ITAR (International Trafficking in Arms Regulation) is paranoid. Every single specific person that knows even dual-use information, such as composite wing design, must be individually authorized. I’ve been asked to leave the room when my girlfriend, who works for a passenger aircraft manufacturer, was designing a repair for a plane I have literally flew on.

It doesn’t matter how the person got access to dual-use info, like basically everything to do with large rockets, it’s 100% forbidden.

This seems like a company policy more than ITAR. Unless you are not a US citizen, then it could be ITAR.

We’re in Canada, and I’m a US citizen, but she is not.

That's the people aspect of it, but what about the technical aspect of it? Can I store ITAR restricted information in plaintext on a thumb drive if I think it's safe?