Question on OSD #5

Chris Travers chris.travers at gmail.com
Fri Nov 23 23:29:45 UTC 2007


On Nov 23, 2007 3:04 PM, Lawrence Rosen <lrosen at rosenlaw.com> wrote:

>
> 2. Other than certain kinds of encryption software, I believe that US law
> allows open source software to be freely exported anywhere in the world.
> Perhaps the relevant government agencies have concluded that it is simply
> impossible to stop open source software from proliferating. :-) Furthermore,
> because it is open source, the US government is free to use it, examine it,
> and perhaps take emergency action if open source software were being used
> dangerously. That is one advantage we have over proprietary software.

IANAL, etc. but even open source encryption software is largely
unrestricted (there are, however, notification requirements).  I would
of course suggest seeking legal help to work through the complexities
of this area of law, but I don't see it as a major problem.

The relevant regulation is EAR, section 740.  Section 740.6 covers
computers and software generally and forbids export to embargoed
countries.  740.8 covers key management infrastructure and contains
some additional restrictions.  However, the real meat is in 740.13
entitled "Technology and Software -- Unrestricted."

Even encryption software, as I understand it, can be exported anywhere
in the world provided that the following holds true:
1)  The source code must be published or otherwise deemed publicly
available under other EAR 734 provisions.
2)  No fee may be charged for the software, nor can there be any
expectation of any sort of payment
3)  One must notify the BIS and the ENC any time the encryption
functionality changes.

The EAR also states (quite helpfully) that:
                                                " Note to paragraph
(e). Posting encryption
                                              source code and
corresponding object code on the
                                              Internet (e.g., FTP or
World Wide Web site)
                                              where it may be
downloaded by anyone neither
                                              establishes "knowledge"
of a prohibited export or
                                              reexport for purposes of
this paragraph, nor
                                              triggers any "red flags"
necessitating the
                                              affirmative duty to
inquire under the "Know Your
                                              Customer" guidance
provided in Supplement No.
                                              3 to part 732 of the EAR."

HTH,
Chris Travers



More information about the License-discuss mailing list