How export controls apply to technical data uploaded to “the Cloud” is an emerging issue. Documents from the May 9, 2013 Defense Trade Advisory Group (DTAG) Cloud Computing Working Group meeting were recently posted on the Department of State Directorate of Defense Trade Controls’ website.
The Working Group, with representatives from a range of interested industries, sought to define Cloud Computing, review its current uses, assess the current impact of regulations, and provide ideas and recommendations for revisions to the International Traffic in Arms Regulations (ITAR) relative to Cloud Computing.
The DTAG noted that the solution to appropriate export controls on Cloud Computing was for the Department of State to amend the ITAR to recognize encryption as an effective means to protect ITAR-controlled technical data when no foreign persons are provided with access to the encryption key.
At this point, whether the Department of State will accept the DTAG recommendation through an amendment to the ITAR is unknown. However, the recommendation makes good sense given the obvious fact that encrypted data cannot be used in the design or development of a defense article unless decrypted.