International Traffic in Arms: Revisions to Definitions of Defense Services, Technical Data, and Public Domain; Definition of Product of Fundamental Research; Electronic Transmission and Storage of Technical Data; and Related Definitions, 31525-31538 [2015-12844]

Download as PDF Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules hearing,’’ which are conducted pursuant to the provisions of 5 U.S.C. 556 and 557. The CSA sets forth the criteria for scheduling a drug or other substance and for removing a drug or substance from the schedules of controlled substances. Such actions are exempt from review by the Office of Management and Budget (OMB) pursuant to section 3(d)(1) of Executive Order 12866 and the principles reaffirmed in Executive Order 13563. Executive Order 12988 This regulation meets the applicable standards set forth in sections 3(a) and 3(b)(2) of Executive Order 12988 Civil Justice Reform to eliminate drafting errors and ambiguity, minimize litigation, provide a clear legal standard for affected conduct, and promote simplification and burden reduction. Executive Order 13132 This rulemaking does not have federalism implications warranting the application of Executive Order 13132. The rule does not have substantial direct effects on the States, on the relationship between the Federal Government and the States, or the distribution of power and responsibilities among the various levels of government. asabaliauskas on DSK5VPTVN1PROD with PROPOSALS Executive Order 13175 This rule does not have tribal implications warranting the application of Executive Order 13175. This rule does not have substantial direct effects on one or more Indian tribes, on the relationship between the Federal Government and Indian tribes, or on the distribution of power and responsibilities between the Federal Government and Indian tribes. Regulatory Flexibility Act The Administrator, in accordance with the Regulatory Flexibility Act (5 U.S.C. 601–612) (RFA), has reviewed this proposed rule and by approving it certifies that it will not have a significant economic impact on a substantial number of small entities. The purpose of this rule is to remove [123I]ioflupane from the list of schedules of the CSA. This action will remove regulatory controls and administrative, civil, and criminal sanctions applicable to controlled substances for handlers and proposed handlers of [123I]ioflupane. Accordingly, it has the potential for some economic impact in the form of cost savings. If finalized, the proposed rule will affect all persons who would handle, or propose to handle, [123I]ioflupane. Due to the wide variety of unidentifiable and VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 unquantifiable variables that potentially could influence the distribution and administration rates of new molecular entities, the DEA is unable to determine the number of entities and small entities which might handle [123I]ioflupane. Although the DEA does not have a reliable basis to estimate the number of affected entities and quantify the economic impact of this proposed rule, a qualitative analysis indicates that, if finalized, this rule is likely to result in some cost savings for the healthcare industry. The affected entities will continue to meet existing Federal and/ or state requirements applicable to those who handle radiopharmaceutical substances, including licensure, security, recordkeeping, and reporting requirements, which in many cases are more stringent than the DEA’s requirements. However, the DEA estimates cost savings will be realized from the removal of the administrative, civil, and criminal sanctions for those entities handling or proposing to handle [123I]ioflupane, in the form of saved registration fees, and the elimination of additional physical security, recordkeeping, and reporting requirements. Because of these facts, this rule will not result in a significant economic impact on a substantial number of small entities. Unfunded Mandates Reform Act of 1995 On the basis of information contained in the ‘‘Regulatory Flexibility Act’’ section above, the DEA has determined and certifies pursuant to the Unfunded Mandates Reform Act of 1995 (UMRA), 2 U.S.C. 1501 et seq., that this action would not result in any federal mandate that may result ‘‘in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100,000,000 or more (adjusted for inflation) in any one year * * * .’’ Therefore, neither a Small Government Agency Plan nor any other action is required under provisions of UMRA. Paperwork Reduction Act This action does not impose a new collection of information requirement under the Paperwork Reduction Act, 44 U.S.C. 3501–3521. This action would not impose recordkeeping or reporting requirements on State or local governments, individuals, businesses, or organizations. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. PO 00000 Frm 00039 Fmt 4702 Sfmt 4702 31525 List of Subjects in 21 CFR part 1308 Administrative practice and procedure, Drug traffic control, Reporting and recordkeeping requirements. For the reasons set out above, 21 CFR part 1308 is proposed to be amended to read as follows: PART 1308—SCHEDULES OF CONTROLLED SUBSTANCES 1. The authority citation for 21 CFR part 1308 continues to read as follows: ■ Authority: 21 U.S.C. 811, 812, 871(b), unless otherwise noted. 2. In § 1308.12, revise paragraph (b)(4) to read as follows: ■ § 1308.12 Schedule II. * * * * * (b) * * * (4) Coca leaves (9040) and any salt, compound, derivative or preparation of coca leaves (including cocaine (9041) and ecgonine (9180) and their salts, isomers, derivatives and salts of isomers and derivatives), and any salt, compound, derivative, or preparation thereof which is chemically equivalent or identical with any of these substances, except that the substances shall not include: (i) Decocainized coca leaves or extraction of coca leaves, which extractions do not contain cocaine or ecgonine; or (ii) [123I]ioflupane. * * * * * Dated: May 6, 2015. Michele M. Leonhart, Administrator. [FR Doc. 2015–13455 Filed 6–2–15; 8:45 am] BILLING CODE 4410–09–P DEPARTMENT OF STATE 22 CFR Parts 120, 123, 125, and 127 [Public Notice 9149] RIN 1400–AD70 International Traffic in Arms: Revisions to Definitions of Defense Services, Technical Data, and Public Domain; Definition of Product of Fundamental Research; Electronic Transmission and Storage of Technical Data; and Related Definitions Department of State. Proposed rule. AGENCY: ACTION: As part of the President’s Export Control Reform (ECR) initiative, the Department of State proposes to amend the International Traffic in Arms SUMMARY: E:\FR\FM\03JNP1.SGM 03JNP1 asabaliauskas on DSK5VPTVN1PROD with PROPOSALS 31526 Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules Regulations (ITAR) to update the definitions of ‘‘defense article,’’ ‘‘defense services,’’ ‘‘technical data,’’ ‘‘public domain,’’ ‘‘export,’’ and ‘‘reexport or retransfer’’ in order to clarify the scope of activities and information that are covered within these definitions and harmonize the definitions with the Export Administration Regulations (EAR), to the extent appropriate. Additionally, the Department proposes to create definitions of ‘‘required,’’ ‘‘technical data that arises during, or results from, fundamental research,’’ ‘‘release,’’ ‘‘retransfer,’’ and ‘‘activities that are not exports, reexports, or retransfers’’ in order to clarify and support the interpretation of the revised definitions that are proposed in this rulemaking. The Department proposes to create new sections detailing the scope of licenses, unauthorized releases of information, and the ‘‘release’’ of secured information, and revises the sections on ‘‘exports’’ of ‘‘technical data’’ to U.S. persons abroad. Finally, the Department proposes to address the electronic transmission and storage of unclassified ‘‘technical data’’ via foreign communications infrastructure. This rulemaking proposes that the electronic transmission of unclassified ‘‘technical data’’ abroad is not an ‘‘export,’’ provided that the data is sufficiently secured to prevent access by foreign persons. Additionally, this proposed rule would allow for the electronic storage of unclassified ‘‘technical data’’ abroad, provided that the data is secured to prevent access by parties unauthorized to access such data. The revisions contained in this proposed rule are part of the Department of State’s retrospective plan under Executive Order 13563 first submitted on August 17, 2011. DATES: The Department of State will accept comments on this proposed rule until August 3, 2015. ADDRESSES: Interested parties may submit comments within 60 days of the date of publication by one of the following methods: • Email: DDTCPublicComments@ state.gov with the subject line, ‘‘ITAR Amendment—Revisions to Definitions; Data Transmission and Storage.’’ • Internet: At www.regulations.gov, search for this notice by using this rule’s RIN (1400–AD70). Comments received after that date may be considered, but consideration cannot be assured. Those submitting comments should not include any personally identifying information they do not desire to be made public or information for which a claim of VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 confidentiality is asserted because those comments and/or transmittal emails will be made available for public inspection and copying after the close of the comment period via the Directorate of Defense Trade Controls Web site at www.pmddtc.state.gov. Parties who wish to comment anonymously may do so by submitting their comments via www.regulations.gov, leaving the fields that would identify the commenter blank and including no identifying information in the comment itself. Comments submitted via www.regulations.gov are immediately available for public inspection. Mr. C. Edward Peartree, Director, Office of Defense Trade Controls Policy, Department of State, telephone (202) 663–1282; email DDTCResponseTeam@ state.gov. ATTN: ITAR Amendment— Revisions to Definitions; Data Transmission and Storage. The Department of State’s full retrospective plan can be accessed at http:// www.state.gov/documents/organization/ 181028.pdf. FOR FURTHER INFORMATION CONTACT: The Directorate of Defense Trade Controls (DDTC), U.S. Department of State, administers the International Traffic in Arms Regulations (ITAR) (22 CFR parts 120 through 130). The items subject to the jurisdiction of the ITAR, i.e., ‘‘defense articles’’ and ‘‘defense services,’’ are identified on the ITAR’s U.S. Munitions List (USML) (22 CFR 121.1). With few exceptions, items not subject to the export control jurisdiction of the ITAR are subject to the jurisdiction of the Export Administration Regulations (‘‘EAR,’’ 15 CFR parts 730 through 774, which includes the Commerce Control List (CCL) in Supplement No. 1 to part 774), administered by the Bureau of Industry and Security (BIS), U.S. Department of Commerce. Both the ITAR and the EAR impose license requirements on exports and reexports. Items not subject to the ITAR or to the exclusive licensing jurisdiction of any other set of regulations are subject to the EAR. BIS is concurrently publishing comparable proposed amendments (BIS companion rule) to the definitions of ‘‘technology,’’ ‘‘required,’’ ‘‘peculiarly responsible,’’ ‘‘published,’’ results of ‘‘fundamental research,’’ ‘‘export,’’ ‘‘reexport,’’ ‘‘release,’’ and ‘‘transfer (incountry)’’ in the EAR. A side-by-side comparison on the regulatory text proposed by both Departments is available on both agencies’ Web sites: www.pmddtc.state.gov and www.bis.doc.gov. SUPPLEMENTARY INFORMATION: PO 00000 Frm 00040 Fmt 4702 Sfmt 4702 1. Revised Definition of Defense Article The Department proposes to revise the definition of ‘‘defense article’’ to clarify the scope of the definition. The current text of § 120.6 is made into a new paragraph (a), into which software is added to the list of things that are a ‘‘defense article’’ because software is being removed from the definition of ‘‘technical data.’’ This is not a substantive change. A new § 120.6(b) is added to list those items that the Department has determined should not be a ‘‘defense article,’’ even though they would otherwise meet the definition of ‘‘defense article.’’ All the items described were formerly excluded from the definition of ‘‘technical data’’ in § 120.10. These items are declared to be not subject to the ITAR to parallel the EAR concept of ‘‘not subject to the EAR’’ as part of the effort to harmonize the ITAR and the EAR. This does not constitute a change in policy regarding these items or the scope of items that are defense articles. 2. Revised Definition of Technical Data The Department proposes to revise the definition of ‘‘technical data’’ in ITAR § 120.10 in order to update and clarify the scope of information that may be captured within the definition. Paragraph (a)(1) of the revised definition defines ‘‘technical data’’ as information ‘‘required’’ for the ‘‘development,’’ ‘‘production,’’ operation, installation, maintenance, repair, overhaul, or refurbishing of a ‘‘defense article,’’ which harmonizes with the definition of ‘‘technology’’ in the EAR and the Wassenaar Arrangement. This is not a change in the scope of the definition, and additional words describing activities that were in the prior definition are included in parentheticals to assist exporters. Paragraph (a)(1) also sets forth a broader range of examples of formats that ‘‘technical data’’ may take, such as diagrams, models, formulae, tables, engineering designs and specifications, computer-aided design files, manuals or documentation, or electronic media, that may constitute ‘‘technical data.’’ Additionally, the revised definition includes certain conforming changes intended to reflect the revised and newly added defined terms proposed elsewhere in this rule. The proposed revised definition also includes a note clarifying that the modification of the design of an existing item creates a new item and that the ‘‘technical data’’ for the modification is ‘‘technical data’’ for the new item. Paragraph (a)(2) of the revised definition defines ‘‘technical data’’ as E:\FR\FM\03JNP1.SGM 03JNP1 asabaliauskas on DSK5VPTVN1PROD with PROPOSALS Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules also including information that is enumerated on the USML. This will be ‘‘technical data’’ that is positively described, as opposed to ‘‘technical data’’ described in the standard catch-all ‘‘technical data’’ control for all ‘‘technical data’’ directly related to a ‘‘defense article’’ described in the relevant category. The Department intends to enumerate certain controlled ‘‘technical data’’ as it continues to move the USML toward a more positive control list. Paragraph (a)(3) of the revised definition defines ‘‘technical data’’ as also including classified information that is for the ‘‘development,’’ ‘‘production,’’ operation, installation, maintenance, repair, overhaul, or refurbishing of a ‘‘defense article’’ or a 600 series item subject to the EAR. Paragraph (a)(5) of the revised definition defines ‘‘technical data’’ as also including information to access secured ‘‘technical data’’ in clear text, such as decryption keys, passwords, or network access codes. In support of the latter change, the Department also proposes to add a new provision to the list of violations in § 127.1(b)(4) to state that any disclosure of these decryption keys or passwords that results in the unauthorized disclosure of the ‘‘technical data’’ or software secured by the encryption key or password is a violation and will constitute a violation to the same extent as the ‘‘export’’ of the secured information. For example, the ‘‘release’’ of a decryption key may result in the unauthorized disclosure of multiple files containing ‘‘technical data’’ hosted abroad and could therefore constitute a violation of the ITAR for each piece of ‘‘technical data’’ on that server. Paragraph (b) of the revised definition of ‘‘technical data’’ excludes nonproprietary general system descriptions, information on basic function or purpose of an item, and telemetry data as defined in Note 3 to USML Category XV(f) (§ 121.1). Items formerly identified in this paragraph, principles taught in schools and ‘‘public domain’’ information, have been moved to the new ITAR § 120.6(b). The proposed definition removes software from the definition of ‘‘technical data.’’ Specific and catch-all controls on software will be added elsewhere throughout the ITAR as warranted, as it will now be defined as a separate type of ‘‘defense article.’’ 3. Proposed Definition of Required The Department proposes a definition of ‘‘required’’ in a new § 120.46. ‘‘Required’’ is used in the definition of ‘‘technical data’’ and has, to this point, VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 been an undefined term in the ITAR. The word is also used in the controls on technology in both the EAR and the Wassenaar Arrangement, as a defined term, which the Department is now proposing to adopt: . . . [O]nly that portion of [technical data] that is peculiarly responsible for achieving or exceeding the controlled performance levels, characteristics, or functions. Such required [technical data] may be shared by different products. The proposed definition of ‘‘required’’ contains three notes. These notes explain how the definition is to be applied. Note 1 provides that the definition explicitly includes information for meeting not only controlled performance levels, but also characteristics and functions. All items described on the USML are identified by a characteristic or function. Additionally, some descriptions include a performance level. As an example, USML Category VIII(a)(1) controls aircraft that are ‘‘bombers’’ and contains no performance level. The characteristic of the aircraft that is controlled is that it is a bomber, and therefore, any ‘‘technical data’’ peculiar to making an aircraft a bomber is ‘‘required.’’ Note 2 states that, with the exception of ‘‘technical data’’ specifically enumerated on the USML, the jurisdictional status of unclassified ‘‘technical data’’ is the same as that of the commodity to which it is directly related. Specifically, it explains that ‘‘technical data’’ for a part or component of a ‘‘defense article’’ is directly related to that part or component, and if the part or component is subject to the EAR, so is the ‘‘technical data.’’ Note 3 establishes a test for determining if information is peculiarly responsible for meeting or achieving the controlled performance levels, characteristics or functions of a ‘‘defense article.’’ It uses the same catchand-release concept that the Department implemented in the definition of ‘‘specially designed.’’ It has a similarly broad catch of all information used in or for use in the ‘‘development,’’ ‘‘production,’’ operation, installation, maintenance, repair, overhaul, or refurbishing of a ‘‘defense article.’’ It has four releases that mirror the ‘‘specially designed’’ releases, and one reserved paragraph for information that the Department determines is generally insignificant. The first release is for information identified in a commodity jurisdiction determination. The second release is reserved. The third release is for information that is identical to information used in a non-defense PO 00000 Frm 00041 Fmt 4702 Sfmt 4702 31527 article that is in ‘‘production,’’ and not otherwise enumerated on the ITAR. The fourth release is for information that was developed with knowledge that it is for both a ‘‘defense article’’ and a nondefense article. The fifth release is information that was developed for general purpose commodities. In the companion rule, BIS proposes to make Note 3 into a stand-alone definition for ‘‘peculiarly responsible’’ as it has application outside of the definition of ‘‘required.’’ The substance of Note 3 and the BIS definition of ‘‘peculiarly responsible’’ are identical. DDTC asks for comments on the placement of this concept. 4. Proposed Definitions of Development and Production The Department proposes to add § 120.47 for the definition of ‘‘development’’ and § 120.48 for the definition of ‘‘production.’’ These definitions are currently in Notes 1 and 2 to paragraph (b)(3) in § 120.41, the definition of ‘‘specially designed.’’ Because ‘‘technical data’’ is now defined, in part, as information ‘‘required’’ for the ‘‘development’’ or ‘‘production’’ of a ‘‘defense article,’’ and these words are now used in the definition of a ‘‘defense service,’’ it is appropriate to define these terms. The adoption of these definitions is also done for the purpose of harmonization because these definitions are also used in the EAR and by the Wassenaar Arrangement. 5. Revised Definition of Public Domain The Department proposes to revise the definition of ‘‘public domain’’ in ITAR § 120.11 in order to simplify, update, and introduce greater versatility into the definition. The existing version of ITAR § 120.11 relies on an enumerated list of circumstances through which ‘‘public domain’’ information might be published. The Department believes that this definition is unnecessarily limiting in scope and insufficiently flexible with respect to the continually evolving array of media, whether physical or electronic, through which information may be disseminated. The proposed definition is intended to identify the characteristics that are common to all of the enumerated forms of publication identified in the current rule—with the exception of ITAR § 120.11(a)(8), which is addressed in a new definition for ‘‘technical data that arises during, or results from, fundamental research’’—and to present those common characteristics in a streamlined definition that does not require enumerated identification E:\FR\FM\03JNP1.SGM 03JNP1 asabaliauskas on DSK5VPTVN1PROD with PROPOSALS 31528 Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules within the ITAR of every current or future qualifying publication scenario. Additionally, the proposed definition incorporates phrases such as ‘‘generally accessible’’ and ‘‘without restriction upon its further dissemination’’ in order to better align the definition found in the EAR and more closely aligned with the definition in the Wassenaar Arrangement control lists. The proposed definition requires that information be made available to the public without restrictions on its further dissemination. Any information that meets this definition is ‘‘public domain.’’ The definition also retains an exemplary list of information that has been made available to the public without restriction and would be considered ‘‘public domain.’’ These include magazines, periodicals and other publications available as subscriptions, publications contained in libraries, information made available at a public conference, meeting, seminar, trade show, or exhibition, and information posted on public Web sites. The final example deems information that is submitted to co-authors, editors, or reviewers or conference organizers for review for publication to be ‘‘public domain,’’ even prior to actual publication. The relevant restrictions do not include copyright protections or generic property rights in the underlying physical medium. Paragraph (b) of the revised definition explicitly sets forth the Department’s requirement of authorization to release information into the ‘‘public domain.’’ Prior to making available ‘‘technical data’’ or software subject to the ITAR, the U.S. government must approve the release through one of the following: (1) The Department; (2) the Department of Defense’s Office of Security Review; (3) a relevant U.S. government contracting authority with authority to allow the ‘‘technical data’’ or software to be made available to the public, if one exists; or (4) another U.S. government official with authority to allow the ‘‘technical data’’ or software to be made available to the public. The requirements of paragraph (b) are not new. Rather, they are a more explicit statement of the ITAR’s requirement that one must seek and receive a license or other authorization from the Department or other cognizant U.S. government authority to release ITAR controlled ‘‘technical data,’’ as defined in § 120.10. A release of ‘‘technical data’’ may occur by disseminating ‘‘technical data’’ at a public conference or trade show, publishing ‘‘technical data’’ in a book or journal article, or posting ‘‘technical data’’ to the Internet. This proposed provision will enhance VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 compliance with the ITAR by clarifying that ‘‘technical data’’ may not be made available to the public without authorization. Persons who intend to discuss ‘‘technical data’’ at a conference or trade show, or to publish it, must ensure that they obtain the appropriate authorization. Information that is excluded from the definition of ‘‘defense article’’ in the new § 120.6(b) is not ‘‘technical data’’ and therefore does not require authorization prior to release into the ‘‘public domain.’’ This includes information that arises during or results from ‘‘fundamental research,’’ as described in the new § 120.49; general scientific, mathematical, or engineering principles commonly taught in schools, and information that is contained in patents. The Department also proposes to add a new provision to § 127.1 in paragraph (a)(6) to state explicitly that the further dissemination of ‘‘technical data’’ or software that was made available to the public without authorization is a violation of the ITAR, if, and only if, it is done with knowledge that the ‘‘technical data’’ or software was made publicly available without an authorization described in ITAR § 120.11(b)(2). Dissemination of publicly available ‘‘technical data’’ or software is not an export-controlled event, and does not require authorization from the Department, in the absence of knowledge that it was made publicly available without authorization. ‘‘Technical data’’ and software that is made publicly available without proper authorization remains ‘‘technical data’’ or software and therefore remains subject to the ITAR. As such, the U.S. government may advise a person that the original release of the ‘‘technical data’’ or software was unauthorized and put that person on notice that further dissemination would violate the ITAR. 6. Proposed Definition of Technical Data That Arises During, or Results From, Fundamental Research The Department proposes to move ‘‘fundamental research’’ from the definition of ‘‘public domain’’ in ITAR § 120.11(a)(8) and define ‘‘technical data that arises during, or results from, fundamental research’’ in a new ITAR § 120.49. The Department believes that information that arises during, or results from fundamental research is conceptually distinguishable from the information that would be captured in the revised definition of ‘‘public domain’’ that is proposed in this rule. Accordingly, the Department proposes to address this concept with its own definition. The new definition of PO 00000 Frm 00042 Fmt 4702 Sfmt 4702 ‘‘technical data that arises during, or results from, fundamental research’’ is consistent with the prior ITAR § 120.11(a)(8), except that the Department has expanded the scope of eligible research to include research that is funded, in whole or in part, by the U.S. government. 7. Revised Definition of Export The Department proposes to revise the definition of ‘‘export’’ in ITAR § 120.17 to better align with the EAR’s revised definition of the term and to remove activities associated with a defense article’s further movement or release outside the United States, which will now fall within the definition of ‘‘reexport’’ in § 120.19. The definition is revised to explicitly identify that ITAR §§ 126.16 and 126.17 (exemptions pursuant to the Australia and UK Defense Trade Cooperation Treaties) have their own definitions of ‘‘export,’’ which apply exclusively to those exemptions. It also explicitly references the new § 120.49, ‘‘Activities that are Not Exports, Reexports, or Retransfers,’’ which excludes from ITAR control certain transactions identified therein. Paragraph (a)(1) is revised to parallel the definition of ‘‘export’’ in proposed paragraph (a)(1) of § 734.13 of the EAR. Although the wording has changed, the scope of the control is the same. The provision excepting travel outside of the United States by persons whose personal knowledge includes ‘‘technical data’’ is removed, but the central concept is unchanged. The ‘‘release’’ of ‘‘technical data’’ to a foreign person while in the United States or while travelling remains a controlled event. Paragraph (a)(2) includes the control listed in the current § 120.17(a)(4) (transfer of technical data to a foreign person). The proposed revisions replace the word ‘‘disclosing’’ with ‘‘releasing,’’ and the paragraph is otherwise revised to parallel proposed paragraph (a)(2) of § 734.13 of the EAR. ‘‘Release’’ is a newly defined concept in § 120.50 that encompasses the previously undefined term ‘‘disclose.’’ Paragraph (a)(3) includes the control listed in the current § 120.17(a)(2) (transfer of registration, control, or ownership to a foreign person of an aircraft, vessel, or satellite). It is revised to parallel proposed paragraph (a)(3) of § 734.13 of the EAR. Paragraph (a)(4) includes the control listed in the current § 120.17(a)(3) (transfer in the United States to foreign embassies). Paragraph (a)(5) maintains the control on performing a ‘‘defense service.’’ Paragraph (a)(6) is added for the ‘‘release’’ or transfer of decryption keys, E:\FR\FM\03JNP1.SGM 03JNP1 asabaliauskas on DSK5VPTVN1PROD with PROPOSALS Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules passwords, and other items identified in the new paragraph (a)(5) of the revised definition of ‘‘technical data’’ in § 120.10. This paragraph makes ‘‘release’’ or transfer of information securing ‘‘technical data’’ an ‘‘export.’’ Making the release of decryption keys and other information securing technical data in an inaccessible or unreadable format an export allows the Department to propose that providing someone with encrypted ‘‘technical data’’ would not be an ‘‘export,’’ under certain circumstances. Provision of a decryption key or other information securing ‘‘technical data’’ is an ‘‘export’’ regardless of whether the foreign person has already obtained access to the secured ‘‘technical data.’’ Paragraph (a)(6) of the definitions of export and reexport in this rule and the BIS companion rule present different formulations for this control and the agencies request input from the public on which language more clearly describes the control. The agencies intend, however, that the act of providing physical access to unsecured ‘‘technical data’’ (subject to the ITAR) will be a controlled event. The mere act of providing access to unsecured technology (subject to the EAR) will not, however, be a controlled event unless it is done with ‘‘knowledge’’ that such provision will cause or permit the transfer of controlled ‘‘technology’’ in clear text or ‘‘software’’ to a foreign national. Paragraph (a)(7) is added for the release of information to a public network, such as the Internet. This makes more explicit the existing control in (a)(4), which includes the publication of ‘‘technical data’’ to the Internet due to its inherent accessibility by foreign persons. This means that before posting information to the Internet, you should determine whether the information is ‘‘technical data.’’ You should review the USML, and if there is doubt about whether the information is ‘‘technical data,’’ you may request a commodity jurisdiction determination from the Department. If so, a license or other authorization, as described in § 120.11(b), will generally be required to post such ‘‘technical data’’ to the Internet. Posting ‘‘technical data’’ to the Internet without a Department or other authorization is a violation of the ITAR even absent specific knowledge that a foreign national will read the ‘‘technical data.’’ Paragraph (b)(1) is added to clarify existing ITAR controls to explicitly state that disclosing ‘‘technical data’’ to a foreign person is deemed to be an ‘‘export’’ to all countries in which the VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 foreign person has held citizenship or holds permanent residency. 8. Revised Definition of Reexport The Department proposes to revise the definition of ‘‘reexport’’ in ITAR § 120.19 to better align with the EAR’s revised definition and describe transfers of items subject to the jurisdiction of the ITAR between two foreign countries. The activities identified are the same as those in paragraphs (a)(1) through (4) of the revised definition of ‘‘export,’’ except that the shipment, release or transfer is between two foreign countries or is to a third country national foreign person outside of the United States. 9. Proposed Definition of Release The Department proposes to add § 120.50, the definition of ‘‘release.’’ This term is added to harmonize with the EAR, which has long used the term to cover activities that disclose information to foreign persons. ‘‘Release’’ includes the activities encompassed within the undefined term ‘‘disclose.’’ The activities that are captured include allowing a foreign person to inspect a ‘‘defense article’’ in a way that reveals ‘‘technical data’’ to the foreign persons and oral or written exchanges of ‘‘technical data’’ with a foreign person. The adoption of the definition of ‘‘release’’ does not change the scope of activities that constitute an ‘‘export’’ and other controlled transactions under the ITAR. 10. Proposed Definition of Retransfer The Department proposes to add § 120.51, the definition of ‘‘retransfer.’’ ‘‘Retransfer’’ is moved out of the definition of ‘‘reexport’’ in § 120.19 to better harmonize with the EAR, which controls ‘‘exports,’’ ‘‘reexports’’ and ‘‘transfers (in country)’’ as discrete events. Under this new definition, a ‘‘retransfer’’ occurs with a change of end use or end user within the same foreign territory. Certain activities may fit within the definition of ‘‘reexport’’ and ‘‘retransfer,’’ such as the disclosure of ‘‘technical data’’ to a third country national abroad. Requests for both ‘‘reexports’’ and ‘‘retransfers’’ of ‘‘defense articles’’ will generally be processed through a General Correspondence or an exemption. 11. Proposed Activities That Are Not Exports, Reexports, or Retransfers The Department proposes to add § 120.52 to describe those ‘‘activities that are not exports, reexports, or retransfers’’ and do not require authorization from the Department. It is not an ‘‘export’’ to launch items into PO 00000 Frm 00043 Fmt 4702 Sfmt 4702 31529 space, provide ‘‘technical data’’ or software to U.S. persons while in the United States, or move a ‘‘defense article’’ between the states, possessions, and territories of the United States. The Department also proposes to add a new provision excluding from ITAR licensing requirements the transmission and storage of encrypted ‘‘technical data’’ and software. The Department recognizes that ITARcontrolled ‘‘technical data’’ may be electronically routed through foreign servers unbeknownst to the original sender. This presents a risk of unauthorized access and creates a potential for inadvertent ITAR violations. For example, email containing ‘‘technical data’’ may, without the knowledge of the sender, transit a foreign country’s Internet service infrastructure en route to its intended and authorized final destination. Any access to this data by a foreign person would constitute an unauthorized ‘‘export’’ under ITAR § 120.17. Another example is the use of mass data storage (i.e., ‘‘cloud storage’’). In this case, ‘‘technical data’’ intended to be resident in cloud storage may, without the knowledge of the sender, be physically stored on a server or servers located in a foreign country or multiple countries. Any access to this data, even if unintended by the sender, would constitute an ‘‘export’’ under ITAR § 120.17. The intent of the proposed ITAR § 120.52(a)(4) is to clarify that when unclassified ‘‘technical data’’ transits through a foreign country’s Internet service infrastructure, a license or other approval is not mandated when such ‘‘technical data’’ is encrypted prior to leaving the sender’s facilities and remains encrypted until received by the intended recipient or retrieved by the sender, as in the case of remote storage. The encryption must be accomplished in a manner that is certified by the U.S. National Institute for Standards and Technology (NIST) as compliant with the Federal Information Processing Standards Publication 140–2 (FIPS 140– 2). Additionally, the Department proposes that the electronic storage abroad of ‘‘technical data’’ that has been similarly encrypted would not require an authorization, so long as it is not stored in a § 126.1 country or in the Russian Federation. This will allow for cloud storage of encrypted data in foreign countries, so long as the ‘‘technical data’’ remains continuously encrypted while outside of the United States. E:\FR\FM\03JNP1.SGM 03JNP1 31530 Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules 12. Revised Exemption for the Export of Technical Data for U.S. Persons Abroad The Department proposes to revise § 125.4(b)(9) to better harmonize controls on the ‘‘release’’ of controlled information to U.S. persons abroad and to update the provisions. The most significant update is that foreign persons authorized to receive ‘‘technical data’’ in the United States will be eligible to receive that same ‘‘technical data’’ abroad, when on temporary assignment on behalf of their employer. The proposed revisions clarify that a person going abroad may use this exemption to ‘‘export’’ ‘‘technical data’’ for their own use abroad. The proposed revisions also clarify that the ‘‘technical data’’ must be secured while abroad to prevent unauthorized ‘‘release.’’ It has been long-standing Department practice to hold U.S. persons responsible for the ‘‘release’’ of ‘‘technical data’’ in their possession while abroad. However, given the nature of ‘‘technical data’’ and the proposed exception from licensing for transmission of secured ‘‘technical data,’’ the Department has determined it is necessary to implement an affirmative obligation to secure data while abroad. 13. Proposed Scope of License The Department proposes to add § 123.28 to clarify the scope of a license, in the absence of a proviso, and to state that authorizations are granted based on the information provided by the applicant. This means that while providing false information to the U.S. government as part of the application process for the ‘‘export,’’ ‘‘reexport,’’ or ‘‘retransfer’’ of a ‘‘defense article’’ is a violation of the ITAR, it also may void the license. asabaliauskas on DSK5VPTVN1PROD with PROPOSALS 14. Revised Definition of Defense Service Proposed revisions of the ‘‘defense service’’ definition were published on April 13, 2011, RIN 1400–AC80 (see ‘‘International Traffic in Arms Regulations: Defense Services,’’ 76 FR 20590) and May 24, 2013 (see 78 FR 31444, RIN 1400–AC80). In those rules, the Department explained its determination that the scope of the current definition is overly broad, capturing certain forms of assistance or services that no longer warrant ITAR control. The Department reviewed comments on that first proposed definition and, when the recommended changes added to the clarity of the regulation, the Department accepted them. For the Department’s evaluation of those public comments and recommendations regarding the April 13, 2011, proposed VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 rule (the first revision), see 78 FR 31444, May 24, 2013. The Department’s evaluation of the written comments and recommendations in response to the May 24, 2013 proposed rule (the second revision) follows. Parties commenting on the second revision expressed concern that the definition of ‘‘defense service’’ in paragraph (a)(1) was premised on the use of ‘‘other than public domain information.’’ The observation was made that with the intent of removing from the definition of a ‘‘defense service’’ the furnishing of assistance using ‘‘public domain’’ information, but not basing the assistance on the use of ‘‘technical data,’’ the Department was continuing to require the licensing of activities akin to those that were based on the use of ‘‘public domain’’ information. The Department has fully revised paragraph (a)(1) to remove the use of the ‘‘other than public domain information’’ or ‘‘technical data’’ from the determination of whether an activity is a ‘‘defense service.’’ Furthermore, the Department has added a new provision declaring that the activities described in paragraph (a)(1) are not a ‘‘defense service’’ if performed by a U.S. person or foreign person in the United States who does not have knowledge of U.S.origin ‘‘technical data’’ directly related to the ‘‘defense article’’ that is the subject of the assistance or training or another ‘‘defense article’’ described in the same USML paragraph prior to performing the service. A note is added to clarify that a person will be deemed to have knowledge of U.S.-origin ‘‘technical data’’ if the person previously participated in the ‘‘development’’ of a ‘‘defense article’’ described in the same USML paragraph, or accessed (physically or electronically) that ‘‘technical data.’’ A note is also added to clarify that those U.S. persons abroad who only received U.S.-origin ‘‘technical data’’ as a result of their activities on behalf of a foreign person are not included within the scope of paragraph (a)(1). A third note is added to clarify that DDTC-authorized foreign person employees in the United States who provide ‘‘defense services’’ on behalf of their U.S. employer are considered to be included with the U.S. employer’s authorization, and need not be listed on the U.S. employer’s technical assistance agreement or receive a separate authorization for those services. The Department also removed the activities of design, development, and engineering from paragraph (a)(1) and moved them to paragraph (a)(2). Commenting parties recommended revising paragraph (a)(1) to remove the PO 00000 Frm 00044 Fmt 4702 Sfmt 4702 provision of ‘‘technical data’’ as a ‘‘defense service,’’ because there are already licensing requirements for the ‘‘export’’ of ‘‘technical data.’’ The Department confirms that it eliminated from the definition of a ‘‘defense service’’ the act of furnishing ‘‘technical data’’ to a foreign person. Such activity still constitutes an ‘‘export’’ and would require an ITAR authorization. New paragraph (a)(1) is concerned with the furnishing of assistance, whereas the ‘‘export’’ of ‘‘technical data’’ alone, without the furnishing of assistance, is not a ‘‘defense service.’’ The ‘‘export’’ of ‘‘technical data’’ requires an authorization (Department of State form DSP–5 or DSP–85) or the use of an applicable exemption. Commenting parties recommended the definition be revised to explicitly state that it applies to the furnishing of assistance by U.S. persons, or by foreign persons in the United States. The Department partially accepted this recommendation. However, the Department notes that ITAR § 120.1(c) provides that only U.S. persons and foreign governmental entities in the United States may be granted a license or other approval pursuant to the ITAR, and that foreign persons may only receive a ‘‘reexport’’ or ‘‘retransfer’’ approval or approval for brokering activities. Therefore, approval for the performance of a defense service in the United States by a foreign person must be obtained by a U.S. person, such as an employer, on behalf of the foreign person. Regarding a related recommendation, the Department also notes that the furnishing of a type of assistance described by the definition of a ‘‘defense service’’ is not an activity within the Department’s jurisdiction when it is provided by a foreign person outside the United States to another foreign person outside the United States on a foreign ‘‘defense article’’ using foreign-origin ‘‘technical data.’’ In response to commenting parties, the Department specified that the examples it provided for activities that are not ‘‘defense services’’ are not exhaustive. Rather, they are provided to answer the more frequent questions the Department receives on the matter. The Department removed these examples from paragraph (b) and included them as a note to paragraph (a). A commenting party recommended that paragraphs (a)(5) and (a)(6), regarding the furnishing of assistance in the integration of a spacecraft to a launch vehicle and in the launch failure analysis of a spacecraft or launch vehicle, respectively, be removed, and that those activities be described in the USML categories covering spacecraft E:\FR\FM\03JNP1.SGM 03JNP1 asabaliauskas on DSK5VPTVN1PROD with PROPOSALS Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules and launch vehicles, on the basis that a general definition should not have such program-specific clauses. As discussed in the May 13, 2014 interim final rule revising USML Category XV (79 FR 27180), the Department accepted this recommendation and revised paragraph (f) of USML Category XV and paragraph (i) of USML Category IV accordingly. The revision includes the recommendation of commenting parties to specifically provide that the service must be provided to a foreign person in order for it to be a licensable activity. Commenting parties recommended the Department define the term ‘‘tactical employment,’’ so as to clarify what services would be captured by paragraph (a)(3). The Department determined that employment of a ‘‘defense article’’ should remain a controlled event, due to the nature of items now controlled in the revised USML categories. After ECR, those items that remain ‘‘defense articles’’ are the most sensitive and militarily critical equipment that have a significant national security or intelligence application. Allowing training and other services to foreign nationals in the employment of these ‘‘defense articles’’ without a license would not be appropriate. Therefore, the Department removed the word ‘‘tactical’’ and converted the existing exemption for basic operation of a ‘‘defense article,’’ authorized by the U.S. government for ‘‘export’’ to the same recipient, into an exclusion from paragraph (a)(3). A commenting party recommended the Department address the instance of the integration or installation of a ‘‘defense article’’ into an item, much as it addressed the instance of the integration or installation of an item into a ‘‘defense article.’’ Previously, the Department indicated this would be the subject of a separate rule, and addressed the ‘‘export’’ of such items in a proposed rule (see 76 FR 13928), but upon review the Department accepted this recommendation, and revised paragraph (a)(2), the note to paragraph (a)(2), and the note to paragraph (a) accordingly. In addition, the Department has changed certain terminology used in the paragraph: instead of referring to the ‘‘transfer’’ of ‘‘technical data,’’ the paragraph is premised on the ‘‘use’’ of ‘‘technical data.’’ This change is consistent with removing from the definition of a ‘‘defense service’’ the furnishing of ‘‘technical data’’ to a foreign person when there is not also the furnishing of assistance related to that ‘‘technical data.’’ A commenting party requested clarification of the rationale behind VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 selectively excepting from the ‘‘defense services’’ definition the furnishing of services using ‘‘public domain’’ information. The Department did so in paragraph (a)(1), and now excludes those services performed by U.S. persons who have not previously had access to any U.S. origin ‘‘technical data’’ on the ‘‘defense article’’ being serviced. In contrast, the Department did not do so in paragraphs (a)(2) and (a)(3) and former paragraphs (a)(5) and (a)(6). In the case of paragraph (a)(2), the rationale for not doing so is that the activities involved in the development of a ‘‘defense article,’’ or in integrating a ‘‘defense article’’ with another item, inherently involve the advancement of the military capacity of another country and therefore constitute activities over which the U.S. government has significant national security and foreign policy concerns. To the extent that an activity listed in paragraph (a)(1), such as modification or testing, is done in the ‘‘development’’ of a ‘‘defense article,’’ such activities constitute ‘‘development’’ and are within the scope of paragraph (a)(2). With regard to paragraph (a)(3), the furnishing of assistance (including training) in the employment of a ‘‘defense article’’ is a type of activity that the Department believes warrants control as a ‘‘defense service,’’ due to the inherently military nature of providing training and other services in the employment of a ‘‘defense article’’ (changes to paragraph (a)(3) are described above). The services described in former paragraphs (a)(5) and (a)(6) (and now in USML Categories IV(i) and XV(f)) are pursuant to Public Law 105–261. A commenting party recommended limiting paragraph (a)(2) to the integration of ECCN 9A515 and 600 series items into defense articles, saying that the regulations should focus on items subject to the EAR with a military or space focus. The Department’s focus with this provision is in fact the ‘‘defense article.’’ Items that are to be integrated with a ‘‘defense article,’’ which may not themselves be defense articles, may be beyond the authority of the Department to regulate. The Department did not accept this recommendation. A commenting party recommended limiting the definition of integration to changes in the function of the ‘‘defense article,’’ and to exclude modifications in fit. For the purposes of illustration, this commenting party used one of the examples provided by the Department in the note to paragraph (a)(2): The manufacturer of the military vehicle will need to know the dimensions and electrical requirements of the dashboard PO 00000 Frm 00045 Fmt 4702 Sfmt 4702 31531 radio when designing the vehicle. In this instance, paragraph (a)(2) would not apply, as this example addresses the manufacture of a ‘‘defense article,’’ which is covered by paragraph (a)(1). If the radio to be installed in this vehicle is subject to the EAR, the provision to the manufacturer of information regarding the radio is not within the Department’s licensing jurisdiction. In an instance of a service entailing the integration of an item with a ‘‘defense article,’’ where there would be modification to any of the items, the Department believes such assistance would inherently require the use of ‘‘technical data.’’ Therefore, this exclusion would be unacceptably broad. However, the Department has accepted the recommendation to clarify the definition and exclude changes to fit to any of the items involved in the integration activity, provided that such services do not entail the use of ‘‘technical data’’ directly related to the ‘‘defense article.’’ Upon review, changes to fit are not an aspect of integration, which is the ‘‘engineering analysis needed to unite a ‘defense article’ and one or more items,’’ and therefore are not captured in paragraph (a)(2). The modifications of the ‘‘defense article’’ to accommodate the fit of the item to be integrated, which are within the activity covered by installation, are only those modifications to the ‘‘defense article’’ that allow the item to be placed in its predetermined location. Any modifications to the design of a ‘‘defense article’’ are beyond the scope of installation. Additionally, while minor modifications may be made to a ‘‘defense article’’ without the activity being controlled under (a)(2) as an integration activity, all modifications of defense articles, regardless of sophistication, are activities controlled under (a)(1) if performed by someone with prior knowledge of U.S.-origin ‘‘technical data.’’ ‘‘Fit’’ is defined in ITAR § 120.41: ‘‘The fit of a commodity is defined by its ability to physically interface or connect with or become an integral part of another commodity’’ (see, Note 4 to paragraph (b)(3)). Commenting parties recommended revising paragraph (a)(2) to provide that such assistance described therein would be a ‘‘defense service’’ only if U.S.origin ‘‘technical data’’ is exported. The law and regulations do not mandate this limitation. Section 38 of the Arms Export Control Act provides that the President is authorized to control the ‘‘export’’ of defense articles and defense services. The ITAR, in defining ‘‘defense article,’’ ‘‘technical data,’’ and ‘‘export,’’ does not provide the qualifier ‘‘U.S.- E:\FR\FM\03JNP1.SGM 03JNP1 asabaliauskas on DSK5VPTVN1PROD with PROPOSALS 31532 Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules origin’’ (see ITAR §§ 120.6, 120.10, and 120.17, respectively). In the instance described by the commenting party, of the integration of a commercial item into a foreign-origin ‘‘defense article,’’ the Department retains jurisdiction when the service is provided by a U.S. person. A commenting party recommended revising paragraph (a)(2) so that the paragraph (a)(1) exception of the furnishing of assistance using ‘‘public domain’’ information is not nullified by paragraph (a)(2), as most of the activities described in paragraph (a)(1) involve integration as defined in the note to paragraph (a)(2). The Department believes each of the activities described in paragraphs (a)(1) and (a)(2) are sufficiently well defined to distinguish them one from the other. Therefore, the Department does not agree that paragraph (a)(2) nullifies the intention of paragraph (a)(1), and does not accept this recommendation. A commenting party requested clarification that providing an item subject to the EAR for the purposes of integration into a ‘‘defense article’’ is not a ‘‘defense service.’’ The provision of the item in this instance, unaccompanied by assistance in the integration of the item into a ‘‘defense article,’’ is not within the scope of ‘‘the furnishing of assistance,’’ and therefore is not a defense service. Commenting parties recommended clarification on whether the servicing of an item subject to the EAR that has been integrated with a ‘‘defense article’’ would be a ‘‘defense service.’’ The Department notes that such activity is not a ‘‘defense service,’’ provides it as an example of what is not a ‘‘defense service’’ in the note to paragraph (a), and also notes that it would be incumbent on the applicant to ensure that in providing this service, ‘‘technical data’’ directly related to the ‘‘defense article’’ is not used. Commenting parties expressed concern over the potential negative effect of paragraph (a)(2) and the definition in general on universitybased educational activities and scientific communication, and recommended clarification of the relationship between the definition of ‘‘defense services’’ and the exemption for the ‘‘export’’ of ‘‘technical data’’ at ITAR § 125.4(b)(10). Disclosures of ‘‘technical data’’ to foreign persons who are bona-fide and full time regular employees of universities continue to be exports for which ITAR § 125.4(b)(10) is one licensing exemption. The Department believes that, in most cases, the normal duties of a university employee do not encompass the VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 furnishing of assistance to a foreign person, in the activities described in paragraph (a). Therefore, in the context of employment with the university, the Department does not perceive that the foreign person’s use of the ‘‘technical data’’ would be described by ITAR § 120.9(a)(2), or any part of paragraph (a). In response to the recommendation of one commenting party, the Department added a note clarifying that the installation of an item into a ‘‘defense article’’ is not a ‘‘defense service,’’ provided no ‘‘technical data’’ is used in the rendering of the service. A commenting party recommended clarification of the licensing process for the ‘‘export’’ of an EAR 600 series item that is to be integrated into a ‘‘defense article.’’ The Department of Commerce has ‘‘export’’ authority over the 600 series item, and the exporter must obtain a license from the Department of Commerce, if necessary. The exporter must also obtain an approval from the Department of State to provide any ‘‘defense service,’’ including integration assistance pursuant to paragraph (a)(2). A commenting party recommended removing ‘‘testing’’ as a type of ‘‘defense service,’’ stating it was not included in the definition of ‘‘organizational-level maintenance.’’ In including testing as part of the former definition but not of the latter, the Department does not perceive an inconsistency or conflict. To the extent that certain testing is within the definition of organization-level maintenance, that testing is explicitly excluded, as organizational-level maintenance is not covered under the definition of a ‘‘defense service.’’ However, all other testing remains a ‘‘defense service.’’ The Department intends for the furnishing of assistance to a foreign person, whether in the United States or abroad, in the testing of defense articles to be an activity requiring Department approval under the conditions of paragraph (a)(1). The Department did not accept this recommendation. Commenting parties provided recommendations for revising the definitions of ‘‘public domain’’ information and ‘‘technical data.’’ Those definitions are proposed in this rule as well. To the extent that evaluation of the proposed changes to ‘‘defense services’’ hinges on these terms, the Department invites commenting parties to submit analyses of the impact of these revised definitions on the revised ‘‘defense service’’ definition in this proposed rule. Commenting parties recommended clarification of the regulation regarding the furnishing of assistance and training PO 00000 Frm 00046 Fmt 4702 Sfmt 4702 in organizational-level (basic-level) maintenance. The Department harmonized paragraph (a)(1) and the example regarding organizational-level maintenance by revising the Note to Paragraph (a), which sets forth activities that are not ‘‘defense services,’’ so that it specifically provides that ‘‘the furnishing of assistance (including training) in organizational-level (basiclevel) maintenance of a defense article’’ is an example of an activity that is not a defense service. In response to commenting parties, the Department clarifies that the example of employment by a foreign person of a natural U.S. person as not constituting a ‘‘defense service’’ is meant to address, among other scenarios, the instance where such a person is employed by a foreign defense manufacturer, but whose employment in fact does not entail the furnishing of assistance as described in ITAR § 120.9(a). By ‘‘natural person,’’ the Department means a human being, as may be inferred from the definition of ‘‘person’’ provided in ITAR § 120.14. In response to the recommendation of a commenting party, the Department confirms that, as stated in a Department of Commerce notice, ‘‘Technology subject to the EAR that is used with technical data subject to the ITAR that will be used under the terms of a Technical Assistance Agreement (TAA) or Manufacturing License Agreement (MLA) and that would otherwise require a license from [the Department of Commerce] may all be exported under the TAA or MLA’’ (see 78 FR 22660). In DDTC publication Guidelines for Preparing Electronic Agreements (Revision 4.2), Section 20.1.d., the following conditions are stipulated: The technology subject to the EAR will be used with ‘‘technical data’’ subject to the ITAR and described in the agreement, and the technology subject to the EAR will be used under the terms of a TAA or MLA (see http:// www.pmddtc.state.gov/licensing/ agreement.html). Request for Comments The Department invites public comment on any of the proposed definitions set forth in this rulemaking. With respect to the revisions to ITAR § 120.17, the Department recognizes the increasingly complex nature of telecommunications infrastructure and the manner in which data is transmitted, stored, and accessed, and accordingly seeks public comment with special emphasis on: (1) How adequately the proposed regulations address the technical aspects of data transmission and storage; (2) whether E:\FR\FM\03JNP1.SGM 03JNP1 Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules the proposed regulations mitigate unintended or unauthorized access to transmitted or stored data; and (3) whether the proposed regulations impose an undue financial or compliance burden on the public. The public is also asked to comment on the effective date of the final rule. Export Control Reform rules that revised categories of the USML and created new 600 series ECCN have had a six-month delayed effective date to allow for exporters to update the classification of their items. In general, rules effecting export controls have been effective on the date of publication, due to the impact on national security and foreign policy. As this proposed rule and the companion proposed rule from the Bureau of Industry and Security revise definitions within the ITAR and the EAR and do not make any changes to the USML or CCL, the Department proposes (should the proposed rule be adopted) a 30-day delayed effective date to allow exporters to ensure continued compliance. Regulatory Analysis and Notices Administrative Procedure Act The Department of State is of the opinion that controlling the import and export of defense articles and services is a foreign affairs function of the U.S. government and that rules implementing this function are exempt from sections 553 (rulemaking) and 554 (adjudications) of the Administrative Procedure Act (APA). Although the Department is of the opinion that this proposed rule is exempt from the rulemaking provisions of the APA, the Department is publishing this rule with a 60-day provision for public comment and without prejudice to its determination that controlling the import and export of defense services is a foreign affairs function. Regulatory Flexibility Act asabaliauskas on DSK5VPTVN1PROD with PROPOSALS Since the Department is of the opinion that this proposed rule is exempt from the rulemaking provisions of 5 U.S.C. 553, there is no requirement for an analysis under the Regulatory Flexibility Act. Unfunded Mandates Reform Act of 1995 This proposed amendment does not involve a mandate that will result in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any year and it will not significantly or uniquely affect small governments. Therefore, no actions were deemed necessary under the provisions of the VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 Unfunded Mandates Reform Act of 1995. Small Business Regulatory Enforcement Fairness Act of 1996 For purposes of the Small Business Regulatory Enforcement Fairness Act of 1996 (the ‘‘Act’’), a major rule is a rule that the Administrator of the OMB Office of Information and Regulatory Affairs finds has resulted or is likely to result in: (1) An annual effect on the economy of $100,000,000 or more; (2) a major increase in costs or prices for consumers, individual industries, federal, state, or local government agencies, or geographic regions; or (3) significant adverse effects on competition, employment, investment, productivity, innovation, or on the ability of United States-based enterprises to compete with foreignbased enterprises in domestic and foreign markets. The Department does not believe this rulemaking will have an annual effect on the economy of $100,000,000 or more, nor will it result in a major increase in costs or prices for consumers, individual industries, federal, state, or local government agencies, or geographic regions, or have significant adverse effects on competition, employment, investment, productivity, innovation, or on the ability of United States-based enterprises to compete with foreignbased enterprises in domestic and foreign markets. The proposed means of solving the issue of data protection are both familiar to and extensively used by the affected public in protecting sensitive information. Executive Orders 12372 and 13132 This proposed amendment will not have substantial direct effects on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government. Therefore, in accordance with Executive Order 13132, it is determined that this proposed amendment does not have sufficient federalism implications to require consultations or warrant the preparation of a federalism summary impact statement. The regulations implementing Executive Order 12372 regarding intergovernmental consultation on Federal programs and activities do not apply to this proposed amendment. Executive Orders 12866 and 13563 Executive Orders 12866 and 13563 direct agencies to assess costs and benefits of available regulatory PO 00000 Frm 00047 Fmt 4702 Sfmt 4702 31533 alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributed impacts, and equity). The executive orders stress the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. This proposed rule has been designated a ‘‘significant regulatory action,’’ although not economically significant, under section 3(f) of Executive Order 12866. Accordingly, the proposed rule has been reviewed by the Office of Management and Budget (OMB). Executive Order 12988 The Department of State has reviewed the proposed amendment in light of sections 3(a) and 3(b)(2) of Executive Order 12988 to eliminate ambiguity, minimize litigation, establish clear legal standards, and reduce burden. Executive Order 13175 The Department of State has determined that this rulemaking will not have tribal implications, will not impose substantial direct compliance costs on Indian tribal governments, and will not preempt tribal law. Accordingly, Executive Order 13175 does not apply to this rulemaking. Paperwork Reduction Act This rule does not impose any new reporting or recordkeeping requirements subject to the Paperwork Reduction Act, 44 U.S.C. Chapter 35; however, the Department of State seeks public comment on any unforeseen potential for increased burden. List of Subjects 22 CFR 120 and 125 Arms and munitions, Classified information, Exports. 22 CFR 123 Arms and munitions, Exports, Reporting and recordkeeping requirements. 22 CFR Part 127 Arms and munitions, Exports, Crime, Law, Penalties, Seizures and forfeitures. Accordingly, for the reasons set forth above, title 22, chapter I, subchapter M, parts 120, 123, 125, and 127 are proposed to be amended as follows: PART 120—PURPOSE AND DEFINITIONS 1. The authority citation for part 120 continues to read as follows: ■ E:\FR\FM\03JNP1.SGM 03JNP1 31534 Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules Authority: Secs. 2, 38, and 71, Pub. L. 90– 629, 90 Stat. 744 (22 U.S.C. 2752, 2778, 2797); 22 U.S.C. 2794; 22 U.S.C. 2651a; Pub. L. 105–261, 112 Stat. 1920; Pub. L. 111–266; Section 1261, Pub. L. 112–239; E.O. 13637, 78 FR 16129. 2. Section 120.6 is amended by designating the current text as paragraph (a), revising the first sentence of newly designated paragraph (a), and adding paragraph (b) to read as follows: ■ § 120.6 Defense article. (a) Defense article means any item, software, or technical data designated in § 121.1 of this subchapter. * * * (b) The following are not defense articles and thus not subject to the ITAR: (1) [Reserved] (2) [Reserved] (3) Information and software that: (i) Are in the public domain, as described in § 120.11; (ii) Arise during, or result from, fundamental research, as described in § 120.46; (iii) Concern general scientific, mathematical, or engineering principles commonly taught in schools, and released by instruction in a catalog course or associated teaching laboratory of an academic institution; or (iv) Appear in patents or open (published) patent applications available from or at any patent office, unless covered by an invention secrecy order. Note to paragraph (b): Information that is not within the scope of the definition of technical data (see § 120.10) and not directly related to a defense article, or otherwise described on the USML, is not subject to the ITAR. 3. Section 120.9 is revised to read as follows: ■ asabaliauskas on DSK5VPTVN1PROD with PROPOSALS § 120.9 Defense service. (a) Defense service means: (1) The furnishing of assistance (including training) to a foreign person (see § 120.16), whether in the United States or abroad, in the production, assembly, testing, intermediate- or depot-level maintenance (see § 120.38), modification, demilitarization, destruction, or processing of a defense article (see § 120.6), by a U.S. person or foreign person in the United States, who has knowledge of U.S.-origin technical data directly related to the defense article that is the subject of the assistance, prior to performing the service; Note 1 to paragraph (a)(1): ‘‘Knowledge of U.S.-origin technical data’’ for purposes of paragraph (a)(1) can be established based on all the facts and circumstances. However, a person is deemed to have ‘‘knowledge of VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 U.S.-origin technical data’’ directly related to a defense article if the person participated in the development of a defense article described in the same USML paragraph or accessed (physically or electronically) technical data directly related to the defense article that is the subject of the assistance, prior to performing the service. Note 2 to paragraph (a)(1): U.S. persons abroad who only receive U.S.-origin technical data as a result of their activities on behalf of a foreign person are not included within paragraph (a)(1). Note 3 to paragraph (a)(1): Foreign person employees in the United States providing defense services as part of Directorate of Defense Trade Controls-authorized employment need not be listed on the U.S. employer’s technical assistance agreement or receive separate authorization to perform defense services on behalf of their authorized U.S. employer. (2) The furnishing of assistance (including training) to a foreign person (see § 120.16), whether in the United States or abroad, in the development of a defense article, or the integration of a defense article with any other item regardless of whether that item is subject to the ITAR or technical data is used; Note to paragraph (a)(2): ‘‘Integration’’ means any engineering analysis (see § 125.4(c)(5) of this subchapter) needed to unite a defense article and one or more items. Integration includes the introduction of software to enable operation of a defense article, and the determination during the design process of where an item will be installed (e.g., integration of a civil engine into a destroyer that requires changes or modifications to the destroyer in order for the civil engine to operate properly; not plug and play). Integration is distinct from ‘‘installation.’’ Installation means the act of putting an item in its predetermined place without the use of technical data or any modifications to the defense article involved, other than to accommodate the fit of the item with the defense article (e.g., installing a dashboard radio into a military vehicle where no modifications (other than to accommodate the fit of the item) are made to the vehicle, and there is no use of technical data.). The ‘‘fit’’ of an item is defined by its ability to physically interface or connect with or become an integral part of another item. (see § 120.41). (3) The furnishing of assistance (including training) to a foreign person (see § 120.16), regardless of whether technical data is used, whether in the United States or abroad, in the employment of a defense article, other than basic operation of a defense article authorized by the U.S. government for export to the same recipient; (4) Participating in or directing combat operations for a foreign person (see § 120.16), except as a member of the regular military forces of a foreign PO 00000 Frm 00048 Fmt 4702 Sfmt 4702 nation by a U.S. person who has been drafted into such forces; or (5) The furnishing of assistance (including training) to the government of a country listed in § 126.1 of this subchapter in the development, production, operation, installation, maintenance, repair, overhaul or refurbishing of a defense article or a part component, accessory or attachments specially designed for a defense article. Note to paragraph (a): The following are examples of activities that are not defense services: 1. The furnishing of assistance (including training) in organizational-level (basic-level) maintenance (see § 120.38) of a defense article; 2. Performance of services by a U.S. person in the employment of a foreign person, except as provided in this paragraph; 3. Servicing of an item subject to the EAR (see § 120.42) that has been integrated or installed into a defense article, or the servicing of an item subject to the EAR into which a defense article has been installed or integrated, without the use of technical data, except as described in paragraph (a)(5) of this section; 4. The installation of any item into a defense article, or the installation of a defense article into any item; 5. Providing law enforcement, physical security, or personal protective services (including training and advice) to or for a foreign person (if such services necessitate the export of a defense article a license or other approval is required for the export of the defense article, and such services that entail the employment or training in the employment of a defense article are addressed in paragraph (a)(3) of this section); 6. The furnishing of assistance by a foreign person not in the United States; 7. The furnishing of medical, logistical (other than maintenance), translation, financial, legal, scheduling, or administrative services; 8. The furnishing of assistance by a foreign government to a foreign person in the United States, pursuant to an arrangement with the Department of Defense; and 9. The instruction in general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities. (b) [Reserved] 4. Section 120.10 is revised to read as follows: ■ § 120.10 Technical data. (a) Technical data means, except as set forth in paragraph (b) of this section: (1) Information required for the development (see § 120.47) (including design, modification, and integration design), production (see § 120.48) (including manufacture, assembly, and integration), operation, installation, maintenance, repair, overhaul, or refurbishing of a defense article. Technical data may be in any tangible or intangible form, such as written or E:\FR\FM\03JNP1.SGM 03JNP1 Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules oral communications, blueprints, drawings, photographs, plans, diagrams, models, formulae, tables, engineering designs and specifications, computeraided design files, manuals or documentation, electronic media or information gleaned through visual inspection; Note to paragraph (a)(1): The modification of an existing item creates a new item and technical data for the modification is technical data for the development of the new item. (2) Information enumerated on the USML (i.e., not controlled pursuant to a catch-all USML paragraph); (3) Classified information for the development, production, operation, installation, maintenance, repair, overhaul, or refurbishing of a defense article or a 600 series item subject to the EAR; (4) Information covered by an invention secrecy order; or (5) Information, such as decryption keys, network access codes, or passwords, that would allow access to other technical data in clear text or software (see § 127.1(b)(4) of this subchapter). (b) Technical data does not include: (1) Non-proprietary general system descriptions; (2) Information on basic function or purpose of an item; or (3) Telemetry data as defined in note 3 to USML Category XV(f) (see § 121.1 of this subchapter). ■ 5. Section 120.11 is revised to read as follows: asabaliauskas on DSK5VPTVN1PROD with PROPOSALS § 120.11 Public domain. (a) Except as set forth in paragraph (b) of this section, unclassified information and software are in the public domain, and are thus not technical data or software subject to the ITAR, when they have been made available to the public without restrictions upon their further dissemination such as through any of the following: (1) Subscriptions available without restriction to any individual who desires to obtain or purchase the published information; (2) Libraries or other public collections that are open and available to the public, and from which the public can obtain tangible or intangible documents; (3) Unlimited distribution at a conference, meeting, seminar, trade show, or exhibition, generally accessible to the interested public; (4) Public dissemination (i.e., unlimited distribution) in any form (e.g., not necessarily in published form), including posting on the Internet on sites available to the public; or VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 (5) Submission of a written composition, manuscript or presentation to domestic or foreign coauthors, editors, or reviewers of journals, magazines, newspapers or trade publications, or to organizers of open conferences or other open gatherings, with the intention that the compositions, manuscripts, or publications will be made publicly available if accepted for publication or presentation. (b) Technical data or software, whether or not developed with government funding, is not in the public domain if it has been made available to the public without authorization from: (1) The Directorate of Defense Trade Controls; (2) The Department of Defense’s Office of Security Review; (3) The relevant U.S. government contracting entity with authority to allow the technical data or software to be made available to the public; or (4) Another U.S. government official with authority to allow the technical data or software to be made available to the public. Note 1 to § 120.11: Section 127.1(a)(6) of this subchapter prohibits, without written authorization from the Directorate of Defense Trade Controls, U.S. and foreign persons from exporting, reexporting, retransfering, or otherwise making available to the public technical data or software if such person has knowledge that the technical data or software was made publicly available without an authorization described in paragraph (b) of this section. Note 2 to § 120.11: An export, reexport, or retransfer of technical data or software that was made publicly available by another person without authorization is not a violation of this subchapter, except as described in § 127.1(a)(6) of this subchapter. 6. Section 120.17 is revised to read as follows: ■ § 120.17 Export. (a) Except as set forth in § 120.52, § 126.16, or § 126.17 of this subchapter, export means: (1) An actual shipment or transmission out of the United States, including the sending or taking of a defense article outside of the United States in any manner; (2) Releasing or otherwise transferring technical data or software (source code or object code) to a foreign person in the United States (a ‘‘deemed export’’); (3) Transferring by a person in the United States of registration, control, or ownership of any aircraft, vessel, or satellite subject to the ITAR to a foreign person; (4) Releasing or otherwise transferring a defense article to an embassy or to any PO 00000 Frm 00049 Fmt 4702 Sfmt 4702 31535 agency or subdivision of a foreign government, such as a diplomatic mission, in the United States; (5) Performing a defense service on behalf of, or for the benefit of, a foreign person, whether in the United States or abroad; (6) Releasing or otherwise transferring information, such as decryption keys, network access codes, passwords, or software, or providing physical access, that would allow access to other technical data in clear text or software to a foreign person regardless of whether such data has been or will be transferred; or (7) Making technical data available via a publicly available network (e.g., the Internet). (b) Any release in the United States of technical data or software to a foreign person is a deemed export to all countries in which the foreign person has held citizenship or holds permanent residency. ■ 7. Section 120.19 is revised to read as follows: § 120.19 Reexport. (a) Except as set forth in § 120.52, reexport means: (1) An actual shipment or transmission of a defense article from one foreign country to another foreign country, including the sending or taking of a defense article to or from such countries in any manner; (2) Releasing or otherwise transferring technical data or software to a foreign person of a country other than the foreign country where the release or transfer takes place (a ‘‘deemed reexport’’); (3) Transferring by a person outside of the United States of registration, control, or ownership of any aircraft, vessel, or satellite subject to the ITAR to a foreign person outside the United States; or (4) Releasing or otherwise transferring outside of the United States information, such as decryption keys, network access codes, password, or software, or providing physical access, that would allow access to other technical data in clear text or software to a foreign person regardless of whether such data has been or will be transferred. (b) [Reserved] § 120.41 [Amended] 8. Section 120.41 is amended by reserving Note 1 to paragraph (b)(3) and Note 2 to paragraph (b)(3). ■ 9. Section 120.46 is added to read as follows: ■ § 120.46 Required. (a) As applied to technical data, the term required refers to only that portion E:\FR\FM\03JNP1.SGM 03JNP1 31536 Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules of technical data that is peculiarly responsible for achieving or exceeding the controlled performance levels, characteristics, or functions. Such required technical data may be shared by different products. Note 1 to paragraph (a): The references to ‘‘characteristics’’ and functions’’ are not limited to entries on the USML that use specific technical parameters to describe the scope of what is controlled. The ‘‘characteristics’’ and ‘‘functions’’ of an item listed are, absent a specific regulatory definition, a standard dictionary’s definition of the item. For example, USML Category VIII(a)(1) controls aircraft that are ‘‘bombers.’’ No performance level is identified in the entry, but the characteristic of the aircraft that is controlled is that it is a bomber. Thus, any technical data, regardless of significance, peculiar to making an aircraft a bomber as opposed to, for example, an aircraft controlled under ECCN 9A610.a or ECCN 9A991.a, would be technical data required for a bomber and thus controlled under USML Category VIII(i). asabaliauskas on DSK5VPTVN1PROD with PROPOSALS Note 2 to paragraph (a): The ITAR and the EAR often divide within each set of regulations or between each set of regulations: 1. Controls on parts, components, accessories, attachments, and software; and 2. Controls on the end items, systems, equipment, or other items into which those parts, components, accessories, attachments, and software are to be installed or incorporated. With the exception of technical data specifically enumerated on the USML, the jurisdictional status of unclassified technical data is the same as the jurisdictional status of the defense article or item subject to the EAR to which it is directly related. Thus, if technology is directly related to the production of an ECCN 9A610.x aircraft component that is to be integrated or installed in a USML Category VIII(a) aircraft, the technology is controlled under ECCN 9E610, not USML Category VIII(i). Note 3 to paragraph (a): Technical data is ‘‘peculiarly responsible for achieving or exceeding the controlled performance levels, characteristics, or functions’’ if it is used in or for use in the development (including design, modification, and integration design), production (including manufacture, assembly, and integration), operation, installation, maintenance, repair, overhaul, or refurbishing of a defense article unless: 1. The Department of State has determined otherwise in a commodity jurisdiction determination; 2. [Reserved]; 3. It is identical to information used in or with a commodity or software that: i. Is or was in production (i.e., not in development); and ii. Is not a defense article; 4. It was or is being developed with knowledge that it is for or would be for use in or with both defense articles and commodities not on the U.S. Munitions List; or VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 5. It was or is being developed for use in or with general purpose commodities or software (i.e., with no knowledge that it would be for use in or with a particular commodity). (b) [Reserved] 10. Section 120.47 is added to read as follows: ■ § 120.47 Development. Development is related to all stages prior to serial production, such as: design, design research, design analyses, design concepts, assembly and testing of prototypes, pilot production schemes, design data, process of transforming design data into a product, configuration design, integration design, and layouts. Development includes modification of the design of an existing item. ■ 11. Section 120.48 is added to read as follows: § 120.48 Production. Production means all production stages, such as product engineering, manufacture, integration, assembly (mounting), inspection, testing, and quality assurance. This includes ‘‘serial production’’ where commodities have passed production readiness testing (i.e., an approved, standardized design ready for large scale production) and have been or are being produced on an assembly line for multiple commodities using the approved, standardized design. ■ 12. Section 120.49 is added to read as follows: § 120.49 Technical data that arises during, or results from, fundamental research. (a) Technical Data arising during, or resulting from, fundamental research. Unclassified information that arises during, or results from, fundamental research and is intended to be published is not technical data when the research is: (1) Conducted in the United States at an accredited institution of higher learning located; or (2) Funded, in whole or in part, by the U.S. government. Note 1 to paragraph (a): The inputs used to conduct fundamental research, such as information, equipment, or software, are not ‘‘technical data that arises during or results from fundamental research’’ except to the extent that such inputs are technical data that arose during or resulted from earlier fundamental research. Note 2 to paragraph (a): There are instances in the conduct of research, whether fundamental, basic, or applied, where a researcher, institution, or company may decide to restrict or protect the release or publication of technical data contained in research results. Once a decision is made to PO 00000 Frm 00050 Fmt 4702 Sfmt 4702 maintain such technical data as restricted or proprietary, the technical data becomes subject to the ITAR. (b) Prepublication review. Technical data that arises during, or results from, fundamental research is intended to be published to the extent that the researchers are free to publish the technical data contained in the research without any restriction or delay, including U.S. government-imposed access and dissemination controls or research sponsor proprietary information review. Note 1 to paragraph (b): Although technical data arising during or resulting from fundamental research is not considered ‘‘intended to be published’’ if researchers accept restrictions on its publication, such technical data will nonetheless qualify as technical data arising during or resulting from fundamental research once all such restrictions have expired or have been removed. Note 2 to paragraph (b): Research that is voluntarily subjected to U.S. government prepublication review is considered intended to be published for all releases consistent with any resulting controls. Note 3 to paragraph (b): Technical data resulting from U.S. government funded research which is subject to governmentimposed access and dissemination or other specific national security controls qualifies as technical data resulting from fundamental research, provided that all governmentimposed national security controls have been satisfied. (c) Fundamental research definition. Fundamental research means basic or applied research in science and engineering, the results of which ordinarily are published and shared broadly within the scientific community. This is distinguished from proprietary research and from industrial development, design, production, and product utilization, the results of which ordinarily are restricted for proprietary or national security reasons. (1) Basic research means experimental or theoretical work undertaken principally to acquire new knowledge of the fundamental principles of phenomena or observable facts, not primarily directed towards a specific practical aim or objective. (2) Applied research means the effort that: (i) Normally follows basic research, but may not be severable from the related basic research; (ii) Attempts to determine and exploit the potential of scientific discoveries or improvements in technology, materials, processes, methods, devices, or techniques; and (iii) Attempts to advance the state of the art. E:\FR\FM\03JNP1.SGM 03JNP1 Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules 13. Section 120.50 is added to read as follows: ■ § 120.50 Release. (a) Except as set forth in § 120.52, technical data and software are released through: (1) Visual or other inspection by foreign persons of a defense article that reveals technical data or software to a foreign person; or (2) Oral or written exchanges with foreign persons of technical data in the United States or abroad. (b) [Reserved] ■ 14. Section 120.51 is added to read as follows: § 120.51 Retransfer. Except as set forth in § 120.52 of this subchapter, a retransfer is a change in end use or end user of a defense article within the same foreign country. ■ 15. Section 120.52 is added to read as follows: asabaliauskas on DSK5VPTVN1PROD with PROPOSALS § 120.52 Activities that are not exports, reexports, or retransfers. (a) The following activities are not exports, reexports, or retransfers: (1) Launching a spacecraft, launch vehicle, payload, or other item into space; (2) While in the United States, releasing technical data or software to a U.S. person; (3) Shipping, moving, or transferring defense articles between or among the United States, the District of Columbia, the Commonwealth of Puerto Rico, the Commonwealth of the Northern Mariana Islands or any territory, dependency, or possession of the United States as listed in Schedule C, Classification Codes and Descriptions for U.S. Export Statistics, issued by the Bureau of the Census; and (4) Sending, taking, or storing technical data or software that is: (i) Unclassified; (ii) Secured using end-to-end encryption; (iii) Secured using cryptographic modules (hardware or software) compliant with the Federal Information Processing Standards Publication 140–2 (FIPS 140–2) or its successors, supplemented by software implementation, cryptographic key management and other procedures and controls that are in accordance with guidance provided in current U.S. National Institute for Standards and Technology publications; and (iv) Not stored in a country proscribed in § 126.1 of this subchapter or the Russian Federation. (b) For purposes of this section, endto-end encryption means the provision of uninterrupted cryptographic VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 protection of data between an originator and an intended recipient, including between an individual and himself or herself. It involves encrypting data by the originating party and keeping that data encrypted except by the intended recipient, where the means to access the data in unencrypted form is not given to any third party, including to any Internet service provider, application service provider or cloud service provider. (c) The ability to access technical data or software in encrypted form that satisfies the criteria set forth in paragraph (a)(4) of this section does not constitute the release or export of such technical data or software. Note to § 120.52: See § 127.1 of this subchapter for prohibitions on the release or transfer of technical data or software, in any form, to any person with knowledge that a violation will occur. PART 123—LICENSES FOR THE EXPORT AND TEMPORARY IMPORT OF DEFENSE ARTICLES 16. The authority citation for part 123 continues to read as follows: ■ Authority: Secs. 2, 38, and 71, 90, 90 Stat. 744 (22 U.S.C. 2752, 2778, 2797); 22 U.S.C. 2753; 22 U.S.C. 2651a; 22 U.S.C. 2776; Pub. L. 105–261, 112 Stat. 1920; Sec. 1205(a), Pub. L. 107–228; Section 1261, Pub. L. 112–239; E.O. 13637, 78 FR 16129. 17. Section 123.28 is added to read as follows: ■ § 123.28 Scope of a license. Unless limited by a condition set out in a license, the export, reexport, retransfer, or temporary import authorized by a license is for the item(s), end-use(s), and parties described in the license application and any letters of explanation. DDTC grants licenses in reliance on representations the applicant made in or submitted in connection with the license application, letters of explanation, and other documents submitted. PART 124—AGREEMENTS, OFFSHORE PROCUREMENT, AND OTHER DEFENSE SERVICES 18. The authority citation for part 124 continues to read as follows: ■ Authority: Secs. 2, 38, and 71, 90, 90 Stat. 744 (22 U.S.C. 2752, 2778, 2797); 22 U.S.C. 2651a; 22 U.S.C. 2776; Section 1514, Pub. L. 105–261; Pub. L. 111–266; Section 1261, Pub. L. 112–239; E.O. 13637, 78 FR 16129. 19. Section 124.1 is amended by adding paragraph (e) to read as follows: ■ § 124.1 Manufacturing license agreements and technical assistance agreements. * PO 00000 * * Frm 00051 * Fmt 4702 * Sfmt 4702 31537 (e) Unless limited by a condition set out in an agreement, the export, reexport, retransfer, or temporary import authorized by a license is for the item(s), end-use(s), and parties described in the agreement, license, and any letters of explanation. DDTC approves agreements and grants licenses in reliance on representations the applicant made in or submitted in connection with the agreement, letters of explanation, and other documents submitted. PART 125—LICENSES FOR THE EXPORT OF TECHNICAL DATA AND CLASSIFIED DEFENSE ARTICLES 20. The authority citation for part 125 continues to read as follows: ■ Authority: Secs. 2 and 38, 90, 90 Stat. 744 (22 U.S.C. 2752, 2778); 22 U.S.C. 2651a; E.O. 13637, 78 FR 16129. 21. Section 125.4 is amended by revising paragraph (b)(9) to read as follows: ■ § 125.4 Exemptions of general applicability. * * * * * (b) * * * (9) Technical data, including classified information, regardless of media or format, exported by or to a U.S. person or a foreign person employee of a U.S. person, travelling or on temporary assignment abroad subject to the following restrictions: (i) Foreign persons may only export or receive such technical data as they are authorized to receive through a separate license or other approval. (ii) The technical data exported under this authorization is to be possessed or used solely by a U.S. person or authorized foreign person and sufficient security precautions must be taken to prevent the unauthorized release of the technology. Such security precautions include encryption of the technical data, the use of secure network connections, such as virtual private networks, the use of passwords or other access restrictions on the electronic device or media on which the technical data is stored, and the use of firewalls and other network security measures to prevent unauthorized access. (iii) The U.S. person is an employee of the U.S. government or is directly employed by a U.S. person and not by a foreign subsidiary. (iv) Technical data authorized under this exception may not be used for foreign production purposes or for defense services unless authorized through a license or other approval. (v) The U.S. employer of foreign persons must document the use of this exemption by foreign person employees, E:\FR\FM\03JNP1.SGM 03JNP1 31538 Federal Register / Vol. 80, No. 106 / Wednesday, June 3, 2015 / Proposed Rules including the reason that the technical data is needed by the foreign person for their temporary business activities abroad on behalf of the U.S. person. (vi) Classified information is sent or taken outside the United States in accordance with the requirements of the Department of Defense National Industrial Security Program Operating Manual (unless such requirements are in direct conflict with guidance provided by the Directorate of Defense Trade Controls, in which case such guidance must be followed). * * * * * DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT PART 127—VIOLATIONS AND PENALTIES SUMMARY: 22. The authority citation for part 127 continues to read as follows: ■ Authority: Sections 2, 38, and 42, 90, 90 Stat. 744 (22 U.S.C. 2752, 2778, 2791); 22 U.S.C. 401; 22 U.S.C. 2651a; 22 U.S.C. 2779a; 22 U.S.C. 2780; E.O. 13637, 78 FR 16129. 23. Section 127.1 is amended by adding paragraphs (a)(6) and (b)(4) to read as follows: ■ § 127.1 Violations. asabaliauskas on DSK5VPTVN1PROD with PROPOSALS (a) * * * (6) To export, reexport, retransfer, or otherwise make available to the public technical data or software if such person has knowledge that the technical data or software was made publicly available without an authorization described in § 120.11(b) of this subchapter. (b) * * * (4) To release or otherwise transfer information, such as decryption keys, network access codes, or passwords, that would allow access to other technical data in clear text or to software that will result, directly or indirectly, in an unauthorized export, reexport, or retransfer of the technical data in clear text or software. Violation of this provision will constitute a violation to the same extent as a violation in connection with the export of the controlled technical data or software. * * * * * Dated: May 20, 2015. Rose E. Gottemoeller, Under Secretary, Arms Control and International Security, Department of State. [FR Doc. 2015–12844 Filed 6–2–15; 8:45 am] BILLING CODE 4710–25–P VerDate Sep<11>2014 17:19 Jun 02, 2015 Jkt 235001 24 CFR Parts 91 and 576 [Docket No. FR–5474–N–02] RIN 2506–AC29 Emergency Solutions Grants (ESG) Program, Solicitation of Comment on Specific Issues Office of the Assistant Secretary for Community Planning and Development, HUD. ACTION: Regulatory review; request for comments. AGENCY: On December 5, 2011, HUD published an interim rule entitled ‘‘Homeless Emergency Assistance and Rapid Transition to Housing: Emergency Solutions Grants Program and Consolidated Plan Conforming Amendments’’ (interim rule). The comment period for the interim rule ended on February 3, 2012. Because recipients and subrecipients have now had more experience implementing the interim rule, HUD recognizes that they may have additional input and comments for HUD to consider in its development of the ESG final rule (final rule). Therefore, this document takes comments for 60 days to allow additional time for public input, and for HUD to solicit specific comment on certain issues. DATES: Comment due date: August 3, 2015. ADDRESSES: Interested persons are invited to submit comments responsive to this request for information to the Regulations Division, Office of General Counsel, Department of Housing and Urban Development, 451 7th Street SW., Room 10276, Washington, DC 20410– 7000. Communications must refer to the above docket number and title and should contain the information specified in the ‘‘Request for Comments’’ of this notice. Electronic Submission of Comments. Interested persons may submit comments electronically through the Federal eRulemaking Portal at http:// www.regulations.gov. HUD strongly encourages commenters to submit comments electronically. Electronic submission of comments allows the commenter maximum time to prepare and submit a comment, ensures timely receipt by HUD, and enables HUD to make them immediately available to the public. Comments submitted electronically through the http:// www.regulations.gov Web site can be viewed by interested members of the public. Commenters should follow PO 00000 Frm 00052 Fmt 4702 Sfmt 4702 instructions provided on that site to submit comments electronically. Submission of Hard Copy Comments. Comments may be submitted by mail or hand delivery. To ensure that the information is fully considered by all of the reviewers, each commenter submitting hard copy comments, by mail or hand delivery, should submit comments or requests to the address above, addressed to the attention of the Regulations Division. Due to security measures at all federal agencies, submission of comments or requests by mail often result in delayed delivery. To ensure timely receipt of comments, HUD recommends that any comments submitted by mail be submitted at least 2 weeks in advance of the public comment deadline. All hard copy comments received by mail or hand delivery are a part of the public record and will be posted to http:// www.regulations.gov without change. Note: To receive consideration as public comments, comments must be submitted through one of the two methods specified above. Again, all submissions must refer to the docket number and title of the rule. No Facsimile Comments. Facsimile (fax) comments are not acceptable. Public Inspection of Comments. All comments submitted to HUD regarding this notice will be available, without charge, for public inspection and copying between 8 a.m. and 5 p.m. weekdays at the above address. Due to security measures at the HUD Headquarters building, an advance appointment to review the documents must be scheduled by calling the Regulation Division at 202–708–3055 (this is not a toll-free number). Copies of all comments submitted will also be available for inspection and downloading at http:// www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Norm Suchar, Director, Office of Special Needs Assistance Programs, Office of Community Planning and Development, Department of Housing and Urban Development, 451 7th Street SW., Room 7262, Washington, DC 20410–7000, telephone number (202) 708–4300 (this is not a toll-free number). Persons with hearing or speech impairments may access this number through TTY by calling the toll-free Federal Relay Service at 800–877–8339. SUPPLEMENTARY INFORMATION: E:\FR\FM\03JNP1.SGM 03JNP1

Agencies

[Federal Register Volume 80, Number 106 (Wednesday, June 3, 2015)]
[Proposed Rules]
[Pages 31525-31538]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-12844]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF STATE

22 CFR Parts 120, 123, 125, and 127

[Public Notice 9149]
RIN 1400-AD70


International Traffic in Arms: Revisions to Definitions of 
Defense Services, Technical Data, and Public Domain; Definition of 
Product of Fundamental Research; Electronic Transmission and Storage of 
Technical Data; and Related Definitions

AGENCY: Department of State.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: As part of the President's Export Control Reform (ECR) 
initiative, the Department of State proposes to amend the International 
Traffic in Arms

[[Page 31526]]

Regulations (ITAR) to update the definitions of ``defense article,'' 
``defense services,'' ``technical data,'' ``public domain,'' 
``export,'' and ``reexport or retransfer'' in order to clarify the 
scope of activities and information that are covered within these 
definitions and harmonize the definitions with the Export 
Administration Regulations (EAR), to the extent appropriate. 
Additionally, the Department proposes to create definitions of 
``required,'' ``technical data that arises during, or results from, 
fundamental research,'' ``release,'' ``retransfer,'' and ``activities 
that are not exports, reexports, or retransfers'' in order to clarify 
and support the interpretation of the revised definitions that are 
proposed in this rulemaking. The Department proposes to create new 
sections detailing the scope of licenses, unauthorized releases of 
information, and the ``release'' of secured information, and revises 
the sections on ``exports'' of ``technical data'' to U.S. persons 
abroad. Finally, the Department proposes to address the electronic 
transmission and storage of unclassified ``technical data'' via foreign 
communications infrastructure. This rulemaking proposes that the 
electronic transmission of unclassified ``technical data'' abroad is 
not an ``export,'' provided that the data is sufficiently secured to 
prevent access by foreign persons. Additionally, this proposed rule 
would allow for the electronic storage of unclassified ``technical 
data'' abroad, provided that the data is secured to prevent access by 
parties unauthorized to access such data. The revisions contained in 
this proposed rule are part of the Department of State's retrospective 
plan under Executive Order 13563 first submitted on August 17, 2011.

DATES: The Department of State will accept comments on this proposed 
rule until August 3, 2015.

ADDRESSES: Interested parties may submit comments within 60 days of the 
date of publication by one of the following methods:
     Email: DDTCPublicComments@state.gov with the subject line, 
``ITAR Amendment--Revisions to Definitions; Data Transmission and 
Storage.''
     Internet: At www.regulations.gov, search for this notice 
by using this rule's RIN (1400-AD70).
    Comments received after that date may be considered, but 
consideration cannot be assured. Those submitting comments should not 
include any personally identifying information they do not desire to be 
made public or information for which a claim of confidentiality is 
asserted because those comments and/or transmittal emails will be made 
available for public inspection and copying after the close of the 
comment period via the Directorate of Defense Trade Controls Web site 
at www.pmddtc.state.gov. Parties who wish to comment anonymously may do 
so by submitting their comments via www.regulations.gov, leaving the 
fields that would identify the commenter blank and including no 
identifying information in the comment itself. Comments submitted via 
www.regulations.gov are immediately available for public inspection.

FOR FURTHER INFORMATION CONTACT: Mr. C. Edward Peartree, Director, 
Office of Defense Trade Controls Policy, Department of State, telephone 
(202) 663-1282; email DDTCResponseTeam@state.gov. ATTN: ITAR 
Amendment--Revisions to Definitions; Data Transmission and Storage. The 
Department of State's full retrospective plan can be accessed at http://www.state.gov/documents/organization/181028.pdf.

SUPPLEMENTARY INFORMATION: The Directorate of Defense Trade Controls 
(DDTC), U.S. Department of State, administers the International Traffic 
in Arms Regulations (ITAR) (22 CFR parts 120 through 130). The items 
subject to the jurisdiction of the ITAR, i.e., ``defense articles'' and 
``defense services,'' are identified on the ITAR's U.S. Munitions List 
(USML) (22 CFR 121.1). With few exceptions, items not subject to the 
export control jurisdiction of the ITAR are subject to the jurisdiction 
of the Export Administration Regulations (``EAR,'' 15 CFR parts 730 
through 774, which includes the Commerce Control List (CCL) in 
Supplement No. 1 to part 774), administered by the Bureau of Industry 
and Security (BIS), U.S. Department of Commerce. Both the ITAR and the 
EAR impose license requirements on exports and reexports. Items not 
subject to the ITAR or to the exclusive licensing jurisdiction of any 
other set of regulations are subject to the EAR.
    BIS is concurrently publishing comparable proposed amendments (BIS 
companion rule) to the definitions of ``technology,'' ``required,'' 
``peculiarly responsible,'' ``published,'' results of ``fundamental 
research,'' ``export,'' ``reexport,'' ``release,'' and ``transfer (in-
country)'' in the EAR. A side-by-side comparison on the regulatory text 
proposed by both Departments is available on both agencies' Web sites: 
www.pmddtc.state.gov and www.bis.doc.gov.

1. Revised Definition of Defense Article

    The Department proposes to revise the definition of ``defense 
article'' to clarify the scope of the definition. The current text of 
Sec.  120.6 is made into a new paragraph (a), into which software is 
added to the list of things that are a ``defense article'' because 
software is being removed from the definition of ``technical data.'' 
This is not a substantive change.
    A new Sec.  120.6(b) is added to list those items that the 
Department has determined should not be a ``defense article,'' even 
though they would otherwise meet the definition of ``defense article.'' 
All the items described were formerly excluded from the definition of 
``technical data'' in Sec.  120.10. These items are declared to be not 
subject to the ITAR to parallel the EAR concept of ``not subject to the 
EAR'' as part of the effort to harmonize the ITAR and the EAR. This 
does not constitute a change in policy regarding these items or the 
scope of items that are defense articles.

2. Revised Definition of Technical Data

    The Department proposes to revise the definition of ``technical 
data'' in ITAR Sec.  120.10 in order to update and clarify the scope of 
information that may be captured within the definition. Paragraph 
(a)(1) of the revised definition defines ``technical data'' as 
information ``required'' for the ``development,'' ``production,'' 
operation, installation, maintenance, repair, overhaul, or refurbishing 
of a ``defense article,'' which harmonizes with the definition of 
``technology'' in the EAR and the Wassenaar Arrangement. This is not a 
change in the scope of the definition, and additional words describing 
activities that were in the prior definition are included in 
parentheticals to assist exporters.
    Paragraph (a)(1) also sets forth a broader range of examples of 
formats that ``technical data'' may take, such as diagrams, models, 
formulae, tables, engineering designs and specifications, computer-
aided design files, manuals or documentation, or electronic media, that 
may constitute ``technical data.'' Additionally, the revised definition 
includes certain conforming changes intended to reflect the revised and 
newly added defined terms proposed elsewhere in this rule.
    The proposed revised definition also includes a note clarifying 
that the modification of the design of an existing item creates a new 
item and that the ``technical data'' for the modification is 
``technical data'' for the new item.
    Paragraph (a)(2) of the revised definition defines ``technical 
data'' as

[[Page 31527]]

also including information that is enumerated on the USML. This will be 
``technical data'' that is positively described, as opposed to 
``technical data'' described in the standard catch-all ``technical 
data'' control for all ``technical data'' directly related to a 
``defense article'' described in the relevant category. The Department 
intends to enumerate certain controlled ``technical data'' as it 
continues to move the USML toward a more positive control list.
    Paragraph (a)(3) of the revised definition defines ``technical 
data'' as also including classified information that is for the 
``development,'' ``production,'' operation, installation, maintenance, 
repair, overhaul, or refurbishing of a ``defense article'' or a 600 
series item subject to the EAR. Paragraph (a)(5) of the revised 
definition defines ``technical data'' as also including information to 
access secured ``technical data'' in clear text, such as decryption 
keys, passwords, or network access codes. In support of the latter 
change, the Department also proposes to add a new provision to the list 
of violations in Sec.  127.1(b)(4) to state that any disclosure of 
these decryption keys or passwords that results in the unauthorized 
disclosure of the ``technical data'' or software secured by the 
encryption key or password is a violation and will constitute a 
violation to the same extent as the ``export'' of the secured 
information. For example, the ``release'' of a decryption key may 
result in the unauthorized disclosure of multiple files containing 
``technical data'' hosted abroad and could therefore constitute a 
violation of the ITAR for each piece of ``technical data'' on that 
server.
    Paragraph (b) of the revised definition of ``technical data'' 
excludes non-proprietary general system descriptions, information on 
basic function or purpose of an item, and telemetry data as defined in 
Note 3 to USML Category XV(f) (Sec.  121.1). Items formerly identified 
in this paragraph, principles taught in schools and ``public domain'' 
information, have been moved to the new ITAR Sec.  120.6(b).
    The proposed definition removes software from the definition of 
``technical data.'' Specific and catch-all controls on software will be 
added elsewhere throughout the ITAR as warranted, as it will now be 
defined as a separate type of ``defense article.''

3. Proposed Definition of Required

    The Department proposes a definition of ``required'' in a new Sec.  
120.46. ``Required'' is used in the definition of ``technical data'' 
and has, to this point, been an undefined term in the ITAR. The word is 
also used in the controls on technology in both the EAR and the 
Wassenaar Arrangement, as a defined term, which the Department is now 
proposing to adopt:

. . . [O]nly that portion of [technical data] that is peculiarly 
responsible for achieving or exceeding the controlled performance 
levels, characteristics, or functions. Such required [technical 
data] may be shared by different products.

    The proposed definition of ``required'' contains three notes. These 
notes explain how the definition is to be applied.
    Note 1 provides that the definition explicitly includes information 
for meeting not only controlled performance levels, but also 
characteristics and functions. All items described on the USML are 
identified by a characteristic or function. Additionally, some 
descriptions include a performance level. As an example, USML Category 
VIII(a)(1) controls aircraft that are ``bombers'' and contains no 
performance level. The characteristic of the aircraft that is 
controlled is that it is a bomber, and therefore, any ``technical 
data'' peculiar to making an aircraft a bomber is ``required.''
    Note 2 states that, with the exception of ``technical data'' 
specifically enumerated on the USML, the jurisdictional status of 
unclassified ``technical data'' is the same as that of the commodity to 
which it is directly related. Specifically, it explains that 
``technical data'' for a part or component of a ``defense article'' is 
directly related to that part or component, and if the part or 
component is subject to the EAR, so is the ``technical data.''
    Note 3 establishes a test for determining if information is 
peculiarly responsible for meeting or achieving the controlled 
performance levels, characteristics or functions of a ``defense 
article.'' It uses the same catch-and-release concept that the 
Department implemented in the definition of ``specially designed.'' It 
has a similarly broad catch of all information used in or for use in 
the ``development,'' ``production,'' operation, installation, 
maintenance, repair, overhaul, or refurbishing of a ``defense 
article.'' It has four releases that mirror the ``specially designed'' 
releases, and one reserved paragraph for information that the 
Department determines is generally insignificant. The first release is 
for information identified in a commodity jurisdiction determination. 
The second release is reserved. The third release is for information 
that is identical to information used in a non-defense article that is 
in ``production,'' and not otherwise enumerated on the ITAR. The fourth 
release is for information that was developed with knowledge that it is 
for both a ``defense article'' and a non-defense article. The fifth 
release is information that was developed for general purpose 
commodities.
    In the companion rule, BIS proposes to make Note 3 into a stand-
alone definition for ``peculiarly responsible'' as it has application 
outside of the definition of ``required.'' The substance of Note 3 and 
the BIS definition of ``peculiarly responsible'' are identical. DDTC 
asks for comments on the placement of this concept.

4. Proposed Definitions of Development and Production

    The Department proposes to add Sec.  120.47 for the definition of 
``development'' and Sec.  120.48 for the definition of ``production.'' 
These definitions are currently in Notes 1 and 2 to paragraph (b)(3) in 
Sec.  120.41, the definition of ``specially designed.'' Because 
``technical data'' is now defined, in part, as information ``required'' 
for the ``development'' or ``production'' of a ``defense article,'' and 
these words are now used in the definition of a ``defense service,'' it 
is appropriate to define these terms. The adoption of these definitions 
is also done for the purpose of harmonization because these definitions 
are also used in the EAR and by the Wassenaar Arrangement.

5. Revised Definition of Public Domain

    The Department proposes to revise the definition of ``public 
domain'' in ITAR Sec.  120.11 in order to simplify, update, and 
introduce greater versatility into the definition. The existing version 
of ITAR Sec.  120.11 relies on an enumerated list of circumstances 
through which ``public domain'' information might be published. The 
Department believes that this definition is unnecessarily limiting in 
scope and insufficiently flexible with respect to the continually 
evolving array of media, whether physical or electronic, through which 
information may be disseminated.
    The proposed definition is intended to identify the characteristics 
that are common to all of the enumerated forms of publication 
identified in the current rule--with the exception of ITAR Sec.  
120.11(a)(8), which is addressed in a new definition for ``technical 
data that arises during, or results from, fundamental research''--and 
to present those common characteristics in a streamlined definition 
that does not require enumerated identification

[[Page 31528]]

within the ITAR of every current or future qualifying publication 
scenario. Additionally, the proposed definition incorporates phrases 
such as ``generally accessible'' and ``without restriction upon its 
further dissemination'' in order to better align the definition found 
in the EAR and more closely aligned with the definition in the 
Wassenaar Arrangement control lists.
    The proposed definition requires that information be made available 
to the public without restrictions on its further dissemination. Any 
information that meets this definition is ``public domain.'' The 
definition also retains an exemplary list of information that has been 
made available to the public without restriction and would be 
considered ``public domain.'' These include magazines, periodicals and 
other publications available as subscriptions, publications contained 
in libraries, information made available at a public conference, 
meeting, seminar, trade show, or exhibition, and information posted on 
public Web sites. The final example deems information that is submitted 
to co-authors, editors, or reviewers or conference organizers for 
review for publication to be ``public domain,'' even prior to actual 
publication. The relevant restrictions do not include copyright 
protections or generic property rights in the underlying physical 
medium.
    Paragraph (b) of the revised definition explicitly sets forth the 
Department's requirement of authorization to release information into 
the ``public domain.'' Prior to making available ``technical data'' or 
software subject to the ITAR, the U.S. government must approve the 
release through one of the following: (1) The Department; (2) the 
Department of Defense's Office of Security Review; (3) a relevant U.S. 
government contracting authority with authority to allow the 
``technical data'' or software to be made available to the public, if 
one exists; or (4) another U.S. government official with authority to 
allow the ``technical data'' or software to be made available to the 
public.
    The requirements of paragraph (b) are not new. Rather, they are a 
more explicit statement of the ITAR's requirement that one must seek 
and receive a license or other authorization from the Department or 
other cognizant U.S. government authority to release ITAR controlled 
``technical data,'' as defined in Sec.  120.10. A release of 
``technical data'' may occur by disseminating ``technical data'' at a 
public conference or trade show, publishing ``technical data'' in a 
book or journal article, or posting ``technical data'' to the Internet. 
This proposed provision will enhance compliance with the ITAR by 
clarifying that ``technical data'' may not be made available to the 
public without authorization. Persons who intend to discuss ``technical 
data'' at a conference or trade show, or to publish it, must ensure 
that they obtain the appropriate authorization.
    Information that is excluded from the definition of ``defense 
article'' in the new Sec.  120.6(b) is not ``technical data'' and 
therefore does not require authorization prior to release into the 
``public domain.'' This includes information that arises during or 
results from ``fundamental research,'' as described in the new Sec.  
120.49; general scientific, mathematical, or engineering principles 
commonly taught in schools, and information that is contained in 
patents.
    The Department also proposes to add a new provision to Sec.  127.1 
in paragraph (a)(6) to state explicitly that the further dissemination 
of ``technical data'' or software that was made available to the public 
without authorization is a violation of the ITAR, if, and only if, it 
is done with knowledge that the ``technical data'' or software was made 
publicly available without an authorization described in ITAR Sec.  
120.11(b)(2). Dissemination of publicly available ``technical data'' or 
software is not an export-controlled event, and does not require 
authorization from the Department, in the absence of knowledge that it 
was made publicly available without authorization.
    ``Technical data'' and software that is made publicly available 
without proper authorization remains ``technical data'' or software and 
therefore remains subject to the ITAR. As such, the U.S. government may 
advise a person that the original release of the ``technical data'' or 
software was unauthorized and put that person on notice that further 
dissemination would violate the ITAR.

6. Proposed Definition of Technical Data That Arises During, or Results 
From, Fundamental Research

    The Department proposes to move ``fundamental research'' from the 
definition of ``public domain'' in ITAR Sec.  120.11(a)(8) and define 
``technical data that arises during, or results from, fundamental 
research'' in a new ITAR Sec.  120.49. The Department believes that 
information that arises during, or results from fundamental research is 
conceptually distinguishable from the information that would be 
captured in the revised definition of ``public domain'' that is 
proposed in this rule. Accordingly, the Department proposes to address 
this concept with its own definition. The new definition of ``technical 
data that arises during, or results from, fundamental research'' is 
consistent with the prior ITAR Sec.  120.11(a)(8), except that the 
Department has expanded the scope of eligible research to include 
research that is funded, in whole or in part, by the U.S. government.

7. Revised Definition of Export

    The Department proposes to revise the definition of ``export'' in 
ITAR Sec.  120.17 to better align with the EAR's revised definition of 
the term and to remove activities associated with a defense article's 
further movement or release outside the United States, which will now 
fall within the definition of ``reexport'' in Sec.  120.19. The 
definition is revised to explicitly identify that ITAR Sec. Sec.  
126.16 and 126.17 (exemptions pursuant to the Australia and UK Defense 
Trade Cooperation Treaties) have their own definitions of ``export,'' 
which apply exclusively to those exemptions. It also explicitly 
references the new Sec.  120.49, ``Activities that are Not Exports, 
Reexports, or Retransfers,'' which excludes from ITAR control certain 
transactions identified therein.
    Paragraph (a)(1) is revised to parallel the definition of 
``export'' in proposed paragraph (a)(1) of Sec.  734.13 of the EAR. 
Although the wording has changed, the scope of the control is the same. 
The provision excepting travel outside of the United States by persons 
whose personal knowledge includes ``technical data'' is removed, but 
the central concept is unchanged. The ``release'' of ``technical data'' 
to a foreign person while in the United States or while travelling 
remains a controlled event.
    Paragraph (a)(2) includes the control listed in the current Sec.  
120.17(a)(4) (transfer of technical data to a foreign person). The 
proposed revisions replace the word ``disclosing'' with ``releasing,'' 
and the paragraph is otherwise revised to parallel proposed paragraph 
(a)(2) of Sec.  734.13 of the EAR. ``Release'' is a newly defined 
concept in Sec.  120.50 that encompasses the previously undefined term 
``disclose.''
    Paragraph (a)(3) includes the control listed in the current Sec.  
120.17(a)(2) (transfer of registration, control, or ownership to a 
foreign person of an aircraft, vessel, or satellite). It is revised to 
parallel proposed paragraph (a)(3) of Sec.  734.13 of the EAR.
    Paragraph (a)(4) includes the control listed in the current Sec.  
120.17(a)(3) (transfer in the United States to foreign embassies).
    Paragraph (a)(5) maintains the control on performing a ``defense 
service.''
    Paragraph (a)(6) is added for the ``release'' or transfer of 
decryption keys,

[[Page 31529]]

passwords, and other items identified in the new paragraph (a)(5) of 
the revised definition of ``technical data'' in Sec.  120.10. This 
paragraph makes ``release'' or transfer of information securing 
``technical data'' an ``export.'' Making the release of decryption keys 
and other information securing technical data in an inaccessible or 
unreadable format an export allows the Department to propose that 
providing someone with encrypted ``technical data'' would not be an 
``export,'' under certain circumstances. Provision of a decryption key 
or other information securing ``technical data'' is an ``export'' 
regardless of whether the foreign person has already obtained access to 
the secured ``technical data.'' Paragraph (a)(6) of the definitions of 
export and reexport in this rule and the BIS companion rule present 
different formulations for this control and the agencies request input 
from the public on which language more clearly describes the control. 
The agencies intend, however, that the act of providing physical access 
to unsecured ``technical data'' (subject to the ITAR) will be a 
controlled event. The mere act of providing access to unsecured 
technology (subject to the EAR) will not, however, be a controlled 
event unless it is done with ``knowledge'' that such provision will 
cause or permit the transfer of controlled ``technology'' in clear text 
or ``software'' to a foreign national.
    Paragraph (a)(7) is added for the release of information to a 
public network, such as the Internet. This makes more explicit the 
existing control in (a)(4), which includes the publication of 
``technical data'' to the Internet due to its inherent accessibility by 
foreign persons. This means that before posting information to the 
Internet, you should determine whether the information is ``technical 
data.'' You should review the USML, and if there is doubt about whether 
the information is ``technical data,'' you may request a commodity 
jurisdiction determination from the Department. If so, a license or 
other authorization, as described in Sec.  120.11(b), will generally be 
required to post such ``technical data'' to the Internet. Posting 
``technical data'' to the Internet without a Department or other 
authorization is a violation of the ITAR even absent specific knowledge 
that a foreign national will read the ``technical data.''
    Paragraph (b)(1) is added to clarify existing ITAR controls to 
explicitly state that disclosing ``technical data'' to a foreign person 
is deemed to be an ``export'' to all countries in which the foreign 
person has held citizenship or holds permanent residency.

8. Revised Definition of Reexport

    The Department proposes to revise the definition of ``reexport'' in 
ITAR Sec.  120.19 to better align with the EAR's revised definition and 
describe transfers of items subject to the jurisdiction of the ITAR 
between two foreign countries. The activities identified are the same 
as those in paragraphs (a)(1) through (4) of the revised definition of 
``export,'' except that the shipment, release or transfer is between 
two foreign countries or is to a third country national foreign person 
outside of the United States.

9. Proposed Definition of Release

    The Department proposes to add Sec.  120.50, the definition of 
``release.'' This term is added to harmonize with the EAR, which has 
long used the term to cover activities that disclose information to 
foreign persons. ``Release'' includes the activities encompassed within 
the undefined term ``disclose.'' The activities that are captured 
include allowing a foreign person to inspect a ``defense article'' in a 
way that reveals ``technical data'' to the foreign persons and oral or 
written exchanges of ``technical data'' with a foreign person. The 
adoption of the definition of ``release'' does not change the scope of 
activities that constitute an ``export'' and other controlled 
transactions under the ITAR.

10. Proposed Definition of Retransfer

    The Department proposes to add Sec.  120.51, the definition of 
``retransfer.'' ``Retransfer'' is moved out of the definition of 
``reexport'' in Sec.  120.19 to better harmonize with the EAR, which 
controls ``exports,'' ``reexports'' and ``transfers (in country)'' as 
discrete events. Under this new definition, a ``retransfer'' occurs 
with a change of end use or end user within the same foreign territory. 
Certain activities may fit within the definition of ``reexport'' and 
``retransfer,'' such as the disclosure of ``technical data'' to a third 
country national abroad. Requests for both ``reexports'' and 
``retransfers'' of ``defense articles'' will generally be processed 
through a General Correspondence or an exemption.

11. Proposed Activities That Are Not Exports, Reexports, or Retransfers

    The Department proposes to add Sec.  120.52 to describe those 
``activities that are not exports, reexports, or retransfers'' and do 
not require authorization from the Department. It is not an ``export'' 
to launch items into space, provide ``technical data'' or software to 
U.S. persons while in the United States, or move a ``defense article'' 
between the states, possessions, and territories of the United States. 
The Department also proposes to add a new provision excluding from ITAR 
licensing requirements the transmission and storage of encrypted 
``technical data'' and software.
    The Department recognizes that ITAR-controlled ``technical data'' 
may be electronically routed through foreign servers unbeknownst to the 
original sender. This presents a risk of unauthorized access and 
creates a potential for inadvertent ITAR violations. For example, email 
containing ``technical data'' may, without the knowledge of the sender, 
transit a foreign country's Internet service infrastructure en route to 
its intended and authorized final destination. Any access to this data 
by a foreign person would constitute an unauthorized ``export'' under 
ITAR Sec.  120.17. Another example is the use of mass data storage 
(i.e., ``cloud storage''). In this case, ``technical data'' intended to 
be resident in cloud storage may, without the knowledge of the sender, 
be physically stored on a server or servers located in a foreign 
country or multiple countries. Any access to this data, even if 
unintended by the sender, would constitute an ``export'' under ITAR 
Sec.  120.17.
    The intent of the proposed ITAR Sec.  120.52(a)(4) is to clarify 
that when unclassified ``technical data'' transits through a foreign 
country's Internet service infrastructure, a license or other approval 
is not mandated when such ``technical data'' is encrypted prior to 
leaving the sender's facilities and remains encrypted until received by 
the intended recipient or retrieved by the sender, as in the case of 
remote storage. The encryption must be accomplished in a manner that is 
certified by the U.S. National Institute for Standards and Technology 
(NIST) as compliant with the Federal Information Processing Standards 
Publication 140-2 (FIPS 140-2). Additionally, the Department proposes 
that the electronic storage abroad of ``technical data'' that has been 
similarly encrypted would not require an authorization, so long as it 
is not stored in a Sec.  126.1 country or in the Russian Federation. 
This will allow for cloud storage of encrypted data in foreign 
countries, so long as the ``technical data'' remains continuously 
encrypted while outside of the United States.

[[Page 31530]]

12. Revised Exemption for the Export of Technical Data for U.S. Persons 
Abroad

    The Department proposes to revise Sec.  125.4(b)(9) to better 
harmonize controls on the ``release'' of controlled information to U.S. 
persons abroad and to update the provisions. The most significant 
update is that foreign persons authorized to receive ``technical data'' 
in the United States will be eligible to receive that same ``technical 
data'' abroad, when on temporary assignment on behalf of their 
employer. The proposed revisions clarify that a person going abroad may 
use this exemption to ``export'' ``technical data'' for their own use 
abroad. The proposed revisions also clarify that the ``technical data'' 
must be secured while abroad to prevent unauthorized ``release.'' It 
has been long-standing Department practice to hold U.S. persons 
responsible for the ``release'' of ``technical data'' in their 
possession while abroad. However, given the nature of ``technical 
data'' and the proposed exception from licensing for transmission of 
secured ``technical data,'' the Department has determined it is 
necessary to implement an affirmative obligation to secure data while 
abroad.

13. Proposed Scope of License

    The Department proposes to add Sec.  123.28 to clarify the scope of 
a license, in the absence of a proviso, and to state that 
authorizations are granted based on the information provided by the 
applicant. This means that while providing false information to the 
U.S. government as part of the application process for the ``export,'' 
``reexport,'' or ``retransfer'' of a ``defense article'' is a violation 
of the ITAR, it also may void the license.

14. Revised Definition of Defense Service

    Proposed revisions of the ``defense service'' definition were 
published on April 13, 2011, RIN 1400-AC80 (see ``International Traffic 
in Arms Regulations: Defense Services,'' 76 FR 20590) and May 24, 2013 
(see 78 FR 31444, RIN 1400-AC80). In those rules, the Department 
explained its determination that the scope of the current definition is 
overly broad, capturing certain forms of assistance or services that no 
longer warrant ITAR control.
    The Department reviewed comments on that first proposed definition 
and, when the recommended changes added to the clarity of the 
regulation, the Department accepted them. For the Department's 
evaluation of those public comments and recommendations regarding the 
April 13, 2011, proposed rule (the first revision), see 78 FR 31444, 
May 24, 2013. The Department's evaluation of the written comments and 
recommendations in response to the May 24, 2013 proposed rule (the 
second revision) follows.
    Parties commenting on the second revision expressed concern that 
the definition of ``defense service'' in paragraph (a)(1) was premised 
on the use of ``other than public domain information.'' The observation 
was made that with the intent of removing from the definition of a 
``defense service'' the furnishing of assistance using ``public 
domain'' information, but not basing the assistance on the use of 
``technical data,'' the Department was continuing to require the 
licensing of activities akin to those that were based on the use of 
``public domain'' information. The Department has fully revised 
paragraph (a)(1) to remove the use of the ``other than public domain 
information'' or ``technical data'' from the determination of whether 
an activity is a ``defense service.'' Furthermore, the Department has 
added a new provision declaring that the activities described in 
paragraph (a)(1) are not a ``defense service'' if performed by a U.S. 
person or foreign person in the United States who does not have 
knowledge of U.S.-origin ``technical data'' directly related to the 
``defense article'' that is the subject of the assistance or training 
or another ``defense article'' described in the same USML paragraph 
prior to performing the service. A note is added to clarify that a 
person will be deemed to have knowledge of U.S.-origin ``technical 
data'' if the person previously participated in the ``development'' of 
a ``defense article'' described in the same USML paragraph, or accessed 
(physically or electronically) that ``technical data.'' A note is also 
added to clarify that those U.S. persons abroad who only received U.S.-
origin ``technical data'' as a result of their activities on behalf of 
a foreign person are not included within the scope of paragraph (a)(1). 
A third note is added to clarify that DDTC-authorized foreign person 
employees in the United States who provide ``defense services'' on 
behalf of their U.S. employer are considered to be included with the 
U.S. employer's authorization, and need not be listed on the U.S. 
employer's technical assistance agreement or receive a separate 
authorization for those services. The Department also removed the 
activities of design, development, and engineering from paragraph 
(a)(1) and moved them to paragraph (a)(2).
    Commenting parties recommended revising paragraph (a)(1) to remove 
the provision of ``technical data'' as a ``defense service,'' because 
there are already licensing requirements for the ``export'' of 
``technical data.'' The Department confirms that it eliminated from the 
definition of a ``defense service'' the act of furnishing ``technical 
data'' to a foreign person. Such activity still constitutes an 
``export'' and would require an ITAR authorization. New paragraph 
(a)(1) is concerned with the furnishing of assistance, whereas the 
``export'' of ``technical data'' alone, without the furnishing of 
assistance, is not a ``defense service.'' The ``export'' of ``technical 
data'' requires an authorization (Department of State form DSP-5 or 
DSP-85) or the use of an applicable exemption.
    Commenting parties recommended the definition be revised to 
explicitly state that it applies to the furnishing of assistance by 
U.S. persons, or by foreign persons in the United States. The 
Department partially accepted this recommendation. However, the 
Department notes that ITAR Sec.  120.1(c) provides that only U.S. 
persons and foreign governmental entities in the United States may be 
granted a license or other approval pursuant to the ITAR, and that 
foreign persons may only receive a ``reexport'' or ``retransfer'' 
approval or approval for brokering activities. Therefore, approval for 
the performance of a defense service in the United States by a foreign 
person must be obtained by a U.S. person, such as an employer, on 
behalf of the foreign person. Regarding a related recommendation, the 
Department also notes that the furnishing of a type of assistance 
described by the definition of a ``defense service'' is not an activity 
within the Department's jurisdiction when it is provided by a foreign 
person outside the United States to another foreign person outside the 
United States on a foreign ``defense article'' using foreign-origin 
``technical data.''
    In response to commenting parties, the Department specified that 
the examples it provided for activities that are not ``defense 
services'' are not exhaustive. Rather, they are provided to answer the 
more frequent questions the Department receives on the matter. The 
Department removed these examples from paragraph (b) and included them 
as a note to paragraph (a).
    A commenting party recommended that paragraphs (a)(5) and (a)(6), 
regarding the furnishing of assistance in the integration of a 
spacecraft to a launch vehicle and in the launch failure analysis of a 
spacecraft or launch vehicle, respectively, be removed, and that those 
activities be described in the USML categories covering spacecraft

[[Page 31531]]

and launch vehicles, on the basis that a general definition should not 
have such program-specific clauses. As discussed in the May 13, 2014 
interim final rule revising USML Category XV (79 FR 27180), the 
Department accepted this recommendation and revised paragraph (f) of 
USML Category XV and paragraph (i) of USML Category IV accordingly. The 
revision includes the recommendation of commenting parties to 
specifically provide that the service must be provided to a foreign 
person in order for it to be a licensable activity.
    Commenting parties recommended the Department define the term 
``tactical employment,'' so as to clarify what services would be 
captured by paragraph (a)(3). The Department determined that employment 
of a ``defense article'' should remain a controlled event, due to the 
nature of items now controlled in the revised USML categories. After 
ECR, those items that remain ``defense articles'' are the most 
sensitive and militarily critical equipment that have a significant 
national security or intelligence application. Allowing training and 
other services to foreign nationals in the employment of these 
``defense articles'' without a license would not be appropriate. 
Therefore, the Department removed the word ``tactical'' and converted 
the existing exemption for basic operation of a ``defense article,'' 
authorized by the U.S. government for ``export'' to the same recipient, 
into an exclusion from paragraph (a)(3).
    A commenting party recommended the Department address the instance 
of the integration or installation of a ``defense article'' into an 
item, much as it addressed the instance of the integration or 
installation of an item into a ``defense article.'' Previously, the 
Department indicated this would be the subject of a separate rule, and 
addressed the ``export'' of such items in a proposed rule (see 76 FR 
13928), but upon review the Department accepted this recommendation, 
and revised paragraph (a)(2), the note to paragraph (a)(2), and the 
note to paragraph (a) accordingly. In addition, the Department has 
changed certain terminology used in the paragraph: instead of referring 
to the ``transfer'' of ``technical data,'' the paragraph is premised on 
the ``use'' of ``technical data.'' This change is consistent with 
removing from the definition of a ``defense service'' the furnishing of 
``technical data'' to a foreign person when there is not also the 
furnishing of assistance related to that ``technical data.''
    A commenting party requested clarification of the rationale behind 
selectively excepting from the ``defense services'' definition the 
furnishing of services using ``public domain'' information. The 
Department did so in paragraph (a)(1), and now excludes those services 
performed by U.S. persons who have not previously had access to any 
U.S. origin ``technical data'' on the ``defense article'' being 
serviced. In contrast, the Department did not do so in paragraphs 
(a)(2) and (a)(3) and former paragraphs (a)(5) and (a)(6). In the case 
of paragraph (a)(2), the rationale for not doing so is that the 
activities involved in the development of a ``defense article,'' or in 
integrating a ``defense article'' with another item, inherently involve 
the advancement of the military capacity of another country and 
therefore constitute activities over which the U.S. government has 
significant national security and foreign policy concerns. To the 
extent that an activity listed in paragraph (a)(1), such as 
modification or testing, is done in the ``development'' of a ``defense 
article,'' such activities constitute ``development'' and are within 
the scope of paragraph (a)(2). With regard to paragraph (a)(3), the 
furnishing of assistance (including training) in the employment of a 
``defense article'' is a type of activity that the Department believes 
warrants control as a ``defense service,'' due to the inherently 
military nature of providing training and other services in the 
employment of a ``defense article'' (changes to paragraph (a)(3) are 
described above). The services described in former paragraphs (a)(5) 
and (a)(6) (and now in USML Categories IV(i) and XV(f)) are pursuant to 
Public Law 105-261.
    A commenting party recommended limiting paragraph (a)(2) to the 
integration of ECCN 9A515 and 600 series items into defense articles, 
saying that the regulations should focus on items subject to the EAR 
with a military or space focus. The Department's focus with this 
provision is in fact the ``defense article.'' Items that are to be 
integrated with a ``defense article,'' which may not themselves be 
defense articles, may be beyond the authority of the Department to 
regulate. The Department did not accept this recommendation.
    A commenting party recommended limiting the definition of 
integration to changes in the function of the ``defense article,'' and 
to exclude modifications in fit. For the purposes of illustration, this 
commenting party used one of the examples provided by the Department in 
the note to paragraph (a)(2): The manufacturer of the military vehicle 
will need to know the dimensions and electrical requirements of the 
dashboard radio when designing the vehicle. In this instance, paragraph 
(a)(2) would not apply, as this example addresses the manufacture of a 
``defense article,'' which is covered by paragraph (a)(1). If the radio 
to be installed in this vehicle is subject to the EAR, the provision to 
the manufacturer of information regarding the radio is not within the 
Department's licensing jurisdiction. In an instance of a service 
entailing the integration of an item with a ``defense article,'' where 
there would be modification to any of the items, the Department 
believes such assistance would inherently require the use of 
``technical data.'' Therefore, this exclusion would be unacceptably 
broad. However, the Department has accepted the recommendation to 
clarify the definition and exclude changes to fit to any of the items 
involved in the integration activity, provided that such services do 
not entail the use of ``technical data'' directly related to the 
``defense article.'' Upon review, changes to fit are not an aspect of 
integration, which is the ``engineering analysis needed to unite a 
`defense article' and one or more items,'' and therefore are not 
captured in paragraph (a)(2). The modifications of the ``defense 
article'' to accommodate the fit of the item to be integrated, which 
are within the activity covered by installation, are only those 
modifications to the ``defense article'' that allow the item to be 
placed in its predetermined location. Any modifications to the design 
of a ``defense article'' are beyond the scope of installation. 
Additionally, while minor modifications may be made to a ``defense 
article'' without the activity being controlled under (a)(2) as an 
integration activity, all modifications of defense articles, regardless 
of sophistication, are activities controlled under (a)(1) if performed 
by someone with prior knowledge of U.S.-origin ``technical data.'' 
``Fit'' is defined in ITAR Sec.  120.41: ``The fit of a commodity is 
defined by its ability to physically interface or connect with or 
become an integral part of another commodity'' (see, Note 4 to 
paragraph (b)(3)).
    Commenting parties recommended revising paragraph (a)(2) to provide 
that such assistance described therein would be a ``defense service'' 
only if U.S.-origin ``technical data'' is exported. The law and 
regulations do not mandate this limitation. Section 38 of the Arms 
Export Control Act provides that the President is authorized to control 
the ``export'' of defense articles and defense services. The ITAR, in 
defining ``defense article,'' ``technical data,'' and ``export,'' does 
not provide the qualifier ``U.S.-

[[Page 31532]]

origin'' (see ITAR Sec. Sec.  120.6, 120.10, and 120.17, respectively). 
In the instance described by the commenting party, of the integration 
of a commercial item into a foreign-origin ``defense article,'' the 
Department retains jurisdiction when the service is provided by a U.S. 
person.
    A commenting party recommended revising paragraph (a)(2) so that 
the paragraph (a)(1) exception of the furnishing of assistance using 
``public domain'' information is not nullified by paragraph (a)(2), as 
most of the activities described in paragraph (a)(1) involve 
integration as defined in the note to paragraph (a)(2). The Department 
believes each of the activities described in paragraphs (a)(1) and 
(a)(2) are sufficiently well defined to distinguish them one from the 
other. Therefore, the Department does not agree that paragraph (a)(2) 
nullifies the intention of paragraph (a)(1), and does not accept this 
recommendation.
    A commenting party requested clarification that providing an item 
subject to the EAR for the purposes of integration into a ``defense 
article'' is not a ``defense service.'' The provision of the item in 
this instance, unaccompanied by assistance in the integration of the 
item into a ``defense article,'' is not within the scope of ``the 
furnishing of assistance,'' and therefore is not a defense service.
    Commenting parties recommended clarification on whether the 
servicing of an item subject to the EAR that has been integrated with a 
``defense article'' would be a ``defense service.'' The Department 
notes that such activity is not a ``defense service,'' provides it as 
an example of what is not a ``defense service'' in the note to 
paragraph (a), and also notes that it would be incumbent on the 
applicant to ensure that in providing this service, ``technical data'' 
directly related to the ``defense article'' is not used.
    Commenting parties expressed concern over the potential negative 
effect of paragraph (a)(2) and the definition in general on university-
based educational activities and scientific communication, and 
recommended clarification of the relationship between the definition of 
``defense services'' and the exemption for the ``export'' of 
``technical data'' at ITAR Sec.  125.4(b)(10). Disclosures of 
``technical data'' to foreign persons who are bona-fide and full time 
regular employees of universities continue to be exports for which ITAR 
Sec.  125.4(b)(10) is one licensing exemption. The Department believes 
that, in most cases, the normal duties of a university employee do not 
encompass the furnishing of assistance to a foreign person, in the 
activities described in paragraph (a). Therefore, in the context of 
employment with the university, the Department does not perceive that 
the foreign person's use of the ``technical data'' would be described 
by ITAR Sec.  120.9(a)(2), or any part of paragraph (a).
    In response to the recommendation of one commenting party, the 
Department added a note clarifying that the installation of an item 
into a ``defense article'' is not a ``defense service,'' provided no 
``technical data'' is used in the rendering of the service.
    A commenting party recommended clarification of the licensing 
process for the ``export'' of an EAR 600 series item that is to be 
integrated into a ``defense article.'' The Department of Commerce has 
``export'' authority over the 600 series item, and the exporter must 
obtain a license from the Department of Commerce, if necessary. The 
exporter must also obtain an approval from the Department of State to 
provide any ``defense service,'' including integration assistance 
pursuant to paragraph (a)(2).
    A commenting party recommended removing ``testing'' as a type of 
``defense service,'' stating it was not included in the definition of 
``organizational-level maintenance.'' In including testing as part of 
the former definition but not of the latter, the Department does not 
perceive an inconsistency or conflict. To the extent that certain 
testing is within the definition of organization-level maintenance, 
that testing is explicitly excluded, as organizational-level 
maintenance is not covered under the definition of a ``defense 
service.'' However, all other testing remains a ``defense service.'' 
The Department intends for the furnishing of assistance to a foreign 
person, whether in the United States or abroad, in the testing of 
defense articles to be an activity requiring Department approval under 
the conditions of paragraph (a)(1). The Department did not accept this 
recommendation.
    Commenting parties provided recommendations for revising the 
definitions of ``public domain'' information and ``technical data.'' 
Those definitions are proposed in this rule as well. To the extent that 
evaluation of the proposed changes to ``defense services'' hinges on 
these terms, the Department invites commenting parties to submit 
analyses of the impact of these revised definitions on the revised 
``defense service'' definition in this proposed rule.
    Commenting parties recommended clarification of the regulation 
regarding the furnishing of assistance and training in organizational-
level (basic-level) maintenance. The Department harmonized paragraph 
(a)(1) and the example regarding organizational-level maintenance by 
revising the Note to Paragraph (a), which sets forth activities that 
are not ``defense services,'' so that it specifically provides that 
``the furnishing of assistance (including training) in organizational-
level (basic-level) maintenance of a defense article'' is an example of 
an activity that is not a defense service.
    In response to commenting parties, the Department clarifies that 
the example of employment by a foreign person of a natural U.S. person 
as not constituting a ``defense service'' is meant to address, among 
other scenarios, the instance where such a person is employed by a 
foreign defense manufacturer, but whose employment in fact does not 
entail the furnishing of assistance as described in ITAR Sec.  
120.9(a). By ``natural person,'' the Department means a human being, as 
may be inferred from the definition of ``person'' provided in ITAR 
Sec.  120.14.
    In response to the recommendation of a commenting party, the 
Department confirms that, as stated in a Department of Commerce notice, 
``Technology subject to the EAR that is used with technical data 
subject to the ITAR that will be used under the terms of a Technical 
Assistance Agreement (TAA) or Manufacturing License Agreement (MLA) and 
that would otherwise require a license from [the Department of 
Commerce] may all be exported under the TAA or MLA'' (see 78 FR 22660). 
In DDTC publication Guidelines for Preparing Electronic Agreements 
(Revision 4.2), Section 20.1.d., the following conditions are 
stipulated: The technology subject to the EAR will be used with 
``technical data'' subject to the ITAR and described in the agreement, 
and the technology subject to the EAR will be used under the terms of a 
TAA or MLA (see http://www.pmddtc.state.gov/licensing/agreement.html).

Request for Comments

    The Department invites public comment on any of the proposed 
definitions set forth in this rulemaking. With respect to the revisions 
to ITAR Sec.  120.17, the Department recognizes the increasingly 
complex nature of telecommunications infrastructure and the manner in 
which data is transmitted, stored, and accessed, and accordingly seeks 
public comment with special emphasis on: (1) How adequately the 
proposed regulations address the technical aspects of data transmission 
and storage; (2) whether

[[Page 31533]]

the proposed regulations mitigate unintended or unauthorized access to 
transmitted or stored data; and (3) whether the proposed regulations 
impose an undue financial or compliance burden on the public.
    The public is also asked to comment on the effective date of the 
final rule. Export Control Reform rules that revised categories of the 
USML and created new 600 series ECCN have had a six-month delayed 
effective date to allow for exporters to update the classification of 
their items. In general, rules effecting export controls have been 
effective on the date of publication, due to the impact on national 
security and foreign policy. As this proposed rule and the companion 
proposed rule from the Bureau of Industry and Security revise 
definitions within the ITAR and the EAR and do not make any changes to 
the USML or CCL, the Department proposes (should the proposed rule be 
adopted) a 30-day delayed effective date to allow exporters to ensure 
continued compliance.

Regulatory Analysis and Notices

Administrative Procedure Act

    The Department of State is of the opinion that controlling the 
import and export of defense articles and services is a foreign affairs 
function of the U.S. government and that rules implementing this 
function are exempt from sections 553 (rulemaking) and 554 
(adjudications) of the Administrative Procedure Act (APA). Although the 
Department is of the opinion that this proposed rule is exempt from the 
rulemaking provisions of the APA, the Department is publishing this 
rule with a 60-day provision for public comment and without prejudice 
to its determination that controlling the import and export of defense 
services is a foreign affairs function.

Regulatory Flexibility Act

    Since the Department is of the opinion that this proposed rule is 
exempt from the rulemaking provisions of 5 U.S.C. 553, there is no 
requirement for an analysis under the Regulatory Flexibility Act.

Unfunded Mandates Reform Act of 1995

    This proposed amendment does not involve a mandate that will result 
in the expenditure by State, local, and tribal governments, in the 
aggregate, or by the private sector, of $100 million or more in any 
year and it will not significantly or uniquely affect small 
governments. Therefore, no actions were deemed necessary under the 
provisions of the Unfunded Mandates Reform Act of 1995.

Small Business Regulatory Enforcement Fairness Act of 1996

    For purposes of the Small Business Regulatory Enforcement Fairness 
Act of 1996 (the ``Act''), a major rule is a rule that the 
Administrator of the OMB Office of Information and Regulatory Affairs 
finds has resulted or is likely to result in: (1) An annual effect on 
the economy of $100,000,000 or more; (2) a major increase in costs or 
prices for consumers, individual industries, federal, state, or local 
government agencies, or geographic regions; or (3) significant adverse 
effects on competition, employment, investment, productivity, 
innovation, or on the ability of United States-based enterprises to 
compete with foreign-based enterprises in domestic and foreign markets.
    The Department does not believe this rulemaking will have an annual 
effect on the economy of $100,000,000 or more, nor will it result in a 
major increase in costs or prices for consumers, individual industries, 
federal, state, or local government agencies, or geographic regions, or 
have significant adverse effects on competition, employment, 
investment, productivity, innovation, or on the ability of United 
States-based enterprises to compete with foreign-based enterprises in 
domestic and foreign markets. The proposed means of solving the issue 
of data protection are both familiar to and extensively used by the 
affected public in protecting sensitive information.

Executive Orders 12372 and 13132

    This proposed amendment will not have substantial direct effects on 
the States, on the relationship between the national government and the 
States, or on the distribution of power and responsibilities among the 
various levels of government. Therefore, in accordance with Executive 
Order 13132, it is determined that this proposed amendment does not 
have sufficient federalism implications to require consultations or 
warrant the preparation of a federalism summary impact statement. The 
regulations implementing Executive Order 12372 regarding 
intergovernmental consultation on Federal programs and activities do 
not apply to this proposed amendment.

Executive Orders 12866 and 13563

    Executive Orders 12866 and 13563 direct agencies to assess costs 
and benefits of available regulatory alternatives and, if regulation is 
necessary, to select regulatory approaches that maximize net benefits 
(including potential economic, environmental, public health and safety 
effects, distributed impacts, and equity). The executive orders stress 
the importance of quantifying both costs and benefits, of reducing 
costs, of harmonizing rules, and of promoting flexibility. This 
proposed rule has been designated a ``significant regulatory action,'' 
although not economically significant, under section 3(f) of Executive 
Order 12866. Accordingly, the proposed rule has been reviewed by the 
Office of Management and Budget (OMB).

Executive Order 12988

    The Department of State has reviewed the proposed amendment in 
light of sections 3(a) and 3(b)(2) of Executive Order 12988 to 
eliminate ambiguity, minimize litigation, establish clear legal 
standards, and reduce burden.

Executive Order 13175

    The Department of State has determined that this rulemaking will 
not have tribal implications, will not impose substantial direct 
compliance costs on Indian tribal governments, and will not preempt 
tribal law. Accordingly, Executive Order 13175 does not apply to this 
rulemaking.

Paperwork Reduction Act

    This rule does not impose any new reporting or recordkeeping 
requirements subject to the Paperwork Reduction Act, 44 U.S.C. Chapter 
35; however, the Department of State seeks public comment on any 
unforeseen potential for increased burden.

List of Subjects

22 CFR 120 and 125

    Arms and munitions, Classified information, Exports.

22 CFR 123

    Arms and munitions, Exports, Reporting and recordkeeping 
requirements.

22 CFR Part 127

    Arms and munitions, Exports, Crime, Law, Penalties, Seizures and 
forfeitures.

    Accordingly, for the reasons set forth above, title 22, chapter I, 
subchapter M, parts 120, 123, 125, and 127 are proposed to be amended 
as follows:

PART 120--PURPOSE AND DEFINITIONS

0
1. The authority citation for part 120 continues to read as follows:


[[Page 31534]]


    Authority: Secs. 2, 38, and 71, Pub. L. 90-629, 90 Stat. 744 (22 
U.S.C. 2752, 2778, 2797); 22 U.S.C. 2794; 22 U.S.C. 2651a; Pub. L. 
105-261, 112 Stat. 1920; Pub. L. 111-266; Section 1261, Pub. L. 112-
239; E.O. 13637, 78 FR 16129.

0
2. Section 120.6 is amended by designating the current text as 
paragraph (a), revising the first sentence of newly designated 
paragraph (a), and adding paragraph (b) to read as follows:


Sec.  120.6  Defense article.

    (a) Defense article means any item, software, or technical data 
designated in Sec.  121.1 of this subchapter. * * *
    (b) The following are not defense articles and thus not subject to 
the ITAR:
    (1) [Reserved]
    (2) [Reserved]
    (3) Information and software that:
    (i) Are in the public domain, as described in Sec.  120.11;
    (ii) Arise during, or result from, fundamental research, as 
described in Sec.  120.46;
    (iii) Concern general scientific, mathematical, or engineering 
principles commonly taught in schools, and released by instruction in a 
catalog course or associated teaching laboratory of an academic 
institution; or
    (iv) Appear in patents or open (published) patent applications 
available from or at any patent office, unless covered by an invention 
secrecy order.

    Note to paragraph (b): Information that is not within the scope 
of the definition of technical data (see Sec.  120.10) and not 
directly related to a defense article, or otherwise described on the 
USML, is not subject to the ITAR.

0
3. Section 120.9 is revised to read as follows:


Sec.  120.9  Defense service.

    (a) Defense service means:
    (1) The furnishing of assistance (including training) to a foreign 
person (see Sec.  120.16), whether in the United States or abroad, in 
the production, assembly, testing, intermediate- or depot-level 
maintenance (see Sec.  120.38), modification, demilitarization, 
destruction, or processing of a defense article (see Sec.  120.6), by a 
U.S. person or foreign person in the United States, who has knowledge 
of U.S.-origin technical data directly related to the defense article 
that is the subject of the assistance, prior to performing the service;

    Note 1 to paragraph (a)(1):  ``Knowledge of U.S.-origin 
technical data'' for purposes of paragraph (a)(1) can be established 
based on all the facts and circumstances. However, a person is 
deemed to have ``knowledge of U.S.-origin technical data'' directly 
related to a defense article if the person participated in the 
development of a defense article described in the same USML 
paragraph or accessed (physically or electronically) technical data 
directly related to the defense article that is the subject of the 
assistance, prior to performing the service.


    Note 2 to paragraph (a)(1):  U.S. persons abroad who only 
receive U.S.-origin technical data as a result of their activities 
on behalf of a foreign person are not included within paragraph 
(a)(1).


    Note 3 to paragraph (a)(1):  Foreign person employees in the 
United States providing defense services as part of Directorate of 
Defense Trade Controls-authorized employment need not be listed on 
the U.S. employer's technical assistance agreement or receive 
separate authorization to perform defense services on behalf of 
their authorized U.S. employer.

    (2) The furnishing of assistance (including training) to a foreign 
person (see Sec.  120.16), whether in the United States or abroad, in 
the development of a defense article, or the integration of a defense 
article with any other item regardless of whether that item is subject 
to the ITAR or technical data is used;

    Note to paragraph (a)(2):  ``Integration'' means any engineering 
analysis (see Sec.  125.4(c)(5) of this subchapter) needed to unite 
a defense article and one or more items. Integration includes the 
introduction of software to enable operation of a defense article, 
and the determination during the design process of where an item 
will be installed (e.g., integration of a civil engine into a 
destroyer that requires changes or modifications to the destroyer in 
order for the civil engine to operate properly; not plug and play). 
Integration is distinct from ``installation.'' Installation means 
the act of putting an item in its predetermined place without the 
use of technical data or any modifications to the defense article 
involved, other than to accommodate the fit of the item with the 
defense article (e.g., installing a dashboard radio into a military 
vehicle where no modifications (other than to accommodate the fit of 
the item) are made to the vehicle, and there is no use of technical 
data.). The ``fit'' of an item is defined by its ability to 
physically interface or connect with or become an integral part of 
another item. (see Sec.  120.41).

    (3) The furnishing of assistance (including training) to a foreign 
person (see Sec.  120.16), regardless of whether technical data is 
used, whether in the United States or abroad, in the employment of a 
defense article, other than basic operation of a defense article 
authorized by the U.S. government for export to the same recipient;
    (4) Participating in or directing combat operations for a foreign 
person (see Sec.  120.16), except as a member of the regular military 
forces of a foreign nation by a U.S. person who has been drafted into 
such forces; or
    (5) The furnishing of assistance (including training) to the 
government of a country listed in Sec.  126.1 of this subchapter in the 
development, production, operation, installation, maintenance, repair, 
overhaul or refurbishing of a defense article or a part component, 
accessory or attachments specially designed for a defense article.

    Note to paragraph (a): The following are examples of activities 
that are not defense services:
    1. The furnishing of assistance (including training) in 
organizational-level (basic-level) maintenance (see Sec.  120.38) of 
a defense article;
    2. Performance of services by a U.S. person in the employment of 
a foreign person, except as provided in this paragraph;
    3. Servicing of an item subject to the EAR (see Sec.  120.42) 
that has been integrated or installed into a defense article, or the 
servicing of an item subject to the EAR into which a defense article 
has been installed or integrated, without the use of technical data, 
except as described in paragraph (a)(5) of this section;
    4. The installation of any item into a defense article, or the 
installation of a defense article into any item;
    5. Providing law enforcement, physical security, or personal 
protective services (including training and advice) to or for a 
foreign person (if such services necessitate the export of a defense 
article a license or other approval is required for the export of 
the defense article, and such services that entail the employment or 
training in the employment of a defense article are addressed in 
paragraph (a)(3) of this section);
    6. The furnishing of assistance by a foreign person not in the 
United States;
    7. The furnishing of medical, logistical (other than 
maintenance), translation, financial, legal, scheduling, or 
administrative services;
    8. The furnishing of assistance by a foreign government to a 
foreign person in the United States, pursuant to an arrangement with 
the Department of Defense; and
    9. The instruction in general scientific, mathematical, or 
engineering principles commonly taught in schools, colleges, and 
universities.
    (b) [Reserved]

0
4. Section 120.10 is revised to read as follows:


Sec.  120.10  Technical data.

    (a) Technical data means, except as set forth in paragraph (b) of 
this section:
    (1) Information required for the development (see Sec.  120.47) 
(including design, modification, and integration design), production 
(see Sec.  120.48) (including manufacture, assembly, and integration), 
operation, installation, maintenance, repair, overhaul, or refurbishing 
of a defense article. Technical data may be in any tangible or 
intangible form, such as written or

[[Page 31535]]

oral communications, blueprints, drawings, photographs, plans, 
diagrams, models, formulae, tables, engineering designs and 
specifications, computer-aided design files, manuals or documentation, 
electronic media or information gleaned through visual inspection;

    Note to paragraph (a)(1): The modification of an existing item 
creates a new item and technical data for the modification is 
technical data for the development of the new item.

    (2) Information enumerated on the USML (i.e., not controlled 
pursuant to a catch-all USML paragraph);
    (3) Classified information for the development, production, 
operation, installation, maintenance, repair, overhaul, or refurbishing 
of a defense article or a 600 series item subject to the EAR;
    (4) Information covered by an invention secrecy order; or
    (5) Information, such as decryption keys, network access codes, or 
passwords, that would allow access to other technical data in clear 
text or software (see Sec.  127.1(b)(4) of this subchapter).
    (b) Technical data does not include:
    (1) Non-proprietary general system descriptions;
    (2) Information on basic function or purpose of an item; or
    (3) Telemetry data as defined in note 3 to USML Category XV(f) (see 
Sec.  121.1 of this subchapter).
0
5. Section 120.11 is revised to read as follows:


Sec.  120.11  Public domain.

    (a) Except as set forth in paragraph (b) of this section, 
unclassified information and software are in the public domain, and are 
thus not technical data or software subject to the ITAR, when they have 
been made available to the public without restrictions upon their 
further dissemination such as through any of the following:
    (1) Subscriptions available without restriction to any individual 
who desires to obtain or purchase the published information;
    (2) Libraries or other public collections that are open and 
available to the public, and from which the public can obtain tangible 
or intangible documents;
    (3) Unlimited distribution at a conference, meeting, seminar, trade 
show, or exhibition, generally accessible to the interested public;
    (4) Public dissemination (i.e., unlimited distribution) in any form 
(e.g., not necessarily in published form), including posting on the 
Internet on sites available to the public; or
    (5) Submission of a written composition, manuscript or presentation 
to domestic or foreign co-authors, editors, or reviewers of journals, 
magazines, newspapers or trade publications, or to organizers of open 
conferences or other open gatherings, with the intention that the 
compositions, manuscripts, or publications will be made publicly 
available if accepted for publication or presentation.
    (b) Technical data or software, whether or not developed with 
government funding, is not in the public domain if it has been made 
available to the public without authorization from:
    (1) The Directorate of Defense Trade Controls;
    (2) The Department of Defense's Office of Security Review;
    (3) The relevant U.S. government contracting entity with authority 
to allow the technical data or software to be made available to the 
public; or
    (4) Another U.S. government official with authority to allow the 
technical data or software to be made available to the public.

    Note 1 to Sec.  120.11:  Section 127.1(a)(6) of this subchapter 
prohibits, without written authorization from the Directorate of 
Defense Trade Controls, U.S. and foreign persons from exporting, 
reexporting, retransfering, or otherwise making available to the 
public technical data or software if such person has knowledge that 
the technical data or software was made publicly available without 
an authorization described in paragraph (b) of this section.


    Note 2 to Sec.  120.11:  An export, reexport, or retransfer of 
technical data or software that was made publicly available by 
another person without authorization is not a violation of this 
subchapter, except as described in Sec.  127.1(a)(6) of this 
subchapter.

0
6. Section 120.17 is revised to read as follows:


Sec.  120.17  Export.

    (a) Except as set forth in Sec.  120.52, Sec.  126.16, or Sec.  
126.17 of this subchapter, export means:
    (1) An actual shipment or transmission out of the United States, 
including the sending or taking of a defense article outside of the 
United States in any manner;
    (2) Releasing or otherwise transferring technical data or software 
(source code or object code) to a foreign person in the United States 
(a ``deemed export'');
    (3) Transferring by a person in the United States of registration, 
control, or ownership of any aircraft, vessel, or satellite subject to 
the ITAR to a foreign person;
    (4) Releasing or otherwise transferring a defense article to an 
embassy or to any agency or subdivision of a foreign government, such 
as a diplomatic mission, in the United States;
    (5) Performing a defense service on behalf of, or for the benefit 
of, a foreign
    person, whether in the United States or abroad;
    (6) Releasing or otherwise transferring information, such as 
decryption keys, network access codes, passwords, or software, or 
providing physical access, that would allow access to other technical 
data in clear text or software to a foreign person regardless of 
whether such data has been or will be transferred; or
    (7) Making technical data available via a publicly available 
network (e.g., the Internet).
    (b) Any release in the United States of technical data or software 
to a foreign person is a deemed export to all countries in which the 
foreign person has held citizenship or holds permanent residency.
0
7. Section 120.19 is revised to read as follows:


Sec.  120.19  Reexport.

    (a) Except as set forth in Sec.  120.52, reexport means:
    (1) An actual shipment or transmission of a defense article from 
one foreign country to another foreign country, including the sending 
or taking of a defense article to or from such countries in any manner;
    (2) Releasing or otherwise transferring technical data or software 
to a foreign person of a country other than the foreign country where 
the release or transfer takes place (a ``deemed reexport'');
    (3) Transferring by a person outside of the United States of 
registration, control, or ownership of any aircraft, vessel, or 
satellite subject to the ITAR to a foreign person outside the United 
States; or
    (4) Releasing or otherwise transferring outside of the United 
States information, such as decryption keys, network access codes, 
password, or software, or providing physical access, that would allow 
access to other technical data in clear text or software to a foreign 
person regardless of whether such data has been or will be transferred.
    (b) [Reserved]


Sec.  120.41  [Amended]

0
8. Section 120.41 is amended by reserving Note 1 to paragraph (b)(3) 
and Note 2 to paragraph (b)(3).
0
9. Section 120.46 is added to read as follows:


Sec.  120.46  Required.

    (a) As applied to technical data, the term required refers to only 
that portion

[[Page 31536]]

of technical data that is peculiarly responsible for achieving or 
exceeding the controlled performance levels, characteristics, or 
functions. Such required technical data may be shared by different 
products.

    Note 1 to paragraph (a): The references to ``characteristics'' 
and functions'' are not limited to entries on the USML that use 
specific technical parameters to describe the scope of what is 
controlled. The ``characteristics'' and ``functions'' of an item 
listed are, absent a specific regulatory definition, a standard 
dictionary's definition of the item. For example, USML Category 
VIII(a)(1) controls aircraft that are ``bombers.'' No performance 
level is identified in the entry, but the characteristic of the 
aircraft that is controlled is that it is a bomber. Thus, any 
technical data, regardless of significance, peculiar to making an 
aircraft a bomber as opposed to, for example, an aircraft controlled 
under ECCN 9A610.a or ECCN 9A991.a, would be technical data required 
for a bomber and thus controlled under USML Category VIII(i).


    Note 2 to paragraph (a):  The ITAR and the EAR often divide 
within each set of regulations or between each set of regulations:
    1. Controls on parts, components, accessories, attachments, and 
software; and
    2. Controls on the end items, systems, equipment, or other items 
into which those parts, components, accessories, attachments, and 
software are to be installed or incorporated.
    With the exception of technical data specifically enumerated on 
the USML, the jurisdictional status of unclassified technical data 
is the same as the jurisdictional status of the defense article or 
item subject to the EAR to which it is directly related. Thus, if 
technology is directly related to the production of an ECCN 9A610.x 
aircraft component that is to be integrated or installed in a USML 
Category VIII(a) aircraft, the technology is controlled under ECCN 
9E610, not USML Category VIII(i).


    Note 3 to paragraph (a):  Technical data is ``peculiarly 
responsible for achieving or exceeding the controlled performance 
levels, characteristics, or functions'' if it is used in or for use 
in the development (including design, modification, and integration 
design), production (including manufacture, assembly, and 
integration), operation, installation, maintenance, repair, 
overhaul, or refurbishing of a defense article unless:
    1. The Department of State has determined otherwise in a 
commodity jurisdiction determination;
    2. [Reserved];
    3. It is identical to information used in or with a commodity or 
software that:
    i. Is or was in production (i.e., not in development); and
    ii. Is not a defense article;
    4. It was or is being developed with knowledge that it is for or 
would be for use in or with both defense articles and commodities 
not on the U.S. Munitions List; or
    5. It was or is being developed for use in or with general 
purpose commodities or software (i.e., with no knowledge that it 
would be for use in or with a particular commodity).
    (b) [Reserved]

0
10. Section 120.47 is added to read as follows:


Sec.  120.47  Development.

    Development is related to all stages prior to serial production, 
such as: design, design research, design analyses, design concepts, 
assembly and testing of prototypes, pilot production schemes, design 
data, process of transforming design data into a product, configuration 
design, integration design, and layouts. Development includes 
modification of the design of an existing item.
0
11. Section 120.48 is added to read as follows:


Sec.  120.48  Production.

    Production means all production stages, such as product 
engineering, manufacture, integration, assembly (mounting), inspection, 
testing, and quality assurance. This includes ``serial production'' 
where commodities have passed production readiness testing (i.e., an 
approved, standardized design ready for large scale production) and 
have been or are being produced on an assembly line for multiple 
commodities using the approved, standardized design.
0
12. Section 120.49 is added to read as follows:


Sec.  120.49  Technical data that arises during, or results from, 
fundamental research.

    (a) Technical Data arising during, or resulting from, fundamental 
research. Unclassified information that arises during, or results from, 
fundamental research and is intended to be published is not technical 
data when the research is:
    (1) Conducted in the United States at an accredited institution of 
higher learning located; or
    (2) Funded, in whole or in part, by the U.S. government.

    Note 1 to paragraph (a): The inputs used to conduct fundamental 
research, such as information, equipment, or software, are not 
``technical data that arises during or results from fundamental 
research'' except to the extent that such inputs are technical data 
that arose during or resulted from earlier fundamental research.


    Note 2 to paragraph (a): There are instances in the conduct of 
research, whether fundamental, basic, or applied, where a 
researcher, institution, or company may decide to restrict or 
protect the release or publication of technical data contained in 
research results. Once a decision is made to maintain such technical 
data as restricted or proprietary, the technical data becomes 
subject to the ITAR.

    (b) Prepublication review. Technical data that arises during, or 
results from, fundamental research is intended to be published to the 
extent that the researchers are free to publish the technical data 
contained in the research without any restriction or delay, including 
U.S. government-imposed access and dissemination controls or research 
sponsor proprietary information review.

    Note 1 to paragraph (b): Although technical data arising during 
or resulting from fundamental research is not considered ``intended 
to be published'' if researchers accept restrictions on its 
publication, such technical data will nonetheless qualify as 
technical data arising during or resulting from fundamental research 
once all such restrictions have expired or have been removed.


    Note 2 to paragraph (b): Research that is voluntarily subjected 
to U.S. government prepublication review is considered intended to 
be published for all releases consistent with any resulting 
controls.


    Note 3 to paragraph (b): Technical data resulting from U.S. 
government funded research which is subject to government-imposed 
access and dissemination or other specific national security 
controls qualifies as technical data resulting from fundamental 
research, provided that all government-imposed national security 
controls have been satisfied.

    (c) Fundamental research definition. Fundamental research means 
basic or applied research in science and engineering, the results of 
which ordinarily are published and shared broadly within the scientific 
community. This is distinguished from proprietary research and from 
industrial development, design, production, and product utilization, 
the results of which ordinarily are restricted for proprietary or 
national security reasons.
    (1) Basic research means experimental or theoretical work 
undertaken principally to acquire new knowledge of the fundamental 
principles of phenomena or observable facts, not primarily directed 
towards a specific practical aim or objective.
    (2) Applied research means the effort that:
    (i) Normally follows basic research, but may not be severable from 
the related basic research;
    (ii) Attempts to determine and exploit the potential of scientific 
discoveries or improvements in technology, materials, processes, 
methods, devices, or techniques; and
    (iii) Attempts to advance the state of the art.

[[Page 31537]]

0
13. Section 120.50 is added to read as follows:


Sec.  120.50  Release.

    (a) Except as set forth in Sec.  120.52, technical data and 
software are released through:
    (1) Visual or other inspection by foreign persons of a defense 
article that reveals technical data or software to a foreign person; or
    (2) Oral or written exchanges with foreign persons of technical 
data in the United States or abroad.
    (b) [Reserved]
0
14. Section 120.51 is added to read as follows:


Sec.  120.51  Retransfer.

    Except as set forth in Sec.  120.52 of this subchapter, a 
retransfer is a change in end use or end user of a defense article 
within the same foreign country.
0
15. Section 120.52 is added to read as follows:


Sec.  120.52  Activities that are not exports, reexports, or 
retransfers.

    (a) The following activities are not exports, reexports, or 
retransfers:
    (1) Launching a spacecraft, launch vehicle, payload, or other item 
into space;
    (2) While in the United States, releasing technical data or 
software to a U.S. person;
    (3) Shipping, moving, or transferring defense articles between or 
among the United States, the District of Columbia, the Commonwealth of 
Puerto Rico, the Commonwealth of the Northern Mariana Islands or any 
territory, dependency, or possession of the United States as listed in 
Schedule C, Classification Codes and Descriptions for U.S. Export 
Statistics, issued by the Bureau of the Census; and
    (4) Sending, taking, or storing technical data or software that is:
    (i) Unclassified;
    (ii) Secured using end-to-end encryption;
    (iii) Secured using cryptographic modules (hardware or software) 
compliant with the Federal Information Processing Standards Publication 
140-2 (FIPS 140-2) or its successors, supplemented by software 
implementation, cryptographic key management and other procedures and 
controls that are in accordance with guidance provided in current U.S. 
National Institute for Standards and Technology publications; and
    (iv) Not stored in a country proscribed in Sec.  126.1 of this 
subchapter or the Russian Federation.
    (b) For purposes of this section, end-to-end encryption means the 
provision of uninterrupted cryptographic protection of data between an 
originator and an intended recipient, including between an individual 
and himself or herself. It involves encrypting data by the originating 
party and keeping that data encrypted except by the intended recipient, 
where the means to access the data in unencrypted form is not given to 
any third party, including to any Internet service provider, 
application service provider or cloud service provider.
    (c) The ability to access technical data or software in encrypted 
form that satisfies the criteria set forth in paragraph (a)(4) of this 
section does not constitute the release or export of such technical 
data or software.

    Note to Sec.  120.52: See Sec.  127.1 of this subchapter for 
prohibitions on the release or transfer of technical data or 
software, in any form, to any person with knowledge that a violation 
will occur.

PART 123--LICENSES FOR THE EXPORT AND TEMPORARY IMPORT OF DEFENSE 
ARTICLES

0
16. The authority citation for part 123 continues to read as follows:

    Authority:  Secs. 2, 38, and 71, 90, 90 Stat. 744 (22 U.S.C. 
2752, 2778, 2797); 22 U.S.C. 2753; 22 U.S.C. 2651a; 22 U.S.C. 2776; 
Pub. L. 105-261, 112 Stat. 1920; Sec. 1205(a), Pub. L. 107-228; 
Section 1261, Pub. L. 112-239; E.O. 13637, 78 FR 16129.

0
17. Section 123.28 is added to read as follows:


Sec.  123.28  Scope of a license.

    Unless limited by a condition set out in a license, the export, 
reexport, retransfer, or temporary import authorized by a license is 
for the item(s), end-use(s), and parties described in the license 
application and any letters of explanation. DDTC grants licenses in 
reliance on representations the applicant made in or submitted in 
connection with the license application, letters of explanation, and 
other documents submitted.

PART 124--AGREEMENTS, OFF-SHORE PROCUREMENT, AND OTHER DEFENSE 
SERVICES

0
18. The authority citation for part 124 continues to read as follows:

    Authority:  Secs. 2, 38, and 71, 90, 90 Stat. 744 (22 U.S.C. 
2752, 2778, 2797); 22 U.S.C. 2651a; 22 U.S.C. 2776; Section 1514, 
Pub. L. 105-261; Pub. L. 111-266; Section 1261, Pub. L. 112-239; 
E.O. 13637, 78 FR 16129.

0
19. Section 124.1 is amended by adding paragraph (e) to read as 
follows:


Sec.  124.1  Manufacturing license agreements and technical assistance 
agreements.

* * * * *
    (e) Unless limited by a condition set out in an agreement, the 
export, reexport, retransfer, or temporary import authorized by a 
license is for the item(s), end-use(s), and parties described in the 
agreement, license, and any letters of explanation. DDTC approves 
agreements and grants licenses in reliance on representations the 
applicant made in or submitted in connection with the agreement, 
letters of explanation, and other documents submitted.

PART 125--LICENSES FOR THE EXPORT OF TECHNICAL DATA AND CLASSIFIED 
DEFENSE ARTICLES

0
20. The authority citation for part 125 continues to read as follows:

    Authority:  Secs. 2 and 38, 90, 90 Stat. 744 (22 U.S.C. 2752, 
2778); 22 U.S.C. 2651a; E.O. 13637, 78 FR 16129.

0
21. Section 125.4 is amended by revising paragraph (b)(9) to read as 
follows:


Sec.  125.4  Exemptions of general applicability.

* * * * *
    (b) * * *
    (9) Technical data, including classified information, regardless of 
media or format, exported by or to a U.S. person or a foreign person 
employee of a U.S. person, travelling or on temporary assignment abroad 
subject to the following restrictions:
    (i) Foreign persons may only export or receive such technical data 
as they are authorized to receive through a separate license or other 
approval.
    (ii) The technical data exported under this authorization is to be 
possessed or used solely by a U.S. person or authorized foreign person 
and sufficient security precautions must be taken to prevent the 
unauthorized release of the technology. Such security precautions 
include encryption of the technical data, the use of secure network 
connections, such as virtual private networks, the use of passwords or 
other access restrictions on the electronic device or media on which 
the technical data is stored, and the use of firewalls and other 
network security measures to prevent unauthorized access.
    (iii) The U.S. person is an employee of the U.S. government or is 
directly employed by a U.S. person and not by a foreign subsidiary.
    (iv) Technical data authorized under this exception may not be used 
for foreign production purposes or for defense services unless 
authorized through a license or other approval.
    (v) The U.S. employer of foreign persons must document the use of 
this exemption by foreign person employees,

[[Page 31538]]

including the reason that the technical data is needed by the foreign 
person for their temporary business activities abroad on behalf of the 
U.S. person.
    (vi) Classified information is sent or taken outside the United 
States in accordance with the requirements of the Department of Defense 
National Industrial Security Program Operating Manual (unless such 
requirements are in direct conflict with guidance provided by the 
Directorate of Defense Trade Controls, in which case such guidance must 
be followed).
* * * * *

PART 127--VIOLATIONS AND PENALTIES

0
22. The authority citation for part 127 continues to read as follows:

    Authority:  Sections 2, 38, and 42, 90, 90 Stat. 744 (22 U.S.C. 
2752, 2778, 2791); 22 U.S.C. 401; 22 U.S.C. 2651a; 22 U.S.C. 2779a; 
22 U.S.C. 2780; E.O. 13637, 78 FR 16129.

0
23. Section 127.1 is amended by adding paragraphs (a)(6) and (b)(4) to 
read as follows:


Sec.  127.1  Violations.

    (a) * * *
    (6) To export, reexport, retransfer, or otherwise make available to 
the public technical data or software if such person has knowledge that 
the technical data or software was made publicly available without an 
authorization described in Sec.  120.11(b) of this subchapter.
    (b) * * *
    (4) To release or otherwise transfer information, such as 
decryption keys, network access codes, or passwords, that would allow 
access to other technical data in clear text or to software that will 
result, directly or indirectly, in an unauthorized export, reexport, or 
retransfer of the technical data in clear text or software. Violation 
of this provision will constitute a violation to the same extent as a 
violation in connection with the export of the controlled technical 
data or software.
* * * * *

    Dated: May 20, 2015.
Rose E. Gottemoeller,
Under Secretary, Arms Control and International Security, Department of 
State.
[FR Doc. 2015-12844 Filed 6-2-15; 8:45 am]
 BILLING CODE 4710-25-P