Decisions on exports demand complex multifaceted judgments about relative risks. Mistakes can be costly to U.S. national security, to the well-being of its economy, and to important relations with other countries. Successes, on the other hand, allow the United States to protect its key military advantages while reaping the benefits derived from advances made in foreign centers of scientific excellence. For the Department of Homeland Security (DHS), a successful export control process fosters the sharing of screening and detection technologies and the deployment of related equipment to protect U.S. citizens before terrorist activity reaches our own ports of entry. Although export controls affect a relatively small part of current DHS operations, the need to deal with export-controlled technology is growing, and the way that DHS organizes and operates its export control functions can bring substantial benefits both to it and to the export control system generally.
THE NEED FOR A DEDICATED ADMINISTRATIVE ENTITY TO PROVIDE STAFF SUPPORT ON EXPORT CONTROLS
Cabinet departments and agencies that participate regularly in the export control process, other than DHS, make complex judgments to balance risk through a dedicated administrative entity that speaks and acts for the entire department or agency. This experience is instructive. For a cabinet officer or agency official to act on a matter that, if unresolved, will reach the National Security Council requires a dedicated, knowledgeable, experienced professional staff. In some agencies with a specialized mission, such as the National Aeronautics and Space Administration (NASA), this dedicated staff is small. For other agencies with very broad missions, such as the Defense Department, this dedicated staff numbers 100 or more. In every agency, this staff is a part of the secretary’s or agency head’s headquarters operation.
This export control staff does not need to be large; the purpose is to support the secretary or agency head in making the best possible interagency export control decisions for action across the department’s or agency’s operations.
For example, NASA exports substantial amounts of controlled items and has extensive collaboration with other countries in export-controlled research and development. Currently NASA has about 20 people empowered to commit the agency as a regulated exporter and to train agency employees who export or release technical data. In addition, NASA has export control representatives and legal support at each major facility authorized to make physical exports and to release controlled technical data to non-U.S. persons. NASA does not have a policy role of the type appropriate for DHS, and the representation of DHS in the interagency process for export controls requires additional resources.
DHS does not have a centralized, headquarters-level export control staff. The components that are subject to export controls do their work largely independent of each other. The one exception is the Science and Technology (S&T) Directorate’s small export control staff, which reviews on behalf of all of DHS the commodity jurisdiction cases that come from the State Department.
THE NEED FOR A STRONG INTERNAL PROCESS TO MEET EXPORT CONTROL REQUIREMENTS
Ensuring export control compliance for any exporter—whether government or commercial—requires the following:
- Management commitment up through the highest levels of the organization.
- Resources, including appropriate staffing levels.
- Manuals, policies, and procedures to address
Classification and agency jurisdiction determinations, including a process for making determinations internally and obtaining government determinations when appropriate;
Licensing, including determining when licenses are required, submitting applications, and monitoring compliance with all license terms and conditions;
Technical data transfers, including a technology control plan where applicable;
Screening of all parties against various watch lists, including clearing false matches and addressing true matches; and
End-user and end-use verification.
- Monitoring and assessing compliance, including periodic self-assessments as well as external audits.
Coping successfully with export controls requires that compliance measures be identified and addressed in the development and acquisition processes for advanced technologies. Development may include participation in international technical conferences and exchanges that need to be planned and coordinated in advance. Acquisition may include several stages of product design and testing. Early consideration of export controls makes these processes more efficient.
The staff dedicated to export control matters in the S&T Directorate has made progress with development and acquisition policy. In July 2009 a data call was launched covering most directorate program managers, inquiring whether their programs were subject to export controls, and if so, what aspect of the program triggered the applicability of export controls. Because most elements of the S&T Directorate have had no experience with export controls, this data call required considerable work with individual program managers so that judgments about export controls could be made accurately. In 2009 the export control staff also began working with the Office of Procurement Operations to implement an amendment to departmental acquisition
regulations that requires contractors to know the export control status of projects on which they are working. A similar requirement is being put into place for grants. These requirements will allow DHS to inform the export control licensing agencies about technologies where DHS has an important interest at stake.
DHS is currently implementing a department-wide acquisition process that can be utilized to achieve the necessary early determinations of exposure to export controls. Appropriate acquisition processes would enhance DHS’s export compliance within the interagency process (for defense articles and services) and strengthen its ability to anticipate problems and find solutions to protect U.S. technologies being sent overseas.
THE NEED FOR AN ADEQUATE NETWORK OF INTERNATIONAL AGREEMENTS GEARED TO EXPORT CONTROLS
DHS has a substantial overseas presence with nearly 2,000 staff abroad based in nearly 80 countries as of 2008. Eleven DHS agencies and offices are represented overseas. The largest contingent is from Customs and Border Protection (CBP), with more than 1,000 staff overseas; and Immigration and Customs Enforcement, the Coast Guard, the U.S. Citizenship and Immigration Services, the Secret Service, and the Transportation Security Administration all support significant levels of staff abroad. These officials pursue efforts that span national borders to coordinate the protection of critical infrastructure, provide training and technical assistance to foreign counterparts, conduct outreach to private-sector organizations and individuals in the local communities, assess security conditions at foreign airports and ports, screen inbound-to-the-United States travelers, and liaise on investigations and share information. These international activities are rooted in different DHS components’ core operational functions as well as in specific congressional mandates, bilateral and multilateral agreements, federal strategic directives, and DHS strategy.1
International agreements provide a framework for handling two kinds of activities. First, DHS requires support for the identification, development, and acquisition of foreign technology; collaboration with foreign governments and private entities; and development and deployment of U.S. technology overseas. Second, given the evolving and complex nature of the terrorist threat, DHS must maintain a rapid-response capability. This involves both the capacity to surge human, financial, and technological resources where they are most urgently needed and the capacity to gain the cooperation of other countries quickly when a new threat is identified. Such responses will not always be high-tech, but they almost surely will require collaboration beyond the borders of the United States. An example of an international rapid response was the initiative to limit the volume of liquid in carry-on luggage quickly put in place in Europe, North America, and elsewhere after the discovery of the plot in August 2006 to smuggle the components for liquid explosives on board U.S.-bound airliners.
DHS has been active in negotiating basic international agreements to assist in its missions. The S&T Directorate, working with the Office of International Affairs, has put in place 12 international agreements on technology exchanges and has several more agreements in process. These agreements are intended to “encourage, develop, and facilitate bilateral science and
1 The DHS Office of Inspector General concluded that these activities taken together provide an imperative for active DHS engagement abroad. http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_08-71_Jun08.pdf. Last accessed November 3, 2010.
technology for Critical Infrastructure protection and Border Security.”2 However, the current agreements primarily cover work that is not affected by export controls, such as when the agency is exchanging commercial, off-the-shelf technology that is not subject to export controls or that may be exported without a license. This kind of work is at present most of what DHS does in the international sphere, and these agreements are useful in that context.
Under the current system, ongoing exchanges of technical data controlled by the International Traffic in Arms Regulations (ITAR) require a technical assistance agreement (TAA). These agreements usually cover technical studies or evaluations with foreign parties, providing overseas maintenance or training support, release of manufacturing data or rights, and efforts to import technology from abroad.3 This is a method, developed over the years, to accommodate the necessity that U.S. corporations and government agencies have to communicate with their employees or business partners who are working overseas. Without a TAA in place, literally every communication that involves controlled technical data would have to be licensed separately.
A TAA specifies the technical data to be exported, addresses the reason for sending controlled data abroad, identifies the persons to whom the data will be sent, and details the methods for protecting the data from disclosure to unauthorized persons. Person-by-person data-transfer permission is required for all recipients and any persons to whom those recipients might retransfer the data, and all of these persons must execute a written nondisclosure agreement. The State Department has an electronic form that may be filled out and submitted in appropriate cases. These agreements may be used only after signature by all parties and approval by the State Department. Once approved, they take the place of an export license.
The process of obtaining approval for a TAA under current State Department procedures requires exacting compliance with very detailed standards. The department completes the review and adjudication of these agreements within 60 days of receipt except where “national security exceptions” are applicable. Unfortunately, the exceptions vastly outweigh nonproblematic requests, and, moreover, include cases where congressional notification is required, governmental assurances under multilateral regimes are required, end-use checks are needed, or the Defense Department has notified the State Department that “an overriding national security exception exists.”4
DHS has begun work to obtain TAAs to cover some of its activities. The experience that DHS staff has gained from negotiating and seeking approval for these technical assistance agreements may provide additional practical insights into the international agreements.
When DHS works with foreign governments at the national (country-to-country) level, there are several existing channels that can provide safe passage through the export control requirements.
- In some cases, for example, Canada, the State Department has concluded arrangements under which a foreign government agrees “to restrict access to ITAR-controlled items to employees who are issued a minimum secret-level security
2 See, for example, the U.S.-Canada Agreement for S&T Cooperation for Critical Infrastructure and Border Security. http://www.dhs.gov/xlibrary/assets/agreement_us_canada_sciencetech_cooperation_2004-06-01.pdf. Last accessed March 22, 2011.
3 Guidelines for Preparing Agreements, p. 7. http://pmddtc.state.gov/licensing/documents/agreement_guidelines-Rev1B.pdf. Last accessed March 22, 2011.
4 Ibid., pp. 9–10.
clearance by the [foreign] government [and in which] the [foreign government] intends to ensure [that] secret-level clearances are not granted to personnel with ties to known terrorist groups or who maintain significant ties to foreign countries to which”5 the United States prohibits ITAR-controlled exports. However, it is likely that some modification of the TAA process is required to allow DHS the kind of rapid-response capability that it needs with international collaboration. DHS has only begun to engage the State Department in this area.
- The Defense Department uses general security of military information agreements to provide for the transfer of classified information to foreign governments. These are government-to-government agreements, negotiated through diplomatic channels, incorporating provisions under which each party affords to classified information the degree of security protection afforded to this information by the U.S. government. These agreements contain provisions for the use of information by the receiving entity, “third party transfers, and proprietary rights. [They specify] that transfers of information will be on a government-to-government basis [and require] that both parties report any compromise, or possible compromise, of classified information provided by the other party.” Under these agreements, “both parties permit visits by security experts of the other party for the purpose of conducting the reciprocal security surveys.”6
- The Defense Department also has a very specialized system for foreign military sales to provide for the transfer of defense items to foreign governments. An examination of this system indicates that an analogous process could have some applicability for deployment of DHS-sponsored technology abroad. Such a process, especially with close allies, could alleviate the problems inherent in the deployment of equipment incorporating sensitive technologies to private and parastatal entities that are often involved in the operation of civil networks in the DHS mission space. Under government-to-government agreements, the national government of the foreign entity could either be the recipient or take responsibility for the security arrangements to protect controlled technology.
DHS, however, often needs to work with foreign entities that may be entirely civilian and not a part of the country’s national security controls and with parastatal entities like airport or seaport authorities. At times, DHS may also need to cooperate and exchange information with foreign university or other scientific research centers that work independently. In these cases, there are far fewer existing channels through which DHS can operate. The protections that the Departments of State and Defense have put in place over the years, through the agreements they have negotiated, may not be applicable. It may be possible, however, for DHS to obtain through negotiations the guarantee of the national government’s military or defense security components to protect items exported to the government officials who work with these civilian entities.
5 State Department’s Arrangement with the National Defence on Dual Nationals. http://www.pmddtc.state.gov/licensing/agreement_canada.html. Last accessed May 26, 2011.
As a practical matter, DHS agreements covering international exchanges of technical data must deal in a clearly defined way with how foreign entities are protected against their technology becoming covered by the very restrictive requirements of the defense-related (ITAR) export controls. The problem of the extraterritorial reach of U.S. export controls may be a deterrent to international cooperation with DHS entities on antiterror problems when controlled technology is involved.7
DHS would be more effective in carrying out its national security mission if it addressed the current lack of the following:
1. A dedicated administrative entity at a sufficiently high level in the DHS to implement export control policies and processes internally and participate effectively in the interagency export control processes.
2. A strong, coherent internal process to meet export control requirements.
3. An adequate network of international agreements to support current or future foreign cooperation, acquisition, and deployment of export-controlled items.
Recommendations for Finding II
1. DHS should organize and augment its current staff resources for export controls, for example, by creating a dedicated administrative entity within DHS headquarters.
2. DHS should have a written plan for identifying projects or programs that may fall under export control requirements and for meeting export control requirements as part of its regular development and acquisition processes.
3. DHS should continue to build a network of international agreements that facilitate compliance with U.S. export control requirements.
A Dedicated Administrative Entity
DHS should organize and augment its current staff resources for export controls into a dedicated administrative entity within the DHS headquarters. Setting priorities and establishing management disciplines have been especially challenging for DHS because it is driven for much of every year by highly publicized national emergencies and is overseen by 108 committees and subcommittees of Congress.8 Departmental leadership has rarely engaged in export control
7 Purely foreign technology that is outside U.S. jurisdiction may become subject to strict ITAR export controls if it is brought into the United States and incorporated into a product that the State Department determines is a defense article. It is theoretically possible for a foreign manufacturer to maintain the purely foreign character of the original product, but any adaptation of the original product using technology associated with the U.S. product into which it has been incorporated could taint the entire product line, making the foreign product derived in part from ITAR-controlled technology subject to U.S. export controls.
8 See Appendix F for a graph of these committees.
issues and mostly during the recent Obama administration initiative to overhaul the way the United States manages its export control issues. A dedicated administrative entity for export control inside DHS would provide for continuity and management of this set of issues so that the senior DHS leadership would engage only if needed, and DHS would be fully staffed to support its leadership when such engagement comes about. This is the model used by the Defense, Commerce, and State departments.
The committee examined at length the central issues attendant upon its finding that a dedicated administrative entity is important to the effective functioning of the DHS in the export control area: (1) what such an entity would contribute to the department’s effectiveness in the export controls area; and (2) where such an entity would be located in the department’s organizational structure.
Functions of a Dedicated Entity
A dedicated administrative entity for export controls is worthwhile only if it would contribute significantly to DHS’s capabilities and the performance of its mission. The committee’s examination of the current situation indicated that important improvements could be achieved in the following areas:
- Establishing agency-wide policies, standards, and practices.
- Representing the DHS in interagency processes while relying on component expertise where appropriate.
- Establishing a review process for internal export control licenses.
- Monitoring technology transfer from the Defense Department for civilian use to meet the DHS’s missions.
- Engaging counterpart entities abroad.
- Ensuring export control compliance by components and contractors.
- Providing training to DHS components affected by export controls.
Lacking a single administrative focal point, DHS has no agency-wide organization or authority that coordinates and sets forth consistent and integrated policies, standards, training, and operations implementation; that serves as the recognized authority on export control expertise within DHS to provide advice on export controls to the individual departmental components; that represents DHS in the interagency export control process and builds effective relations with interagency counterparts; and that liaises with foreign authorities on department-level export control matters.9 The individual components of DHS usually deal with the State and Defense departments on an ad hoc basis. While the components may have their own individual equities well in sight, they do not have the bureaucratic weight to counterbalance the institutional strength of these other two departments, both of which have long-standing and well-resourced export control policy and licensing capabilities headed by a Senate-confirmed assistant secretary.
9 Former S&T Directorate Deputy Undersecretary Brad Buswell was the DHS “empowered official” to file for licenses with the State Department on behalf of DHS from 2008 until he left in 2010. As of fall 2011, it appears that no one else at DHS has taken on these duties.
For the counter–man-portable air defense systems technology to protect civilian aircraft, the export control issue was one of many reasons cited for ending the program in the 2010 final report. In hindsight, it is not surprising that the ITAR would have ultimately posed a formidable barrier to development if the program had continued. Yet there was no one high enough in the internal DHS bureaucracy with the export control expertise to question this very expensive research program. And given the original congressional mandate, only a very senior DHS official could have intervened successfully. Regarding the use of millimeter-wave technology to improve the capability of body scanners, the lack of senior-level attention to resolving the export control roadblocks very likely contributed to the delays in resolving the problem for more than a year and a half.
The Commerce, State, and Defense departments have senior political appointees with responsibility for managing the equities of those departments in the interagency process. DHS could be managing nearly all export control issues at this level if it had equivalent representation in the interagency process. The political appointees at the assistant secretary and deputy assistant secretary level often build relationships that lead to compromise and resolution of key issues without escalation to the secretary or deputy secretary level.
Location of a Dedicated Entity
The principal factor in locating a dedicated administrative entity is that it should have access to the secretary and responsibilities for dealing, on behalf of the secretary, with other cabinet agencies, which is an essential component of export control responsibilities.
The question of where to locate a dedicated administrative entity is complicated by the DHS structure that merged 22 formerly independent or semi-independent entities into one cabinet department. The DHS organization chart is set out in Appendix B. Seven components form the core of the agency’s operational structure: (1) the Transportation Security Administration, (2) U.S. Customs and Border Protection, (3) U.S. Citizenship and Immigration Services, (4) U.S. Immigration and Customs Enforcement, (5) the Secret Service, (6) the Federal Emergency Management Agency, and (7) the Coast Guard. Within the DHS secretary’s headquarters office, four undersecretaries and one assistant secretary (that DHS consistently seeks to elevate to an undersecretary position) manage most of the cross-component programs for the secretary. These are the undersecretaries for science and technology, management, national protection and programs, and intelligence and analysis, and the assistant secretary for policy.
There are no management directives that allocate responsibility and authority for coordinating export control issues. The current location of the export controls staff in the Science and Technology Directorate grew out of the extensive exposure to the restrictions imposed by export controls on the directorate’s efforts on a few high-visibility projects during the past few years. Continuing the staffing of export controls within the S&T Directorate is one option for agency-wide management of these issues, as the directorate manages much of DHS’s advanced scientific research.
A dedicated administrative entity for export controls could also be located in the Directorate for Management, which is responsible for budget, appropriations, expenditure of funds, accounting, and finance; procurement; human resources and personnel; information
technology systems; facilities, property, equipment, and other material resources; and identification and tracking of performance measurements relating to the responsibilities of DHS.10
A third option would be to locate the export control policy oversight in the National Protection and Programs Directorate. This undersecretary manages a broad array of functions, including cybersecurity; protection of all U.S. infrastructure (electrical grid, transportation, phone networks); protection of federal buildings (Federal Protective Service); management and effective use of the largest fingerprint database in the world (U.S. Visitor and Immigrant Status Indicator Technology); and, until the Obama administration, relationships with state and local governments (assistant secretary for intergovernmental affairs).11
Another option is to place the function in the Office of Policy, headed by an assistant secretary who functions as the equivalent of an undersecretary in the current organization. This office is charged with leading coordination of department-wide policies, programs, and planning, to ensure consistency and integration of missions throughout the entire department; developing and communicating policies across multiple components of the homeland security network; providing the foundation and direction for department-wide strategic planning and budget priorities; and bridging multiple headquarters’ components and operating agencies to improve communication among departmental entities, eliminate duplication of effort, and translate policies into timely action. Its current purview is to manage day-to-day policy making as well as strategic policy planning, especially where policy issues have implications for other departments and agencies.12
Yet another option is to have the function report directly to the secretary. The organization and span of control of the secretary has changed to some extent with each new individual who is confirmed to this position. For example, under Secretary Thomas Ridge, the appointed assistant secretary for intergovernmental affairs was a direct report to the secretary; under Secretary Michael Chertoff, this position reported to the undersecretary for the National Protection and Programs Directorate; while Secretary Janet Napolitano returned the position to its previous organizational alignment of reporting directly to the secretary. The current organization chart, set out in Appendix B, shows eight staff offices reporting directly to the secretary, together with four directors of centers for various staff functions.
The establishment of a dedicated administrative entity should lead to budget and other resource decisions being made as part of the regular annual budget process for the Department of Homeland Security. In particular, if this office is established by a management directive that specifies clear roles and responsibilities, both internally and in the interagency process, relative resource allocation decisions, linked to performance measures, would build an effective office over time. Currently there is no identifiable DHS budget for dealing with funding for export control policy and licensing functions, which are critical to fulfilling DHS's national security missions Without any budget authority, a substantial effort to deal with export controls is difficult to maintain.
10 See the home page of the Directorate for Management: http://www.dhs.gov/xabout/structure/editorial_0096.shtm. Last accessed May 26, 2011.
11 See the home page of the National Protection and Programs Directorate: http://www.dhs.gov/xabout/structure/editorial_0794.shtm. Last accessed August 16, 2011.
12 See the home page of the Office of Policy: http://www.dhs.gov/xabout/structure/editorial_0870.shtm. Last accessed May 26, 2011.
A Formal Planning Process for Export Controls
DHS should write a plan for identifying projects or programs that may fall under export control requirements and for meeting U.S. export control requirements as part of the regular technology development and acquisition processes.
DHS should establish early consideration of export control requirements in its agency-wide acquisition processes. DHS’s deployment activities tend to be carried out by its contractors in the private sector or by other public entities. Nevertheless, incorporation of early export control considerations in DHS acquisition processes for research, development, testing, and evaluation, as well as deployment, could bring about effective results in the interagency process and strengthen DHS’s ability to anticipate problems and find solutions to protect U.S. technologies it believes need to be sent overseas.13
A Network of International Agreements
DHS should continue to build its network of international agreements to help meet export control requirements. To be successful, these DHS international agreements must be numerous enough to provide a reliable network. One example in another context is the worldwide network of customs agreements under which the Customs and Border Protection agency works cooperatively with foreign customs inspectors to identify contraband and dangerous goods. Put in place over the years by CBP’s predecessor agencies, this network now numbers more than 60 agreements. The provisions vary depending on risk, but the ability of U.S. customs agents to work cooperatively, even in countries that may be relatively unfriendly or even hostile to the United States in other matters, is a useful model.
Current DHS basic international agreements were put in place primarily to facilitate exchanges that are not export controlled, or for which an export license is not required. Typically, they provide that the transfer of technical data “shall normally be made without restriction, except as required by applicable laws and regulations relating to export control or the control of classified data.”14 The agreements have extensive provisions for how the parties will deal with classified data, but none for how the parties will deal with export controls. In part, this likely came about because DHS had no internal processes itself for dealing with export controls, and in part because dealing with export controls was not a primary purpose of these basic exchange agreements.
13 Antitamper capability might also have a remediating influence when technologies are subject to defense (ITAR) controls. If a technology or device includes the capability to render it impossible to operate or reverse engineer by unauthorized persons, then the risks that are the basis for strict controls on export are reduced substantially and perhaps eliminated. There is always the problem of how much antitamper capability is enough to overcome Defense Department concerns that the underlying technology should be subject to rigorous ITAR controls, so this is not an automatic solution for research and development or production managers. In any case, antitamper capability is not practical to add at the end of a procurement process. Assessment of antitamper possibilities is best done at the outset of the project or when the designs are still in a relatively flexible state. The S&T Directorate’s development and acquisition process does incorporate requirements to consider antitamper capability whenever it is likely that ITAR controls might apply.
14 See, for example, the Agreement Between the Government of the United States of America and the Government of the Federal Republic of Germany on Cooperation in Science and Technology Concerning Homeland/Civil Security Matters. http://www.dhs.gov/xlibrary/assets/agreement_us_germany_sciencetech_cooperation_2009-03-16.pdf. Last accessed March 20, 2011.
DHS should systematically examine the possibilities to work within or extend existing U.S. international agreements established by other departments and agencies that provide for technical exchanges involving items that are export controlled. These agreements might provide a partial basis for achieving more rapidly the necessary technology-sharing and protection agreements with foreign governments.
To facilitate direct cooperation with parastatal and private-sector entities, DHS should work with the State Department to agree on acceptable terms for TAAs tailored to cover the kind of technology exchanges that DHS needs for effective participation in international conferences and meetings involving foreign scientists.