January 11, 2007
What do Cymer, Inc., of San Diego; Nvidia Corporation of Santa Clara; New Focus, Inc., of San Jose; Fujitsu Network Communications of Richardson Texas; and Lattice Semiconductor Corporation of Hillsboro, Oregon, all have in common? All have agreed to agreed to pay fines and penalties to settle charges stemming in part from the alleged release of technology and technical data to foreign nationals while in the United States without first obtaining the required export license.
While most of us are aware that the United States controls the physical export of goods and technology from the United States1, many of us may not realize that the transfer of technical information or knowledge to a recipient in a foreign country or even to a non-U.S. citizen here in the U.S. is subject to the same type of controls.
I. The "Deemed Export" Rule--Transfers of U.S. Origin Technology And Technical Data To Foreign Nationals In The United States
An "export" of U.S. origin technology or technical data can occur even in the United States simply by disclosing information or technology to a foreign national from a country other than the United States.
Section 734.2(b) of the EAR provides that the release or disclosure of technology or technical data subject to the EAR to a foreign national of another country is "deemed" to be exported to the home country of the foreign national. For purposes of U.S. export controls, technology or software is "released" for export through:
- Visual inspection by foreign nationals of U.S.-origin equipment and facilities;
- Oral exchanges of information in the United States or abroad; or
- The application to situations abroad of personal knowledge or technical experience acquired in the United States.
II. To Whom Does The Rule Apply?
The "deemed export" rule applies to all non-U.S. citizens, regardless of whether they are employees or visitors, except persons who have been lawfully admitted for permanent residence, or persons who are protected individuals under the Immigration and Naturalization Act (8 U.S.C. §1324b(a)(3)).
III. What Is Technical Data?
When we talk abut technical data, we really mean "technology," which is broadly defined by the EAR as information necessary for the "development", "production", or "use" of a product. It can take the form of either "technical data" or "technical assistance".
"Technical data" is technology that takes on the form such as blueprints, plans, diagrams, models, formulae, tables, engineering designs and specifications, manuals and instructions written or recorded on other media or devices such as disk, tape, or read-only memories. Technical assistance, or the other hand, can take on the form of instructions, skills training, working knowledge, or consulting services. Oftentimes, a transfer of technical assistance includes a transfer of technical data.
The export of technology that is "required" for the "development", "production", or "use" of items on the Commerce Control List is controlled according to the provisions in each Category of the Commerce Control List to which the technology belongs.
IV. Not All Transfers of Technology to Foreign Nationals Require a License
Like the export or reexport of goods or technology, not all transfers of technology to a foreign national in the United States require a license. In general, whether a license will be required before a transfer of technology can occur will depend on:
- The nature of the information to be transferred, and
- The country of citizenship of the foreign national.
The first step in determining whether a license will be required is to classify the information to be communicated to the foreign national. In most cases, this technology will fall under the jurisdiction of the U.S. Export Administration Regulations (the "EAR"), and the Commerce Control list (Supplement 1 to Part 774 of the EAR) (the "CCL"). In other cases, the technology may fall under the jurisdiction of the Arms Export Control Act (22 U.S.C. § 2778) and the International Traffic in Arms Regulations (ITAR) (22 CFR part 121). The CCL is a list of all items subject to the jurisdiction of the EAR and the Bureau of Industry and Security ("BIS") in the Department of Commerce. The coverage of the CCL includes commodities, as well as software, technology, and technical data.
A. How to Determine if Your Technology Requires a License
The CCL is a list of all items under the export control jurisdiction of the EAR and the Department of Commerce. The CCL is found in Supplement No. 1 to Part 774 of the EAR. BIS maintains the CCL. The coverage of the CCL includes commodities, as well as software, technology, and technical data. The CCL is divided into 10 categories, as follows:
- 0-Nuclear Materials, Facilities and Equipment and Miscellaneous
- 1-Materials, Chemicals, "Microorganisms," and Toxins
- 2-Materials Processing
- 5-Telecommunications and Information Security
- 6-Lasers and Sensors
- 7-Navigation and Avionics
- 9-Propulsion Systems, Space Vehicles and Related Equipment
Within each category, items are arranged by group. Each category contains the same five groups. The letters A through E identify each group, as follows:
- A-Equipment, Assemblies and Components
- B-Test, Inspection and Production Equipment
Within each group, individual items are identified by an Export Control Classification Number (ECCN) ( e.g. , 3A001). Each number consists of a set of digits and a letter. The first digit identifies the category within which the entry appears.
The letter immediately following this first digit identifies under which of the five groups the item is listed ( e.g. , 3A001).
Technology, technical assistance and technical data will fall under group E of each category of items controlled. For example, ECCN 3E001 covers technology related to the production, manufacture and use of electronic components and product equipment that is controlled by category 3A and 3B.
But not all technology, technical assistance and technical data requires a license. Like the products to which the technology relates, technology may be controlled for national security or foreign policy concerns. If the technology is controlled for national security reasons, it is more likely it will require a license or other approval before it can be transferred to a foreign national or foreign location than if it is controlled for foreign policy reasons. For example, technology related to the development or production of electronic components and integrated circuits controlled by 3A991 is classified under ECCN 3E991. With an ECCN classification of 3E991, a license is required only for the release of technology to a foreign national from a country that is subject to anti-terrorism controls (See AT Column 1 and 2 of the Commerce Country list, Supplement No. 1 to Part 738), or embargoed.
B. Publicly Available Technology And Technical Data; Sales Technology
Publicly available technology and technical data is not subject to any EAR export controls (see §734.3(b)(3) of the EAR). Publicly available technology and technical data is that which:
- Is already published or will be published as described in §734.7 EAR;
- Will arise during, or result from, fundamental research, as described in §734.8 EAR;
- Is educational, as described in §734.9 EAR;
- Is included in certain patent applications, as described in §734.10 EAR.
C. Sales-Related Technology and License Exception TSU
Sales-related technology can be exported or released under license exception TSU (see §740.13 of the EAR) to any destination. "Sales technology" is data supporting a prospective or actual quotation, bid, or offer to sell, lease, or otherwise supply any item. Sales technology may be exported or released to a foreign national provided:
- The technology is a type customarily transmitted with a prospective or actual quotation, bid, or offer in accordance with established business practice; and
- The release will not disclose the detailed design, production, or manufacture technology, or the means of reconstruction, of either the quoted item or its product.
Sales technology meeting the above requirements may be disclosed to any foreign national or exported or reexported to any destination.
Any technical data that is provided to a prospective purchaser other than that described above will require an export license, depending on its control category and the nationality of the company or individual to whom the information will be provided.
D. License Exception TSR for Technology Exports
Even if the technology in question is subject to validated license requirements, the release of technology to foreign nationals from most countries can be made under license exception TSR.
License Exception TSR (which stands for Technology and Software Restricted) is found under section 740.6 of the EAR. License Exception TSR permits the export and reexport of technology and software that is controlled only for national security reasons and is identified by "TSR - Yes" in the respective entry on the CCL. It is further limited in application to foreign nationals and countries listed in Country Group B to Supplement No. 1 to Part 740 of the EAR. Assuming the information is controlled only for national security reasons and the intended release is to a recipient from a country listed Group B to Supplement No. 1 to Part 740, a written assurance against disclosure to a national of a country in Country Groups D:1 or E:2 is required before releasing the information to the recipient under this License Exception. See EAR §740.6(a)(1)(i).
E. License Exception CIV for Technology Exports
License Exception CIV also authorizes the release of certain technology and technical data to foreign nationals provided the information will be released to a foreign national from a country listed in Country Group D:1, except for North Korea. This list includes countries such as China and Russia. (See Supplement No. 1 to Part 740, EAR).
To be eligible, the technology must be intended for use by civil end-users for civil end-use items on the Commerce Control List (CCL); it must be controlled to that country for NS reasons only; and identified by "CIV Yes" in the License Exception section of the ECCN.
Prior to disclosing eligible technology to a foreign national under this License Exception, a Foreign National Review (FNR) request must be submitted to BIS, as required under §748.8(s) of the EAR. The FNR request must include information about the foreign national required under §748.8(t) of the EAR and set forth in Supplement No. 2 of part 748 of the EAR. After interagency review, BIS will notify the applicant whether the FNR request is approved, denied, or more time is needed to consider the request.
F. License Exception APP (Computers)
License Exception APP (15 CFR 740.7) authorizes exports of technology and software controlled by ECCNs 4D001 and 4E001 that is specially designed or modified for the "development", "production", or "use" of computers, including "electronic assemblies" and specially designed components therefor classified in ECCN 4A003.
A FNR (see §748.8(s) of the EAR) request must be submitted to BIS and approved before the release of any technology or software to a foreign national from any Tier Three computer countries, including: China (People's Republic of), Egypt, Georgia, India, Iraq, Israel, Jordan, Kazakhstan, Kuwait, Kyrgyzstan, Laos, Lebanon, Libya, Macau, Macedonia (The Former Yugoslav Republic of), Mauritania, Moldova, Mongolia, Montenegro, Morocco, Oman, Pakistan, Qatar, Russia, Saudi Arabia, Serbia, Tajikistan, Tunisia, Turkmenistan, Ukraine, United Arab Emirates, Uzbekistan, Vanuatu, Vietnam, and Yemen. (See EAR § 740.7(d)(1) for a list of Tier Three computer countries.)
V. Avoiding The Unauthorized Transfer Of Technology
Unlike hardware and physical materials, technology can leak from a company like water from a sinking ship. Technology can be released by phone, fax, e-mail, mail, courier, face-to-face meetings and visual tours. The only way to adequately stem the unauthorized flow of technology from a company is through education of employees and the adoption of a technology control plan (TCP). A sound technology control plan provides a company with a process to categorize technology and data, and to screen customers, visitors, and employees.
A. Developing A Technology Control Plan
The first step in the development of a technology control plan is to designate a Technology Control Officer (the "TCO") and establish a Technology Control Team (the "TCT"). The TCO is not the export control manager, but rather it should be a high-ranking officer of the company with a technology background who has been assigned the responsibility and authority to implement processes and procedures to control the distribution of technology throughout the company.
The TCO is responsible for either classifying company technology and information, or establishing a TCT to do so. The TCT should be made up of both export administrators and design or product engineers, or similarly educated employees, so that proper classification decisions can be made. If necessary, classification requests can be prepared and filed with BIS to resolve any questions regarding the control status of any particular technology.
Once the classification exercise is underway, a technology control guide should be prepared that describes the company's technology by product or other identifier, and specifies the export control classification of that technology, and/or restrictions that are associated with it. The technology control guide should be made available to employees over a web-based distribution system and provided to all new employees. Regular training and education should occur for all employees on how to use the technology control guide and what the basic restrictions are regarding the dissemination of technical information by computer, e-mail and fax, or though oral exchanges with non-US citizens or permanent residents. This type of training is particularly important when the company distributes technology to its foreign subsidiaries or contract partners, who may, in turn, unknowingly disclose this information to customers and other third parties.
B. Establishing Technology Control Procedures for Customers, Visitors, and Employees
The second major element of any technology control plan is to ensure that no technology is exported or released to a foreign national without first obtaining the appropriate authorization. In order to do this, it is necessary to determine the country of citizenship of the customer, visitor, or employee with whom the information is to be shared. This can be easily done for customers and visitors, but is a bit more problematic for new or existing employees, and for employees that reside in foreign locations.
The easiest way to control the unintended release of technology to a customer or a visitor is to provide them with color coded-badges, or stickers that can be added to their badges. The company can establish a color-coding system that reflects the level of control associated with that technology. By looking at the color on the badge, employees will immediately know what level of technology they may share with that customer or visitor without violating the company's technology security controls.
Screening employees, both here in the U.S. and abroad, presents unique challenges because of issues associated with possible employment discrimination, or violation of foreign laws. A commonly voiced concern is whether U.S. anti-discrimination employment law prohibits an employer from asking employees information about their country of citizenship. Subsection 1324b(a)(1) of Title 8 of the United States Code provides that it is an unfair immigration-related employment practice for a person or other entity to discriminate against any individual with respect to the hiring or recruitment of an individual for employment, or for the discharging of the individual from employment, because of such individual's national origin. Subsection 1324b(a)(2), however, provides an exception to such practices where it is otherwise required in order to comply with a United States law, regulation, or executive order. It is, therefore, both possible and legal to require employees and potential new hires to verify citizenship information, provided the employee or potential candidate is notified in advance that the job or activity requires access to and/or disclosure of information and data subject to U.S. export control restrictions, and that one condition for consideration for the position is the issuance of a validated export license or other approval. The specifics of any program used to verify citizenship for employment-related purposes should be reviewed carefully with the company's immigration-employment law counsel before implementation.
Please contact George Tuttle, III , at (415) 288-0428, or at email@example.com if you have any questions regarding this or other Customs law matters.
1 The Export Administration Regulations (15 CFR Part 732 through Part 774) or Section 38 of the Arms Export Control Act (22 U.S.C. § 2778) and the International Traffic in Arms Regulations (ITAR) (22 CFR part 121).
George R. Tuttle, III, is an attorney with the Law Offices of George R. Tuttle in San Francisco. The information in this article is general in nature and is not intended to constitute legal advice or to create an attorney-client relationship with respect to any event or occurrence, and may not be considered as such.
The information in this article is general in nature, and is not intended to constitute legal advice or to create an attorney-client relationship with respect to any event or occurrence, and may not be considered as such.
Copyright © 2007 by Tuttle Law Offices.
All rights reserved. Information has been obtained from sources believed to be reliable. However, because of the possibility of human or mechanical error by our offices or by others, we do not guarantee the accuracy, adequacy, or completeness of any information and are not responsible for any errors, omissions, or for the results obtained from the use of such information.