To obtain copies of Office of the Assistant Inspector General for Auditing Reports, contact the Secondary Reports Distribution Division of the Audit Followup and Technical Support Directorate at (703) 604-8937 or FAX (703) 604-8932.
Introduction Public Law 106-65, "National Defense Authorization Act for FY 2000," section 1402, requires the President to submit an annual report to Congress, each year through 2007, on the transfer of militarily sensitive technology to countries and entities of concern. The National Defense Authorization Act further requires that the Inspectors General of the Departments of Commerce, Defense, Energy, and State, in consultation with the Directors of Central Intelligence and the Federal Bureau of Investigation,1 conduct an annual review of policies and procedures of the U.S. Government with respect to their adequacy in preventing the export of sensitive technology and technical information to countries and entities of concern. An amendment to section 1402(b), in section 1204 of the National Defense Authorization Act for FY 2001, further requires that the Inspectors General include in the annual report the status or disposition of recommendations set forth in previous annual reports issued pursuant to section 1402. This year, to comply with the fifth-year requirement of the Act, the Offices of Inspector General (OIGs) conducted an interagency review of the release of export-controlled technology to foreign nationals in the United States (FNUS) and compliance with the licensing requirements contained in the Export Administration Regulations (EAR)2 and the International Traffic in Arms Regulations (ITAR).3 Because the Department of Homeland Security also has responsibility for enforcing Federal export laws, the OIG for that agency participated in this year's review.
Background. The United States controls the export of certain goods and technologies for national security, foreign policy, antiterrorism, and nonproliferation reasons, under the authority of several laws, primarily the Export Administration Act of 19794 and the Arms Export Control Act of 1976. Both the Department of Commerce's EAR (for dual-use commodities) and the Department of State's ITAR (for munitions) restrict the export of controlled technology or technical data to foreign nationals working in or visiting the United States. This report uses the term "the release of export-controlled technology to FNUS" to describe deemed exports as defined by the EAR and the release of technical data to a foreign person as defined by the ITAR.5
Objectives. Our overall objective was to assess whether U.S. laws and regulations adequately protect against the transfer of export-controlled U.S. technology and technical information to FNUS from countries and entities of concern. Specifically, we examined whether U.S. academic institutions, Federal contractors and other private companies, and research facilities6 complied with licensing regulations for the release of export-controlled technology to FNUS and whether licenses were obtained, as necessary, for foreign national employees, students, and visitors. In addition, we assessed the Federal Government's implementation of the regulations for the transfer of export-controlled technology to FNUS. Specifically, we assessed whether the Federal Government's policies and procedures foster compliance with those regulations and whether those policies and procedures also provide a reasonable level of assurance that export-controlled technology is adequately protected and not released to FNUS without the proper authorization.
Review Results
Awareness of Export Regulations. Commerce, State, and Homeland Security OIGs found that each agency could improve its outreach program to raise awareness and understanding of regulations regarding the release of export-controlled technology to FNUS. Commerce, Defense, and Energy OIGs also found that some academic institutions, Federal contractors and other private companies, and research facilities lacked awareness and understanding of requirements for the release of export-controlled technology to FNUS. Overall, the lack of awareness and understanding of laws and regulations pertaining to the release of export-controlled technology to FNUS could harm national security if militarily sensitive technology is released to unauthorized foreign nationals.Compliance With Export Regulations. Commerce OIG found that its licensing agency, the Bureau of Industry and Security (BIS), was not performing on-site inspections or reviews to ensure compliance with Federal export laws and regulations related to controls over the release of export-controlled technology to FNUS. In addition, State OIG found that the Bureau of Political-Military Affairs, Directorate of Defense Trade Controls (PM/DDTC) did not perform Government audits to monitor compliance with export regulations, relying instead on voluntary disclosures by exporters and self-audits by entities. Finally, Defense and Homeland Security OIGs found that their agency-specific policies and procedures related to the release of export-controlled technology to FNUS did not ensure compliance with U.S. export regulations. Overall, the lack of compliance, monitoring, and adequate policies could degrade the integrity of the interagency licensing process, putting the United States at an increased risk of releasing export-controlled technology to FNUS from countries of concern.
Reexamination of License Exemptions. Commerce and Defense OIGs found that some of the Federal export license exemptions were broadly applied and might offer a means for a foreign national from a country of concern to circumvent regulations related to the release of export-controlled technology to FNUS. Several of the license exemptions outlined in Federal export regulations eliminate licensing requirements for a large number of FNUS. For instance, licensing exemptions in both the EAR and the ITAR apply to fundamental research and to foreign nationals with permanent resident status. The EAR also exempts publicly available technology and software that are already published or will be published or are educational. Commerce and Defense OIGs believe that broadly applied exemptions might allow the transfer of sensitive U.S. technology to countries or entities of concern and could ultimately affect national security.
Followup on Prior Interagency Reviews
As required by the National Defense Authorization Act for 2001, as amended, Appendix H (Volume II) provides the status of recommendations from previous reports. Appendix H also discusses the status of interagency OIG recommendations from Report No. D-2002-074, "Interagency Review of Federal Automated Export Licensing Systems," March 29, 2002, the only interagency report that included interagency recommendations, and the status of each agency-specific recommendation made in prior reports issued by the agencies.
Management Comments
There are no interagency recommendations in this year's report; therefore, management comments on the interagency report are not required. The participating OIGs made specific recommendations relevant to their own agencies. Recommendations, management comments, and OIG responses are included in the separate reports each office issued, which are in Appendix B (Commerce), Appendix C (Defense), Appendix D (Energy), Appendix E (Homeland Security), and Appendix F (State). Appendixes B, C, and D are in Volume I. Appendixes E and F are in Volume II, which is exempt from the Freedom of Information Act and restricted in its distribution. Appendix E is For Official Use Only (FOUO); Appendix F is Sensitive But Unclassified (SBU). Also included in Volume II is Commerce's addenda and Appendix H, which are both FOUO.
The CIA OIG report is classified (Confidential) and, therefore, is not included
as an appendix in this report. Please contact the CIA OIG's Executive Officer
at (703) 874-5368 to request a copy of the CIA report.
______________________________________________
1The Federal Bureau of Investigation
does not play an active role in the licensing process for export-controlled
technology and,
therefore did not participate in this interagency review.
215 Code of Federal Regulations, part
730.
322 Code of Federal Regulations, part
120.
4Although the Act last expired on August
21, 2001, the President extended export regulations under Executive
Order 13222, dated August 17, 2001, which invoked emergency authority under the International Emergency
Economic Powers Act.
5The ITAR restricts the release of technical
data to foreign persons in both the United States and abroad.
The use of the term "the release of export-controlled technology to FNUS" is a reflection of the majority
of the work performed in this review, but should not be interpreted as a limitation of the ITAR restrictions
to foreign persons in the United States.
6This term encompasses Government-owned
research facilities and Federally Funded Research and Development Centers.
Any comments or suggestions should be sent to: auditnet@dodig.mil