Confusing ITAR Implementation at GSFC
Confusing ITAR Compliance at NASA Goddard Space Flight Center
“On 28-29 August 2012, NASA Goddard Space Flight Center (GSFC) held a Systems Engineering Review for a potential geosynchronous Earth orbit (GEO) servicing mission. Despite stating that “Interested parties must register in order to attend” a number of participants have told me that they did not register in advance and just showed up. According to attendees, during the meeting, participants were openly encouraged to use their cellphones to take pictures of the materials shown on the screen – some (but not all) of which were labeled “predecisional”. None of the charts shown had any marking denoting that they were ITAR (International Traffic in Arms Regulations) sensitive in nature.”
Keith – foreign nationals have “Foreign National” stamped on the badge in bog bold letters. No need to carry passports around.
Yea and visitors have “visitor” on their badge – and like everyone else, the badges end up facing backward, get put in pockets, etc. I see it every time I am in a NASA facility. Visitor badges almost always require an “escort” but that is rarely enforced from my experience.
Don’t know about GSFC, but at Ames the visitor badges are on cheap plastic and I’ve seen people be pretty vigilant about confronting people who don’t have their badges on display. FN visitor badges are Red paper on red plastic, and very hard to miss.
I wear my badge whenever I am onsite at Ames but it always manages to face backwards, blank side out. I have never been asked onsite to show a badge – only at the gates.
ITAR has nothing to do with pre-decisional sensitivity. This information sounds like it is both. ITAR information is required to be marked as such. What you have described is a clear violation of the handling of ITAR information in many ways. Apparently, no one at NASA really cares about this. But ITAR is a State Department issue, they should investigate NASA.
I agree. What really surprised me is what NASA GSFC PAO admitted in their email i.e. what you suggest – that they do not know what the process is for ITAR sensitive material. What I wonder is what they discovered after the meeting that caused them to label it – but not do os before the meeting.
Unless there actually were foreign nationals present– and the post doesn’t state that they were– it’s not an ITAR violation. ITAR violations are for exporting sensitive information, not presenting information within the US. The people attending the review are responsible for not sharing information from the review with foreign nationals.
ITAR information also does not have to be have any marking stating “ITAR” on it to be ITAR sensitive, and the people attending had better know that– saying “it wasn’t marked ITAR” is NOT an excuse.
Unless there actually were foreign nationals present– and the post doesn’t state that they were– it’s not an ITAR
violation.
It’s not just foreign nationals that are a concern, but also “foreign persons”, who could be US citizens working
for a foreign owned company.
Part of the duty of the presenting agency is to check the identity and status of the audience members. It doesn’t sound like that happened.
ITAR violations are for exporting sensitive information, not presenting information within the US.
Incorrect. ITAR deals with the transfer of technical information to “foreign persons”, even within the US.
The people attending the review are responsible for not sharing information from the review with foreign nationals.
The responsibility starts with the person(s) generating the presentation, who should have marked the document properly for ITAR in the first place. There is no question about that.
I know there are people at GSFC who understand this, but I guess they haven’t gotten the clear message and process to all the troops yet. This should be investigated since penalties or sanctions could be applied, but it will probably be ignored until the press makes a big stink of it.
It is the responsibility of the owner of the technical information to have it assessed for ITAR. If it is ITAR, it must be marked as such. Before it is shared, the owner must verify that those who the information is given to are 1) US citizens and 2) have a “need to know” before the information is shared (or an exemption must be obtained from the State Department). Once the information is shared (and properly marked), the responsibility for further dissemination (see 1 and 2 above) lies with the holder of the information.
ITAR may not have been specifically violated in this specific case unless a foreign national received the information. However, this is the first failure in a potential sequence of events that could lead to an ITAR violation with this information later down the line.
In the private contractor world (ie. not FFRDCs), the consequences for getting even a little off the ITAR and/or Exports path results in investigations, fines, and career changes. There is frequent training and regular reminders on the law. Documents have to be correctly marked and ITAR is high on the list. It is infuriating to see NASA centers get away with this kind of behavior.
It is infuriating to see NASA centers get away with this kind of behavior.
Somebody needs to get called onto the carpet for this, but that’s not going to happen.
Specific ITAR incidents are extremely obvious, and are a “black and white” matter, just as the original Loral screwup that created ITAR guidance in the first place.
Theory of disclosure and/or diligence is a different matter entirely, as we all know in the maintenance of policy – nuisance level.
There’s always the contradiction caused by inviting commentary on proposals/plans in the early stage – if you straightjacket the event, you might miss important contributions. However, as has occasionally happened, things may be spontaneously brought up that invite clearance/authorization – happens all the time.
Then people have the discipline to talk around the subject, weigh the significance, and if it so demands, upgrade dynamically the proceedings to a “no foreign nationals” (or more) restriction before continuing. This has happened before at NASA in these kind of meetings. Or, they punt that item to another setting entirely.
Real as opposed to theoretic ITAR issues matter here most. Avoiding the “free test data / consulting”.
From the PAO response:In response to your query, the citizenship of all of the participants at the Review was verified prior to their admittance into the event.
The country of citizenship is not the only issue to consider with ITAR. US citizens who represent foreign-owned companies are considered “foreign persons”, so checking the passports or other ID at the door (if this was actually done) is still inadequate.
I’m amazed that the PAO would make such an egregious error. Don’t they run statements about ITAR through their ITAR legal compliance expert??
So what do you check then? Do you just ask them who they work for and hope for the best? It seems like the only way to be sure is to make this ITAR stuff completely private/secret… Oooh ITAR