Joseph A. Schoorl · February 2012
80 GEO. WASH. L. REV. 632 (2012)
Use of online data storage services known generally as “cloud computing” could lead to unintentional violations of the United States’ dual-use export control regime, the Export Administration Regulations (“EAR”). Transmission of data to servers outside of the United States constitutes an export under the EAR. Depending on the nature of the data transmitted and the location of the foreign server, the users of these cloud services could be liable for violations of the EAR. This Note argues that the EAR’s fundamental reliance on the geographic destination of exports should not apply to the regulation of cloud computing. This regime threatens to undermine the development of an important technology without addressing the real threats that arise when U.S. companies store sensitive technical data on cloud servers. To remedy these failures, the Department of Commerce’s Bureau of Industry and Security should create a new license exception for the storage of technical data on the cloud. This license exception would make the physical location of the cloud computing server irrelevant for purposes of the EAR and ensure that export-controlled technical data stored on the cloud is secure and protected.
