As a general rule, international travel in pursuit of official CU activities should not involve export-controlled equipment, materials, software or technology (together "items") without first consulting the Office of Export Contorls (OEC). If you are unsure as to whether your item is export-controlled, OEC can assist in identifying it, as well as advising on how to comply with export controls in a manner that facilitates your research goals.

Traveling internationally with computers, tablets, smart phones or other electronic storage devices is generally allowed, but depending on the technical capabilities and the destination country, may require an export license.

  • Hardware.  Generally speaking, commercial-off-the-shelf computer hardware is not subject to tight restrictions, as long as the hardware returns to the US.  However, there are limitations on “high performance” computers, including certain components and related technology, when exported to high risk and embargoed countries.
  • Software.  Most commercial and public domain software is often already licensed for export—this can be confirmed by checking with the vendor.  The most significant restrictions pertain to encryption software.  Commercially-available software (including the VPN software provided by CU) can be installed on devices that otherwise qualify for the exemptions listed below. Non-commercial encryption software in source code or object code is likely to be restricted; please check with OEC if you have questions.
  • Controlled data. If you are working on a project that involves EAR or ITAR controlled technologies, your device may contain controlled technical data that cannot be shared with foreign parties without a license.  It is strongly recommended that you not take controlled data outside the US.  If you do, it is critical that you use approved encryption technology to secure access to such data, and inform OEC if such data may have been compromised due to the device being lost, stolen, or outside your control.
  • Other sensitive data.  Aside from export control laws, University policies recommend that sensitive data, including student, financial, and HIPAA-controlled data, does not leave the United States.

You should not take with you ANY of the following without first obtaining specific advice:

  • Devices or equipment received with restrictions on export to or on access by foreign nationals.
  • Data or information received under an obligation of confidentiality or is otherwise classified.
  • Devices, systems or software that were specifically designed or modified for military or space applications.
  • Data or analyses that result from a project with contractual constraints on sharing or publishing research results.
  • Computer software received with restrictions on export to or on access by foreign nationals.
  • Private information about research subjects.

Beyond export laws, certain countries are known for accessing files upon entry, so you should be extremely careful about any proprietary, patentable, or sensitive information that may be stored on your device. This includes material that might be perceived as pornographic, or culturally inappropriate. Department of Homeland Security personnel may also decide to inspect your laptop upon return to the US, in which case everything on the device is subject to inspection. In the United States, Customs and Border Protection may take possession of those items for various periods of time, and even permanently depending upon the circumstances.  The inspectors in other countries might do so as well.

If making a presentation is the sole reason for taking your laptop, consider instead taking an external memory storage device containing only the presentation, or storing the presentation on a cloud-based server and using a locally-provided computer. If you are using a laptop for other purposes (such as email), you should consider taking a “clean” computer that does not include the restricted software, data, or other sensitive information.

Note Regarding Encryption

Encrypting your files, or the complete hard disk, is generally considered a best practice for data security.  However, doing so when travelling internationally can create an additional set of issues. Some countries restrict the import of encrypted devices, and US regulations prohibit the export of an encrypted device to embargoed countries.*  That is another reason to consider travelling with a "clean" device with only minimal software and no restricted data.

If you have questions, please contact the Office of Export Controls.