The document is a presentation by Clif Burns delivered at the Council on Governmental Relations meeting in June 2013, focusing on export control compliance challenges within the context of academic research and cloud computing. The presentation highlights a case involving the University of Massachusetts at Lowell, which faced a $100,000 fine—later suspended—for collaborating on atmospheric sensor research with SUPARCO, a Pakistani entity listed on the U.S. Entity List. The incident raised questions about whether the published research constituted "fundamental research" exempt from controls and underscored the complexities universities face in complying with U.S. export regulations.
Further, Burns elaborates on the evolving landscape of export controls in cloud computing. He discusses that while the U.S. Bureau of Industry and Security (BIS) clarified that cloud providers are typically not considered exporters, significant ambiguity remains regarding the responsibilities of cloud users, especially in relation to data storage and access by foreign nationals. The effectiveness of encryption as a safeguard is questioned, with limited guidance available from regulatory bodies such as BIS or the Directorate of Defense Trade Controls (DDTC). Overall, the presentation cautions that despite compliance efforts, universities and research institutions must navigate ongoing uncertainties in export regulations, particularly as they relate to digital data and international research collaborations.
