[PHP-DEV] Re: [Eben Moglen <moglen <<i>email protected</i>>>] US crypto export restrictions and GNU email protected>>] US crypto export restrictions and GNU",1); ?> From: Colin Putney (cputney <email protected>)
Date: 03/17/00

>> -- Ben Laurie wrote:
>>
>> The claim is that should OpenSSL (a UK/German/ex-Australian
>> project) accept legally exported patches from the US, then OpenSSL
>> would become subject to US export regs. You appear to be saying
>> that that is not the case, correct?

-- Eben Moglen <moglen <email protected>> replied:

>> Correct. Any copy of OpenSSL present in the United States is subject
>> to export control, and it doesn't matter whether there are
>> US-produced patches in it or not. If it is controlled technology
>> (which OpenSSL is), if it is "in" the US, and if it is going "out,"
>> the regs apply. But they only apply to copies "in" the US that are
>> going "out" of the US, because that's export, and export is what is
>> controlled. Whether copies that are "out" of the US have
>> US-produced code in them makes no difference: they are not "in" the
>> US and therefore export controls do not apply to them. That's the
>> insanity of export control, but just because the regs are insane
>> doesn't mean we have to make them even more complex than they were.
>> Now that I understand in concrete terms what was being talked about,
>> I am ready to give a legal opinion: as to this set of facts, the
>> argument about "infection" misunderstands relevant American law
>> (nobody's fault, understanding this law was an activity for people
>> with strong capacity to suspend disbelief). Incorporation of
>> US-developed crypto in primarily non-US projects does nothing
>> whatever to change the regulatory status of those products when they
>> are "out" of the US. If the regs should become more restrictive in
>> future, a topic already discussed sufficiently, copies "in" the US
>> might not be able to leave, which would hardly matter since copies
>> "out" of the US could enter the US freely and circulate outside the
>> US freely without regard to US law (as opposed to the potentially
>> equally insane laws potentially prevailing elsewhere).

-- Randy Terbush <randy <email protected>> wrote:
 
> While I do find it hard to swallow, representatives of the BXA have
> stated, and confirmed their statement when asked to, that any
> offshore crypto project incorporating US export regulated software
> into these offshore projects will be subject to US export
> restrictions.

It seems to me that Eben is stating a basic difference between the
applicability of copyright law and export law. In some sense, copyright
law is attached to the work in question. Copyright follows it around
regardless of geography, duplication, or incorporation into larger
works.

In contrast, export law is not attached to the goods exported. It's
attached to the border. If you move crypto technology across the border
you're subject to export law. So the BXA statement is true, but leaves
unsaid the fact that offshore crypto projects have *always* been
subject to US export restrictions, regardless of the origin of the
code. It just wasn't a problem, because exporting them from the US was
unnecessary.

So the upshot of all this is that a hypothetical future restriction of
cryptography export might prevent US programmers from contributing to
foreign cryptography projects, but it would not expose them to
prosecution for contributions made now, nor would it affect the
projects incorporating those contributions.

Colin
---------------------------------------------
Colin Putney cputney <email protected>
Whistler Networks http://www.whistler.net/ 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>