By George W. Thompson
The Directorate of Defense Trade Controls has released a new consent agreement, order and proposed charging letter for Microwave Engineering Corp. for unauthorized technical data transfers, all available here. The facts are commonplace; indeed, I’m a little surprised that DDTC made this one public. Nevertheless, it does give us an opportunity to review International Traffic in Arms Regulations requirements and restrictions for exporting controlled information.
According to the proposed charging letter, MEC “designs and manufactures high-power, broadband passive components, antennas, and waveguides for radio frequency microwave and communication systems . . . used in both military and commercial applications.” It thus “was engaged in the manufacture and export of defense articles.” Its design and production information for those articles constituted “technical data” controlled by the ITAR.
MEC hired a Chinese citizen. Despite warnings from its export compliance officer that the employee could not participate in ITAR projects, company management provided him with technical data, including for one resulting in a customer purchase order. Though the customer in that project issued a non-disclosure agreement identifying all related information as ITAR-controlled, MEC permitted the Chinese citizen to work on the project. The company failed to obtain a DDTC license for these disclosures. Nor would a license have been granted for exports of technical data to a Chinese citizen, in any event.
Nearly two years after realizing it had committed violations, MEC submitted a belated disclosure to DDTC.
A Multitude of Errors
The proposed charging letter states MEC “acknowledged that relevant staff did not understand either the ITAR definition of ‘foreign person’ or that the ITAR § 120.10 definition of ‘technical data’ did not except technical data related to a product in its preliminary evaluation phase.” On top of these, company management disregarded the compliance officer’s admonitions regarding limits on the foreign employee as well as blanket statement in the customer’s NDA that the project involved technical data. Moreover, the delayed disclosure flirted perilously close to ignoring the 22 C.F.R. §126.1(e)(2) requirement to “immediately inform” DDTC that an illegal technical data transfer to an arms-embargoed country had occurred.
DDTC issued a penalty of $100,000, which is relative pocket change for a publicly-noted ITAR settlement agreement. Mitigating factors included the company’s improved compliance program.
Lessons to Be Learned?
Noting the old adage that smart people learn from their own mistakes, while really smart people learn from the mistakes of others, there are a few fundamental lessons for the ITAR community in the MEC settlement; perhaps this is why DDTC made it public.
First, the definition of technical data is quite broad. It encompasses information “required for the design [and] development . . . of defense articles”. A company must figure out the ITAR status of a product under development to properly determine whether it is generating technical data; waiting until there’s a tangible “thing” to do so is too late.
Second, foreign national employees are “foreign persons” despite their presence in the United States. Companies generating ITAR technical data must keep this in mind in making staffing assignments. Controlled information cannot be treated as “open source” within the bounds of a company, but must be shielded from unauthorized transfer to foreign-person employees.
Third, management must be aware that the ITAR are not mere suggestions or speedbumps. To me, the most egregious aspect of the MEC case is that the company’s president at the time simply disregarded the compliance officer’s guidance. In theory, the ITAR Empowered Official should have overruled that decision. Though there’s no discussion of this point in the proposed charging letter, a properly-structured compliance program would have provided the EO with visibility into the employee’s work assignments and veto power for questionable ones.
In sum, through the MEC settlement, DDTC has provided valuable guidance to ITAR-covered companies regarding their legal requirements. Such companies would be wise to take those lessons into account.
