[btilly]

For SpaceX to internally segment ITAR from non-ITAR is a huge bureaucratic overhead for them which leads to a possibility of mistakes. Doubly so since one of their explicit concerns is having foreign agents steal their trade secrets. And therefore they have to be guarding against intentional attempts to access what your job role says you don't have access to.

Given that, it makes a lot of sense for them to simply require ITAR compliance in all roles.

[Jtsummers]

I've worked in or with companies doing mixed ITAR and non-ITAR work for my whole career, they've all managed it pretty well. If you have competent HR they mark people as ITAR-eligible or not. If you have competent facilities people, they install prox card readers or cipher locks for physical access control (if it's a shared space, if you can have separate buildings may not be necessary). And if you have competent IT folks, they use standard access control mechanisms to segregate ITAR data and ensure only ITAR folks (really, this is easy because it should just be project folks) can access it.

Is it a pain? Yes. But honestly other than HR tracking ITAR/non-ITAR people it's things everyone does already. You have physical access controls to keep people out of areas that don't need to be in them, and you use digital access controls for the same in your data systems today. So one extra group has to track one extra flag (ITAR/non-ITAR) and otherwise everything works as it already works.

[whats_a_quasar]

This conversation is sort of beside the point. SpaceX doesn't hire any non-ITAR workers, and the DOJ has no problem with that - lots of aerospace companies don't hire non-US persons for regulatory reasons. The allegation is that they excluded asylum seekers and refugees who are U.S. persons

[4gotunameagain]

And what would be the benefit ? Which roles in SpaceX does not require access to ITAR data ? Would the world really be that much better if SpaceX could hire refugee non-ITAR HR people or janitors ? It is simply not worth it.

[dragonwriter]

> Would the world really be that much better if SpaceX could hire refugee non-ITAR HR people or janitors ?

Refugees and asylees are explicitly US persons, not foreign persons, under ITAR, so the implied legal premise of the question is false.

[DiggyJohnson]

What is SpaceX is worried about a lack of current internal control to segment ITAR from non-ITAR? That seems like a plausible concern on the part of SpaceX.

I think you're avoiding the question posed by GP, to be honest.

[guhidalg]

When a company refuses to hire you because of some arbitrary legal definition, you will want your government to enforce its labor laws.

[abduhl]

Labor laws are arbitrary legal definitions. This lawsuit is the government enforcing labor laws. Notice they are NOT suing to force SpaceX to hire people non-ITAR individuals but rather to enforce the arbitrary legal definition of a US citizen.

[thebooktocome]

> For SpaceX to internally segment ITAR from non-ITAR is a huge bureaucratic overhead for them which leads to a possibility of mistakes.

They decided to become an aerospace engineering firm in the US. ITAR security is part of the cost of doing business.

If the typical e.g. janitor or cafeteria worker at SpaceX has access to ITAR, as SpaceX seem to have alleged before they got caught, then their ITAR security is pure theater.

[xoa]

>If the typical e.g. janitor or cafeteria worker at SpaceX has access to ITAR, as SpaceX seem to have alleged before they got caught, then their ITAR security is pure theater.

Why? And why the smarmy elitist discrimination and condescension towards janitors or cafeteria workers? Why would they not be an important part of an organization, professionals capable of getting background checks, appropriate training, and being trusted to keep their mouths shut too?

[collinmcnulty]

The principle of least privilege is table stakes for security, and is not a sign of disrespect.

[xoa]

ITAR isn't about security though, at least not the way you and GP seem to be thinking. Classified information is an entirely different kettle of fish. Any American HNer can head on over to Amazon or wherever else and order a FLIR One for a few hundred bucks with free shipping. Also said FLIR One:

>https://www.flir.com/products/flir-one-gen-3/

>"The information contained in this page pertains to products that may be subject to the International Traffic in Arms Regulations (ITAR) (22 C.F.R. Sections 120-130) or the Export Administration Regulations (EAR) (15 C.F.R. Sections 730-774)"

ITAR covers a massive array of information and tech available off the shelf. SpaceX definitely will be segmenting heavily stuff specifically for the DOD, but their basic rocketry isn't some classified military project. At most they have useful trade secrets they want to protect but even that probably isn't that critical. They rightfully care about having a good, open, fast startup-like development culture for the rocket work, with animated cooler discussions and napkins being scribbled on during lunch.

[DiggyJohnson]

ITAR includes physical assets. It's not as simple ("table stakes") as partitioning data in a network or filesystem or database.

[HWR_14]

But access to those physical assets is probably also controlled with a list of who is allowed to access it. A list that it would be trivial to filter by ITAR status. If not, I have a quick vacation to take.

[DiggyJohnson]

I'm not sure we're seeing this the same at all. ITAR restrictions cover a whole lot of things. I don't see why ITAR controlled assets would have a "list of who is allowed to access it". In fact, I bet that list doesn't exist. In my experience in the aerospace industry, awareness of ITAR restrictions was the personal responsibility of the employee. For most things falling under ITAR control, there was no or little protections or controls beyond this. For example: "this spreadsheet of components obviously cannot be sent to our IT subcontractors in India."

[dragonwriter]

> ITAR security is part of the cost of doing business.

To amplify this: so is compliance with non-discrimination law, and, to the extent the two interact, the cost created by the interaction.

[SpicyLemonZest]

Sure, but shouldn't the government design them to minimize the cost created by the interaction? It seems silly that it's illegal to discriminate against some categories of non-citizens and illegal not to discriminate against other categories of non-citizens.

[dragonwriter]

> Sure, but shouldn’t the government design them to minimize the cost created by the interaction?

That’s definitely an argument Tesla might want to make to Congress and the State Department (as the relevant regulatory authority for ITAR) as to what the law and regulation should be.

“We think a different policy than that embodied in the current law would be better policy” is less useful as an argument to escape the legal consequences of violating the existing law.

[lsaferite]

> That’s definitely an argument Tesla might want to make to Congress and the State Department

I'm guessing you meant to say SpaceX and not Tesla.

[collinmcnulty]

I believe it’s because of the different standards of vetting the US government does for attaining refugee or asylum status vs a work visa.

[thebooktocome]

Yes, exactly; thanks.

[extraduder_ire]

It's probably not the case in most places, but the custodians/building managers should be cleared to work with sensitive or restricted data.

From what I know about pentesting, they usually have the most physical access regardless.