 C.F.R. 120.11. The ITAR definition of public domain has not always been at Section 120.11 and has undergone significant change throughout the years. From 1969 to 1984, it was defined as an exemption to ITAR licensing requirements, rather than an ex-

clusion to the regulations as it exists today.5 The difference between an ITAR exemption and ITAR exclusion is significant because exemptions mean that the ITAR applies to the article or data, but that no license is required so long as the transaction meets certain requirements and the exporter takes specific steps in conjunction with the export; whereas articles and data subject to an exclusion are simply not subject the ITAR at all. As an exemption, the previous definition of ITAR public domain expressly conditioned license-free treatment of information found in the public domain on U.S. Government preapproval of transmission of the technical data into the public domain in the first place.6 Specifically, the ITAR formerly contained a clause at Footnote 3 to Section 125.11 providing that [t]he burden for obtaining appropriate U.S. Government approval for the publication of technical data falling within the definition [of technical data], including such data as may be developed under other than U.S. Government contract, is on the person or company seeking publication. The express ITAR requirement for U.S. Government prior approval constituted a prior restraint on speech. When involving non-commercial speech, prior restraints are subject to a strong presumption of unconstitutionality under the First Amendment to the U.S. Constitution. Commercial speech and non-expressive speech are subject to lesser protection. In either case, the First Amendment protections are not absolute and the power of the Government to restrict individual rights is strong when it comes to matters of national security and foreign policy. In fact, courts have rejected criminal defenses based on the First Amendment in cases involving exports of technical data without a license, even when the data was in the public domain.7 Nevertheless, in response to issues raised in court proceedings, in 1978 the Department of Justice issued a memorandum to The White House on the constitutionality of export restrictions on unclassified cryptographic information, stating that the restrictions were unconstitutional under the First Amendment because standards for license determinations were imprecise and failed to guard against arbitrary and inconsistent administrative action; and because the ITAR did not provide a means for prompt judicial review of adverse license decisions.8 Congressional testimony on the issue followed, urging revisions to the ITAR to address the constitutional infirmities noted by the Department of Justice letter.9 During this time, the Department of States Office of Mu-

Thomson Reuters/WorldTrade Executive

June 15, 2013

Export Controls
nitions Control, the predecessor to DDTC, issued a newsletter focused on exports of cryptographic information in which it made the following cryptic statement: The public is reminded that professional and academic presentations and informal discussions, as well as demonstrations of equipment, constituting disclosure of cryptologic technical data to foreign nationals, are prohibited without the prior approval of this office. Approval is not required for publication of data within the United States as described in Section 125.11(a)(1). Footnote 3 to section 125.11 does not establish a prepublication review requirement.10 Thereafter, the Department of State amended the ITAR to clarify the definition of public domain, add additional types of public domain, and to turn public domain from an exemption at Part 125 to exclusion at Part 120.11 In doing so, the agency noted, a provision has been added to make it clear that the regulation for the export of technical data does not purport to interfere with the First Amendment rights of individuals.12 Today, the ITAR definition of technical data expressly excludes from its scope, and hence from control under the ITAR, published information which is generally accessible or available to the public: (1) Through sales at newsstands and bookstores; (2) Through subscriptions which are available without restriction to any individual who desires to obtain or purchase the published information; (3) Through second class mailing privileges granted by the U.S. Government; (4) At libraries open to the public or from which the public can obtain documents; (5) Through patents available at any patent office; (6) Through unlimited distribution at a conference, meeting, seminar, trade show or exhibition, generally accessible to the public, in the United States; (7) Through public release (i.e., unlimited distribution) in any form (e.g., not necessarily in published form) after approval by the cognizant U.S. Government department or agency (see also 125.4(b)(13) of this subchapter); (8) Through fundamental research in science and engineering at accredited institutions of higher learning in the U.S. where the resulting information is ordinarily published and shared broadly in the scientific community.13 Neither the ITAR nor any official DDTC guidance states whether Section 120.11 is an exhaustive list of what is considered in the public domain. This raises the question of whether information available on the Internet is within the ITAR definition of public domain. Yet, although, as with information in books, information available on the Internet is accessible at most public libraries, DDTC has not listed the Internet among the recognized types of public domain information at 120.11. Instead, and to the contrary, DDTC takes the position in informal industry guidance that information on the Internet remains ITAR controlled if it was transmitted into the public domain without requisite authorization. The DDTC position is supported by Section 120.11(7)s reference to Subsection 125.4(b)(13), which provides an exemption to license requirements and the only expressly authorized means of transmission into the public domain for [t]echnical data approved for public release (i.e., unlimited distribution) by the cognizant U.S. Government department or agency or Office of Freedom of Information and Security Review.14 Accordingly, a plain reading of the ITAR is that all types of public domain information enumerated at 120.11 except for information described at 120.11(7) by way of Subsection 125.4(b)(13) (i.e., approved by cognizant U.S. Government agency), must already be published and generally accessible to the public to qualify under the public domain exclusion. Conservative compliance practitioners follow this interpretation, recognizing the continued requirement for cognizant agency approval of transmissions of ITAR technical data into the public domain. Despite the above, some practitioners cite the supplementary information to the 1980 and 1984 amendments to mean that the State Department no longer requires preapproval before transmissions into the public domain. These practitioners view the requirement for cognizant government agency approval provided at Subsection 125.4(b)(13) as applicable only to releases of technical data from government contract restrictions on dissemination and declassification where necessary and not applicable to privately generated technical data. Conclusion As the first publicly available written statement from DDTC on the continued requirement for advanced U.S. Government approval before transmission of ITAR technical data into the public domain, the DDTC letter to Defense Distributed
Electronic Exports, continued on page 6

Practical Trade & Customs Strategies

Thomson Reuters/WorldTrade Executive 2013

Export Controls
Electronic Exports from page 5

confirms the Department of States longstanding position on this issue. It will no doubt be interesting to see how the Defense Distributed case unfolds, whether DDTC will seek enforcement against the many other companies posting ITAR technical data on the Internet without requisite government approval, and whether this prior restraint can withstand a constitutional challenge. o
1 May 8, 2013 Letter from Department of State, Bureau of Political Military Affairs, Office of Defense Trade Controls Compliance, Enforcement Division to Wilson Cody, Defense Distributed, p. 2 (Until the Department provides Defense Distributed with final CJ determinations, Defense Distributed should treat the above technical data as ITAR-controlled. This means that all such data should be removed from public access immediately.) 2 Ibid. 3 22 C.F.R. 120.10. 4 Ibid. 5 See 34 Fed. Reg. 12037 (July 17, 1969), 49 Fed. Reg. 47682 (Dec. 6, 1984). 6 22 C.F.R. 125.11 at FN 3 (1980). 7 United States v Edler Industries, Inc., 579 F.2d 516, 522 (9th Cir. 1978); U.S. v. Posey, 864 F.2d 1487, 1497 (9th Cir. 1989) (rejecting defendants argument that First Amendment prohibits the enforcement of export controls on publicly available information). 8 Memorandum from John M. Harmon, Assistant Attorney General, Office of Legal Counsel, Department of Justice, to Frank Press, Science Advisor to the President regarding Constitutionality Under the First Amendment of ITAR Restrictions on Public Cryptog-

raphy (May 11, 1978) at pp. 9 and 10. 9 U.S. House, Subcommittee of the Committee on Government Operations, The Governments Classification of Private Ideas (H. Rpt. 96-1540, at 119). Washington: Government Printing Office, 1980 (RECOMMENDATIONS In light of the memorandum opinion of the Office of Legal Counsel of the Department of Justice in May 1978 on the constitutionality under the First Amendment of ITAR restrictions on public cryptography, review and rewrite the ITAR to satisfy constitutional objections.). 10 Department of State Munitions Control Newsletter No. 80, dated February 1980. 11 58 Fed. Reg. 39280, 39285 (July 22, 1993); 49 Fed. Reg. 47682, 47683 (December 6, 1984); 45 Fed. Reg. 83970, 83985 (December 19, 1980). 12 45 Fed. Reg. 83970 (December 19, 1980). 13 22 C.F.R. 120.10 (2011); See also 22 C.F.R. 125.1(a)(1) (acknowledging [i]nformation which is in the public domain (see 120.11 of this subchapter and 125.4(b)(13)) is not subject to the controls of this subchapter.) 14 22 C.F.R. 125.4(b)(13) (2011); The Department of Defense Office of Security Review (OSR) now performs the functions of the Office of Freedom of Information and Security Review in reviews of private sector technical data submitted for release under Subsection 125.4(b)(13).

Matthew A. Goldstein (matthew@goldsteinpllc.com) is an International Trade Attorney based in Washington, DC. His practice focuses on export control and trade sanctions compliance assistance for manufacturers, exporters, and brokers of military, homeland defense, dual use, and purely civilian products and technologies.

Trade Partnerships Pacific Alliance Members Make Progress on Trade Issues; Costa Rica Close to Acceding
By Justin S. Miller (White & Case) Pacific Alliance (PA) member countries concluded in Colombia on May 23, 2013 the VII PA Presidential Summit. The PA member countries issued a joint declaration at the close of the Summit, highlighting areas in which they made progress and pointing to next steps. According to the joint Declaration, during the Summit, Mexican President Enrique Pea Nieto, Colombian President Juan Manuel Santos, Peruvian President Ollanta Humala and Chilean President Sebastin Piera took stock of progress made and instructed their respective authorities on next steps in such areas as: (i) tariffs; (ii) rules of origin (ROOs); (iii) customs cooperation and trade facilitation; (iv) sanitary and phytosanitary (SPS) measures; (v) technical barriers to trade (TBTs); (vi) investment; (vii) cross-border trade in services, including telecommunications and

Thomson Reuters/WorldTrade Executive

June 15, 2013