Off topic question re Export controls

Danese Cooper danese.cooper at
Fri Mar 8 17:04:33 UTC 2002

There's one more level of complexity in re US Export compliance which
this discussion has overlooked (probably because of the specific nature
of the question).

IMHO, BXA rules are set up with the assumption that the software in
question is being developed in a proprietary way.  When they refer to
"export" they are assuming a controllable "first ship".  What happens
when encryption algorithms are introduced to an Open Source (eg. Public)
project codebase several months before the project meets its final
candidate acceptance criteria?  How is that project expected to
pre-notify BXA?  And is there a burden of on-going notification, since
the code in question is arguably continuously available?

EFF did some work on this question, and advises a one-time notification
and instructions for BXA on how to subscribe to the appropriate project
mail list to facilitate monitoring.  Is this sufficient to avoid
non-compliance fines?

Danese Cooper
license-discuss archive is at

More information about the License-discuss mailing list