I've worked in or with companies doing mixed ITAR and non-ITAR work for my whole career, they've all managed it pretty well. If you have competent HR they mark people as ITAR-eligible or not. If you have competent facilities people, they install prox card readers or cipher locks for physical access control (if it's a shared space, if you can have separate buildings may not be necessary). And if you have competent IT folks, they use standard access control mechanisms to segregate ITAR data and ensure only ITAR folks (really, this is easy because it should just be project folks) can access it.
Is it a pain? Yes. But honestly other than HR tracking ITAR/non-ITAR people it's things everyone does already. You have physical access controls to keep people out of areas that don't need to be in them, and you use digital access controls for the same in your data systems today. So one extra group has to track one extra flag (ITAR/non-ITAR) and otherwise everything works as it already works.
This conversation is sort of beside the point. SpaceX doesn't hire any non-ITAR workers, and the DOJ has no problem with that - lots of aerospace companies don't hire non-US persons for regulatory reasons. The allegation is that they excluded asylum seekers and refugees who are U.S. persons
And what would be the benefit ? Which roles in SpaceX does not require access to ITAR data ? Would the world really be that much better if SpaceX could hire refugee non-ITAR HR people or janitors ? It is simply not worth it.
What is SpaceX is worried about a lack of current internal control to segment ITAR from non-ITAR? That seems like a plausible concern on the part of SpaceX.
I think you're avoiding the question posed by GP, to be honest.
Labor laws are arbitrary legal definitions. This lawsuit is the government enforcing labor laws. Notice they are NOT suing to force SpaceX to hire people non-ITAR individuals but rather to enforce the arbitrary legal definition of a US citizen.
Is it a pain? Yes. But honestly other than HR tracking ITAR/non-ITAR people it's things everyone does already. You have physical access controls to keep people out of areas that don't need to be in them, and you use digital access controls for the same in your data systems today. So one extra group has to track one extra flag (ITAR/non-ITAR) and otherwise everything works as it already works.