We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

State Department Issues Advisory Opinion on Cloud Computing

Brian P. Curran

Brian P. Curran,

Washington, D.C.

16 June 2014
In a recent advisory opinion related to an exemption under the International Traffic In Arms Regulations (ITAR), the State Department confirmed that a company could use a data security method called "tokenization" to protect export-controlled technical data stored in the cloud on servers located outside the United States, provided the company satisfied the conditions of the exemption and took "sufficient means" to prevent foreign persons from accessing such technical data. Although the advisory opinion is quite narrow in scope, it is the first publicly-available formal position from the State Department on the ITAR implications of cloud computing.

The requesting company has posted a redacted version of the advisory opinion here, and the State Department has posted its clarification of the opinion – emphasizing the narrow scope of the opinion and taking issue with the company’s initial press release characterizing the opinion – here. Given the agency’s public objection to the company's original interpretation of the advisory opinion, exporters that use cloud-based services will need to continue to be very cautious about the storage of ITAR data on cloud-based servers and should consider seeking guidance from the State Department on these issues.

Read our Export Controls Alert on the advisory opinion here.

Brian P. Curran

Brian P. Curran,

Washington, D.C.

Loading data