From: Marc Balmer <[EMAIL PROTECTED]> writes:
> Date: Wed, 14 Jun 2006 00:22:12 +0200
> From: Marc Balmer <[EMAIL PROTECTED]>
> To: Michael Scheliga <[EMAIL PROTECTED]>
> Cc: Hank Cohen <[EMAIL PROTECTED]>, misc@openbsd.org
> Subject: Re: Hifn policy on documentation
>
> * Michael Scheliga wrote:
> > truly open to the "general public" anonymous download site. I doubt
> > that the documentation that is being requested by developers is putting
> > you in violation of US Export Regulations. Your customer's locations
>
> I live in Switzerland. Do I give a fuckin' rats ass for US Export
> Regulations?
>
>
Clearly you don't. The vendor probably does.
[ I do know somebody who once seriously inquired into the procedure
to send in partial dead rat corpses to city hall. Seems the
state had a bounty program on the books from a century ago ... ]
In this case, the vendor appears to be talking about documentation,
which means they're actually confused. EAR covers chips but not
documentation. By US law they *have* to care about the chips.
Otherwise they're not in business. However the same law and a bunch of
court cases also makes a big thing about "free speech". For quite a
number of years, when cryptography was considered a munition and not
allowed to be exported without special license, people were writing
books and talking about cryptography almost entirely without problems.
Somebody needs to point this out to them; there's simply no defensible
US export legal reason for them to make people fill out web forms of
any form to acquire human readable documentation.
If the purpose of their web registration was to satisfy US export
purposes, it would still be different. Such a form would mainly be
concerned with issues like "where do you live" - "can you prove you are
a US citizen" - and nothing more. The MIT folks distributed kerberos
source via http with just such a registration system for a number of
years.
If they're asking 50 nosey personal questions, that's not US export
law. That's business accounting and marketing think, 100% (or possibly
a *really* bad lawyer.) They want to know where to send the next load
of junk mail so they can spend their advertising dollars "most
effectively". They may want to resell that information to other people
in similar businesses. Their sales people want to know if you call
with questions after that whether you're going to buy enough of their
product to make it worth their time to answer your questions. Maybe
they're imagining they can reduce product liability claims - although I
don't know of very many product liability cases that were won by
failing to disclose problems. Seems like they're more likely to
succeed at reducing product liability by reducing customer interest and
usage. It's conceivable they think their competitors are actually
stupid enough that this form will stop them from learning about what
they're doing or coming up with better ways to do it. In any event,
however justifiable they think they are in their business practices, it
still stinks, and it bodes ill for their long-term business health.
I wish their competition the best of luck.
-Marcus Watts
