[xoa]

>If the typical e.g. janitor or cafeteria worker at SpaceX has access to ITAR, as SpaceX seem to have alleged before they got caught, then their ITAR security is pure theater.

Why? And why the smarmy elitist discrimination and condescension towards janitors or cafeteria workers? Why would they not be an important part of an organization, professionals capable of getting background checks, appropriate training, and being trusted to keep their mouths shut too?

[collinmcnulty]

The principle of least privilege is table stakes for security, and is not a sign of disrespect.

[xoa]

ITAR isn't about security though, at least not the way you and GP seem to be thinking. Classified information is an entirely different kettle of fish. Any American HNer can head on over to Amazon or wherever else and order a FLIR One for a few hundred bucks with free shipping. Also said FLIR One:

>https://www.flir.com/products/flir-one-gen-3/

>"The information contained in this page pertains to products that may be subject to the International Traffic in Arms Regulations (ITAR) (22 C.F.R. Sections 120-130) or the Export Administration Regulations (EAR) (15 C.F.R. Sections 730-774)"

ITAR covers a massive array of information and tech available off the shelf. SpaceX definitely will be segmenting heavily stuff specifically for the DOD, but their basic rocketry isn't some classified military project. At most they have useful trade secrets they want to protect but even that probably isn't that critical. They rightfully care about having a good, open, fast startup-like development culture for the rocket work, with animated cooler discussions and napkins being scribbled on during lunch.

[DiggyJohnson]

ITAR includes physical assets. It's not as simple ("table stakes") as partitioning data in a network or filesystem or database.

[HWR_14]

But access to those physical assets is probably also controlled with a list of who is allowed to access it. A list that it would be trivial to filter by ITAR status. If not, I have a quick vacation to take.

[DiggyJohnson]

I'm not sure we're seeing this the same at all. ITAR restrictions cover a whole lot of things. I don't see why ITAR controlled assets would have a "list of who is allowed to access it". In fact, I bet that list doesn't exist. In my experience in the aerospace industry, awareness of ITAR restrictions was the personal responsibility of the employee. For most things falling under ITAR control, there was no or little protections or controls beyond this. For example: "this spreadsheet of components obviously cannot be sent to our IT subcontractors in India."

[HWR_14]

The discussion was about physical assets. I'm willing to bet areas of SpaceX with interesting physical prototypes have controlled access - and that access can be limited to US persons. If that's not the case, I plan to go on vacation to walk through SpaceX and play with their toys.

[DiggyJohnson]

> prototypes

This is where I think the disconnect. ITAR includes many things much more mundane than cutting edge spacecraft prototypes. It’s still ITAR whether it’s strapped onto a prototype for the first time or on its 800th flight in production.