On Sun, Feb 24, 2002 at 02:50:27PM -0500, Sam Hartman wrote: > Except that: > > A) It is not reexportation (see defn of reexportation below) > > B) The fact that it is automated doesn't matter. It does matter - Its the same as a Tank on a GPS maneuvered ship going from San Diego to Hamburg and automatically to Cuba. > However the law only says it is illegal for me to knowingly export to > a T7 country. That's knowingly export--not knowingly cause an export > to happen. From reading this - you are bending the law as i did or any judge may. > So for me to violate the law I actually have to be doing the export. Sorry - No - You are doing the export as long as the upload/incoming queue is outside the US - If its inside the US (which happens if we move crypt to main) you are initiating an export but you are not directly doing it as the automated mirror processes export the software to outside-the-us mirrors. OTOH if you under this circumstances still argue that YOU are the one doing the export even though your upload goes to the US incoming queue you cant deny that you are also responsible for multi-step mirrors ending up in T7 countries. > The same argument applies for an automated script. For there to be a > knowing export to a T7 country, there must be an export to a T7 > country. This is what i said - Microsoft opens a mirror in Cuba and we are all boned. > There's a bit of complexity involved if the purpose of my export to > you is to get around the law. In that case, me exporting to you might > be considered an export to a T7 country. Actually, I think what > happens is that there's case law that says it is illegal to take some > action just to get around the law. But that doesn't apply in any of > the cases here. I'm exporting to you so you can run a mirror. I'd > export to you even if you hated the T7 countries even more than the > US. It should seem clear even to a court that Debian is not moving > crypto into main just to set up a complex situation so we can export > to T7 countries from the US. I agree with you on that - But still - I just paint the picture that the automated process we use to keep the mirrors up to date is a feature we know we have and want to have it. Now - if we upload to the master site we also notify the BXA that we are going to export this (Debian does this) and the plain export is done by our scripts. Now - If there scripts (Distributed around the globe) also push stuff to T7 countries one might think of debian beeing the initiator or just tolerating that fact. Now - We get notifies of this fact be someone in one of the T7 countries - At this point we HAVE to reject mirroring any longer to those sites. Now i draw the picture that with the complexity of the setup we CANT reject the cuba site to mirror the debian archive. Now - If there is a mirror in Cuba - And we cant reject it mirroring debian - We can not upload new stuff to the master site as we know its going to be exported to T7 countries by scripts. > Even if the EAR defines putting code on a website as exporting that > code (which it does), then we need to use that definition of export > when we're talking about the law. Under a common English > interpretation of export, I would not expect putting US code on a US > website to be an export. But because the law says that's an export, > for the purposes of this discussion we would be silly not to consider > that an export. > > Just so, if the law says something is not a re-export or is not an > export, we would be foolish to make up our own definitions (even if > they seem more reasonable) and apply the text of the law to those > definitions. I always mentioned reexport as an export from the US to e.g. Germany and a reexport from Germany (The good state) to e.g. Cuba (A bad state in US terms). Now - I think there is a huge difference in A) someone from Cuba downloading crypto from my server - Or - B) Setting up a mirror in Cuba which automatically mirrors the debian stuff. With point A we are not the one initiating the export. Someone is (Illegally in US terms) downloading crypto. With point B everything we do automatically ends up in T7 countries which we know and cant reject (Which is my assumption) With point B we (as debian) can get into the position of not beeing allowed to upload crypto to main anymore. > Yeah, but as I said earlier, it is not the consequences that matter > but the specific actions. The export to you as a mirror maintainer is > legal under US law. Your export to a T7 country is legal under US law > because you are not a US person and the crypto code is no longer a US > item. (US person is a term of law; US item is my own term--I could go > look at the specific text for what terminology they use.) I dont think that exportation to a non-us country for exporting it to T7 countries is legal. > One might. The interesting question is whether an American court, > looking at the definition of export and knowing export would interpret > it that way. > > I think the answer is no having read those definitions. If you want > to go read the law, read the definition of export, re-export, knowing > export, and explain how I'm wrong, that would be a mildly interesting > conversation. I think neither you not i am a lawyer. I might be overly paranoid but the only thing i know about US laws and court decisions is that they are sometimes very irrational and short-sightened. I dont want debian to be put under any restriction we can prevent. > Note that if Debian were a US corporation then all three of these > points would be clearly true. I think that you do not understand the > law well enough for the level of paranoia you are implying. Please > read over http://www.access.gpo.gov/bxa/ and look at the definitions > of export, re-export etc before continuing this discussion. ------------------- §730.5 COVERAGE OF MORE THAN EXPORTS The core of the export control provisions of the EAR concerns exports from the United States. You will find, however, that some provisions give broad meaning to the term "export", apply to transactions outside of the United States, or apply to activities other than exports. (a) Reexports Commodities, software, and technology that have been exported from the United States are generally subject to the EAR with respect to reexport. Many such reexports, however, may go to many destinations without a license or will qualify for an exception from licensing requirements. [...] §730.7 LICENSE REQUIREMENTS AND EXCEPTIONS A relatively small percentage of exports and reexports subject to the EAR require an application to BXA for a license. Many items are not on the Commerce Control List (CCL) (Supplement No. 1 to §774.1 of the EAR), or, if on the CCL, require a license to only a limited number of countries. Other transactions may be covered by one or more of the License Exceptions in the EAR. In such cases no application need be made to BXA. ------------------- CCL speaks about Cuba as - "Look in 746" which says ------------------- §746.1 INTRODUCTION [...] (1) Cuba and Libya. All the items on the Commerce Control List (CCL) require a license to Cuba or Libya. In addition, most other items subject to the EAR, but not included on the CCL, designated by the Number "EAR99", require a license to Cuba or Libya. Most items requiring a license to these destinations are subject to a general policy of denial. Because these controls extend to virtually all exports, they do not appear in the Country Chart in part 738 of the EAR, nor are they reflected in the Commerce Control List in part 774 of the EAR. -------------------- Ok - So a reexport from Germany to Cuba for software coming in from the US need a US License. Which was what i implicitly always assumed. Flo -- Florian Lohoff flo@rfc822.org +49-5201-669912 Nine nineth on september the 9th Welcome to the new billenium
Attachment:
pgpgEnEy6VKOU.pgp
Description: PGP signature