International Travel

Possible Issues

International travel raises several issues for researchers, as any trip outside the United States has the potential for the researcher to export both items and technical information that may be controlled. It is important to keep in mind a few simple points before traveling abroad.

First, the export-control laws do not distinguish between an item that is shipped and an item that is carried. Thus, if it is unlawful to ship an item to a certain country without a license, it is also unlawful to take it with you. Although laptops are ordinarily licensed by the manufacturers for export to most countries, you may not be permitted to bring the same equipment to an embargoed country without first securing a license.

Second, the destination of a researcher determines what export controls or regulations apply. There are several websites that researchers should check in advance of their departure.

Third, particularly if you are traveling to an OFAC-sanctioned country, you may need a license to spend certain funds in that country. As an example, under the Iranian embargo, you are permitted to spend money on hotels, food, or transportation without a license, but you may need a license from the Treasury Department in order to contract with local individuals and purchase certain supplies for research.

Fourth, travel abroad always involves meeting new people. Export control issues can arise when a researcher interacts with people during scientific discussions or conferences in which controlled technical information may be exchanged. There is no export control issue if the researcher is presenting research results that have already been published. However, if the data have not been published, the researcher must ensure that there is no technical information included that may be controlled. Although you are eligible for the fundamental research exclusion when you are studying on campus at an accredited university in the United States, the fundamental research exclusion does not apply when you are abroad, even if that new research takes place at an educational institution (including Harvard facilities) abroad.

Fifth, travel abroad may also involve engaging in transactions with individuals or business entities which may be restricted.

If you have any questions regarding your travel abroad, please contact ExportControls@fas.harvard.edu or InternationalCollaborations@fas.harvard.edu with related inquiries.

Electronic Devices and Encryption Software While Traveling Internationally

Introduction

When you leave the United States, you need to know your responsibilities under export control regulations. If you are traveling with your laptop or any other electronic devices, these items, along with the underlying technology, any data on your device, proprietary information, confidential records, and encryption software, are all subject to export control regulations. Some foreign governments have regulations that permit the seizure of travelers’ computers and the review of their contents. U.S. Customs officials are also authorized to review the contents of travelers’ laptops without probable cause and can be held until your return.

For these reasons it is recommended that you review the Global Support Services, International Data Security Guidance webpage prior to embarking on international travel with laptops, iPads, and other electronic devices.

Taking Electronic Devices

Researchers commonly travel with commercially available electronic devices such as laptops, iPads, cell phones, drives, and other digital storage devices. These items often come with pre-loaded encryption software, which is subject to the Department of Commerce Export Control Regulations (EAR). Many of these items can be temporarily exported under the EAR license exception “Temporary Exports-Tools of the Trade” (TMP) or Baggage (BAG).

The TMP License Exception provides that when laptops, PDAs and other digital storage devices (and related technology and software) are being used for professional purposes, returned within 12 months, kept under effective control of the exporter while abroad (i.e., kept in a hotel safe or other secured space or facility) and other security precautions are taken against unauthorized release of technology (i.e., use of secure connections, password systems, and personal firewalls), then the TMP License Exception might apply. The baggage (BAG) license exception covers personal items that are owed by the researcher and intended only for their personal use. These License Exceptions do not apply to Cuba, Iran, North Korea, Sudan, or Syria. You must contact the Export Control Officer before using either of these License Exceptions, as they are subject to record-keeping requirements.

Sharing Information While Traveling

You can freely take with you and exchange with anyone the results of fundamental research conducted on the Harvard University campuses. However, if your work involves technical data controlled for defense of non-defense work a license from the Department of State may be required. Contact the Export Control Officer for more information.

Encryption – Publicly Available

Harvard-owned computers are routinely equipped with PGP (Cambridge/HMS) or Credant (Mac Laptops) encryption software and are subject to export control regulations under the Commerce Department’s Bureau of Industry and Security (BIS) and its Export Administration Regulations (EAR). These products have been granted either an “Encryption Commodities, Software and Technology” (ENC) or “Mass Market” license exception. EXCEPT for export to any embargoed destinations (including any company or national of Cuba, Iran, North Korea, Sudan, and Syria), this license exception allows the transport of a University-owned or personally-owned computer to any country as long as the computer remains under the traveler’s effective control. As part of PGP and Credant licenses, end users agree that they will not export the software to a prohibited country or individual.

Countries that Restrict the Import of Encryption Products

Because encryption products can be used for illegal purposes, many countries may ban or severely regulate the import and export of encryption products. The import of your laptop with encryption software to certain countries could violate the import regulations of the country to which you are traveling, and could result in your laptop being confiscated, fines, or in other penalties.

Encryption – Developed at Harvard

Harvard researchers, including faculty, staff and students, who are developing encryption software need to be aware of export control policies, procedures, and their implications.

In most instances, encryption code developed at Harvard falls under the Fundamental Research Exclusion (FRE) and is not subject to export control laws and regulations. However, the FRE can be eroded if restrictions on the research exist. It is important that researchers make available any encryption code developed during the course of their research on a publicly available website as quickly as possible. Access to the code should be open and not subject to login or password requirements. Failure to make the code publicly available in a timely way may trigger the application of export control laws, including restrictions on “deemed exports” to non-U.S. citizens within the U.S.

“Strong” Dual-Use Encryption Code

While most encryption code should be posted immediately to a publicly accessible website, researchers must inform an export control officer before making software available if it falls under the definition of “strong encryption software.” Strong dual-use encryption is defined in the Export Administration Regulations, Part 774, Commerce Control List, Category 5 (Part 2) Information Security at 5A002 (encrypted hardware) and 5D002 (encryption software).

The above content is offered as guidance to individuals. It is intended as a general overview of issues related to the export of encryption software and is not exhaustive. Questions about the application of export control regulations to specific situations should be directed to your Export Control Officer or Ellen Berkman in the Office of General Counsel.

 

RESOURCES

Harvard University Information Security: Data Security Levels

Harvard University Information Security: Legal and Regulatory Data Requirements

Bureau of Industry and Security, U.S. Department of Commerce Commercial Encryption Export Controls FAQs

Bureau of Industry and Security, U.S. Department of Commerce “Is my item classified under Category 5, Part 2 of the EAR?

Harvard Global Support Services

U.S. Department of State International Travel Information