Daniel Haran wrote:
> After reading the license and the Debian Free License guidelines, I am
> puzzled by the following: (at http://www.mozilla.org/releases/)
Disclaimer: I am not a lawyer, this is not legal advice, this is just a
personal opinion from someone who has studied US export control
regulations in the past.
> This source code is subject to the U.S. Export Administration Regulations
> and other U.S. law, and may not be exported or re-exported to certain
> countries (currently Afghanistan (Taliban controlled areas), Cuba, Iran,
> Iraq, Libya, North Korea, Serbia (except Kosovo), Sudan and Syria) or to
> persons or entities prohibited from receiving U.S. exports (including
> Denied Parties, entities on the Bureau of Export Administration Entity
> List, and Specially Designated Nationals).
This restriction is imposed on all encryption code (or software
containing encryption code, like Mozilla) that is developed in the US,
even if the code is released as open source or free software.
> This seems to conflict with The Debian Free Software Guidelines:
>
> --
> 5- No Discrimination Against Persons or Groups
>
> The license must not discriminate against any person or group of persons.
The restriction on export is not imposed by the Mozilla license(s), it
is imposed by the US government, and applies equally both to the creator
of the software (i.e., the licensor) and those to whom the software is
distributed (i.e., the licensees).
The FSF discusses this issue in relation to free software in the
document "What is Free Software":
http://www.gnu.org/philosophy/free-sw.html
To quote from that document, "Sometimes government export control
regulations and trade sanctions can constrain your freedom to distribute
copies of programs internationally. Software developers do not have the
power to eliminate or override these restrictions, but what they can and
must do is refuse to impose them as conditions of use of the program. In
this way, the restrictions will not affect activities and people outside
the jurisdictions of these governments."
The export restrictions in question are _not_ part of the license(s) for
the Mozilla code, hence they are not imposed as "conditions of use" of
the program. Therefore in my opinion the restrictions do not prevent
Mozilla from being considered free software by the FSF, nor would they
prevent Mozilla from being considered free software according to the
DFSG, or open source software according to the OSD.
The export restrictions may not apply to people in countries other than
the US, depending on their circumstances. (This is not a simple issue,
which is why I wrote "may not"; for example, I think the restrictions
may still apply to people working for non-US subsidiaries of US
corporations.) Also, if the US government ever totally eliminated
encryption export control then the restrictions would totally go away,
because they are not part of the Mozilla license(s).
> Is this just a legal thing to cover your behinds?
It is a legal notice intended to inform people, especially people
intending to redistribute Mozilla, that Mozilla contains code whose
export from the US is restricted (to some degree) by US government
regulations. In that sense it is more than "covering [our] behinds", it
is important information that Mozilla distributors need to know about.
This is especially true for distributors in the US who create and
distribute proprietary products based on Mozilla; depending on the
nature of their products, US-based Mozilla distributors may need to
formally apply for an export license for their products.
> Having the legal
> disclaimer on the download page hardly stops someone in those countries
> from using Mozilla...
IMO US encryption export control regulations have never been about
stopping people in other countries from using US-developed encryption
software. But that's a discussion for another day ...
> and someone posting software can't be held responsible for who downloads it.
Actually, in the US that was not quite true prior to January 2001, when
the US encryption export control regulations were "liberalized". Prior
to those changes, people in the US posting encryption software for
Internet download were required to implement various forms of access
control and logging to attempt to restrict downloads by people in
countries to which exports were restricted.
However the current regulations are looser. People in the US (including
mozilla.org) are still prohibited from "knowingly" exporting open source
encryption code to Iraq, etc. -- for example, by transmitting such code
via private email -- but may put open source encryption code up for
unrestricted public download without running afoul of that prohibition.
So, yes, you are correct, at present someone in the US who posts open
source encryption software is not held responsible for who downloads it.
> Since I believe the people in those countries can use the internet to help
> get rid of some of the assholes governing them, it seems a shame that the
> US gov would try to bar browsers.
The US encryption export regulations do not bar people in other
countries from downloading and using Mozilla. What they prohibit is
people knowingly exporting encryption-based products to some countries.
As an example, the regulations give the US government a legal basis to
prosecute US-based companies and individuals who sell encryption
hardware and software to, say, the Iraqi military. Whether one agrees
with this policy or not, people in the US need to be aware of how such
policies might affect them. Fortunately, the current regulations provide
some loopholes for distribution of free and open source software. (This
was not the case prior to January 2001.)
> If Americans must post the US Exports reminder, would you
> consider a way of contextualizing it to poke fun at it?
Unfortunately US government encryption export regulations are not fun at
all for people who have to comply with them, especially for commercial
companies, and especially if people violate the regulations in a way
that brings the US government down on them :-(
However IMO you are right that the reminder needs more
"contextualizing"; I've proposed adding a sentence like "Note that the
mozilla.org download sites are located in the U.S., and some Mozilla
code implements encryption functions; whether we as individuals agree
with U.S. government policies on encryption export or not, we must
advise you of the following:" (followed by the existing notice).
Frank
--
Frank Hecker work: http://www.collab.net/
[EMAIL PROTECTED] home: http://www.hecker.org/
