Bureau of Nonproliferation
October 15, 2001
Export Controls on High Performance
The United States has revised export controls on high performance computers (HPC) six times since 1993, the most recent revision occurring on January 10, 2001. The latest revision promotes our national security, enhances the effectiveness of our export control system and eases unnecessary regulatory burdens on both government and industry.
Review of Alternative Control Measures
The new policy controlled hardware and software products and technology. The former administration recognized that the controls would need periodic adjustment to ensure effectiveness, given the ever-increasing availability of commodity products, such as workstations and servers, of which millions are manufactured and sold worldwide every year. Until recently, the 1995 policy has been able to keep pace with this growth by adjusting hardware controls periodically to ensure that controls were only placed on computers that could be effectively controlled. Control levels have been based on a metric of performance that was well suited to the computer architectures of the mid-1990's -- that is, measuring performance in millions of theoretical operations per second (MTOPS) through a fixed formula.
In mid-1999, it became apparent that the growth in widely available computer hardware capabilities was outpacing the ability of export control policy to keep up. Then-President Clinton announced in July 1999 that hardware controls would be adjusted more frequently and that the administration would seek a more effective way to control the export of computational capabilities important for security and proliferation interests. The review, which began in the fall of 1999 and involved all relevant security and nonproliferation agencies and private sector experts, sought to address the realities of the computer hardware market. This included the continuing growth in single processor performance that can be aggregated relatively easily into multiple processor machines, and the advancements in interconnection capabilities that allow end-users to network large clusters of computers. The latter element has, in particular, become the single most important challenge to the ability to effectively control computer hardware.
The Clinton Administration concluded that there are no meaningful or effective control measures for computer hardware that address the technological and marketplace challenges identified during the review. The review found that the ability to control the acquisition of computational capabilities by controlling computer hardware is becoming ineffective and will be increasingly so within a very short time. This conclusion reflects our understanding of the level of hardware capabilities needed to address problems of national security and nonproliferation concern. Nevertheless, the review did find that there is merit in continuing to control national security and proliferation-related software.
Given these conclusions about the inability to effectively control computer hardware, the Clinton Administration preferred to remove most controls on computer hardware exports, including the existing controls on exports to Tier 3 countries. However, it recognized that the new administration needed an opportunity to examine such a proposal, and, that as a legal matter, the FY 1998 National Defense Authorization Act (NDAA - P.L.105-85) requires continued use of MTOPS to control computer exports to Tier 3 and Tier 4 destinations. Then-President Clinton decided, therefore, based on the advice of national security agencies, to revise the current HPC control policy in the short term consistent with legal requirements, and at the same time to propose a longer term strategy for the consideration of the next administration.
The Revised Controls
Tier 1- (encompassing Western Europe, Japan, Canada, Mexico, Australia, New Zealand, Hungary, Poland, the Czech Republic, and Brazil) and what was formerly Tier 2 (South and Central America, South Korea, ASEAN, Slovenia, and most of Africa) will be combined into a single Tier 1. Exports without an individual license will be permitted for all computers (i.e., there is no prior government review) destined for end-users/end-uses in this combined Tier 1. Lithuania became a Tier 1 country on May 19, 2001.
Tier 3- (India, Pakistan, all Middle East/Maghreb, the former Soviet Union, China, Vietnam, and the Balkans). A new level, 85,000 MTOPS, above which individual licenses will be required for all end-users in Tier 3 countries which became effective on March 20, 2001.
NDAA Notification. P.L. 105-85 imposed a requirement for companies to provide the Commerce Department with prior notice of exports for systems above a certain level to all Tier 3 end-users. Effective March 20, 2001, NDDAA notifications are not longer required to export to Tier 3 countries under License Exception.
Tier 4- (Iraq, Iran, Libya, North Korea, Cuba, Sudan, and Syria). There are no planned changes for Tier 4 countries, current policies continue to apply (i.e., the United States will maintain a virtual embargo on computer hardware and technology exports to these destinations).
For all these tiers, re-export and retransfer provisions continue to apply, and we will continue the policy of individual license review under the Enhanced Proliferation Control Initiative (EPCI), which provides authority for the government to block exports of computers of any level in cases involving exports to end-uses or end-users of proliferation concern or risks of diversion to proliferation activities (e.g., foreign nuclear weapons design laboratories). Criminal and civil penalties apply to EPCI violators.
The Commerce Department will continue to review its list of published entities of concern as a means of informing exporters of potential proliferation and other security risks. The Department will remind exporters of their duty to check suspicious circumstances and inquire about end-uses and end-users. Exporters are advised to contact the Commerce Department if they have any concern with the identity or activities of the end-users, and the Department will work to expand its efforts -- through public seminars and consultations with companies -- to keep industry regularly informed regarding problem end-users and programs of proliferation concern.
Enhanced Controls on Critical Applications Software