Sending Intra-Office Email? You May Be an “Exporter”
How so? While it is generally well understood that shipments of goods from the U.S. to another country constitute an export, what is less widely known is that the release of controlled technology to a foreign person – someone who is not a U.S. citizen, permanent resident (“green card” holder), refugee, asylee or temporary resident protected under the Immigration Reform and Control Act of 1986 – can be “deemed” an export to the recipient’s country of nationality or citizenship, even if the foreign person recipient is physically within U.S. borders. Therefore, if the technical specs and blueprint Mike emailed to Ivan related to a part controlled under the International Traffic in Arms Regulations (“ITAR”), and Ivan is a foreign person, then, unless an export license or other authorization was obtained beforehand, a violation of U.S. export control laws occurred.
The prevention of unlawful deemed exports demands corporate attention, as such activities can generate significant civil liability, cause substantial damage to a company’s reputation, and potentially even result in criminal liability. One recent example of enforcement action related to unauthorized deemed exports took place on February 19, 2014, when the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) penalized Intervac, Inc. for the unauthorized release of drawings, blueprints, and identification numbers for parts and technology used in computer disk drive manufacturing that were controlled under the Export Administration Regulations (“EAR”). The controlled information had been shared with a Russian national working at the company’s Santa Clara facility and exported to the company’s Chinese subsidiary. Because of the national security related export restrictions to which the particular parts and technology were subject under the EAR, a license was required to share such data and materials with Russia, China, and foreign nationals thereof. Although Intervac was potentially subject to over $1.25 million in fines, the company’s cooperation with government investigators and its full disclosure resulted in a $115,000 civil penalty.
In order to know whether a license or other export authorization is required before foreign persons can be granted access to certain data or technology, a company must first determine if the technology to be released to the foreign person is (a) controlled by either the EAR or the ITAR and (b), if so, whether the EAR or the ITAR requires a license to export or otherwise release it to the foreign person’s country or countries of nationality. If export licenses/authorizations are required to share the data with certain foreign countries and persons, the company will then need to: (c) collect nationality and citizenship information from employees or other persons that might have access to the data (within the confines of applicable anti-discrimination and privacy laws); (d) analyze to what extent particular employees are permitted unlicensed access to the data; (e) determine whether to seek a license or other authorization to permit otherwise unauthorized foreign persons access to the data; and (f) take appropriate measures to prevent unauthorized, physical, visual, and virtual (electronic) access to controlled data. Companies must also ensure that employees, customers, suppliers and others with whom they deal are not identified on international sanctions lists administered by the U.S. Department of the Treasury’s Office of Foreign Assets Controls (“OFAC”).
These factors are likewise important to keep in mind prior to hiring foreign persons. An employer hiring a foreign person and sponsoring his or her entry into the U.S. under H-1B, H-1B1, L-1 or O-1A visas is currently required to certify on the I-129 immigration form that it has reviewed U.S. export control regulations and determined (a) a license is not required to release technology to the foreign person; or (b) if an export license is required, it will not release controlled technology to the foreign worker until it has received a license or other authorization to do so. If the company does not have the appropriate export control processes and procedures in place prior to hiring such a foreign person, there is a substantial risk the company will breach its certification. At the same time, companies must tread very carefully when deciding whether or not to hire an employee based on export control restrictions or risk potential employment discrimination liability.
Compliance with export control laws can be complicated, but an investment in understanding your company’s legal obligations can pay dividends by helping to prevent potentially disastrous consequences.