Overview[]
International Traffic in Arms Regulations (ITAR) is a set of U.S. government regulations that control the export and import of defense-related articles and services on the U.S. Munition List (USML).[1] These regulations implement the provisions of the Arms Export Control Act, and are described in Title 22 (Foreign Relations), Chapter I (Department of State), Subchapter M of the Code of Federal Regulations. The Department of State interprets and enforces ITAR. Its goal is to safeguard U.S. national security and further U.S. foreign policy objectives.
ITAR regulations dictate that information and material pertaining to defense and military-related technologies (for items listed on the United States Munitions List) may only be shared with U.S. Persons unless authorization from the Department of State is received or a special exemption is used. U.S. Persons (including organizations) can face heavy fines if they have, without authorization or the use of an exemption, provided foreign (non-U.S.) persons with access to ITAR-protected defense articles, services or technical data.
The list of ITAR-controlled defense articles, services and technology (collectively "USML items") changes. Until 1996–1997, ITAR classified strong cryptography as arms and prohibited their export from the United States.
ITAR does not apply to information related to general scientific, mathematical or engineering principles that is commonly taught in schools and colleges or information that is (legitimately) in the public domain. Nor does it apply to general marketing information or basic system descriptions. These exceptions must, however, be treated with extreme caution: college professors have been prosecuted for breaches of the AECA as a result of access to USML items by foreign graduate students and companies have been penalized for alleged breaches of the AECA where they allegedly failed to properly remove USML items from material used to market defense articles. The U.S. government has also taken action (albeit unsuccessfully) for the export of technical data that was (allegedly) already publicly available on the internet.
Cloud computing[]
Cloud services may be subject to ITAR, which controls the export and import of defense-related articles and services on the United States Munitions List. ITAR does not apply to: (1) information related to general scientific, mathematic, or engineering principles commonly taught in schools and colleges or information that is legitimately in the public domain; (2) general marketing information; or (3) basic system descriptions.
As every Government agency and company within the ITAR regulation scheme are bound to comply with its provisions, the cloud must also be compliant. Further, owners of cloud-based content that has data subject to the control of ITAR/Export Administration Requirements, the Health Insurance Portability and Accountability Act of 2996, or the Office of Foreign Access Control must be compliant with the regulations.
References[]
- ↑ 1999 CFR Title 26, Volume 11.
Source[]
- "Cloud computing" section: NSTAC Report to the President on Cloud Computing, at 13.
This page uses Creative Commons Licensed content from Wikipedia (view authors). |