The rules governing access to controlled equipment and data vary depending on whether the access is covered under the EAR or ITAR, as follows.
(1) Dual-use (EAR-governed) inventory and technical data
As UChicago conducts its research activities under FRE, access to dual use laboratory equipment and technical data remains unrestricted, subject to three exceptions. These exceptions are noted below.
Exception #1: where a PI has received proprietary3 technology or source code (“data”) from a sponsor (federal or industrial) as background information or a research tool by which to conduct fundamental research, and this data is export controlled, then access to this data falls outside the FRE; the PI (likely a U.S. person as required by the NDA through which the data is received) is responsible for not sharing it with foreign national members of the research team. Where it is recognized as necessary to share such data and this is contemplated by the NDA, a deemed export license may be required in order for the foreign national to access the data.
In this context, proprietary technology or data means data that the sponsor intends to be confidential and not in the public domain. Not all proprietary technology is export controlled.
UChicago IT Services can assist in determining what qualifies as advanced cryptography for this exception.
Exception #2: where the proprietary technology specifically concerns technology for the development of advanced cryptography4 or source code containing advanced cryptography, then a deemed export license will be required prior to access by foreign nationals from Iran, Cuba, Syria, North Korea, and Sudan. Again, please note that such technology if self-invented at UChicago does not require a license for access by this category of foreign nationals, assuming the technology or code is intended for publication.
Exception #3: Fabrication or contract service work for an industry or federal agency partner: Where UChicago conducts fabrication and contract service work outside of fundamental research, the FRE does not apply. In this case, UChicago must determine whether a deemed export license is required. See also Sections below pertaining to spin-off entities and consulting relationships.
(2) Defense (ITAR-governed) inventory and technical data
Like the EAR, the ITAR recognizes fundamental research subject to the same framework of not accepting publication or citizenship restrictions, and requiring that all research be intended for the “public domain.” Hence, acceptance of any citizenship or publication restriction by a sponsor automatically triggers ITAR disclosure restrictions to research results classified as ITAR. Again, UChicago adheres to a strict policy of not accepting restricted funding from a government or industry sponsor (and regardless of whether UChicago is a prime or subcontractor) so that all research results are intended for the public domain.
However, accessing ITAR instruments or data is more restrictive than with the EAR: even where no restrictions are accepted from a sponsor as to the publication or dissemination of research results, ITAR controls still apply to any ITAR item or data used in that research to obtain those results. This is true regardless of whether UChicago receives such items from the sponsor or a collaborating institution, or procures commercially for purposes of conducting the research. Whereas the FRE (with only certain exceptions) allows access to equipment and data used during the course of fundamental research by foreign national faculty and researchers, ITAR restricts access to equipment and data where using it in any capacity discloses the inherent design, operation, or know-how that renders it ITAR controlled.
In this case, where a PI wants to provide access to a foreign national researcher, either UChicago will have to obtain an export license prior to access, or the PI will need to create a Technology Control Plan (TCP) to secure the item. The TCP is used to allow physical access to a commodity or virtual or physical access to technical data only to U.S. persons.
The only exception to this rule is the situation where the foreign researcher qualifies as a full time UChicago employee and where certain other regulatory criteria must be met. Even were this exception is met, the foreign researcher cannot transfer the ITAR-controlled data to any other foreign national, whether or not on the research team. This exemption does not apply to (i) the fabrication/service contract work conducted either by a faculty-owned (or non-university owned) spin-off entity where the university is not the entity granting access or; (ii) university-sponsored fabrication contract that does not constitute fundamental research. See section below on Fabrication Contracts and Spin-off Entities. As noted, separate from the restrictive access provisions under the ITAR, ITAR also requires licensing of foreign nationals when the research activity constitutes a “defense service” as defined above in Section c (2).
(3) OFAC-governed transactions pertaining to Cuba, Iran, Syria and Sudan
OFAC does not per se regulate access to specific laboratory equipment, technical data and research results the way that the EAR and ITAR do. Rather, OFAC regulates transactions involving certain embargoed countries. For example, research collaboration with an institution in Cuba or Iran requires an OFAC license, even if only data and no commodity were being transferred to one of those countries. Transferring any tangible materials to the OFAC-restricted countries or importing any item from them likewise requires a license. Providing editorial comment directly to a foreign national located in one of the OFAC restricted countries as part of a journal or peer review requires review on a case-by-case basis.
However, this restriction should be distinguished from those situations where research results are made publicly available by posting them on the internet or through a professional website that anyone can access. In that case, the fact that an Iranian researcher or institution downloads the item does not constitute an OFAC violation. However, at the point at which the Iranian institution seeks specific guidance from UChicago pertaining to publicly available information or seeks technical assistance of any kind, this activity may trigger a license requirement.
In this this context, proprietary technology or data means data that the sponsor intends to be confidential and not in the public domain. Not all proprietary technology is export controlled.
University of Chicago IT Services can assist in determining what qualifies as advanced cryptography for this exception.