Does the Proposed New ITAR Definition of ‘Defense Services’ Catch More Than it Releases in the Foreign Intelligence Area?
On July 29, the Directorate of Defense Trade Controls (DDTC) of the US Department of State proposed a new definition of the term “defense service.”
The International Traffic in Arms Regulations (ITAR) imposes a license requirement on “[p]erforming a defense service on behalf of, or for the benefit of, a foreign person, whether in the United States or abroad,” with only very narrow exemptions for close allies such as Canada, Australia, and the United Kingdom. This is significant in the defense export control world. DDTC’s definition of “defense services” in the proposed rule is carefully crafted alongside the two Bureau of Industry and Security (BIS) proposed end-uses on military, intelligence, and other restricted end-uses to avoid overlap. Read our alert on those proposed rules here.
What exactly is DDTC proposing as the new definition of “defense service”? The definition is a combination of something old, something new, something borrowed, and something blue, which should make Laura Ingalls Wilder fans happy. It does include some significant expansions, particularly in the area of assistance to foreign government intelligence activities, which is a murky area under the current “defense service” definition.
Something Old
DDTC keeps, but tweaks, the basic definition of “defense service.” We have bolded the new tweaks in the definition:
The furnishing of assistance, including training or consulting, to foreign persons in the development (including, e.g., design), production (including, e.g., engineering and manufacture), assembly, testing, repair, maintenance, modification, disabling, degradation, destruction, operation, processing, use, or demilitarization of a defense article.
By adding “consulting” to “training,” DDTC explains that it intends to control more than just direct instructional activity:
The proposed addition would reaffirm that providing the tools or means of furnishing training to a foreign person so that the foreign person may conduct training in lieu of the regulated person is included in the control. Such consulting is not limited to the furnishing of a completed product, but includes assisting in the development of such training.
Frankly, that’s reading a whole lot into the word “consulting” that we would not otherwise intuit. If the “tools … of furnishing training” are defense articles or technical data, then they are already covered by existing ITAR export controls. So, does the proposed definition of “consulting” cover the export of other items, like items subject to the Export Administration Regulations (EAR), that are currently outside DDTC jurisdiction? DDTC may wish to put this “clarification” into the text of the definition in the final rule and perhaps explain its thinking a bit more in the next preamble.
By contrast, the addition of “disabling” and “degradation” to recognize advances in technology makes more sense. DDTC wants to make clear that “cyber services, or any other activities, that disable and degrade defense articles, but fall short of total destruction or demilitarization, are included within the definition of defense service.”
Something New
DDTC has proposed two new United States Munitions List (USML) entries in Category IX that would control defense services related to intelligence and military assistance, which is an excellent idea.
Military Assistance
Of the two, the military assistance definition is the most familiar:
Assistance, including training or consulting, to a foreign government, unit, or force, or their proxy or agent, that creates, supports or improves the following…
- The organization or formation of military or paramilitary forces;
- Military or paramilitary operations, by planning, leading, or evaluating such operations; or
- Military or paramilitary capabilities through advice or training, including formal or informal instruction.
No one reading this new definition of military assistance should be surprised. After all, the current definition of defense service already includes the “[m]ilitary training of foreign units and forces, regular and irregular, including formal or informal instruction of foreign persons in the United States or abroad or by correspondence courses, technical, educational, or information publications and media of all kinds, training aid, orientation, training exercise, and military advice.”
The proposed new definition ditches the stilted “foreign units, regular and irregular” for the much broader “foreign government, unit, or force, or their proxy or agent.” This includes the entire foreign government — not just its military — as well as proxies and agents. If the proposed definition is enacted, it will no longer suffice to ask whether your company is training a foreign military force. The three subheadings in the definition do limit the new USML category to military and paramilitary forces and operations. However, the proposed new control for assisting in the “organization or formation” of military and paramilitary forces is arguably another expansion beyond military training of foreign units or forces. Under this proposed definition, services related merely to organizing or forming such forces would be enough to trigger ITAR controls.
Intelligence Assistance
The two relatively minor expansions of the military assistance definition pale in comparison to the proposed definition of intelligence service, which is shockingly broad. With some exceptions, which we discuss below, covered intelligence services are:
Assistance, including training or consulting, to a foreign government, unit, or force, or their proxy or agent, that creates, supports, or improves intelligence activities, including through planning, conducting, leading, providing analysis for, participating in, evaluating, or otherwise consulting on such activities, for compensation…
What are “intelligence activities”? I guess we are supposed to know them when we see them. Although DDTC has “determined that certain intelligence activities that do not involve defense articles provide a critical military or intelligence advantage such that they warrant and require revised controls under the ITAR,” it has neglected to define what these intelligence activities actually are. We all understand that what James Bond does counts as intelligence activities, but in the modern world of artificial intelligence (AI) and big data, intelligence activities could look a lot different. DDTC may wish to consider a definition in its final rule.
The requirement that the assistance to foreign government intelligence capabilities be “for compensation” is interesting. DDTC explains in the preamble that the compensation need not be financial but can include such non-financial compensations such as “gifts and or lodging, to goods or services, political favors, legislative or legal relief.” With the “for compensation” language, DDTC seeks to exclude from the proposed new controls “non-critical intelligence assistance provided on a volunteer basis (and not for hire or compensation). … For example, the Department does not intend for the activities of hobbyists or casually interested persons forwarding or commenting on open-source, publicly available satellite imagery relevant to the invasion of Ukraine, to be considered the furnishing of a defense service.” OK, we get that, but what if a US citizen wants to help the Russian or Iranian intelligence services for free? Does DDTC really mean to exempt uncompensated intelligence activities that the proposed definition?
Something Borrowed
The two new USML categories each contain exemptions (both share three identical exemptions, and there are three additional exemptions under intelligence assistance). DDTC has borrowed this “catch and release” system — i.e., a definition “which functions to initially describe a broad range of activities as a ‘catch,’ and then specifies certain limited carve-outs as a ‘release’ from the ‘catch’” — from the definition of “specially designed.” Many of us have been struggling with the definition of “specially designed” since it was launched some 10 plus years ago, feeling that it catches far more than it releases, and creates more uncertainty than what it replaced. While we are grateful for the carve-outs, given the super broad definitions of intelligence and military assistance discussed above, we suspect that these new definitions will suffer from the same affliction.
The three identical carve-outs to military assistance and intelligence assistance are as follows (annotated with our notes and questions in italics):
1. Furnishing of medical, translation, financial, insurance, legal, scheduling, or administrative services, or acting as a common carrier — This is a broad exemption in certain areas and is sure to generate some questions. Are common carriers transporting truckloads of defense articles within a foreign country for a foreign government really exempt?
2. Participation as a member of a regular military force of a foreign nation by a US person who has been drafted into such a force — This seems only fair to those who were drafted, but it certainly does not include volunteers, a point that brings to mind the many Americans who volunteered to help the Ukrainian forces.
3. Training and advice that is entirely composed of general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities — This is of interest because it very clearly does NOT mention other items in the public domain, which reinforces that defense services can involve exclusively public domain information.
The three additional exemptions under intelligence assistance are:
4. Information technology services that support ordinary business activities not specific to a particular business sector;
5. Any lawfully authorized investigative, protective, or intelligence activity of a law enforcement or intelligence agency of the United States or of a territory, possession, State, or District of the United States, including political subdivisions thereof; or
6. Maintenance or repair of a commodity or software.
The exception for lawfully authorized activities of US agencies (5 above) seems non-controversial, but the other two may generate some heated debate. DDTC explains that the former IT services exemption is intended to exempt from defense services:
Information technology services that are ordinarily provided to allow any business entity to operate internally as a modern business environment, without a sector-specific specialization. These would include, for example, services related to IT infrastructure, composed of the hardware (including switches, routers, and servers) and software (including operating systems and basic network security applications) that enable an organization to run specialized software applications. IT infrastructure is not necessarily collocated with the organization, as it may include cloud infrastructure such as remote data centers, edge computing, and various “as a service” (SaaS) models.
This explanation makes sense, but we are not sure the phrase “[i]nformation technology services that support ordinary business activities not specific to a particular business sector” fully conveys what DDTC had in mind. This wording could be both overly broad and overly narrow, and might benefit from an example in the actual regulation. Is AI a “specific business sector,” for example? And what if the ‘”specific business sector” traditionally has little to do with “intelligence activities” such as cloud computing support for commercial shipping or accounting (although the latter is arguably in the previously discussed exemption for administrative services)? It might make more sense to exempt “[i]nformation technology services that support ordinary business activities and not modified for or specific to one or more foreign government intelligence end user.”
The exemption for “maintenance or repair of a commodity or software” aims to avoid “imposing duplicative export licensing requirement for the activities described, since they are already regulated or proposed for regulation under the ITAR or EAR to the destinations of concern.” If so, then DDTC may wish to also exempt training on the operation of a commodity or software, as this too would be subject to the new US person restrictions under the proposed BIS rule (see our alert on those proposed rules here) should the end-user be of concern.
Something Blue(d Out)
DDTC didn’t exactly include something blue in their proposed rule on defense services, of course. Instead, DDTC proposes to delete (bluing out, if you will) something that should never have been in the definition of “defense services” to begin with — that is the “furnishing to foreign persons of any technical data controlled under this subchapter, whether in the United States or abroad” — which was a controlled export of technical data in the first place and merely duplicative in the defense service definition. This is an excellent and long-overdue deletion. Way to go!!
Contacts
- Related Industries
- Related Practices