This page provides general information related to the applicability of export controls to international travel, particularly as they relate to
- associated export of University equipment, including proprietary information; and
- special considerations for travel to sanctioned countries.
University travelers should review the University's policy Travel, Meals, and Entertainment Expenses Incurred on Behalf of the University (FIN-004) as well as the International Travel web page maintained by Procurement and Supplier Diversity Services prior to incurring any travel related expenses. Please consider taking advantage of the CISI Travel Insurance Program offered by the University free of charge to benefit eligible employees traveling on University business. In the case of international travel by University students please also review the University policy Student International Travel (PROV-010). International travelers may also be subject to the requirements of other University policies including, but not limited to FIN-055, Faculty and Staff International Travel.
The 2011 Security Brief on the Counterintelligence Threat to Academic and Scientific Travelers released by the Federal Bureau of Investigation provides a brief (2 pages) overview of common information gathering techniques used by foreign intelligence operatives (government and industry). The Brief also suggests some basic/commonsense precautions for academic travelers to take while on international travel. If you have concerns related to possible information gathering activities associated with your international travel please contact the Office of Export Controls; we will put you in touch with our local FBI office should you wish to make a report.
Note: The requirements addressed on this page only relate to University travel and University equipment, including laptops and other personal electronic devices purchased with institutional or grant/contract funds, not personal travel or the export of personal items.
The University Information Security Office provides guidance to University travelers and sets the University Data Protection Standards and policies governing information security. Please review the guidance and applicable standards and policies before taking your University device or data on international travel.
The export of University-owned equipment, non-public technical information and encryption source code are subject to export control regulations, which means a license may be required to take or send it out of the U.S.; technology developed by or at the University may also be subject to these regulations. In most cases, University employees may temporarily (<12 months) take common technology (e.g. laptop computers, commercial software, PDAs, cell phones and weak or publicly available encryption code) subject to the EAR to most international destinations without an export license. This is possible under the TMP or ENC license exceptions, provided the specific documentation and control criteria are met.
Neither TMP nor ENC may be used for technology subject to the ITAR, which includes but is not limited to equipment, components, accessories, and software designed for use with/in missiles, satellites, spacecraft or defense/military items and associated technical data. In almost all cases a license will be required to temporarily or permanently export technology subject to the ITAR; license processing times vary, so be sure to allow sufficient lead time (OEC recommends two months for ITAR license requests).
University personnel must complete the Temporary Export Certification form prior to taking University equipment, non-public technical information (generated by or provided to the University) or any University developed encryption source code with them on international travel.
Upon receipt of the completed form, OEC will perform a restricted party screening, export assessment, and review licensing requirements then provide the traveler with appropriate guidance in an email. Travelers are encouraged to submit the Temporary Export Certification request form well in advance since it can take several weeks to obtain an export license if one is required.
Proprietary information provided to the University under a non-disclosure or other confidentiality agreement about defense articles or commercial products (in production or in development) is generally considered to be export controlled and should not be taken out of the US or accessed from abroad without prior OEC review and approval. In order to prevent inadvertent export violations, OEC encourages travelers to remove all proprietary information from their electronic devices (University and personal) prior to foreign travel and to not access proprietary information stored on University servers while out of the US.
If there is a legitimate reason to take proprietary information out of the US, the same process described above for University equipment should be followed.
Capital or ETF Equipment
The permanent or temporary relocation of capital equipment (value > $5000) or equipment purchased with Equipment Trust Fund (ETF) monies must be authorized by Fixed Assets Accounting. Please visit Fixed Assets Accounting website or contact a staff member for more information.
Exports from the US are imports to the destination country(ies). International travelers must abide by the import laws and regulations of the destination country(ies) as well as US export controls. The import of encryption technology and encrypted information are specifically regulated by a number of countries; for example, both China and Russia prohibit the importation of encryption technology and encrypted information. Detection of such technology by customs and immigration officials may result in the confiscation of your electronic device, copying of your hard drive, deletion of the relevant files, significant delay on your entry into the country, and in some cases criminal prosecution. These restrictions can apply to authentication technologies such as VPN in addition to encryption software such as TrueCrypt or Cypherix. A compilation of the existing cryptographic laws and regulations by country is available at http://www.cryptolaw.org. A more detailed discussion of China's encryption restrictions is presented in Casting a wide net: China's encryption restrictions.
Per University policy (FIN-043) "all University activities that are to be conducted in, involve the participation of parties located in or will benefit a sanctioned country" must be reviewed and authorized in advance by the Office of Export Controls (OEC). All University travel to countries subject to a comprehensive program of economic and trade sanctions by the Office of Foreign Assets Control (OFAC), US Department of the Treasury, must be reviewed and approved by the OEC before funds are expended AND before travel occurs to ensure that all travel related activities are covered by a general license or that a specific license is obtained prior to travel. Failure to receive prior approval from OEC for travel to sanctioned countries may result in disallowance of costs and significant personal liability for the traveller should post-hoc review uncover export or sanctions violations. An up-to-date list of OFAC sanction programs please visit the Resources page of the OFAC website.
The following countries are currently subject to comprehensive or nearly comprehensive sanctions by the US government:
- North Korea
OFAC also maintains the following limited sanction programs: Belarus-Related, Burma (Myanmar), the Central African Republic, Cote d'Ivoire (Ivory Coast)-Related, Democratic Republic of the Congo-Related, Iraq-Related, Lebanon-Related, Libya, Somalia, Sudan, South Sudan-Related, Ukraine-Related (includes entities in Russia), Yemen-Related, and Zimbabwe. Generally speaking, the "related" sanctions programs do not apply to the named country, but rather to internal or external elements attempting to destabilize the named country or region; for example, the Ukraine-Related sanctions program prohibits interactions with certain Russian* individuals and entities. Although limited sanction programs do not typically impact University educational and research activities, a license from OFAC may still be required in some instances.
University personnel should use the following form to initiate the review process for any activities involving countries subject to either comprehensive or limited sanction programs:
In addition to the OFAC sanction regulation compliance issues, EAR license exceptions and exemptions are not generally available for the temporary export of controlled items or information to comprehensively sanctioned countries so an export license will likely be necessary for any accompanying University equipment or materials. In most cases, licenses will also be required to provide non-public technical information to a national of a sanctioned country in the U.S. or abroad. While licenses may be granted under the EAR, items and information subject to the ITAR or the Department of Energy's nuclear regulations may not be exported to sanctioned countries under any circumstances as both regulations contain a strict policy of denial for all such exports as well as associated services and assistance activities.
Contact OEC (email@example.com) for assistance with travel or other activities involving any sanctioned country or for questions related to the participation of nationals of sanctioned countries in your on-Grounds activities..
* 1/7/2019 - Exercise caution in China due to arbitrary enforcement of local laws as well as special restrictions on dual US/Chinese nationals. See the US Dept. of State website for more information: https://travel.state.gov/content/travel/en/traveladvisories/traveladvisories/china-travel-advisory.html
* 7/11/2014 - Due to the evolving situation in Ukraine, the Ukraine-related sanction program which includes sanctions against specific Russian nationals and their majority holdings is subject to change without notice. Please contact OEC immediately if you are considering travel to or other activities involving parties in Russia.