Mach 30 Export Control Review Process v1

Purpose

Mach 30 will proactively remain within the boundaries of all relevant Export Control (EC) laws. Additionally, Mach 30 will attempt to err on the side of avoiding even the perception of a possible EC violation.

Approach

EC has written guidelines, but ultimately it depends on the judgment of the U.S. State Department’s Directorate of Defense Trade Controls (DoS DDTC), whose decisions are often poorly explained, if at all, and can turn on a dime. Therefore, in the near term, Mach 30 will only pursue projects which are obviously clear of EC (EX: model and high-powered rocketry, education exemption in partnership with academic institutions, unaltered public domain).

Process

This is a draft review process, which is expected to evolve. The Export Control Task Force (ECTF) is responsible for this document and guidance through the review process.

1. Define the project and related topics in writing for future reference

1. Goals

1. what is the vision of the project?
2. what ultimate purpose does it serve?
3. how does it fit into Mach 30’s strategy?
4. to what use will the results of the project be put?

2. Technologies

1. what is the core technology the project will work on?
2. what other technologies are necessary to accomplish that work?
3. what words would an expert use to describe these technologies?
4. what words would an average person use to describe these technologies?

3. Inputs and Outputs

1. what are the project’s major milestones?
2. what previous projects does this one build off of?
3. what future projects will build off of this one?
4. does this project make use of any specialized, pre-existing knowledge?
5. does this project have any measurable or tangible outcomes?

4. Keywords

1. what keywords/phrases summarize the previous answers?
2. what additional keywords/phrases are relevant?
3. put those keywords into a thesaurus; what other relevant keywords appear?

2. Research the project’s relationship to relevant EC

1. USML

1. follow the DDTC’s Order of Review Decision Tool
2. run all keywords identified in the previous step through the text of the USML
3. run all keywords, along with words like “ITAR”, “USML” and “export control” through Google

2. CCL

1. run all keywords identified in the previous step through the text of the CCL
2. run all keywords, along with words like “EAR”, “CCL” and “export control” through Google

3. MTCR

1. run all keywords identified in the previous step through the text of the MTCR
2. run all keywords, along with words like “MTCR” and “export control” through Google

3. Document findings

1. summarize the topic(s) that are explicitly mentioned in EC regulations and/or professional analysis/discussion of EC regulations
2. explain any additional concerns
3. list searches and terms that turned up no relevant results

4. Triggers

1. if possible, define any measurable limits the project cannot cross and an appropriate margin for error
2. specify, or guess at, any future dates when relevant information is expected to be become available
3. maintain a clear distinction between information used as-is and any changes, additions, derivations, etc added by Mach 30

5. Reevaluate if a trigger is flipped. Repeat this process if there are any major changes to the project. Update this report at each major milestone.

Signoff

Mach 30’s Export Compliance Officer (or equivalent) will, at a minimum, review and approve/disapprove the results of this process.

Communication

It’s a good idea to compare the results of this process with the results of previous iterations through this process; check to see if the results are similar. Also, it’s a good idea to summarize the results and share them with other parties who should, or would want to, stay informed.

Based on ECTF meeting

• formalize process

• define the “problem statement”; be very clear about what is being asked/checked; formalizing the process can help ensure clarity

• what keywords apply to the topic
• verbs, what do you want to do (manufacture, test, compile, etc)
• what technologies do you want to work with
• what is the end result/goal

• should be recursive

• start with general concept
• refine the details
• compare to a list of known forbidden areas and known acceptable areas
• zero in on a gray area
• repeat

• should be periodic

• reevaluate on a regular schedule
• check at each major milestone or when design decisions reveal interaction with gray areas
• compare to new laws/rules/interpretations

• triggers

• major design milestones
• when design decisions come near to the edges of bounding box
• it’s okay to use something exactly as you found it (actual public domain, not just a random blog) but changing it, or fill in any blanks, or deriving anything from it requires additional review

• product(s)

• bounding box of the safe area to work in
• most current evaluation
• Export Compliance Officer (ECO) signoff
• Public Affairs (PA) signoff
• “this went through EC review” tag or badge or something that’s easy to apply to a project (like the copyright statement)