Re: is this free?
Bruce Perens writes:
> From: Seth David Schoen <firstname.lastname@example.org>
> > The OSI does worry about export restrictions as license conditions; that
> > was a problem with the original Apple Public Source License. There is
> > still some controversy about that license, but the OSI got Apple to remove
> > the export-restriction language from the license entirely.
> The problem with the APSL export language was that it broadened the scope
> of U.S. law to cover other countries, etc. The ATT language does not. It
> says you assure ATT you won't violate U.S. export laws. This:
> 1. Lets ATT off the hook if you do - very important.
Users should perhaps have to affirm that they are aware of the export laws
when they download the software -- but _not_ promise to abide by them as a
Some software distributors make you say "I am aware of the export laws"
and some make you say "I promise to abide by the export laws". There is a
_huge_ difference between the two policies; the former is doing you a
service by preventing you from getting in trouble by accident, while the
latter is adding new restrictions on your behavior.
(Whether these restrictions are "new" in the sense of creating previously
nonexistent obligations is a very contentious political debate. But, as
I will mention below, there is a practical consequence: there could be
more or different penalties associated with violating the restrictions.)
> 2. Only applies if you violate U.S. laws in their scope. If you export the
> software from Europe, it's not a violation.
The US government shows a tendency toward believing that the export laws
have been violated when code written by US citizens ends up outside of the
US _at all_ (in places where the government doesn't want it to be), even if
there are theoretically legal means by which it could have gotten there.
(I'm thinking of the investigation of Phil Zimmermann.) So maybe the US
will even say at some point that US export laws are extraterritorial.
The license certainly doesn't say anything about whether the laws are
extraterritorial or not.
> There's no cryptography in there, anyway.
I don't think there was any BXA-restricted cryptography in Apple's release
of Darwin either.
The applicable export restrictions are not the controls on cryptography but
the prohibitions against providing technical assistance to the "state
sponsors of terrorism" and their citizens. I believe that there there are
currently seven countries on that list.
I had a very broad objection to the whole idea of writing any export
restrictions into a free software license at all. My original statement
of that objection was a little long-windered. Let me see whether I can
express it more concisely with an example.
Suppose that there is some supposedly free software package which is
useful to someone in country Foo, whose government is a state sponsor of
terrorism, or country Bar, whose government isn't a state sponsor of
terrorism, but, if this package perhaps contains cryptography, to whose
citizens the US nonetheless makes it illegal to send this package.
Disbelieving in the legitimacy of those restrictions, free software user
Baz, a US citizen, sends copies of the package to friends in Foo and Bar.
If Baz is discovered by the US government, and it's in a bad mood, he
might be punished for violating the Arms Export Control Act or various
other export restriction laws. OK, Baz understood what he was doing, and
hopefully he encrypted the package before exporting it -- but perhaps
he gets caught somehow and prosecuted. There's not much he can do about
But now the author of the package, or a contributor, can sue Baz for
_copyright infringement_ for exporting the package illegally, because
this violates the license terms and so infringes copyright!
So, not only is Baz potentially criminally liable for violating export
laws, but he is then _also_ potentially liable for a separate civil
copyright penalty. That means that the copyright holder, by writing
export law into the license, has helped _enforce_ the export law by
creating a new penalty for violating it.
It's not reasonable to say that "free software authors will never sue
people for exporting packages". Free software authors are human, too --
or sometimes corporate. Perhaps they don't like Baz for other reasons,
or the government encourages them to sue, or they have political beliefs
of their own and may disapprove of Baz's decision to help make the
software more widely available. Or they may just want to send a message
or help protect their copyright. If a restriction in a license would
_never_ be enforced by a copyright holder, it shouldn't be in the
That's why the OSD/DFSG says that the license "must not discriminate"; I
said concerning that APSL that if your license helps enforce a discriminatory
law, by making people promise to discriminate or by creating an extra
penalty for people who don't discriminate, then your license _does_
discriminate. I think this is true with this license, also: if the license
requires people in the US not to send the software to (for instance) citizens
of the state sponsors of terrorism, then the license is discriminating
against those people.
Also, under international copyright treaties, it might be difficult for
people in other countries to use the package if they got it as a result
of an action which violated the terms of the license. I could even imagine
that users might be expected to demonstrate how they got their software
legally, which is an extra burden on them. (Think what this would mean for
crypto software, or even for an anonymous crypto patch to a US-origin
package with a license condition about compliance with US export laws!)
I would also argue that the possibility that transfers to particular groups
of users should ultimately fail to provide those users with a valid license
to use the software is inconsistent with the "Distribution of License"
requirement in the OSD/DFSG. If you get a package as a result of an
illegal export, your rights under copyright law to use that package should
not be affected.
Seth David Schoen <email@example.com> | And do not say, I will study when I
Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will
down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5