The world of research security is a confusing environment to navigate with ever-changing policy initiatives, persistent threats from insider threats, and external targeting, all while upholding the valued open research and development culture in the United States. Of the extensive coverage that makes up a comprehensive research security program, the release of innovation beyond the U.S. border must comply with export controls and restrictions. Yet, one often-overlooked aspect of export controls, a deemed export, proves to be more difficult for research security teams to handle and ensure the protection of sensitive innovation. Research security teams can better prevent unintended loss by clearly defining a deemed export, understanding the factors that can cause deemed exports to be an issue, and recognizing the methodology foreign adversaries use to target U.S. research institutions.
Defining a Deemed Export
The first question often asked by research security personnel new to the field is, “what is the difference between an export and a deemed export?” The Export Administration Regulations (EAR) and International Traffic in Arms Regulation (ITAR), define an export as:
“An actual shipment or transmission of items outside of the United States. This includes standard physical movement of items across the border by truck, car, plane, rail, or hand-carry. Technology and software may be exported or reexported both physically and digitally, such as through email, telephone discussion, fax, posting on the internet, and a variety of other on-physical means.”
A Deemed Export is considered information or technology released to a foreign national living in the U.S. and specifies since they carry this knowledge with them, it will be exported to their home country. The concept further develops over national security and industrial espionage concerns when foreign nationals receive exposure to cutting-edge or dual-use technology that could benefit the development of similar products in countries adversarial to the United States. The EAR further defines that research and development is a deemed export when the technology is
- available to foreign nationals for visual inspection (such as reading technical specifications, plans, blueprints, etc.).
- when technology is exchanged orally.
- or when technology is made available by practice or application under the guidance of persons with knowledge of the technology.
Once any of these occur, the EAR deems that the information has been exported to the foreign national’s home country, assuming they will share what they learned upon return.
Factors That Can Increase Loss Through Deemed Exports
Having defined a deemed export and the methods of transferring the information, it is important for research security teams to understand the factors for consideration that influence a deemed export, both the increased difficulties and important protections.
One of the greatest considerations for research security teams and deemed exports is understanding and finding a balance between access for international students and visiting scholars while protecting the valuable innovation of the research organization. According to the Student and Exchange Visitor Program (SEVP), there were 1,523,758 visiting students in the United States in 2019 (Due to the effects of the global pandemic, IPTalons selected 2019). While the numbers reported by SEVP account for all school levels and do not define if the visiting scholar participated in the research, the critical factor is that foreign nationals make up a vital and influential aspect of the U.S Education System and Research and Development.
However, the increase in international students provides more opportunities for a research organization to lose valuable technology via a deemed export. Research security teams must adequately vet the application for visiting students to participate in specific laboratories or access particular technology. It is vital that during the vetting process determining who may or may not receive access, all applicants are judged unbiasedly and receive a fair determination. The method of vetting is complicated and influenced by a multitude of factors. It’s often suggested that organizations find outside vendors to conduct the vetting process, such as the deep-dive reports offered by IPTalons, to avoid bias and help make the proper decisions on acceptance and granted access. Once the organization determines who will have access to specific information, leaders in the research organization must remain mindful of the access the foreign nationals have to comply with EAR and ITAR.
Real World Example: Norwegian Scientist Sentenced for Violating Deemed Export Laws
A researcher from the Norwegian University of Science and Technology received an eight-month prison sentence for violating Norway’s export controls and national guidelines for research security. The researcher, Afrooz Barnoush, allowed visiting Iranian students to use laboratory technology without the proper licenses from the Ministry of Foreign Affairs. A colleague of Barnoush raised concerns to the University regarding the visiting student’s access. The School’s Dean of Engineering, Olav Bolland, commented on the case stating, “The ruling in the case clearly expresses that Barnoush has abused the trust inherent in his position by his actions and thereby deprived NTNU and the Ministry of Foreign Affairs of the opportunity to carry out export controls.” Furthermore, during the case, the court suggested that allowing the Iranian students access to the laboratory’s dual-use technology could aid Iran’s nuclear weapons program. However, the court reduced Barnoush’s sentence by four months, stating that there was a clear need for the University to clarify the guidelines surrounding visiting students and their access to sensitive laboratory equipment.
Another factor that research security teams must remember when balancing security and fairness involving a deemed export is the culture of the U.S. research system. The United States private and academic research institutions pride themselves on domestic and international collaboration. One of the championing aspects of the U.S. research culture is the attraction for international students and professionals to visit the U.S. and participate in groundbreaking research. Additionally, much breakthrough development and achievement are owed to the many hardworking international students and professionals that select the United States as their location of study.
Not only does this attraction to study in the U.S. benefit the organizations by increasing “brain power,” but there are also economic benefits. Therefore, when conducting investigations and protecting innovation, all research security teams must remain mindful of the open system culture and ensure that they do not discriminate. When dealing with a deemed export, it’s easy for research security teams to rely on stereotypes and contemporary fears. However, the teams must rely on due diligence and unbiased investigation to make decisions. IPTalons would like to remind anyone reading this commentary that “conduct, not culture,” is important when applying security to research.
Tactics that Foreign Adversaries Might Use to Steal Innovation Using a Deemed Export
It is much easier for U.S. export enforcement agencies, such as the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and the Department of Commerce, to protect exports leaving the United States in the traditional manner. However, a deemed export remains harder to protect for research security programs and Enforcement Agencies because of the nature of casual conversion, the excitement of sharing research, and the lack of direct oversight.
The struggle to protect technology against a deemed export increases when foreign adversaries target specific Universities or projects. Frequently foreign adversaries to the United States will target Universities or organizations that research dual-use technology or innovative technological breakthroughs. The targeting and theft of dual-use technologies allow foreign adversaries to advance their developments that could counter the U.S.’s military advancements. Furthermore, by stealing the technology, the hostile nations can save millions of dollars in research and development by funding individuals or programs that steal U.S. innovation rather than starting from scratch. Additionally, foreign governments save millions of dollars by stealing commercial innovation from the United States and going to market sooner with the finished product. When this occurs, U.S. taxpayers lose their money by funding U.S. research projects only to have the information stolen and purchase the product from the foreign competitor who stole it. According to the United States Government Accountability Office, the largest threats to the research and development of the U.S. are China, Russia, and Iran.
Research security programs should be aware that hostile foreign governments, such as the ones listed above, seek to steal U.S. technology through deemed exports. They accomplish this by preying on the open system of research the U.S. prides itself on. By leveraging “nontraditional collectors,” foreign governments will encourage individuals to get involved with U.S. research and development and return with knowledge that can advance their home country’s initiatives. Hostile governments might also use talent recruitment programs and academic collaborations to bypass traditional export controls and steal technology. Talent recruitment programs directly or indirectly recruit researchers to share and explain developments in their research. These programs allow foreign governments to bypass regulations and laws in the U.S. by exploiting the U.S.’s free society and ability to travel openly. Additionally, academic collaborations might unknowingly fall victim to foreign competitors when the intentions are not honest or expressed. Foreign competitors might leverage U.S. researchers’ excitement to collaborate, the desire to share advancements, and the opportunity for new experiences to outwit and steal the valuable innovation made by the researchers.
While IPTalons encourages collaboration, research security teams must do their due diligence to discover any possible hidden intentions in academic collaboration. These are some of the many ways foreign adversaries target and steal from the United States, but it is certainly not exhaustive. Research security teams must be aware of the many dangers facing their organizations, stay up to date with the best practices, and be aware of the ever-changing threats. A deemed export is not the only way competitors seek to steal U.S. innovation; however, it is one of the many loopholes they take advantage of to unjustly steal innovation belonging to the Government, corporations, and people of the United States.
Real World Example: The U.K. Exploited by Unclear Intentions
As reported by the Guardian, Imperial College shut down two major research centers with ties to Chinese companies. Both companies, The Aviation Industry Corporation of China and Biam, are leading suppliers of civilian and military aviation equipment in China and have strong ties to the Chinese military. The joint centers’ purpose was to advance civilian aviation technologies; however, critics of the centers argued that the technology produced was dual-use, suitable for both civilian and military needs. The critics explained that the research conducted at the centers was advancing Chinese military aviation equipment even though it was not the stated purpose of the research. The move to close the research center by Imperial college came shortly after both M15, and the FBI warned of the risk of economic espionage conducted by China through these partnerships. The decision to close the centers protects the research and innovation that the UK school produces and diminishes the possibility that stolen technology would further Chinese military advancements. The move to close the research centers follows a pattern of UK academic institutions weakening their ties to Chinese entities over concerns that their innovation in dual-use technology could assist human rights violations.
For more information or to ask questions, please email firstname.lastname@example.org. Our analyst and subject matter experts would also be delighted to continue the discussion. Or visit our website Iptalons.com
 EAR 734.2(b)(1) and ITAR 120.17)
 EAR §734.2(b)(2)
 EAR §734.2(b)(2)