Based on a conversation I had with Commerce Undersecretary William Reinsch
last night, as well as other crypto-savvy attorneys, I think it's probably
more useful to look at the first page of the draft. Open Source code,
believe it or not, would be essentially decontrolled by this proposal.
The draft starts thus:
"740.13 TECHNOLOGY AND SOFTWARE UNRESTRICTED (TSU)
"This License Exception authorizes exports and re-exports of operation
technology and software; sales technology and software; software updates
(bug
fixes); and "mass market" software subject to the General Software Note;
and
non-commercial encryption source-code. Note that encryption software is
no
longer subject to the General Software Note (see paragraph (d)(2) of this
section). "
(verbiage regarding the definition of mass-market software snipped)
It then includes the following as eligible for export:
"(1) Encryption source code controlled under 5D002 which would be
considered publicly available under Section 734.3(b)(3) and which is not
subject to any proprietary commercial agreement or restriction is released
from EI controls and may be exported or re-exported without review under
License Exception TSU, provided you have submitted to BXA notification of
the
export, accompanied by the Internet address (e.g. URL) or copy of the
source
code by the time of export. Submit the notification to BXA and send a
copy
to ENC Encryption Request Coordinator (see Section 740.17(g)(5) for
mailing
addresses). "
Now, telling the govt. what you're up to at the time you do it isn't exactly
free speech. But these regs were included _specifically_ to allow the export
of Open Source software. If you're looking for someone to thank or blame,
you should talk to Netscape, who wanted this badly for its Open Source
Mozilla effort. My sources tell me they were particularly concerned that MS
could ship its browser almost anywhere while they sat on the sidelines. So
why wasn't this mentioned back in September when they unveiled the plan?
Simple: they hadn't thought of it.
http://www.usatoday.com/life/cyber/tech/ctg734.htm
Will
> -----Original Message-----
> From: William Allen Simpson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 24, 1999 11:56 AM
> To: [EMAIL PROTECTED]
> Subject: Re: draft regulations?
>
>
>
>
> "Steven M. Bellovin" wrote:
> > > I was about to make a snide comment that they're just
> endorsing open source
> > software -- but is there any definition of "other
> restriction"? Does the GPL
> > count? Are they trying to ban any publication of anything
> that isn't flat-out
> > public domain? And if something is flat-out public domain,
> how can the
> > "exporter" impose the viral restrictions? For that matter,
> what is "export"?
> > Posting something to Usenet? Putting it up on a Web page
> or FTP server? The
> > act of downloading it?
> >
> These are excellent questions.
>
> I think the GPL counts. I think that BSD counts. I have no idea how
> the exporter imposes the viral restrictions, but I suspect that it
> could result in prosecution -- "a compare shows this line of code is
> identical to that line of US origin code, guilty as charged."
>
>
> "Salz, Rich" wrote:
> > I think they want to make sure that if some non-US package
> > (openssl being the example most obvious to me) picks it up
> > that it doesn't suddenly become "free." So it's not the GPL,
> > really, but more like the old BSD license.
> > /r$
> What I meant is, I'd like to contribute code to FreeSWAN, or OpenSSL,
> or whatever, but the inclusion of a single line of my code will make
> the entire thing subject to EAR regulation. Worse, a single line of
> code that "looks" like a line I published will subject the
> whole thing
> to regulation. Means we cannot publish _anything_ for fear
> of damaging
> the efforts of our freinds. Not good.
>
> [EMAIL PROTECTED]
> Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B
> 6A 15 2C 32
>
application/ms-tnef
