Do Your Projects Violate International Traffic In Arms Regulations?

From time to time we consider the ramifications of hacking prowess being used for evil purposes. Knowledge is a powerful thing, but alone it is not a dangerous thing. Malicious intent is what takes a clever project and turns it to a tragic end. Conscientious hackers realize this, and [George Hadley] is one of them. While working on a new project he wondered if there were guidelines as to what knowledge should and should not be shared. It turns out that the United States has a set of International Traffic in Arms Regulations that mention concepts we’ve seen in many projects. He wrote up an article which covers the major points of the ITAR.

The gist of it is that sharing certain knowledge, by posting it on the Internet or otherwise, can be considered arms trafficking. It’ll get you a not-so-friendly visit from government officials and quite possibly a sponsored stay in a secure facility. Information about DIY radar, communications jamming, spying devices, UAVs, and a few other concepts are prohibited from being shared. The one qualifying part of that restriction is that it only applies if the information is not publicly known.

57 thoughts on “Do Your Projects Violate International Traffic In Arms Regulations?

  1. In before the bots telling us all how great America is (no matter how bad it gets).

    I would recommend the book “They Thought They Were Free” by Milton Mayer.

    Bootlicking the police state will not keep the boot off your neck. Press on.

  2. Yeah, like I should trust a bunch of know-nothing lawmakers, who can barely SPELL “Internet” much less use it, to decide what is and is not safe for public dissemination.

  3. There really should be some where you can submit your project for an official ‘ok’ to publish. The thing is we as responsible makers don’t know what the gov has cooking. Our project very well could define the scientific principal that underlies the next generation of gov toys. Once its posted the damage is done , so we have to catch this kinda thing before it happens.
    Even a responsible maker cannot guarantee his project is ‘ok’ due to the secret nature of the situation.

  4. @Dosbomber: You shouldn’t, but be aware that ITAR restrictions aren’t about restricting what is safe for public dissemination, it’s about restricting what gets disseminated to any non United States persons in the interest of national security. ITAR really only applies to US citizens. The problem is interpretation. Any engineering drawing you produce, even if it’s a new shape of something that already exixts could be interpreted as engineering knowledge and fall subject to ITAR restrictions, making it unacceptable to distribute to any non US citizen or green card holder. This means you can’t post it on the internet.
    Has anybody had experience with this? We do custom schematics on HAD all the time!

  5. LOL.

    If you submit anything to these goons, they will ninny about it, stall, and pump the pomp to further justify their jobs. You have to realize these are humans who like to get paid, and if we even volunteer to submit just to be nice little patriots, it will turn into an entire system that in the end would require a background check just to have a compiler or a PC that is not in a Cloud (having *gasp! horrors!!!* its own applications installed on it that cannot be tracked and scanned).

    And if there is money involved – like a corporation that WANTS an open source project to go away so they can get post-facto $patents$ on it – then you can bet on them greasing politicians to make what is legal now illegal tomorrow.

    I guess people never learn but hey a lot of people were gassed while expecting only a shower too so what’s new here?

  6. Cryptography is\was a great example of this!
    Can you believe that an algorithm can be a weapon?
    Western government believe so!

    Several crypto algorithms are still considered “weapons”.
    Because “Cryptography may increase levels of privacy within the country beyond what the government wishes.”

    I don’t agree at all that there exists something that can be called “unsafe” knowledge… in a democratic and modern country there should be not a thing that should not be public knowledge!
    But this is my personal belief.

    Freedom IS knoweledge, if we exported knowledge and help instead of fake democracy and weapons to other countries perhaps the world could be better.
    “THANKS BUSH!” …

  7. @ Dokter Jeep
    hmm seems like an interesting read. i think ill go pick it up at my lovely local library. you know, i love my country and all, but with the state of the globe right now, it seems like our governing bodies are doing things back asswards. to be honest, ive become pretty dissapointed with this america.. its not this great nation i learned about in grade school

  8. Damage? What damage? It’s not country-vs-country anymore, it’s governments-vs-people. A rank-and-file Iranian, a rank-and-file Chinese and a rank-and-file American have more in common than each of them with a member of their respective governments. All the BS about “enemy nations” and “terrorism” is just a red herring to give us something to fear so we are easier to manipulate and do not look where we are not supposed to. When a magician makes gestures, watch his OTHER hand.

    Nobody has the right to restrict the publication of principles and applications of mathematics and physics, whether it is cryptography or engineering. We are the hackers, the makers – we have the tools to democratize the technologies and we should do so.

    The geopolitical interests of “nations” are often contradictory to the interests of the people. Don’t play their game. It’s dirty.

    Hackers of all countries, unite!

    @addidis: If everyone was “responsible”, one of the things we won’t have would be for example PGP (and its GnuPG successor).

  9. so apparently now if you want to invent you need to sign your life away to the us government and pray they let you invent than once you do they take the patient right and pay you a shitty government check

    were starting to look more and more like a military state, no? … i thought the patriot act was stupid

  10. @biozz- I don’t agree with it either, but that’s not what it says. This doesn’t limit what you can invent, just don’t share the design information with a member of any foreign nation.
    And yes, the Patriot act IS stupid.

  11. Nothing I’ve seen on this site would likely be a violation of ITAR. A simple FM transmitter with a mic is not a sophisticated or unique enough device to be relevant. It’s no different than exporting equipment to supply a radio station.
    The kinds of things that would be an issue include interface design documents for defense systems, research documents for defense systems, etc (and of course the systems themselves). Unless you work for a defense contractor, you likely don’t have access to anything that would be restricted under ITAR.
    You can whine about it all you want but at the end of the day, defense pays considerably more than being featured on HaD. :)

  12. Agree or disagree with ITAR, it is still the law, and there are still people that can potentially shut you down if you run afoul of the law. Unfortunately, claiming ignorance of the law just doesn’t cut it. If you do a DIY project, will you get drug into court? Odds are the answer is no BUT understanding the law and knowing your risks will help prevent bad things from happening to you.

  13. Information will always be free and US government can’t do anything about it.
    US government believe they can control stuff like this but they always seem to forget that there are 6.6 billion people living outside their “world” and that none of those give a damn about dumb US laws.

  14. @George: There are more dumb laws than you can shake a really long stick at. You are probably violating two or three just now merely by being alive and breathing. Ignoring the laws, and just not doing direct harm, is the only way how to live a life of an engineer instead of the life of a lawyer. Even the lawmakers themselves don’t read everything they vote on, why should we?

    ITAR is one of the sets of laws that will make more damage to mankind and hackerdom in general if obeyed than if ignored. Everything, including crossing a street or taking a bath, carries a risk. Anything you do, including doing nothing, can get you killed or sued. So do and share what you love, full steam ahead, and damn the torpedoes.

  15. Wellll … law…. I’m used to read techincal books… and in my everyday work and life, everything that is a rule is a simple and effective rule (yes, I’m a software developer).
    Also complex books are complex but are written to be understood by the reader with the required level of knowledge.

    Why reading a law to me looks like i’m reading an ancient mesopotamic\alien text?
    Sometime I suspect is because lawyers and government performs a simple “security through obscurity” rule :) they just make it so complicated to read and understand to casual people that they can have a job :)
    A way to justify their month incoming? :)

  16. @SP: The more likely hypothesis is that they are too dumb to write it clearly and unambiguously. In technology, these cases are weeded out by implementation practice (it just does not work, or is rather erratic and doomed to be replaced with something better, except if it is Windows). In law and politics such selection pressures are lacking and dumbness is allowed to grow into monstrous dimensions.

  17. @nave.notlic: I was unable to find any particular examples of hackers getting hit by this stuff. That said, university researchers often run into this stuff, and some maker projects (Adafruit’s wave bubble jammer, for example) seem like they could potentially enter the arena where this sort of thing should be thought about, at least.

  18. Typical over the top crap. The article mentioned actually has very little info apart from what subjects are mention in this terribly frightening law. Building a paintball tank out of plywood and 2×4’s is not significant info, neither is making a guided missle from some hobby servos and an estes rocket. Not one of the examples he gave got into any trouble.
    In fact I think this article only tells us something about the author: he is an attention starved reformed grammar Nazi that still likes to tell other people off.

  19. Contrary to popular belief 3-D printers may be covered under ITAR as well as more conventional legislation if the resolution is high enough to duplicate parts used in munitions, such as the firing pins.

    Also could be an issue if they can duplicate keys and suchlike, they have restrictions on this sort of equipment for a good reason.

    1. It’s even worse than that. Concrete can be used for military purposes as is, without any special steps. Just add water and you can make barriers or reinforce buildings. A laser cutter is able to do many of the things that a key cutter or 3D printer can do. If you want to cut keys, you do not need a key cutter. It just happens to be easiest. You’re right about general purpose devices or materials or even just information being theoretically covered. The Internet has pretty much made ITAR a dead letter in regards to controlling information once the general public gets it, regardless of what nationality that public is. They can of course still go after anyone they can prove sent the knowledge to a known agent (NOT used in the 007 sense, heh) acting for an enemy. So don’t be going and posting a link in an email to someone working at an Iranian university to something like a homemade radar system! X)

      The other thing is the ‘Friend of a friend of a friend of…’ concept. Pretty much once it’s in the public view, it’s impossible to know for 100% certainly when someone down the line does something illegal. There has to be a limit because even every member of the US Congress and armed forces has some short number of steps to one of their enemies.

  20. The only ire that 3D printers will draw is that some huge contractors were working on them and they don’t like it when some kid from out of nowhere builds one. When it’s time for the big contracts, it’s “lawfare” time for newcomers trying to compete.
    Ever wondered why the only people who have built a better mousetrap and raked in big bucks in the last 100 years just never seem to have their heads on straight, and go off supporting causes on their spare time (and lot of spare money) that make life complicated at least and difficult at worst? Example: Bill Gate and the eugenics programs.
    Now now, they don’t want just anybody to strike it rich. They might go and start foundations that actually make people more free or go on legal quests that create court cases changing legal precedents. We can’t have that. Only certain people are allowed to make the money, people who are part of the problem or spend it on toys.

    For everybody else, ITAR will be one of the tools used to take them down. There is a reason why missile tech was given to the Chinese in the late 90s and nobody went to prison. The company behind it was a big donor to both (D) and (R) politicians. To keep that out of the news they chased the president around for getting a hummer from an intern instead.

    The Supreme court just ruled that you can’t sue the state for wrongful prosecution, meaning that after you are accused of arms export, you get raided by SWAT, your equipment taken, and spend thousands in legal bills, they can walk away from it without a scratch or simply spend more tax dollars to charge you again with the same thing. The goal, the “lawfare”, is not really to put you away for good, but to shut you down so a friend of the state can take the tech and make the big bucks and the technology gets sold (by them) overseas anyway.

    This is how America works.

  21. ITAR also affects UK companies. Although my understanding of it was it only applied to military/arms related products that identified as such. So a Wideband jammer (aka a Wavebubble) is okay, but a military Wideband jammer (such as the UKs VIPER system) would need to be regulated. Please note that if it is going to be used on a military piece of kit, even if it’s just a sticker, it still comes under ITAR.

  22. ITAR only applies to defense articles, which means articles designed for military or dual use.

    An Air Filter for a Honda Civic? not ITAR-controlled.
    An air filter for an M-1 Abrams tank? ITAR-controlled.

    Boeing had a huge problem early on with the 787 project in demonstrating to the State Department that none of the composites technology used in the 787 came from work on the B-2, which would have made it dual-use and subject to ITAR restrictions.

  23. In that this is “the first tutorial in a tutorial series” My opinion on this subject quite possibly subject to change, perhaps several times. I’m a US citizen, and I’m no anarchist. In today’s be afraid, very afraid post 9/11 US it’s quite possible that over zealous law enforcement will misapply ITAR, simply because there are no real consequences for doing so. An equal amount of grief cam emerge from the private commercial sector, where they will hold all the cards in a dispute, because that’s how the plutocracy has the legislation written.

  24. The US Constitution says that speech and the press are free.

    No mere act of congress can change that, so I suggest we act like the documents founding our nation mean what they say, rather than what power-hungry politicians say they mean.

    1. It also says the Interstate Commerce clause is to protect states from anticompetitive laws from other states and not to come up with a huge national police for everything from guns to drugs to growing too much wheat (yes, really!).

  25. Didn’t know about the 747 thing – Quite interesting, but with what Boeing and Northrup Grummond have done, and continue to do, for the US government, you’d think they’d have at least a little leeway to use what they developed in-house in the public market.

    For the average hacker, though, I see this law as a sleeping/paper tiger. 99% of what any of us do is not “novel” in any sense that it could be interpreted as a serious threat to national security. With the open nature of resarch journals and the GLOBAL reach of the internet, the keeping of national secrets is wholly dependant on the virtue of those who know them – There is no such thing as an information border anymore.

    …However, here’s a hypothetical that I’m waiting for and would land someone in a deep, dark hole – Lets say some hacker finds a cheap and easy way to break the encryption used in air-to-ground communications. I’m assuming that the Chinese, Russians, Iranians and probably a few others can already do this – But the general public has no access to such technology. Once the hardware/software is posted online, game over – The US would need to retrofit its entire fleet… This law, along with a few others, would be invoked and whoever’s responsible would be at leavenworth or gitmo for the rest of their natural life…

  26. “The one qualifying part of that restriction is that it only applies if the information is not publicly known.”

    Now that’s what I call a loophole. Just send the information to me, I’ll put it on my website, at which point it’s publicly known. And I’m in Europe, so ITAR doesn’t apply to me.
    Then it’s publicly known, so you can publish it all you want.

  27. “A rank-and-file Iranian, a rank-and-file Chinese and a rank-and-file American have more in common than each of them with a member of their respective governments”

    hmm… let’s see:

    rank-and-file American: wants to live free, drink, and make money. Doesn’t really care about the rest of the world, but naively believes that everyone wants democacy and freedom, and that democacy and freedom will solve anything.

    rank-and-file Chinese: likely has little interest in Communism or democacy these days, wants to live free, drink, and make money.

    rank-and-file Iranian: might like to have a different president, but still wants to kill you degenerate unclean western dogs who want to live free and drink, and your slut-women who don’t wear veils.

    Yes, we’re hackers here. But let’s not believe the ‘everyone wants to be like me’ shit. You have more in common with a Sony executive than someone from another culture with different values and concepts of freedom.

  28. @foo
    When was the last time two democratic countries were at war with each other? I don’t think it is possible to impose democracy on a country because that would be an oxymoron, however, you don’t have an answer to the aforementioned question. You can’t force democracy the way the Americans have attempted but when it is found the end result is peace. As they have mentioned in the article, “Knowledge is a powerful thing.” Fighting ignorance with more ignorance is not the answer.

  29. @lurker: “Didn’t know about the 747 thing – Quite interesting, but with what Boeing and Northrup Grummond have done, and continue to do, for the US government, you’d think they’d have at least a little leeway to use what they developed in-house in the public market.”

    I’m not sure of all the fine print associated with this issue, so I’m not sure where the line gets drown. However, it is important to note that while the technologies were developed in-house, Boeing and Norhtrop were acting as contractors doing work for the military with military funds. As a result, the IP may not be 100% theirs.

  30. I find this so interesting and the level of fear so high that it is scary. ITAR covers military technology. Crypto is a good example. Crypto was primarily used by governments and the military. Some big corporations used it when sending telegrams to prevent industrial espionage. Thing is that all governments want the ability to wire tap “With a court order”. When the internet and computers became common crypto became wide spread and needed. The government relaxed the rules but if you think Crytpo is not a useful military technology you are just nuts.
    And people think that ITAR is new. No GE had to deal with it when they produced the CF-6 Turbofan in the 70s. It used some of the the tech from the F101 engine used in the B-1. GE and Pratt and Whitney have to deal with ITAR all the time because a lot of the improvements in jet engines come from military engines. Things like single crystal turbine blads and BLISKs come to mind.
    So do you want big corporations to have the ability to sell sensitive military system with out limitations?
    To be honest I doubt that you will have any issues with them coming after you unless you do something really dumb or really outrageous. Or think of it this way. Outside of PGP which was resolved have you heard of any hobbiest getting in trouble with ITAR rules?

  31. I’ve always wondered why there were so few details on home built radar devices… I always thought that would be a fun project to work on but have never had the time to do all the math and solve all the potential engineering problems for something like that.

    On the other hand I’ve never really asked. Anyone have any build details they might be up for sharing with a US citizen? :)

    1. Deserts have some of the worst winters of any climate. In fact, the precipitation definition of a desert includes every single mountain in the mainland US. New Mexico has frost in the winter, in the daytime and that’s in the flat lands! And the weeds still somehow grow near the roads with those extreme temperature changes every year. :)

  32. @Sam: A homebrew radar was exactly the project I was considering regarding the ITAR tutorial. The simple answer is, because knowledge used to develop the radar system comes from public domain sources (university textbooks and papers, mostly), ITAR should not be a concern.

    After doing all the work to figure this out, it seemed only reasonable to write up a tutorial on this for others. The tutorial in no way comments on whether the law is right or wrong (or a host of other things brought up by the commenters on this post), simply that it exists, and presents a potential risk (if you get sued, your ability to post more content to the web is severely hampered). ITAR doesn’t, in all likelihood, apply to virtually all makers and their projects, but people should have a basic understanding of the laws and take CALCULATED risks when going forward in their endeavors.

    Oh, and regarding the radar resources:
    http://www.mit.edu/~gr20603/Dr.%20Gregory%20L.%20Charvat%20Projects/$240%20High%20Res%20Rail%20SAR.html
    http://www.mit.edu/~gr20603/Dr.%20Gregory%20L.%20Charvat%20Projects/Cantenna%20Radar.html
    http://hackaday.com/2007/10/29/diy-ultra-wide-band-radar/

    Good luck!

  33. Anyone who thinks hobbyists wont get in trouble should read http://en.wikipedia.org/wiki/Bruce_Simpson and look for information related to his “cruise missile” project.
    He is in New Zealand but there is a lot of evidence to suggest that the action taken against him in New Zealand was carried out at the behest of the US government.

    Calling it a “missile” may have hurt him but the basic premise of his project was to take a very low cost jet engine, strap some stuff on it so it can fly and add a guidance system so it can fly without a human controlling it.

    Pretty much any kind of flying machine (rocket, model airplane, jet engine, whatever) capable of flying to a specific point without any human controlling it may be covered by ITAR

  34. Long story short ITAR as it is was a huge mistake.
    The law needs to be rewritten from the ground up.
    ITAR has not kept weapons out of the wrong hands just look at North Korea and Iran.

    What it has done was cripple the US aerospace industry.
    ITAR is such a load of bull European companies often advertize a product being ITAR free.
    The huge success of Ariane is partly due to ITAR making getting a payload launched in the US more difficult.
    The ATlas V for example is generally cheaper then Araine but unlike Araine it comes with the baggage known as ITAR.
    What to replace ITAR with this is very easy as the most European countries such as France have reached a good compromise of the right amount of security without the maddness.

Leave a Reply to DaveCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.