Definitions

Controlled Technology

Technology or technical data identified in the U.S. Munitions List or the Commerce Control List that is related to the design, development, or production of equipment or software is considered controlled technology.

Transfers of listed technologies to non-U.S. persons or entities in the form of drawings, schematics, blueprints, research results, formulas, meetings, symposiums, classroom discussions, conversations, email, etc, are controlled. If any controlled information, technology, software, or equipment will be transferred to another party overseas or to a foreign party in the United States, a license must be obtained prior to the transfer unless a valid licensing exception or exclusion applies.

Export

Exports include:

• Transfer of controlled physical items to foreign countries or to non-U.S. persons in or out of the United States.
• Transfer or disclosure of information or technical data (even visual disclosure through observation) to foreign countries or non-U.S. persons in the United States or abroad.
• Provision of services outside the United States or to entities outside the United States.

Deemed Export

Release of technology or software subject to a foreign national in the United States is “deemed” to be an export to the home country of the foreign national under the Department of Commerce's Export Administration Regulations.

U.S. Person

A U.S. person can be:

• A citizen of the United States.
• A lawful permanent resident alien of the United States (green card holder).
• A documented refugee or other protected recipient of political asylum.

Non-U.S. Person

A non-U.S. person is anyone who is not a U.S. person. The law makes no exceptions for foreign graduate students. A non-U.S. person, also referred to as a foreign person, includes any foreign corporation, business association, partnership trust, society, or any other entity that is not incorporated or organized to do business in the United States. This definition includes international organizations, foreign governments, and any agency or subdivision of foreign governments (e.g., diplomatic missions).

Fundamental Research

Basic and applied research in science and engineering, where the resulting information is ordinarily published and shared broadly within the scientific community is considered fundamental research. Such research can be distinguished from proprietary research and from industrial development, design, production, and product utilization, the results of which ordinarily are restricted for proprietary reasons or specific national security reasons.

Research conducted by scientists, engineers, or students at any accredited institution of higher learning in the United States normally will be considered fundamental research.

Prepublication review by a sponsor of university research solely to ensure that the publication would not inadvertently divulge proprietary information that the sponsor has furnished to the researchers does not change the status of the research as fundamental research. However, release of information from a corporate sponsor to university researchers where the research results are subject to prepublication review will require further export review.

Prepublication review by a sponsor of university research solely to ensure that publication would not compromise patent rights does not change the status of fundamental research, as long as the review causes no more than a temporary delay in publication of the research results. 

Corporate Research

Research conducted by scientists or engineers working for a business entity (referred to as corporate research) will be considered “fundamental research” at such time and to the extent that the researchers are free to make scientific and technical information resulting from the research publicly available without restriction or delay based on proprietary concerns or specific national security controls.

Prepublication review by the company solely to ensure that the publication would compromise no proprietary information provided by the company to the researchers is not considered to be a proprietary restriction as long as the review causes no more than a temporary delay in publication of the research results. Similarly, prepublication review by the company solely to ensure that publication would compromise no patent rights will not be considered a proprietary restriction for this purpose, so long as the review causes no more than a temporary delay in publication of the research results.

However, the initial transfer of information from a business entity to researchers is not authorized under the “fundamental research” provision where the parties have agreed that the business entity may withhold from publication some or all of the information so provided.

Published (Publicly Available) Information and Software

Information is published when it becomes generally accessible to the interested public in books or periodicals available in a public library or in bookstores, or information that is presented at a conference, meeting, seminar, trade show, or other open gathering is considered to be in the public domain. An open gathering is one in which members of the general public are eligible to attend and attendees are permitted to take notes. Software is considered published when it is available for general distribution either for free or at a price that does not exceed the cost of reproduction and distribution. Encryption software with symmetric key length exceeding 64-bits will not be considered published for purposes of this definition.

Published Education Information

Most of the course material taught in U.S. universities is considered public if it is released by instruction in catalog courses and associated teaching laboratories. This does not apply to encryption software exceeding 64-bits.

Defense Service

The following situations are considered Defense Service:

• Furnishing assistance (including training) to foreign persons, whether in the United States or abroad, in the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing, or use of defense articles.
• Furnishing to foreign persons any technical data controlled under this subchapter (see Sec. 120.10), whether in the United States or abroad.
• Military training of foreign units and forces, regular and irregular, including formal or informal instruction of foreign persons in the United States or abroad or by correspondence courses, technical, educational, or information publications and media of all kinds, training aid, orientation, training exercise, and military advice.

Development

Development refers to activities related to all stages prior to serial production such as: design, design research, design analysis, design concepts, assembly and testing of prototypes, pilot production schemes, design data, process of transforming design data into a product, configuration design, integration design, and layouts.

Production

Production refers to all stages related to producing a product, including: product engineering, manufacture, integration assembly (mounting), inspection, testing, and quality assurance.

Use

Use refers to the following activities: operation, installation (including on-site installation), maintenance (checking), repair, overhaul, and refurbishing.

Technical Data

Technical data is defined as information that is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification of defense articles. This includes information in the form of blueprints, drawings, photographs, plans, instructions and documentation. It also includes software directly related to defense articles. This definition does not include information concerning general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities. This definition also does not include basic marketing information on function or purpose or general system descriptions of defense articles.

Resources

Georgia Tech Office of Information Technology

• Data Access Policy
• Encryption Best Practices
• Data Protection Standards
• Security Travel Tips

Federal Regulations

• Department of Commerce, Export Administration Regulations (EAR)
• Department of State, International Traffic in Arms Regulations (ITAR)
• Department of the Treasury, Office of Foreign Assets Control Regulations (OFAC)

Items, information, and software that are generally subject to export control laws and used in a university environment are set out on these two lists:

• U.S. Munitions List
• Commerce Control List

Reports and Case Studies

• “Don’t Let This Happen to You: An Introduction to U.S. Export Control Law” Commerce Department, Bureau of Industry and Security (BIS)
• BIS “Deemed Export” Frequently Asked Questions
• Institute of Electrical and Electronics Engineers OFAC Ruling
• Council on Governmental Relations (COGR) Export Information
• National Security Decision Directive 189 (Establishes "fundamental research exclusion"), September 1, 1985
• Export Controls and Universities: Information and Case Studies, COGR  
• Export Controls and Universities: Licensing Research, COGR  

Other Export Controls Related Resources

Select manufacturer Export Control Classification Number (ECCN) links:

• Apple Computer Inc.
• IBM
• Microsoft
• Oracle
• Blackberry
• Corporate Export Control Classification Database