Decision Tree Form

Note on Encryption Software
The sharing, shipping, transmission or transfer of almost all encryption software in either source code or object code is subject to U.S. export controls. Even most publicly available “dual-use” encryption code captured by the Export Administration Regulations (EAR) requires the availability of a License Exception. A License Exception under the EAR is an authorization based on a set of criteria, which when met, allows the exporter to circumvent export licensing requirements. The release of publicly available encryption code under the EAR is generally authorized by License Exception TSU (Technology and Software – Unrestricted) whereby the exporter provides the U.S. Government with a “one-time” notification of the location of the publicly available encryption code at the time the code is placed in the Public Domain.

In addition, U.S. persons are prohibited without prior authorization from providing technical assistance (i.e., instruction, skills training, working knowledge, consulting services) to a foreign person with the intent to assist in the overseas development or manufacture of encryption software that is subject to U.S. Government notification or authorization. This prohibition does NOT limit University personnel from teaching or discussing general information about cryptography.

Note on license exemptions during travel
Two license exceptions are available for the Northeastern community when the tangible export of items and software containing encryption code is necessary for travel or relocation:

The Temporary Export license exemption (TMP) allows those departing from the U.S. on university business to take with them, as “tools of the trade,” University-owned, retail-level encryption items such as laptops, personal digital assistants (PDAs), and cell phones and encryption software in source or object code to all countries except Sudan and Cuba, as long as the items and software will remain under their “effective control” overseas and are returned to the US within 12 months or are consumed or destroyed abroad;

License Exception BAG (Baggage) allows individuals departing the U.S. either temporarily (travel) or longer-term (relocation) to take with them as personal baggage family-owned retail-level encryption items including laptops, personal digital assistants (PDAs), and cell phones and encryption software in source or object code. The encryption items and software must be for their personal use in private or professional activities. Citizens and permanent resident aliens of all countries except Cuba, Libya, Syria, Sudan, North Korea and Iran may take (as personal baggage) non-retail “strong” encryption items and software to all locations except embargoed or otherwise restricted locations.

Note on Object versus Source Code
Source code is generally understood to mean programming statements that are created by a programmer with a text editor or a visual programming tool and then saved in a file. Object code generally refers to the output, a compiled file, which is produced when the Source Code is compiled with a C compiler. The object code file contains a sequence of machine-readable instructions that is processed by the CPU in a computer. Operating system or application software is usually in the form of compiled object code.

Note defining items in the question
U.S. persons are specifically prohibited from engaging in activities, either directly or indirectly, that support the proliferation of nuclear explosive devices and missiles to certain countries and their nationals without an export license. Furthermore, U.S. persons are specifically prohibited from knowingly engaging in activities that support the proliferation of chemical or biological weapons to any country and its nationals without an export license. Prohibited activities include direct support (through sharing, shipping, transmission or transfer), or indirect support (through financing, contracting, servicing, transportation, support or employment) that a U.S. person knows will facilitate the proliferation of these weapons of mass destruction (WMD) in or by those countries. In addition, an individual or organization is prohibited from proceeding with a shipment, transmission or transfer of equipment or software, or from a disclosure of information, with the knowledge that an export control violation has, or is about to, occur. Certain chemical and biological weapons agents and precursors are listed on the U.S. Munitions List (USML) at Category XIV and on the Commerce Control List (CCL) in Category 1 at 1C350 through 1C360.

Note on NDAs and Confidentiality Agreements
Northeastern faculty may be asked to accept confidential, proprietary, or export controlled data or material as part of a research project subject to a Non-Disclosure Agreement (NDA) signed by both the discloser and the recipient. Please note, the University, through NU-RES or CRI, must approve all such agreements. NDAs may include licensing agreements which limit or prohibit the disclosure or transfer of the licensed data or materials, therefore, negating the Fundamental Research Exemption (FRE).

In addition, if you accept confidential or proprietary information subject to a Confidentiality or Non-Disclosure Agreement, and the disclosure restrictions affect your ability to publish research results, the research itself will lose its characterization as “fundamental research” for export control purposes. Should the research entail information or software identified on U.S. export control lists, and you wish to have foreign nationals participate in the research, you may be required to obtain an export license because you have lost the “fundamental research” exemption.

Note on definition of a defense article
A defense article is either:

• Specifically designed, developed, configured, adapted, or modified for a military application, and does not have predominant civil applications, and does not have performance equivalent (defined by form, fit and function) to those of an article or service used for civil applications;
• Specifically designed, developed, configured, adapted, or modified for a military application, and has significant military or intelligence applicability (examples are nuclear, biological, or chemical weapons and satellite technology with military application); or
• On the US Munitions List (USML, the US State Department ITAR list).

Technical Data includes:

• Information, other than software, required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. Such information may be, but is not limited to, blueprints, drawings, photographs, plans, instructions and documentation.
• Classified information relating to defense articles and defense services.
• Information covered by an invention secrecy order.
• Software directly related to defense articles.

Technical Data EXCLUDES:

• Information concerning general scientific, mathematical or engineering principles commonly taught in schools, colleges and universities, information in the public domain, or information generated in the course of performing fundamental research.
• Basic marketing information on function or purpose or general system descriptions of defense articles.

Note: If you prefer not to make the classification on your shipment, please select not sure and NU-RES Research Compliance will help you with the classification process.

Definition of Commerce Control List (CCL)
Commerce Control Lists are generally designated by categories represented by the letters “A”, “B”, and “C” following the initial digit in an Export Control Commodity Number (ECCN). Examples are ECCNs such as 4A994, 5B001, and 1C351.

“A” category = Systems, Equipment and Components
“B” category = Test, Inspection and Production Equipment
“C” category = Materials

Definition of Export Administration Regulations (EAR)
The Commerce Control List (CCL) is maintained by the Bureau of Industry and Security (part of the US Department of Commerce) as part of the Export Administration Regulations (EAR). This list is sometimes called the “dual use” list, as the items on it may have either a military or commercial application.

Note: If you prefer not to make the classification on your shipment, please select not sure and NU-RES Research Compliance will help you with the classification process.

Definition of “technology” per the EAR
Specific information necessary for the “development”, “production” or “use” of equipment or software. Technology includes information subject to the EAR released in the form of technical assistance or technical data.

Technical assistance includes instruction, skills training, working knowledge, consulting services.

Technical assistance may involve transfer of export controlled information.

Technical data includes blueprints, plans, diagrams, models, formulae, tables, engineering designs and specifications, manuals and instructions written or recorded on other media or devices such as disk, tape, read-only memories.

Information that is, or will be, placed in the public domain, such as that generated by fundamental research, is not subject to the EAR and is exempt from export control regulations.

Definition of software code per the EAR
The EAR defines software code as a collection of one or more programs or micro-programs fixed in any tangible medium of expression. Software code is comprised of source code or object code:

Source Code: A convenient expression of one or more processes that may be turned by a programming system into equipment executable form (“object code” or object language).
Object Code: An equipment-executable form of a convenient expression of one or more processes (“source code” or source language) that has been converted by a programming system.

Note: College administrators have access to the University’s screening software, Visual Compliance, which will assist in screening across the lists referenced above. If you would like to know who in your college is a point of contact for screening, please email [email protected]

If you have not screened the individuals in your potential transaction, please select not sure and NU-RES Research Compliance will help you with the screening process.