International Traffic in Arms Regulations

International Traffic in Arms Regulations (ITAR) is a set of U.S. government regulations that control the export and import of defense-related articles and services on the United States Munition List (USML). These regulations implement the provisions of the Arms Export Control Act, and are described in Title 22 (Foreign Relations), Chapter I (Department of State), Subchapter M of the Code of Federal Regulations. The Department of State interprets and enforces ITAR. Its goal is to safeguard U.S. national security and further U.S. foreign policy objectives.

ITAR regulations dictate that information and material pertaining to defense and military-related technologies (for items listed on the United Ststes Munitions List) may only be shared with U.S. Persons unless authorization from the Department of State is received or a special exemption is used. U.S. Persons (including organizations) can face heavy fines if they have, without authorization or the use of an exemption, provided foreign (non-U.S.) persons with access to ITAR-protected defense articles, services or technical data.

The list of ITAR-controlled defense articles, services and technology (collectively “USML items”) changes. Until 1996–1997, ITAR classified strong cryptography as arms and prohibited their export from the United States.

ITAR does not apply to information related to general scientific, mathematical or engineering principles that is commonly taught in schools and colleges or information that is (legitimately) in the public domain. Nor does it apply to general marketing information or basic system descriptions. These exceptions must, however, be treated with extreme caution: college professors have been prosecuted for breaches of the AECA as a result of access to USML items by foreign graduate students and companies have been penalized for alleged breaches of the AECA where they allegedly failed to properly remove USML items from material used to market defense articles. The U.S. government has also taken action (albeit unsuccessfully) for the export of technical data that was (allegedly) already publicly available on the internet.