Mozilla Firefox Not In Violation of US Export Rules 127
darthcamaro writes "While the internet may know no borders, the US government does. There are a number of rules that affect software vendors, including encryption export regulations from the US Department of Commerce and export sanctions by the Department of Treasury. But what do you do when your application is open source and freely available to anyone in the world? Do the same the rules apply? It's a question that Mozilla asked the US government about. The answer they received could have profound implications not just for Firefox but for all open source software vendors. 'We really couldn't accept the notion that these government rules could jeopardize the participatory nature of an open source project, so we sought to challenge it,' Harvey Anderson, VP and General Counsel of Mozilla, told InternetNews.com. 'We argued that First Amendment free speech rights would prevail in this scenario. The government took our filing and then we got back a no-violation letter, which is fantastic.'"
Re:This is a common problem for OSS (Score:5, Informative)
Re:free speech (Score:5, Informative)
if firefox is shielded from these export restrictions because of first amendment protection wouldn't any open source implementation of strong encryption also be protected? wouldn't this make those export restrictions very nearly mute?
Don't people remember what happened with Phil Zimmerman over PGP?
The munitions classification on encryption software was used against him for posting the PGP source code on Usenet. They really, really wanted to nail him to the wall over that one.
There was a certain irony in the restrictions on exporting crypto software deemed 'munitions'. You could take the source, publish it as a book in an OCR font (with the page numbers between comment delimiters), and export it anywhere in the world.
Re:free speech (Score:5, Informative)
Yes, it contributed correctness to the world - always a good thing.
Seriously, it also (if the original poster is able to take criticism) helped them avoid this mistake in the future, potentially in front of a prospective client/etc.
There's a big difference between a typo or otherwise one-off failure and mistaking one word for another. It's nitpicking over typos because it's unlikely someone thinks 'teh' is correct, but when they use a word like mute in place of moot - not easily mistyped but easily mistaken - it's usually an indicator that they don't know better.
Mozilla General Counsel considered clueless? (Score:5, Informative)
Ho-hum. Unrestricted export of open-source products incorporating encryption from the US has been legal for quite a while. All you have to do is file an application with the Feds under the Export Regs Section 740.13 "TECHNOLOGY AND SOFTWARE -- UNRESTRICTED (TSU)" before you make the source and binaries available, and you don't have to screen downloads or worry if the Officially Designated Bad Guys download your code: your ass is covered.
This war was won a loooong time ago by Philip Zimmermann [wikipedia.org] when the Feds wanted to crush him for releasing PGP. All props go to Phil!
The Regulation in point: (Score:3, Informative)
Section 740.13 (e) "(6) "Knowledge" of a prohibited export or reexport. Posting of source code or corresponding object code on the Internet (e.g., FTP or World Wide Web site) where it may be downloaded by anyone would not establish "knowledge" of a prohibited export or reexport. See Section 740.13(e)(4) of the EAR for prohibited knowing exports to Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. In addition, such posting would not trigger "red flags" necessitating the affirmative duty to inquire under the "Know Your Customer" guidance provided in Supplement No. 3 to part 732 of the EAR."
Just to establish that this is really... not news. Just PR, move along folks, nothing to see here.
Its only semi-fantastic. (Score:3, Informative)
"The government took our filing and then we got back a no-violation letter, which is fantastic.'"
Mozilla basically asked if it would be okay if Mozilla (not you, not me, not everybody else) could put strong encryption in their software. They didn't get a court ruling--they got permission. And there's nothing wrong with that, but it doesn't mean they are some champions of free speech rights. No, it means that they have successfully looked after their own interests. And other, particularly smaller, open source developers shouldn't expect to have the same good fortune in getting permission.
Not to be too grumpy. It is good news that somebody was exempted from a stupid regulation.
Re:What we obviously need: (Score:3, Informative)
You mean something like Freenet [freenetproject.org]?
The hard problems for such a network involve things like searching and routing. Freenet isn't exactly fast, but it's worlds more secure than anything else for this sort of thing (even so, it's far from perfect). It's also quite usable for things like browsing freesites (Freenet-hosted websites), and publishing controversial content (though large, unpopular files don't stay around forever, due to limits on disk space (and probably some bugs, but we're working on those)).
Of course, if the problem is the encryption itself, which Freenet makes rather heavy use of, the problem is rather harder.
Re:This is a common problem for OSS (Score:3, Informative)
Because the project leader is Canadian. The lack of crypto export laws in Canada is just a bonus.
Re:free speech (Score:3, Informative)
No, "irregardless" is a nasty habit. Mistaking there or their for they're or any combination thereof is a nasty habit, since it's usually laziness that drives people to use the spelling without the apostrophe.
Using mute for moot is like using affect instead of effect: a sign of ignorance. And as we all understand inherently, the best thing with which to counter ignorance is knowledge.
Re:What the heck is going on today? (Score:2, Informative)
Change you can believe in. :-)
Re:This is a common problem for OSS (Score:3, Informative)
I work in Aerospace and it is much the same. The loss to US business is not that bad because ITAR extends to any business which deals with the USA. So most external competitors will be subject to the same laws.
Re:Oblig xkcd... (Score:3, Informative)