Off topic question re Export controls

Lawrence E. Rosen lrosen at
Fri Mar 8 17:29:26 UTC 2002

This thread highlights the risks of asking -- and answering -- specific
legal questions on license discuss.  This is particularly true in the
esoteric field of export control, although my warning applies generally.

Attorneys should not give specific legal advice in a general forum in
which there is no attorney-client relationship (or privilege), and where
third parties may come to rely upon that advice for their own unique

Non-attorneys cannot give legal advice upon which anyone can rely.  This
is not intended as a criticism of non-lawyers.  In many respects, the
comments made by non-lawyers on this list are more cogent than what
lawyers say, just as lay people's advice about medical issues can
sometimes keep you healthier than doctors do.  But you cannot be sure of
good advice from such sources, nor can you hold non-lawyers responsible
for what they advise.

Board members of OSI do not give legal advice because OSI cannot accept
the liability that might ensue if their advice was wrong.  None of the
board members of OSI is an attorney.

So please consider what you have read on license-discuss in response to
the question about export controls as merely pointers to sources of more
reliable information.  Consult your own attorney or ask the readers of
this list for referrals to good open source attorneys.  

/Larry Rosen
Attorney and executive director, OSI
lrosen at

> -----Original Message-----
> From: Danese.Cooper at [mailto:Danese.Cooper at] 
> Sent: Friday, March 08, 2002 9:05 AM
> To: license-discuss at
> Subject: Re: Off topic question re Export controls
> There's one more level of complexity in re US Export 
> compliance which this discussion has overlooked (probably 
> because of the specific nature of the question).
> IMHO, BXA rules are set up with the assumption that the 
> software in question is being developed in a proprietary way. 
>  When they refer to "export" they are assuming a controllable 
> "first ship".  What happens when encryption algorithms are 
> introduced to an Open Source (eg. Public) project codebase 
> several months before the project meets its final candidate 
> acceptance criteria?  How is that project expected to 
> pre-notify BXA?  And is there a burden of on-going 
> notification, since the code in question is arguably 
> continuously available?
> EFF did some work on this question, and advises a one-time 
> notification and instructions for BXA on how to subscribe to 
> the appropriate project mail list to facilitate monitoring.  
> Is this sufficient to avoid non-compliance fines?
> Danese Cooper
> --
> license-discuss archive is at

license-discuss archive is at

More information about the License-discuss mailing list