DDTC - Clarification of tokenization to secure ITAR-controlled technical data sent via internet 

June 12: The U.S. State Department’s Directorate of Defense Trade Controls (DDTC) issued a clarification in response to website postings regarding an advisory opinion on the secure transfer of technical data via the internet.


The State Department in late May 2014 issued a non-binding advisory opinion regarding whether tokenization may be used to secure International Traffic in Arms Regulations (ITAR)-controlled technical data. The advisory opinion stated that tokenization may be used to process controlled technical data using cloud computing applications without a license even if the cloud computing provider moved tokenized data to servers located outside the United States:

provided sufficient means are taken to ensure the technical data may only be received and used by U.S. persons who are employees of the U.S. government or are directly employed by a U.S. corporation and not by a foreign subsidiary throughout all phases of the transfer, including but not limited to transmission, storage, and receipt. Inclusions of transfers to foreign persons would require the appropriate authorization from the Directorate of Defense Trade Controls [emphasis in the new release]

Also, in all cases, the technical data must be sent by a U.S. person who is an employee of a U.S. corporation or a U.S. government agency. Transmission of classified information through this means, if sent or taken outside of the United States, must be also satisfy requirements of the Department of Defense National Industrial Security Program Operating Manual.


DDTC issued a statement to clarify that the advisory opinion is not intended to imply that “sufficient means” to accomplish the requisite assurance levels exists today technologically, nor does it suggest that tokenization by itself could achieve that end.

Additionally, the advisory opinion clearly stated that the use of cloud computing applications, even if through tokenization, was limited to receipt and use of unclassified technical data by U.S. persons who are employees of the U.S. government or directly employed by a U.S. corporation. Any transfer to a foreign person would require a separate authorization.

Read the DDTC release [PDF 216 KB] (undated but posted June 11, 2014)

For more information, contact a professional with KPMG’s Trade & Customs practice:

Douglas Zuvich

(312) 665-1022

Andrew Siciliano

(631) 425-6057

John L. McLoughlin

(267) 256-2614

Todd R. Smith

(949) 885-5617

Luis A. Abad

(212) 954-3094

Amie Ahanchian

(202) 533-3247

Or your local KPMG Trade & Customs professional.

©2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved.

The KPMG logo and name are trademarks of KPMG International.

KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent member firms. KPMG International provides no audit or other client services. Such services are provided solely by member firms in their respective geographic areas. KPMG International and its member firms are legally distinct and separate entities. They are not and nothing contained herein shall be construed to place these entities in the relationship of parents, subsidiaries, agents, partners, or joint venturers. No member firm has any authority (actual, apparent, implied or otherwise) to obligate or bind KPMG International or any member firm in any manner whatsoever.

The information contained in herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Direct comments, including requests for subscriptions, to us-kpmgwnt@kpmg.com.
For more information, contact KPMG's Federal Tax Legislative and Regulatory Services Group at:

+ 1 202 533 4366

1801 K Street NW
Washington, DC 20006.


Current and future KPMG clients may subscribe to TaxNewsFlash email alerts.

Email your contact information.

TaxNewsFlash-Trade & Customs by year