It should come as little surprise that federal agencies, whether they sit on a wall or not, believe that a word means what they “choose it to mean — neither more nor less.” So when the Bureau of Industry and Security (“BIS”) says that “visual inspection” and “oral exchanges” mean “giving a system password,” well, you can wring your hands about the violence to the English language involved in such a semantic contortion and you can make obscure references to Humpty Dumpty. But that’s about it.
In a recently announced civil penalty imposed by BIS against Santa Clara based Intevac, the enforcement folks at BIS trampled over their own definitions in order to justify a $115,000 fine against the Company for giving a password to a foreign national employee that would allow him to access hard disk technology controlled by ECCN 3E001. Specifically at issue were drawings, blueprints and part numbers that resided on a company server. According to the charging documents
Intevac released the technology . . . by providing the Russian national employee with a login identification code and a password that enabled him to view, print and create attachments.
Now let’s take a moment to do something adventurous; let’s actually look at BIS’s definition in § 734.2(b)(3) of the EAR for “release of technology of software:”
Technology or software is “released” for export through:
(i) Visual inspection by foreign nationals of U.S.-origin equipment and facilities;
(ii) Oral exchanges of information in the United States or abroad; or
(iii) The application to situations abroad of personal knowledge or technical experience acquired in the United States.
Clearly, simply giving out a password that enables access to a technology is neither a visual inspection or oral exchange of the technology. Unless the password is actually used by the foreign national to access the technology itself, something the charging documents rather coyly refuse to assert, there has been no release of technology. Granted the language here is ambiguous and perhaps the Russian national did see the technology at issue, but saying that the password “enabled him to view, print and create attachments” is an odd way of saying that.
The background here is that the Directorate of Defense Trade Controls (“DDTC”) has, at least since the Consent Agreement in the General Motors case, taken the position that with respect to ITAR-controlled technical data the “ability to access” such data is a deemed export whether actually accessed or not. This does equal violence to the definition of export in § 120.17 of the ITAR which refers to “disclosing (including oral or visual disclosure) or transferring technical data to a foreign person.” Again, to ordinary speakers of the English language permitting access and disclosing are two different things. Perhaps BIS in the Intevac case is just exhibiting a bad case of me-too-itis and does not want anyone to think that DDTC is rougher and tougher on deemed export issues than BIS.