Alexander Cotoia, Regulatory Manager at The Volkov Law Group, rejoins us for a posting on State Department’s plan to increase ITAR enforcement of controlled data transfers. Alex can be reached at [email protected].

During a plenary session of the Defense Trade Advisory Group (“DTAG”)  that convened on November 9, 2022, Deputy Assistant Secretary of State Mike Miller outlined a number of initiatives undertaken by the Directorate of Defense Trade Controls (“DDTC”)—the agency principally responsible for the administration and enforcement of the International Traffic in Arms Regulations (“ITAR”)—under the Biden Administration.

Chief among these initiatives is a renewed emphasis by DDTC on penalizing those responsible for the unauthorized transfer of ITAR-controlled technical data. Long considered a core national security priority, efforts to curb unauthorized dissemination of highly sensitive technical data are again gaining traction as geopolitical circumstances evolve and diplomatic tensions with countries like the Russian Federation and People’s Republic of China (“PRC”) continue to rise.

As DAS Miller noted, DDTC has noticed a precipitous increase in disclosures concerning unauthorized access to ITAR-controlled technical data by foreign person employees of U.S.-based organizations, as well as illegal exports of technical data based on improper classification or insufficient internal controls. Warning that any violations of the ITAR can “severely damage” U.S. national security by allowing potential adversaries to access key details concerning the “operation or capabilities” of weapon systems, DAS Miller implied that DDTC will be closely monitoring this development, and taking appropriate action against those who are culpable in violations of U.S. export controls.

While criminal cases brought under the aegis of the ITAR are relatively rare, conviction of criminal ITAR violations carry heavy consequences, including the imposition of criminal fines and penalties of up to $1,000,000 for each violation, and up to ten years in prison, or both for the most egregious violations. Earlier this year, Joe Sery, the former owner and chief executive officer of a California-based manufacturer of tungsten fragments, sub-assemblies, and other weapons grade components for military systems—plead guilty to a single count of conspiracy in connection with the unlicensed export of items and controlled data contained on the U.S. Munitions List (“USML”) to end-users in the PRC, India, and elsewhere.

Under the terms of his plea agreement, Sery admitted that, despite knowledge of U.S. export control laws that restricted the transfer of items and technical data contained on the USML, he entered into arrangements with various defense contractors to obtain ITAR-controlled technical data and in turn, exported that information to foreign nationals residing abroad. As multiple media sources indicate, Sery utilized an email address wholly unconnected to his company to secretly receive, disseminate and enable access to the controlled material in question.

On October 4, 2022, information retrieved from PACER—the public information database of the federal court system—reveals that Sery was sentenced to three months of incarceration followed by two years of supervised release. Sery was also ordered to pay a criminal fine of $250,000 to the U.S. Treasury. The case against Sery’s brother—an alleged co-conspirator in the underlying violations—remains pending.

DAS Miller’s comments and the San Diego prosecution should serve as a prescient reminder to organizations involved in the manufacture and distribution of articles and components controlled by the ITAR to review their practices and procedures for deficiencies that might be exploited to make illegal transfers of sensitive data to foreign individuals or entities.

Organizations that are involved in handling ITAR-controlled data of any sort should undertake a thorough risk assessment to ensure that all potential avenues for the distribution of such information are accounted for, and that appropriate controls exist to prevent unauthorized access and transfer. Such organizations should also train their employees regularly concerning the importance of adhering to the letter of the ITAR as it pertains to the receipt, storage, export and re-export of data controlled by the USML. While many organizations conduct initial export control training, it is a mistake to assume that this information—left unreinforced—will remain top of mind for busy professionals engaged in core operational activities. It is therefore incumbent upon the compliance function of the organization to insist on both initial export control induction and recurring training, preferably on an annual basis, to ensure that employees remain cognizant of their trade compliance responsibilities.