Re: Export controls (was RE: Documentation confidentiality level

Subject: Re: Export controls (was RE: Documentation confidentiality level
From: "Claudine CHAUSSON" <claudine -dot- chausson -at- jwaretechnologies -dot- com>
To: <techwr-l -at- lists -dot- techwr-l -dot- com>
Date: Fri, 23 Oct 2009 09:16:17 +0200

Well, I'm glad I work in France for a French company! I didn't know that you
guys, well those in "sensitive" fields, had that kind of constraints though
maybe if I worked for the government, things would be different.

Good luck with your projects!

Claudine


Claudine CHAUSSON
Technical writer
JWARE Technologies

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This discussion, particularly Janet's post, reminded me of a presentation
that we had from our corporate legal beagles, earlier in the year.

The topic was export controls and export categories.

Not only did we have to be very careful about which of our company-produced
weapons we shipped anywhere in the world, we equally had to be very careful
about what we said about them, and about whom we "spoke" to.

Oh, and did I mention that our products are
information-security/cryptographic software and hardware? Those are
considered "munitions" under the USA's HD* Act. Nothing that we make could
cause physical harm to a person unless they stood in a puddle and stuck a
fork ... but wait, we also baffle all the ventilation slots... they'd have
to chew on the power cord to electrocute themselves, or drop the appliance
on their heads to invoke a headache. Even licking the devices wouldn't do
it, since they're all RoHS-compliant (no heavy metals).

[* HD as in Humpty Dumpty, as in 'When I use a word', said Humpty Dumpty in
rather a scornful tone, 'it means just what I choose it to mean - neither
more nor less.' ]

Now, under export controls, especially ITAR, it is not merely illegal to
ship hardware, software, and technical manuals for same, to certain regions
and countries, it is illegal to even discuss them without the requisite
permits.

As one of our people was told, when he tried to parse what he'd just been
told, and asked: "So, if I attend an industry conference in (say) Paris, and
I talk about our products to the same (shallow) level of technical detail
that our Irish or Israeli or Russian competitors are talking about theirs,
I'm opening myself to charges under munitions-export laws?". . . yes. You
have exported prohibited data from the US to non-US persons. And by the way,
you can't sit in your office and say the same things on a conference call
that includes people out-of-country (same with online chat, e-mail...). If
you are talking to a company in an acceptable part of the world, you can't
know that one of their employees isn't from an unacceptable place.



The guy sitting a bit further down the table was shaking his head in dismay.
He was one of our (successful) product managers and business development
guys. "I can't do my job. It's illegal to do what I do every day!" Ren?
was gone within a month. Coincidence?

Meanwhile, definitions and ways of speaking/writing about your products are
critically important. At worst, you want your products to fall under the
general export controls regime. Unless it is intended only and specifically
for military use, you really, really don't want it being interpreted as
falling under ITAR. Suddenly the restrictions become crippling and you can't
be competitive because every move you'd care to make requires explicit
formal permission from the US State Dept. So, if your product is intended
for general markets, be very careful that it doesn't get sucked into the
munitions regime. The gods of four different major religions have to appear
and simultaneously vouch for you, before you can get a product OFF that
list.

But... what does being careful mean? Let's say you have a multi-terrain
vehicle that would be well-received by recreational users, forrestry
workers, rescue workers, ranchers, prospectors and surveyors,
energy-resource companies, and on and on, but it would also be a good seller
to military organizations, if modified for their use. Since you don't want
to have two separate production lines, you adjust your vehicle to have a
hole in the dash, the right size to accept the mount for a "standard"
military radio. They you affix a plate over the hole for the rest of your
market. Whoops! You've just caused your little vehicle to fall under the
wrong classification. Plate or no plate, the vehicle is now a "munition" and
can't be exported without serious and lengthy hoop-jumping for each and
every instance.

For something that performs cryptographic operations that would (say) secure
credit-card or inter-bank transactions, but which could also have government
or military application, you have to be careful how you talk about it, write
about it, etc. Never sell it to a government agency as your first customer -
always be able to demonstrate that, not only did you designate/intend it as
a commercial product, but the commercial marketplace demonstrated its
agreement with that assertion. Etc., etc., etc.

All subject to interpretation, of course.

All subject to retroactive re-interpretation by the PTB.

All of the above to suggest that merely labelling your stuff "proprietary"
or "confidential" or whatever isn't going to save you. :-)


- Kevin


The information contained in this electronic mail transmission
may be privileged and confidential, and therefore, protected
from disclosure. If you have received this communication in
error, please notify us immediately by replying to this
message and deleting it from your computer without copying
or disclosing it.





^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Free Software Documentation Project Web Cast: Covers developing Table of
Contents, Context IDs, and Index, as well as Doc-To-Help
2009 tips, tricks, and best practices.
http://www.doctohelp.com/SuperPages/Webcasts/

Help & Manual 5: The complete help authoring tool for individual
authors and teams. Professional power, intuitive interface. Write
once, publish to 8 formats. Multi-user authoring and version control! http://www.helpandmanual.com/

---
You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-

To unsubscribe send a blank email to
techwr-l-unsubscribe -at- lists -dot- techwr-l -dot- com
or visit http://lists.techwr-l.com/mailman/options/techwr-l/archive%40web.techwr-l.com


To subscribe, send a blank email to techwr-l-join -at- lists -dot- techwr-l -dot- com

Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit
http://www.techwr-l.com/ for more resources and info.

Please move off-topic discussions to the Chat list, at:
http://lists.techwr-l.com/mailman/listinfo/techwr-l-chat


Follow-Ups:

Previous by Author: Re: Documentation confidentiality level policy
Next by Author: RE: Click X, or click the X button?
Previous by Thread: RE: Cryptography
Next by Thread: RE: Export controls (was RE: Documentation confidentiality level


What this post helpful? Share it with friends and colleagues:

Sponsored Ads


Sponsored Ads