Question on OSD #5

Smith, McCoy mccoy.smith at intel.com
Sun Nov 25 17:16:27 UTC 2007


I'm no expert, but a summary of the relevant provisions of the BXA rules
are cached here:
http://cc.msnscache.com/cache.aspx?q=72374312506898&lang=en-US&w=b3ad595
a 
For some reason, the link on BIS's website (where normally you'd want to
go) is down:
http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html  Your
tax dollars at work.

-----Original Message-----
From: Lawrence Rosen [mailto:lrosen at rosenlaw.com] 
Sent: Friday, November 23, 2007 3:05 PM
To: 'License Discuss'
Cc: John Weathersby
Subject: RE: Question on OSD #5

Ben Tilly wrote:
> Not so fast.  There is plenty of open source encryption software that
> by US state classification is not allowed to be exported to a specific
> list of countries.  (Perhaps that is "was".  I haven't kept up on the
> issue.)  But nobody argues that those pieces of software are not open
> source.

Three comments about this:

1. Open Source Software Institute (OSSI, http://www.oss-institute.org/)
has
been instrumental in obtaining US DoD approval for OpenSSL, a general
purpose cryptographic library that works on all important platforms and
is
open source. [1] John Weathersby, executive director of OSSI, is copied
on
this email; he can answer your questions about that. There are open
source
alternatives for encryption.

2. Other than certain kinds of encryption software, I believe that US
law
allows open source software to be freely exported anywhere in the world.
Perhaps the relevant government agencies have concluded that it is
simply
impossible to stop open source software from proliferating. :-)
Furthermore,
because it is open source, the US government is free to use it, examine
it,
and perhaps take emergency action if open source software were being
used
dangerously. That is one advantage we have over proprietary software.

3. Although I am a lawyer, I am only vaguely familiar with the complex
specialty of US export laws. Do not take this email as legal advice, and
do
not assume it is even correct on the law. Perhaps a real expert will
speak
up here....

/Larry

[1]
http://www.oss-institute.org/index.php?option=com_content&task=blogcateg
ory&
id=84&Itemid=123 



> -----Original Message-----
> From: Ben Tilly [mailto:btilly at gmail.com]
> Sent: Friday, November 23, 2007 2:18 PM
> To: Chris Travers
> Cc: License Discuss
> Subject: Re: Question on OSD #5
> 
> On Nov 23, 2007 1:58 PM, Chris Travers <chris.travers at gmail.com>
wrote:
> > On Nov 23, 2007 11:09 AM, Ben Tilly <btilly at gmail.com> wrote:
> >
> > > The best known piece of software to successfully sneak out of a
> > > classified project in a high security facility is Perl.  Opinions
> > > differ on whether this was a good or bad thing. :-)
> >
> > IANAL....
[LR:] <snip>



More information about the License-discuss mailing list