For the country’s leading technology developers, their data may be controlled by federal export control regulations much as the products they manufacture are.
The reason: Foreign adversaries could use sensitive data to build potentially dangerous technologies, posing a national security risk to the U.S.
The export compliance risk involving data transfer is amplified by the fact that so much of today’s business is conducted via mobile technologies, such as laptops and cellphones.
Certain technology data transfers may, in fact, require licenses either under the Commerce Department’s Export Administration Regulations (EAR) or the State Department’s International Traffic in Arms Regulations (ITAR).
Doug Jacobson, a Washington-based attorney with Jacobson Burton Kelley PLLC who specializes in U.S. export controls, said “virtually all compliance programs, particularly in the defense sector,” already have strong policies in place for employee use of laptops overseas to prevent the potential for errant technology data transfers.
“We provide tools to make it easy to comply,” said Brian Amero, global compliance and ethics officer for Boston-based Teradyne (NASDAQ: TER). “For example, we use cloud provider BOX Zones with key safe to store sensitive information in the cloud and not on your laptop. We discourage storing sensitive information on laptops.”
That said, compliance is not easy to monitor and audit, Amero added. “There is some level of trust involved. In my experience, employees have followed the rules.”
Despite the best compliance programs, however, Jacobson said there is not much to prevent a rogue employee from attempting an illicit technology data transfer.
Raytheon Missile Systems (RMS) (NYSE: RTN) experienced this when one of its engineers was charged by a District Court in Arizona on Jan. 29 with five counts of illegally transporting a company laptop overseas that contained classified missile technology data.
According to federal prosecutors, the former engineer, Wei Sun, was aware of the ITAR license requirement and warned by RMS not to take the laptop with him abroad but did so anyway. Sun was arrested by FBI agents when he returned to the U.S. from his two-week vacation in Asia, which allegedly included a stop in China.
“It may come to a time when a company or university has to take extreme measures to ensure that employees are prohibited from taking their laptop overseas, because it contains sensitive controlled technology,” said Paul DiVecchio, a 40-year export compliance consultant in Boston. “This may require relinquishing a laptop to security personnel or an export compliance officer until the individual returns from the overseas trip.
“This certainly needs to be seriously considered when the employee is traveling to ITAR arms-embargoed countries, such as China and Russia,” he said, adding that the FBI, Customs and Border Protection, and Commerce’s Office of Export Enforcement have this compliance matter high on their radar.
U.S. Attorney General Bill Barr said in a speech Thursday before the Justice Department’s China Initiative Conference in Washington that his department “will continue to use our full suite of national security tools to combat the threat posed by theft directed and encouraged by the PRC.”
The Justice Department, which includes the FBI, heavily relies on the industry and universities to report suspicious computer activity.
“Our ability to protect American technology will ultimately depend on a partnership with industry and the academy,” Barr said.