On September 26, 2012, a federal jury convicted Sixing "Stephen" Liu of exporting sensitive U.S. military technology to China, stealing trade secrets, and lying to federal agents. Although Liu had not exported any physical defense articles out of the United States, he was convicted of exporting controlled technical data to China by taking his laptop out of the country without a license.
The U.S. Arms Export Control Act authorizes the President to control the export of defense articles and defense services from the United States. The regulations promulgated pursuant to the Act, known as the International Traffic in Arms Regulations (ITAR), define exporting to include, "[s]ending or taking a defense article out of the United States in any manner." All defense articles are listed on the United States Munitions List (USML), and "technical data" relating to those defense articles is also controlled by the USML. "Technical data" is defined as information "which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification" of a defense article.
Unless specifically exempted, U.S. persons exporting technical data covered by the USML must be registered with the U.S. State Department's Directorate of Defense Trade Controls, the agency which administers ITAR, and must apply for and receive a valid license for the specific export. Although ITAR provides an exemption to the general licensing requirement by allowing an individual to "hand carry technical data" outside the United States, the exemption is narrow and strict requirements must be met in order for it to apply. The exemption permits the taking or sending of technical data outside of the U.S. (regardless of media or format) by a U.S. person who is an employee of a U.S. corporation or a U.S. Government agency for delivery to a U.S. person employed by that U.S. corporation or to a U.S. Government agency outside the United States.
The export by Sixing Liu met neither of these requirements. Liu was carrying his laptop while making presentations at conferences and universities in China on topics related to technology that he was researching and developing for the U.S. Department of Defense. The technical data on his laptop described the design of guidance systems for missiles, rockets, target locators, and unmanned aerial vehicles. Liu did not have a license to carry that technical data out of the country. He was not charged with any crimes related to the actual presentations he made, nor is there evidence that he disclosed controlled data while in China. Nonetheless, the mere act of carrying that data to China is considered an export for which a license is required.
Liu's case highlights the need for employers in the defense industry to adopt technical data management policies and procedures, including controls on carrying laptops abroad. Employees should be adequately trained in export control compliance, especially with respect to the proper use and control of technical data. This requires close monitoring of which employees have access to controlled technical data as well as how that technical data is maintained and controlled on laptops and other electronic devices. As Liu's case points out, reliance on ITAR's exemption for carrying technical data out of the United States by hand is not a substitute for adequate controls and sufficient employee training.