International Travel & Export Controls
International travel on behalf of the university may be subject to export control regulations due to the technology, equipment, software, and technical data (in physical, digital or voice-transmitted form) being taken out of the country, and/or due to the travel destination.
Whether or not export controls apply, your overall responsibility is to maintain effective physical security of the university-owned equipment, software, and/or data. You maintain effective security over an item by retaining physical possession of the item or securing the item in such an environment as a hotel safe, a bonded warehouse, or a locked or guarded meeting or conference facility.
You must obtain prior approval via an Export Controls License from the applicable federal agency (e.g., U.S. Departments of State, Commerce, or Treasury) if you are traveling internationally with export-controlled items or information and/or to an embargoed country. Always work with the UM Research Compliance Officer to confirm your need of, and to apply for, a federal license.
In most situations, you will not need to obtain permission from the government nor take any special actions to comply with export rules because the items/information are not controlled for the destination; or the materials are considered “tools of the trade” for your discipline.[CE1]
- The laptops and other computing and data storage devices are standard, off-the-shelf products and are broadly available; and
- The operating system and any encryption capabilities are of the kind that are preloaded on the computers and do not allow for user revisions to enhance communications security capabilities; and
- All of the application programs are general, commercially available software that either do not perform technical analyses; or, are scientific or engineering programs that are commercially available for general purposes (e.g., for electric field calculations not associated with a specific product); and
- All of the data stored on the computers or storage devices is publicly available (e.g., published in journals or on the web). Data and analyses from research that ordinarily would be published and are not restricted by contract from general dissemination can be treated as publicly available; and
- You have no reason to believe that there are export constraints on any of the equipment, software, data or information that would apply to your intended travel; and
- The travel is not to an embargoed country per the U.S. Treasury Department, such as:
- The Crimea region of Ukraine
- North Korea
Do not travel with ANY of the following without first obtaining specific advice from the UM Research Compliance Officer:
- Data or information received under an obligation of confidentiality
- Data or analyses that result from a project that has contractual constraints on the dissemination of the research results
- Computer software, devices, or equipment received with restrictions on export to or access by foreign nationals
- Private information about research subjects
- Devices, systems, and/or software that were specifically designed or modified for military or space applications
- Classified information
- Devices and/or technology restricted by federal export control regulations (e.g., such as controls on encryption technology)
- M-Token or Duo two-factor authentication (2FA) devices: These 2FA devices are export controlled and cannot be physically exported to embargoed countries. Please remove the soft-token from your device and/or leave the hard token at home when you are traveling to: the Crimea region of Ukraine, Cuba, Iran, North Korea, Sudan or Syria.
Your computer may contain personal and private information - notes, photos, contacts, documents, saved passwords, and more. You may work with sensitive university data on your computer.
General Best Practices
- Back up your data. Hard drives wear out. Devices can be lost or stolen. The university offers several file storage options you can use. Contact Information Technology Services.
- Choose web browser security settings that protect your privacy and enhance security.
- Put a sticker on your computer with your name and contact information so somebody who finds your lost computer can reach you.
- Register your devices. The UM Police Department offers a free laptop and personal electronics registration program to members of the UM community.
- Traveling with technology. Protect your privacy and the university's sensitive data when you're away from home.
- Take a “loaner device” from the UM Office of Research. If you can, take a device with just the files and applications you will need while traveling. Officials in some countries inspect electronic devices and may download material from them. Some countries have encryption import restrictions that prevent you from encrypting data on your device. Protect yourself—and the university—by not taking any sensitive or private information with you. The UM Office of Research has a laptop available, without charge, for faculty travelling abroad. Contact ORSP to arrange.
It is illegal for U.S. persons to offer or pay anything of value to a foreign official for the purposes of obtaining, retaining, or furthering business activities, per the federal Foreign Corrupt Practices Act (FCPA) anti-bribery provisions. For example, making payments to custom officials in exchange for them agreeing to not inspect goods or to release goods held at points of entry violates FCPA regulations.
If you need materials at an international site, arrange to have them shipped ahead of time in order to avoid being pressured by foreign officials to make improper payments.
"Foreign Official" - Defined broadly by the FCPA, this term includes, but is not limited
- Customs officials
- Local law enforcement, licensing, and permitting officials
- Professors at government-sponsored universities
- Healthcare professionals at government-sponsored hospitals
- Advisors to ministries, government agencies, or government officials
- Employees of a public international organization (such as the World Health Organization)
- Family members of any of the above
“Anything of value” includes, but is not limited to, cash, gifts, favors, and services rendered (e.g., providing entertainment).
You, as an individual, are responsible for compliance with the FCPA. This may include the responsibility for the actions of a third party, such as a logistics provider or customs broker, retained by you to assist with shipments or interactions with customs officials.
Violation of the FCPA can result in criminal penalties such as fines and imprisonment. The FCPA forbids employers (e.g., University of Montana) from paying a fine on behalf of an employee. Therefore, any financial penalty you incur as a University of Montana employee during the course of your work is a personal responsibility.
Officials in any country may inspect your belongings, including electronic content of computers, phones, tablets, and storage devices. They may take possession of these items for various periods of time—even permanently.
In recent years, requests for improper payments to foreign officials have been frequent in the countries of Africa, the Middle East, Asia (including China and India), and the former Soviet bloc (including Eastern Europe and Russia).