Are you “in the cloud”?
BIS recently released an advisory opinion on cloud computing that clarifies the deemed export rule for service providers. The original request was submitted in March 2010 and illustrates the difficulty in addressing the new and evolving methods of shared computing.
Cloud computing is an IT model that utilizes shared computers or servers in multiple locations. Users are able to use these services on demand without having to maintain the supporting infrastructure. In essence, the service provides outside IT resources for users to upload data, utilize applications, and retrieve the results. Under the opinion, service providers do not require a deemed export license for foreign national IT administrators that maintain these cloud computing systems. This remains true even if the data stored “in the cloud” constitutes technology under the EAR.
The logic for the opinion is that the service provider is not shipping or transmitting any commodity, software or technology subject to the EAR to the user. Therefore, the service provider is not acting as an “exporter” and would not be making a “deemed export” if a foreign national network administrator monitored or screened user generated technology.
Of course, the opinion only addresses the facts presented in the request letter, which limited IT monitoring of data when required by law, through automated tools or with user consent.