In doing so, I recognize there may not be much point in quoting NSDD-189 as chapter and verse to a Presidential Administration that chooses not to pay much attention to it — but so long as the Commerce Department statement attempts to refer to NSDD-189, it should do so correctly.

The first error is the assertion that not only is the deemed export rule consistent with NSDD-189, but that NSDD-189 “clarifies that the product that results from fundamental research is distinct from the conduct involved in the research.” Well, maybe it does clarify that the two are distinct — but the Directive categorically asserts that they are to be treated the same. The operational clause, of course, is that “no restrictions may be placed upon the conduct [emphasis added] or reporting of federally-funded fundamental research that has not received national security classification, except as provided in applicable U.S. Statutes.” So whether or not the conduct of research is differentiated from the product of research, neither one should be subject to non-classification controls.

The second error is the assertion immediately following the above one in the BIS statement that “The Export Administration Act (EAA) and the International Emergency Economic Powers Act (IEEPA), the principal statutes authorizing dual-use export controls, constitute applicable U.S. statutes within the meaning of NSDD–189.”

I looked into this very carefully while I was in the White House, and it is my considered judgment is that this last clause doesn’t actually mean anything at all. It certainly doesn’t mean that regulations established under the EAA or IEEPA automatically supersede NSDD-189.

Why is this clause meaningless? Because a President cannot unilaterally void Statute by issuing a Directive. (Well, this President probably thinks he can, but that doesn’t make it so.) Saying that Presidential policy as enunciated in the Directive shall prevail except as provided in Statute just states the obvious; a Statute trumps a Presidential Directive on matters that are specifically addressed by that Statute.

But if the statute does not specifically address information controls, it does not negate NSDD-189. When I was at OSTP with a joint NSC appointment, I reviewed the NSC files on NSDD-189 — and while it is clear that that this last clause was essential to getting the Directive signed, I am convinced that information that is controlled pursuant to regulatory systems authorized by Statutes such as ITAR or the EAR — as opposed to a specific statutory reference to information controls — do not supersede NSDD-189. This is for sufficient for several reasons:

1) All government actions are authorized by legislation, and all agency regulations derive their legal force only as provided in U.S. statute. An agency cannot issue, and in particular cannot enforce, regulations unless it has statutory authority to do so. Therefore, saying that any regulation issued under statutory authority qualifies as an exemption from NSDD-189 means that all federal activity is exempt from NSDD-189. Every agency’s actions, or at a minimum every agency’s regulations, taken under appropriate authorizing legislation, would be exempt. That renders the entire Directive meaningless, which cannot be what was meant.

2) The problem that led to the issuance of NSDD-189 in the first place was controversy over attempts in the early 1980s or late 1970s to subject publication of unclassified research and the participation of foreign nationals in conferences to ITAR controls. It seems highly unlikely that NSDD-189 would have been issued with no authority to govern the very practices that led to its issuance in the first place.

3) The NSC records of NSDD-189’s history have quite a bit of discussion of this statutory exemption. Nowhere in this discussion do I recall the Arms Export Control Act or the Export Administration Act being mentioned. The specific examples that were mentioned in the history were Section 148 of the Atomic Energy Act, which created UCNI (Unclassified Controlled Nuclear Information); Section 57b of the Atomic Energy Act, which restricts dissemination of information to foreign nationals; the various provisions restricting categories of information from release under FOIA; and Section 1217 of the FY1984 Defense Authorization Act (now 10 USC 130), which gives DoD the authority to withhold from public release unclassified technical data in its own possession. (See extract below.) This DoD language governs only data “in the possession of, or under the control of, the Department of Defense” and is therefore not relevant to what the government can prevent OTHERS from releasing:

Sec. 130. Authority to withhold from public disclosure certain
technical data

(a) Notwithstanding any other provision of law, the Secretary of
Defense may withhold from public disclosure any technical data with
military or space application in the possession of, or under the control of, the Department of Defense, if such data may not be exported lawfully outside the United States without an approval, authorization, or license under the Export Administration Act of 1979 (50 U.S.C. App. 2401-2420) or the Arms Export Control Act (22 U.S.C. 2751 et seq.). However, technical data may not be withheld under this section if regulations promulgated under either such Act authorize the export of such data pursuant to a general, unrestricted license or exemption in such regulations.

4) The wording of the exemption “except as provided in in applicable U.S. statutes,” to me, means that the statute must “provide” for controlling unclassified information, as opposed to setting up a general authority that an agency later chooses to apply to controlling information. For the latter interpretation, I think the phrase would have to read something like “except under general authorities provided in applicable U.S. statutes.” I believe the records bear this out — that the statutory authority must be explicit. I don’t recall any discussion in the records of use of “provided” versus other wording for this provision in the NSDD-189 documentation, but I do know that lawyers like to attach significance to particular choices of words.

Unfortunately, the NSC records that I base the bulk of this argument on are not, I think, available to anyone outside the NSC, so I don’t know how heavily one can lean what I found in them. But I found looking through that file to be highly instructive, and I’d hate for misinterpretations like the Commerce notice that are inconsistent with what I found there to be perpetuated.

(You can free to forward this to anyone or to quote from it, although the CSIS Commission on Scientific Communication and National Security White Paper on Security Controls on Scientific Information and the Conduct of Scientific Research (pdf) probably says it better.

Jerry