By: Brooke Driver and John Black
Few would deny that technology has transformed our world—and our vocabulary. New connotations for words we thought we knew multiply daily, like overly-friendly rabbits. Surf, Browse, Like, Post—it seems no verb is safe from accumulating multiple meanings. Cody Wilson, founder of Defense Distributed, recently proved that even words that are already associated with technology can collect meanings—in this case, Print. Typically, this verb is innocent, associated with work projects, school papers and the inevitable frustrating paper jam. However, ever-changing technological advancement, and Defense Distributed, has transformed the action of printing into something uncontrollably dangerous.
Wilson, a law student at the University of Texas, has invented a 3-D printable gun, which he calls the “Liberator,” an appropriate name, as the downloadable weapon signifies a freedom from government restrictions on gun ownership and manufacturing. The gun is composed of 16 parts, all of which (except the firing pen and an additional metal part) are made from a tough, heat-resistant plastic used in products such as musical instruments, kitchen appliances and vehicle bumper bars. The printable handgun is functional, if not high-quality. It is designed to fire standard rounds, and its interchangeable barrel can even accommodate different calibers.
On May 8th, Wilson received a letter from the State Department Office of Defense Trade Controls Compliance regarding the online blueprints for Defense Distributed’s 3-D-printable handgun, the so-called “Liberator,” and nine other 3-D printable firearm components. The letter demanded that Defense Distributed remove these blueprints, released on its website (Defcad.org) only three days before, until Department officials have reviewed the files for ITAR compliance. The Department letter did not charge anybody with any violations. Instead, the letter just demanded the data be taken off the public servers. We have not seen any information that the State Department has charged any of the websites that currently make the identical data freely available.
In December 1984 the State Department removed the ITAR requirement that said companies could not put ITAR controlled technical data into the public domain without prior US Government approval. The ITAR says that once technical data is “public domain” there are absolutely no ITAR jurisdiction or restriction on the data. Prior to the Reagan Administration days, companies were prohibited from putting technical data into the “public domain.” For various reasons, in 1984 the State Department gave companies permission to put ITAR controlled tech data in the “public domain” and remove all export controls from the data. The tricky thing is that the data has to meet the ITAR definition of “public domain,” which might not reflect a common sense assumption about what public domain means.
So why did the State Department not charge Wilson if what he did was illegal? We do not know. (But we do know it is easier to threaten and bully with a letter than to win a case in a legal proceeding.) Why is the State Department not going after the others who have the identical data on their web site? We do not know. Why is the State Department not charging other companies that put other ITAR tech data on their web sites? We do not know.
Deputy spokesman Pat Ventrell said, “Exports of non-automatic and semi-automatic firearms up to 50 caliber are controlled under the U.S. munitions list. In accordance with the Arms Export Control Act, any person who engages in the US in the business of manufacturing or exporting defense articles, furnishing defense services, or engages in arms brokering covered by the International Traffic in Arms Regulations (ITAR), is required to register with the state department.”
Pat Ventrell failed to mention that if your only action is creating technical data, you do not have to register. Pat Ventrell failed to mention that “public domain” data is not a defense article in the first place.
Although Wilson plans to comply with the Department’s request, he also acknowledges the likelihood of its ultimate failure: “All such data should be removed from public access, the letter says. That might be an impossible standard. But we’ll do our part to remove it from our servers.” As Wilson implies, however, simply removing the files from the website will not erase them from public access; during the first two days the plans for the Liberator were available for download, 100,000 people downloaded them from a New Zealand-based storage service called Mega, created by ex-hacker and entrepreneur Kim Dotcom and obviously not subject to US regulations. The file may remain available for download on Mega’s servers. The blueprints for the 3-D printable gun have also made their way to the Pirate Bay, a censorship-resistant filesharing site.
Wilson claims that the company is legally protected from consequence through the ITAR “public domain” exemption for non-profit public domain releases of technical files designed to create a safe harbor for research and other public interest activities. Defense Distributed can only qualify for this exemption if its files are stored in a library or sold in a bookstore, but, while his reasoning seems farfetched, Wilson argues that Defense Distributed fits that requirement, saying that files on the company’s site can be accessed through a library computer and that they have been sold in an Austin, Texas bookstore (which he conveniently declined to name, in order to protect the owner).
While Wilson might not quite understand ITAR “public domain” but he does point out the fact that the definition as it was revised in 1984 did not anticipate the existence of the internet as a method of sharing information. The 1984 revision said you may make technical data “public domain” by handing it out at open conferences or trade shows in the United States, making it available in public libraries, or making it available in a bookstore but failed to include the internet—We assume that is because nobody knew what the internet would become.
Because “public domain” does not include the internet, many companies use the “library stretch” interpretation to justify putting their ITAR tech data on websites open to the public. “Public domain” applies to technical data that is “generally accessible or available to the public” through any of the means in 120.11(a)(1) – (8). 120.11(a)(4) says “public domain” includes technical data generally accessible or available to the public “at libraries open to the public.” The “library stretch” argues that if I can go into a library and see the information in a book or on the internet in a free to use PC in the library, it is accessible and thus “public domain.” The “library stretch” is a reasonable and defendable interpretation, but it might not be literally what the ITAR says.
Maybe somebody should tell Wilson to get his tech data on a bookshelf so he can exactly meet the requirements of 120.11(a)(1).
Wilson does not consider the attempted censorship a defeat, stating that the government’s actions and its probable failure to suppress the Liberator help communicate the pitfalls of the current arms regulations system: “This is the conversation I want,” Wilson says. “Is this a workable regulatory regime? Can there be defense trade control in the era of the Internet and 3D printing?”
An apt question and one that Wilson’s case seems to answer strikingly.
The full text of the letter:
United States Department of State
Bureau of Political-Military Affairs
Offense of Defense Trade Controls Compliance
May 08, 2013
In reply letter to DTCC Case: 13-0001444
[Cody Wilson's address redacted]
Dear Mr. Wilson,
The Department of State, Bureau of Political Military Affairs, Office of Defense Trade Controls Compliance, Enforcement Division (DTCC/END) is responsible for compliance with and civil enforcement of the Arms Export Control Act (22 U.S.C. 2778) (AECA) and the AECA’s implementing regulations, the International Traffic in Arms Regulations (22 C.F.R. Parts 120-130) (ITAR). The AECA and the ITAR impose certain requirements and restrictions on the transfer of, and access to, controlled defense articles and related technical data designated by the United States Munitions List (USML) (22 C.F.R. Part 121).
The DTCC/END is conducting a review of technical data made publicly available by Defense Distributed through its 3D printing website, DEFCAD.org, the majority of which appear to be related to items in Category I of the USML. Defense Distributed may have released ITAR-controlled technical data without the required prior authorization from the Directorate of Defense Trade Controls (DDTC), a violation of the ITAR.
Technical data regulated under the ITAR refers to information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles, including information in the form of blueprints, drawings, photographs, plans, instructions or documentation. For a complete definition of technical data, see 120.10 of the ITAR. Pursuant to 127.1 of the ITAR, it is unlawful to export any defense article or technical data for which a license or written approval is required without first obtaining the required authorization from the DDTC. Please note that disclosing (including oral or visual disclosure) or transferring technical data to a foreign person, whether in the United States or abroad, is considered an export under 120.17 of the ITAR.
The Department believes Defense Distributed may not have established the proper jurisdiction of the subject technical data. To resolve this matter officially, we request that Defense Distributed submit Commodity Jurisdiction (CJ) determination requests for the following selection of data files available on DEFCAD.org, and any other technical data for which Defense Distributed is unable to determine proper jurisdiction:
1. Defense Distributed Liberator pistol
2. .22 electric
3. 125mm BK-14M high-explosive anti-tank warhead
4. 5.56/.223 muzzle brake
5. Springfield XD-40 tactical slide assembly
6. Sound Moderator – slip on
7. “The Dirty Diane” 1/2-28 to 3/4-16 STP S3600 oil filter silencer adapter
8. 12 gauge to .22 CB sub-caliber insert
9. Voltlock electronic black powder system
10. VZ-58 sight
DTCC/END requests that Defense Distributed submits its CJ requests within three weeks of the receipt of this letter and notify this office of the final CJ determinations. All CJ requests must be submitted electronically through an online application using the DS-4076 Commodity Jurisdiction Request Form. The form, guidance for submitting CJ requests, and other relevant information such as a copy of the ITAR can be found on DDTC’s website at http://www.pmddtc.state.gov.
Until the Department provides Defense Distributed with the final CJ determinations, Defense Distributed should treat the above technical data as ITAR-controlled. This means that all such data should be removed from public access immediately. Defense Distributed should also review the remainder of the data made public on its website to determine whether any additional data may be similarly controlled and proceed according to ITAR requirements.
Additionally, DTCC/END requests information about the procedures Defense Distributed follows to determine the classification of its technical data, to include aforementioned technical data files. We ask that you provide your procedures for determining proper jurisdiction of technical data within 30 days of the date of this letter to Ms. Bridget Van Buren, Compliance Specialist, Enforcement Division, at the address below.
Office of Defense Trade Controls Compliance
PM/DTCC, SA-1, Room L132
2401 E Street, NW
Washington, DC 20522
We appreciate your full cooperation in this matter. Please note our reference number in any future correspondence.
Glenn E. Smith
Chief, Enforcement Division