Return-Path: <push>
Return-Path: owner-openssl-dev@openssl.org
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id DAA22121
	for <levitte@stacken.kth.se>; Thu, 16 Mar 2000 03:08:37 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) for openssl-dev-L
	id CAA23388; Thu, 16 Mar 2000 02:50:47 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for <openssl-dev@openssl.org>
	from public.uni-hamburg.de id CAA23373; Thu, 16 Mar 2000 02:50:41 +0100 (MET)
Received: from localhost (mail@max1-169.public.uni-hamburg.de [134.100.43.169])
	by public.uni-hamburg.de (8.8.8/8.8.8) with ESMTP id CAA92920;
	Thu, 16 Mar 2000 02:50:11 +0100
Received: from um by localhost with local (Exim 2.05 #1 (Debian))
	id 12VOM8-0000Cl-00; Thu, 16 Mar 2000 01:41:40 +0100
Date: Thu, 16 Mar 2000 01:41:40 +0100
From: =?iso-8859-1?Q?Ulf_M=F6ller?= <ulf@fitug.de>
To: Eben Moglen <moglen@columbia.edu>, openssl-dev@openssl.org
Cc: Ben Laurie <ben@algroup.co.uk>, rms@gnu.org, members@apache.org,
        php-dev@lists.php.net
Subject: Re: [Eben Moglen <moglen@columbia.edu>] Re: US crypto export restrictionsand GNU (fwd)
Message-ID: <20000316014140.A604@rho>
Mail-Followup-To: Eben Moglen <moglen@columbia.edu>,
	openssl-dev@openssl.org, Ben Laurie <ben@algroup.co.uk>,
	rms@gnu.org, members@apache.org, php-dev@lists.php.net
References: <Pine.WNT.4.21.0003090021290.-31249-110000@vaio.php.net> <38CDFEEC.9C9159BD@algroup.co.uk> <200003150456.VAA29971@aztec.santafe.edu> <E12V7R4-0002c0-00@old.law.columbia.edu> <38CFC136.8B8873FE@algroup.co.uk> <E12VIgR-00030m-00@old.law.columbia.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 1.0.1i
In-Reply-To: <E12VIgR-00030m-00@old.law.columbia.edu>; from moglen@columbia.edu on Wed, Mar 15, 2000 at 01:38:15PM -0500
Sender: owner-openssl-dev@openssl.org
Precedence: bulk
Reply-To: openssl-dev@openssl.org
X-Sender: =?iso-8859-1?Q?Ulf_M=F6ller?= <ulf@fitug.de>
X-List-Manager: OpenSSL Majordomo [version 1.94.4]
X-List-Name: openssl-dev

On Wed, Mar 15, 2000 at 01:38:15PM -0500, Eben Moglen wrote:

> But they only apply to copies "in" the US that are going "out" of the
> US, because that's export, and export is what is controlled.  Whether
> copies that are "out" of the US have US-produced code in them makes no
> difference: they are not "in" the US and therefore export controls do
> not apply to them.

> the argument about "infection" misunderstands relevant American law

Then what is the proper understanding of "Foreign products developed
with or incorporating U.S.-origin encryption source code, components
or toolkits remain subject to the EAR" (EAR being the Export
Administration Regulations), which is a direct quote from the relevant
American law?


[From the U.S. Government Printing Office via GPO Access]
[DOCID: f:772.wais]

Part 772 - Definitions of Terms

Export Administration Regulations       January 2000

Definitions of Terms    Part 772-page
The following are definitions of terms as used in the Export
Administration Regulations (EAR).

 Reexport.  "Reexport" means an actual shipment or transmission
 of items subject to the EAR from one foreign country to another
 foreign country.  For purposes of the EAR, the export or
 reexport of items subject to the EAR that will transit through a
 country or countries, or be transshipped in a country or
 countries to a new country, or are intended for reexport to the
 new country, are deemed to be exports to the new country.  (See
 §734.2(b)of the EAR.)  In addition, for purposes of satellites
 controlled by the Department of Commerce, the term "reexport"
 also includes the transfer of registration of a satellite or
 operational control over a satellite from a party resident in
 one country to a party resident in another country.


>From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr14ja00-20]

Sec. 740.13  Technology and software--unrestricted (TSU)

    (e) Unrestricted encryption source code.
    (1) Encryption source code controlled under 5D002, which would be
considered publicly available under Sec. 734.3(b)(3) and which is not
subject to an express agreement for the payment of a licensing fee or
royalty for commercial production or sale of any product developed with
the source code, is released from ``EI'' controls and may be exported
or reexported without review under License Exception TSU, provided you
have submitted written notification to BXA of the Internet location
(e.g., URL or Internet address) or a copy of the source code by the
time of export. Submit the notification to BXA and send a copy to ENC
Encryption Request Coordinator (see Sec. 740.17(g)(5) for mailing
addresses). Intellectual property protection (e.g., copyright, patent
or trademark) will not, by itself, be construed as an express agreement
for the payment of a licensing fee or royalty for commercial production
or sale of any product developed using the source code.
    (2) You may not knowingly export or reexport source code or
products developed with this source code to Cuba, Iran, Iraq, Libya,
North Korea, Sudan or Syria.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org