Re: A followup on github discussion
On Sat 27 Jul 2019 at 08:37:35 (+0200), Dominik George wrote:
> >Export regulations do not apply to Open Source software (Debian is an
> >example).
>
> Source?
Pick your format:
http://www.epic.org/crypto/export_controls/finalregs.pdf
https://epic.org/crypto/export_controls/regs_1_00.html
“3. Also in §740.13, to, in part, take into account the "open
source" approach to software development, unrestricted encryption
source code not subject to an express agreement for the payment of
a licensing fee or royalty for commercial production or sale of any
product developed using the source code can, without review, be
released from "EI" controls and exported and reexported under
License Exception TSU. Intellectual property protection (e.g.,
copyright, patent, or trademark) would not, by itself, be construed
as an express agreement for the payment of a licensing fee or
royalty for commercial production or sale of any product developed
using the source code. To qualify, exporters must notify BXA of the
Internet location (e.g., URL or Internet address) or provide a copy
of the source code by the time of export. These notifications are
only required for the initial export; there are no notification
requirements for end-users subsequently using the source
code. Notification can be made by e-mail to crypt@bxa.doc.gov.
“Review and classification are not required for foreign made
products using this source code. Moreover, under §744.9, exporters
of unrestricted encryption source code are not restrained from
providing technical assistance to foreign persons working with such
source code. In addition, exporters of source code are not subject
to Internet download screening requirements under
§734.2(b)(9)(iii). Posting of the source code on the Internet
(e.g., FTP or World Wide Web site), where it may be downloaded by
anyone, would not establish "knowledge" (as that term is defined in
the EAR) of a prohibited export or reexport. Such posting would not
trigger "red flags" necessitating the affirmative duty to inquire
under the "Know Your Customer" guidance provided in Supplement
No. 3 to Part 732. Otherwise, compliance with EAR requirements as
to prohibited exports and reexports still apply.”
Cheers,
David.
Reply to: