OSI enforcement?

Tzeng, Nigel H. Nigel.Tzeng at jhuapl.edu
Tue Jan 8 16:14:41 UTC 2008 

>...the term was in use more than ten years before the
> creation of the OSI.  One specific example referenced by the Wikipedia
> article on Open Source is its use by the NSA in a February 1987
> position paper arguing in favor of placing cryptographic software
> under ITAR.  
 
Ah...the term "open source" means something slightly different in the intelligence community.  Perhaps that's what you mean but it wasn't applied to software.
 
In this context it means that the code was derived from public knowledge (presumably the encryption algorithm) and not from a classified or some other kind of intel source but even so, it falls under export control for crypto.  It's confusing because its used in conjunction with a software discussion.
 
That's probably still unclear so let me give a better example.  If you look in Jane's Fighting Ships and find out that a submarine has a top speed of 30 knots you got information from an "open source" because Jane's is available to anyone in the public.  You can put that in your computer sub simulation without running afoul of any classification problems.
 
If you have a classfied document that tells you that a submarine has a top speed of 30 knots it's not from a publically available source and your software is now classified.
 
http://en.wikipedia.org/wiki/Open_source_intelligence
 
The wikipedia entry is moderately unclear...yes the term open source existed prior to its use in terms software but in this case it applied to the DES algorithm (math) and not to the code.
 
That said, however, given that the term open source already had a meaning of "freely available to the public" and DARPA's influence to networking, computing, etc...it simple seems natural to make that extension to software when talking about software that is also freely available to the public to do what they want with it.  That may not have been part of the discussion in Palo Alto but for anyone aware of the previous meaning it fits right in.
 
Interestingly, for anything other than crypto...releasing code to open source you can skip most export restriction stuff assuming it was unclassified.  However, there are some interesting things that the Dept of State doesn't consider important enough to be export controlled that has surprised the heck out of me but I digress.
 
Regards,
 
Nigel
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20080108/fb6ad160/attachment.html>

More information about the License-discuss mailing list