Once upon a time, and long before the Internet, in a distant and dank corner of Washington, D.C., there lived an obscure agency called the Directorate of Defense Trade Controls (“DDTC”), which, among other things, kept watch, like a jealous dragon, over certain types of information that it believed it was destined to protect, information such as how to build a catapult or the best timber to use for a battering ram or the deadliest method for swinging a mace at an enemy. And it sent out a decree, far and wide, that anyone who should dare to disseminate such information without its permission, except in locked rooms with less than three other citizens present between the hours of midnight and dawn, would be sentenced to immediate gibbeting. Fortunately, there was no Internet, so few, in those days, were seen hanging in cages in Foggy Bottom.
Of course, this little fairy tale is a preface to the recent release by DDTC of proposed revised definitions of, among other things, the term “public domain” which, as you might imagine, does not mean to DDTC what it means to anyone else who speaks English. The proposed new definition seems to have been written by people who have heard of the Internet only as something the kids use to tweet things and post selfies.
The importance of the definition of “public domain” is that information about defense articles (like muskets and missiles) is not subject to export controls if it is in the “public domain” as defined in section 120.11 of the International Traffic in Arms Regulations (the “ITAR”). DDTC has previously taken the position that pictures on the Internet were not “public domain” because section 120.11 does not specifically mention the Internet. (Never mind, of course, that the definition includes information available “[a]t libraries open to the public” and that every single library in the United States, save apparently for the one at DDTC, has Internet terminals.)
The newly proposed rules, coming more than twenty years after the appearance of the World Wide Web, finally (and grudgingly) acknowledges the existence of the Internet. The new definition would define “public domain” to include information made available to the public through
Public dissemination (i.e.,unlimited distribution) in any form (e.g., not necessarily in published form), including posting on the Internet on sites available to the public;
Before you get to excited, however, there’s this: an exception that eats up the entire definition from any practical point of view.
(b) Technical data or software, whether or not developed with government funding, is not in the public domain if it has been made available to the public without authorization from:
(1) The Directorate of Defense Trade Controls;
(2) The Department of Defense’s Office of Security Review;
(3) The relevant U.S. government contracting entity with authority to allow the technical data or software to be made available to the public; or
(4) Another U.S. government official with authority to allow the technical data or software to be made available to the public.
So, you see a picture of a fighter jet on the Internet. Is it “public domain” or not? Will you get in trouble for re-posting it? Well, you have no idea because you have no way of knowing whether any official falling in the four categories above has authorized it to be posted. You probably can’t even tell who falls in category (3) or (4). In fact, nobody can probably tell which government officials fall in those categories.
DDTC attempts to address this issue with a note saying that if somebody else put the information on the Internet you are not breaking the law unless you “know” that they did so without authority. But does “know” mean actual knowledge or does it slide, like it often does, into not engaging in due diligence to determine that it was authorized? Your guess is as good as mine. So use the Internet at your own risk, unless you’re just posting selfies on Instagram.
For companies in the defense industry, this proposed definition is equally problematic if they use the Internet at all. Every time they post information on their own products, thinking that the information they are posting is already in the “public domain,” they need to ask permission from DDTC if they haven’t already done so. And, of course, since there are no time limits in the proposed definition, this issue would exist for everything the company has ever posted on the Internet.
Dark times for the Internet ahead when (and if, as is likely) this new definition goes into effect.