Re: unofficial mozilla 0.8 deb
This issue has been done to death. Basically, there's a notification
requirement in the BXA rules. Nobody that can do it wants to, and nobody
that wants to do it can.
On Fri, 9 Mar 2001, Craig Sanders wrote:
>On Thu, Mar 08, 2001 at 01:25:03AM +0200, Sampo Niskanen wrote:
>>
>> On Wed, 7 Mar 2001, Gregor Hoffleit wrote:
>> > AFAIR, the new legislation said that companies could apply at
>> > the government for a permission to release specific versions of
>> > strong-crypto software to a world-wide public. I guess Netscape
>> > did this for their communicator and since the government gave the
>> > permission, anybody is now allowed to export this specific pieces of
>> > software, even though they contain strong crypto.
>> >
>> > [Then, it would be obvious that this reasoning doesn't necessarily
>> > apply to Mozilla--someone had to ask for a permission first.]
>>
>> If this is true, how do they define a software product? One binary? A
>> very similar product? The same name?
>
>it's not true, at least not for open source programs.
>
>as i understand the new (actually year old) US crypto rules, for open
>source / public domain / free software programs, all you have to do
>is notify the US government that you're exporting it and tell them
>where/how.
>
>that's what kernel.org have done. i doubt if linus or transmeta or
>anyone else involved would have take the risk if they didn't think it
>was safe to do so.
>
>there is a notice on www.kernel.org about crypto s/w:
>
> Cryptographics Software
>
> Due to U.S. Exports Regulations, all cryptographic software on this
> site is subject to the following legal notice:
>
> This site includes publicly available encryption source code which,
> together with object code resulting from the compiling of publicly
> available source code, may be exported from the United States under
> License Exception "TSU" pursuant to 15 C.F.R. Section 740.13(e).
>
> This legal notice applies to cryptographic software only. Please see
> the _Bureau of Export Administration_[1] for more information about
> current U.S. regulations.
>
>[1] link to http://www.bxa.doc.gov/
>
>
>you can read the new crypto rules for yourself at:
>
>http://www.bxa.doc.gov/Encryption/pdfs/Crypto.pdf
>and
>http://www.bxa.doc.gov/Encryption/pdfs/EncryptionRuleOct2K.pdf
>
>
>FYI, the relevant section (15 C.F.R. Section 740.13) of the new crypto
>regulations says:
>
> (e) Unrestricted encryption source code.
>
> (1) Encryption source code controlled under 5D002, which would be
> considered publicly available under § 734.3(b)(3) and which is not
> subject to an express agreement for the payment of a licensing
> fee or royalty for commercial production or sale of any product
> developed with the source code, is released from ``EI'' controls
> and may be exported or reexported without review under License
> Exception TSU, provided you have submitted written notification
> to BXA of the Internet location (e.g., URL or Internet address)
> or a copy of the source code by the time of export. Submit the
> notification to BXA and send a copy to ENC Encryption Request
> Coordinator (see § 740.17(g)(5) for mailing addresses). Intellectual
> property protection (e.g., copyright, patent or trademark) will not,
> by itself, be construed as an express agreement for the payment of
> a licensing fee or royalty for commercial production or sale of any
> product developed using the source code.
>
> (2) You may not knowingly export or reexport source code or products
> developed with this source code to Cuba, Iran, Iraq, Libya, North
> Korea, Sudan or Syria.
>
> (3) Posting of the source code on the Internet (e.g., FTP or
> World Wide Web site) where the source code may be downloaded by
> anyone would not establish ``knowledge'' of a prohibited export
> or reexport, including that described in paragraph (e)(2) of this
> section. In addition, such posting would not trigger ``red flags''
> necessitating the affirmative duty to inquire under the ``Know Your
> Customer'' guidance provided in Supplement No. 3 to part 732 of the
> EAR.
>
>that's a pretty clear statement that it's OK to export open source
>crypto just by notifying the US government in writing.
>
>an update in October 2000 clarified the matter even further, points out
>that the exemption also covers binaries compiled from open source, and
>even provides an email address to send the written notifications to:
>
> 4. § 740.13 (Technology and Software Unrestricted (TSU)) clarifies
> the treatment of open source object code. Object code compiled from
> source code eligible for License Exception TSU can also be exported
> under the provisions of License Exception TSU if the requirements
> of § 740.13 are met and no fee or payment is required for object
> code (other than reasonable and customary fees for reproduction and
> distribution). Object code for which there is a fee or payment can
> be exported under the provisions of 740.17(b)(4)(i). The intent of
> this section is to release publicly available software available
> without charge (e.g. ``freeware'') from control. Also in § 740.13,
> crypt@bxa.doc.gov address is added to prompt exporters to notify
> BXA electronically. Exporters should note the intent of the phrase
> ``released from EI controls'' in 740.13(e) means that 5D002 software
> eligible for TSU is released from the mandatory access controls
> procedures described in 734.2(b)(9)(ii).
>
>
>IANAL, but that's clear as crystal to me. it even states that the intent
>is "to release publicly available software from control".
>
>
>craig
>
>--
>craig sanders <cas@taz.net.au>
>
> GnuPG Key: 1024D/CD5626F0
>Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57 52C3 EC32 6810 CD56 26F0
>
>
>
--
The Internet must be a medium for it is neither Rare nor Well done!
<a href="mailto:galt@inconnu.isu.edu">John Galt </a>
Reply to: