[thebooktocome]

> SpaceX recruits and hires for a variety of positions, including welders, cooks, crane operators, baristas and dishwashers, as well as information technology specialists, software engineers, business analysts, rocket engineers and marketing professionals. The jobs at issue in the lawsuit are not limited to those that require advanced degrees.

The fact that SpaceX deals in ITAR does not prevent them from hiring refugees for roles that do not handle ITAR.

[btilly]

For SpaceX to internally segment ITAR from non-ITAR is a huge bureaucratic overhead for them which leads to a possibility of mistakes. Doubly so since one of their explicit concerns is having foreign agents steal their trade secrets. And therefore they have to be guarding against intentional attempts to access what your job role says you don't have access to.

Given that, it makes a lot of sense for them to simply require ITAR compliance in all roles.

[Jtsummers]

I've worked in or with companies doing mixed ITAR and non-ITAR work for my whole career, they've all managed it pretty well. If you have competent HR they mark people as ITAR-eligible or not. If you have competent facilities people, they install prox card readers or cipher locks for physical access control (if it's a shared space, if you can have separate buildings may not be necessary). And if you have competent IT folks, they use standard access control mechanisms to segregate ITAR data and ensure only ITAR folks (really, this is easy because it should just be project folks) can access it.

Is it a pain? Yes. But honestly other than HR tracking ITAR/non-ITAR people it's things everyone does already. You have physical access controls to keep people out of areas that don't need to be in them, and you use digital access controls for the same in your data systems today. So one extra group has to track one extra flag (ITAR/non-ITAR) and otherwise everything works as it already works.

[whats_a_quasar]

This conversation is sort of beside the point. SpaceX doesn't hire any non-ITAR workers, and the DOJ has no problem with that - lots of aerospace companies don't hire non-US persons for regulatory reasons. The allegation is that they excluded asylum seekers and refugees who are U.S. persons

[4gotunameagain]

And what would be the benefit ? Which roles in SpaceX does not require access to ITAR data ? Would the world really be that much better if SpaceX could hire refugee non-ITAR HR people or janitors ? It is simply not worth it.

[dragonwriter]

> Would the world really be that much better if SpaceX could hire refugee non-ITAR HR people or janitors ?

Refugees and asylees are explicitly US persons, not foreign persons, under ITAR, so the implied legal premise of the question is false.

[DiggyJohnson]

What is SpaceX is worried about a lack of current internal control to segment ITAR from non-ITAR? That seems like a plausible concern on the part of SpaceX.

I think you're avoiding the question posed by GP, to be honest.

[guhidalg]

When a company refuses to hire you because of some arbitrary legal definition, you will want your government to enforce its labor laws.

[abduhl]

Labor laws are arbitrary legal definitions. This lawsuit is the government enforcing labor laws. Notice they are NOT suing to force SpaceX to hire people non-ITAR individuals but rather to enforce the arbitrary legal definition of a US citizen.

[thebooktocome]

> For SpaceX to internally segment ITAR from non-ITAR is a huge bureaucratic overhead for them which leads to a possibility of mistakes.

They decided to become an aerospace engineering firm in the US. ITAR security is part of the cost of doing business.

If the typical e.g. janitor or cafeteria worker at SpaceX has access to ITAR, as SpaceX seem to have alleged before they got caught, then their ITAR security is pure theater.

[xoa]

>If the typical e.g. janitor or cafeteria worker at SpaceX has access to ITAR, as SpaceX seem to have alleged before they got caught, then their ITAR security is pure theater.

Why? And why the smarmy elitist discrimination and condescension towards janitors or cafeteria workers? Why would they not be an important part of an organization, professionals capable of getting background checks, appropriate training, and being trusted to keep their mouths shut too?

[collinmcnulty]

The principle of least privilege is table stakes for security, and is not a sign of disrespect.

[xoa]

ITAR isn't about security though, at least not the way you and GP seem to be thinking. Classified information is an entirely different kettle of fish. Any American HNer can head on over to Amazon or wherever else and order a FLIR One for a few hundred bucks with free shipping. Also said FLIR One:

>https://www.flir.com/products/flir-one-gen-3/

>"The information contained in this page pertains to products that may be subject to the International Traffic in Arms Regulations (ITAR) (22 C.F.R. Sections 120-130) or the Export Administration Regulations (EAR) (15 C.F.R. Sections 730-774)"

ITAR covers a massive array of information and tech available off the shelf. SpaceX definitely will be segmenting heavily stuff specifically for the DOD, but their basic rocketry isn't some classified military project. At most they have useful trade secrets they want to protect but even that probably isn't that critical. They rightfully care about having a good, open, fast startup-like development culture for the rocket work, with animated cooler discussions and napkins being scribbled on during lunch.

[DiggyJohnson]

ITAR includes physical assets. It's not as simple ("table stakes") as partitioning data in a network or filesystem or database.

[HWR_14]

But access to those physical assets is probably also controlled with a list of who is allowed to access it. A list that it would be trivial to filter by ITAR status. If not, I have a quick vacation to take.

[dragonwriter]

> ITAR security is part of the cost of doing business.

To amplify this: so is compliance with non-discrimination law, and, to the extent the two interact, the cost created by the interaction.

[SpicyLemonZest]

Sure, but shouldn't the government design them to minimize the cost created by the interaction? It seems silly that it's illegal to discriminate against some categories of non-citizens and illegal not to discriminate against other categories of non-citizens.

[dragonwriter]

> Sure, but shouldn’t the government design them to minimize the cost created by the interaction?

That’s definitely an argument Tesla might want to make to Congress and the State Department (as the relevant regulatory authority for ITAR) as to what the law and regulation should be.

“We think a different policy than that embodied in the current law would be better policy” is less useful as an argument to escape the legal consequences of violating the existing law.

[lsaferite]

> That’s definitely an argument Tesla might want to make to Congress and the State Department

I'm guessing you meant to say SpaceX and not Tesla.

[collinmcnulty]

I believe it’s because of the different standards of vetting the US government does for attaining refugee or asylum status vs a work visa.

[thebooktocome]

Yes, exactly; thanks.

[extraduder_ire]

It's probably not the case in most places, but the custodians/building managers should be cleared to work with sensitive or restricted data.

From what I know about pentesting, they usually have the most physical access regardless.

[xoa]

It looks like SpaceX may have messed up in terms of how only some, but not all, refugees/asylees are barred by ITAR. Reading deeper into 22 CFR § 120.62 [0] and linked regs shows a complex situation, but that's no excuse for SpaceX at this point who are plenty big enough to have good lawyers on this. But that is separate from your assertion about those who are restricted by ITAR:

>The fact that SpaceX deals in ITAR does not prevent them from hiring refugees for roles that do not handle ITAR.

This is way too casual a statement. At a company like that there won't necessarily be anything that doesn't potentially involve ITAR short of serious company reorganization, which is serious-business regulation and actively enforced. To take a simplistic example, even janitors might potentially have access to ITAR controlled materials if engineers threw them out into a bin bound for a shredder/incinerator and janitorial staff are trained and trusted parts of the disposal chain (which they should be!). Anyone might be able to overhear water cooler conversations. Etc.

At this point SpaceX might have some roles that can be segmented safely, completely firewalled from the rest of the organization. Tier 1 Starlink customer support perhaps. But it's not trivial when dealing with serious restricted tech to just say "oh these roles do not handle ITAR", because it's not about handling. Read "§ 120.56 Release" [1]:

  (a) Release.  Technical data is released through: 
  (1) Visual or other inspection by foreign persons of a defense article that reveals technical data to a foreign person; 
  (2) Oral or written exchanges with foreign persons of technical data in the United States or abroad;
  (3) The use of access information to cause or enable a foreign person, including yourself, to access, view, or possess unencrypted technical data; or
  (4) The use of access information to cause technical data outside of the United States to be in unencrypted form. 

It's quite broad.

So yes, if SpaceX incorrectly excluded a group of people not covered by ITAR, they screwed up and will likely face some sort of fines/consent decree. But that doesn't mean it's trivial to then go and hire people who are covered by ITAR.

----

0: https://www.law.cornell.edu/cfr/text/22/120.62

1: https://www.ecfr.gov/current/title-22/chapter-I/subchapter-M...

[thebooktocome]

> To take a simplistic example, even janitors might potentially have access to ITAR controlled materials if engineers threw them out into a bin bound for a shredder/incinerator and janitorial staff are trained and trusted parts of the disposal chain (which they should be!). Anyone might be able to overhear water cooler conversations.

As I mention elsewhere in this thread, if this is really how SpaceX operates then they’re already in (ethical, if not legal) violation of their duty to protect ITAR from dissemination. ITAR documents should never just be sitting in an unsealed bin waiting for disposal. Employees shouldn’t casually be discussing ITAR around the water cooler.

Assuming everyone around you is permitted to handle ITAR is a recipe for disaster.

[stagger87]

You seem to be confusing ITAR compliance with some sort of security classification. Two different things, and SpaceX deals with both of them.

[xoa]

>You seem to be confusing ITAR compliance with some sort of security classification

This is exactly it, that may be the source of their posts? Being covered by ITAR has nothing to do with whether an American could just go mail order it online let alone chat about it. As a regular American civilian with zero government clearance of any kind, I own a bunch of ITAR controlled stuff. As a category it covers a pretty wide array of technology even when it doesn't seem to be in any way particularly sensitive. All of my suppressors for example are subject to export control, or NVG or FLIRs even when it's ancient tech everyone in the world has. Apparently so can things like optics. It wasn't that long ago that the US government tried to insist that mere encryption was a munition subject to controls!