The rapidly deteriorating strategic environment has led Australia and its allies to realise the imperative for closer collaboration on defence and security issues. The most striking evidence of this is the heralded AUKUS agreement to share sensitive defence technology, including nuclear submarine propulsion, but also covering several other areas. The leaders of the UK, the US and Australia have all been clear about the importance of making this agreement a success. However, at the practical level, a number of administrative barriers remain, and unless they are urgently addressed AUKUS is unlikely to succeed.

In particular, if you ask anyone from the UK or Australia who has tried to collaborate with the US what four letters terrify them the most, the answer will be ‘ITAR’. For the uninitiated, ITAR stands for ‘International Traffic in Arms Regulations’, and controls the export of ‘munitions’ to anywhere outside the US, or indeed to any non-US national. Born out of the cold war, it covers defence materiel as well as related data or information—the lifeblood of today’s digital world.

The scope of ITAR is incredibly broad. ‘Munitions’ is defined broadly to include almost any advanced defence- or security-related technology, and there are no exceptions; specific approval is required for every export to every country. Rules on ‘transfer of data’ cover any verbal discussions or emails from a US person to any foreign (non-US) person. The regulations have extraterritorial impact—the recipient of the technology is prohibited from disclosing any aspect of it to another country, or even to any of its personnel who hold a third-party nationality unless explicitly authorised by the US government.

The US has shown an inclination to strictly enforce the letter of these regulations. Major compliance penalties of up to US$100 million have levied in recent years, including on major defence primes such as Lockheed Martin, Boeing and L-3 Communications. The government has made it clear that it expects all US defence companies to have robust compliance programs, and that all breaches of regulations are treated as a ‘strict liability offence’. There have even been examples of the successor or purchaser of a company being held liable for breaches that occurred before they took control.

From my own personal experience, the practical effect of this is often to stymie collaboration and innovation between allies, while providing no obvious reduction in security risk. My first experience of ITAR came when working on a joint UK–US research project. One of our team went to the US to present our work as part of a symposium and was somewhat shocked when, as soon as he stood up to speak, all the US contractors from a major prime walked out of the room, and then came back in as soon as he finished. It turned out this wasn’t due to some mysterious brand of corporate politics, but because their lawyer had advised them that, due to ITAR, they couldn’t participate in a joint conference with UK personnel. I’m still not sure why someone thought that simply listening to a presentation from a UK national constituted an export of US information to the UK, but it definitely shows how ITAR can create irrational fears that prevent sensible collaboration.

This episode made me understand a bit about ITAR and prepared me for a couple of years later when we wanted to set up a collaboration with a US partner. The first step was a visit to their facility in the US, but there was a catch—the facility was ITAR-controlled. It took eight months to get a ‘technical assistance agreement’, or TAA, approved to cover the visit, but finally we were ready to go. During this time, I had learned the importance of avoiding the extraterritorial reach of ITAR, which meant we had to be able to prove that no ITAR-controlled information received under the TAA was incorporated into anything that we supplied to a third country. I therefore instructed the leader of our delegation to make sure they got written confirmation of everything they had been shown that was ITAR-controlled. When the group returned from the visit full of excitement and enthusiasm, I asked for the list and was shown a blank piece of paper. Apparently, after all the delays and bureaucracy, their export control officer confirmed at the end of the visit that nothing they had seen or heard was covered by ITAR.

I know from talking to colleagues that my own experiences are far from unusual. It’s clear that the broad scope of ITAR, as currently written, coupled with a draconian enforcement approach, is creating both real and perceived barriers to effective collaboration. The one-size-fits-all rules of ITAR don’t work in today’s strategic environment. Regulations to control sharing of information must recognise there are also risks in not sharing information, through lost opportunities. This means the approach needs to be customised based on the country with which information is being shared and the technology domain involved.

The US, Australian and UK governments must find a route to create an open export licence between the three countries that covers all the technology areas contemplated in the AUKUS agreement. This would be a major boost to being able to actually realise the agreement’s strategic intent. Only through effective collaboration can allies achieve more together than any one country can individually. The strategic environment is not going to get any better any time soon, and the time for action is now.