Return-Path: Return-Path: owner-openssl-dev@openssl.org Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id VAA19020 for ; Wed, 15 Mar 2000 21:41:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for openssl-dev-L id VAA01301; Wed, 15 Mar 2000 21:04:58 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from eastwood.aldigital.algroup.co.uk id VAA01281; Wed, 15 Mar 2000 21:04:43 +0100 (MET) Received: from freeby.ben.algroup.co.uk (freeby.ben.algroup.co.uk [193.133.15.6]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id UAA03810 for ; Wed, 15 Mar 2000 20:04:12 GMT Received: from algroup.co.uk (naughty.ben.algroup.co.uk [193.133.15.107]) by freeby.ben.algroup.co.uk (8.6.12/8.6.12) with ESMTP id UAA00565 for ; Wed, 15 Mar 2000 20:04:34 GMT Message-ID: <38CFECBC.A5275491@algroup.co.uk> Date: Wed, 15 Mar 2000 20:04:12 +0000 From: Ben Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.7 [en] (WinNT; I) MIME-Version: 1.0 To: OpenSSL Dev Subject: [Fwd: [Eben Moglen ] Re: US crypto export restrictionsand GNU (fwd)] Content-Type: multipart/mixed; boundary="------------7F1E4019F170A6E51C9D2034" Sender: owner-openssl-dev@openssl.org Precedence: bulk Reply-To: openssl-dev@openssl.org X-Sender: Ben Laurie X-List-Manager: OpenSSL Majordomo [version 1.94.4] X-List-Name: openssl-dev This is a multi-part message in MIME format. --------------7F1E4019F170A6E51C9D2034 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit OK! A _real_ legal opinion! Cheers, Ben. -- SECURE HOSTING AT THE BUNKER: http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Coming to ApacheCon Europe? http://ApacheCon.Com/ --------------7F1E4019F170A6E51C9D2034 Content-Type: message/rfc822 Content-Disposition: inline Received: from mailgate.algroup.co.uk (mailgate-fw.algroup.co.uk [192.168.254.5]) by freeby.ben.algroup.co.uk (8.6.12/8.6.12) with SMTP id SAA29887 for ; Wed, 15 Mar 2000 18:38:38 GMT Received: (qmail 21926 invoked by uid 1002); 15 Mar 2000 18:38:17 -0000 Delivered-To: aldigit-ben@algroup.co.uk Received: (qmail 7511 invoked from network); 15 Mar 2000 18:38:16 -0000 Received: from emoglen.law.columbia.edu (HELO old.law.columbia.edu) (mail@128.59.176.134) by mailgate.algroup.co.uk with SMTP; 15 Mar 2000 18:38:16 -0000 Received: from eben by old.law.columbia.edu with local id 12VIgR-00030m-00; Wed, 15 Mar 2000 13:38:15 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii To: Ben Laurie Cc: rms@gnu.org, members@apache.org, php-dev@lists.php.net Subject: Re: [Eben Moglen ] Re: US crypto export restrictionsand GNU (fwd) In-Reply-To: Ben Laurie's message of Wed, 15 Mar 2000 16:58:30 +0000 <38CFC136.8B8873FE@algroup.co.uk> References: <38CDFEEC.9C9159BD@algroup.co.uk> <200003150456.VAA29971@aztec.santafe.edu> <38CFC136.8B8873FE@algroup.co.uk> From: Eben Moglen Message-Id: Date: Wed, 15 Mar 2000 13:38:15 -0500 Content-Transfer-Encoding: 7bit On Wed, 15 March 2000, Ben Laurie wrote: The claim is that should OpenSSL (a UK/German/ex-Australian project) accept legally exported patches from the US, then OpenSSL would become subject to US export regs. You appear to be saying that that is not the case, correct? Correct. Any copy of OpenSSL present in the United States is subject to export control, and it doesn't matter whether there are US-produced patches in it or not. If it is controlled technology (which OpenSSL is), if it is "in" the US, and if it is going "out," the regs apply. But they only apply to copies "in" the US that are going "out" of the US, because that's export, and export is what is controlled. Whether copies that are "out" of the US have US-produced code in them makes no difference: they are not "in" the US and therefore export controls do not apply to them. That's the insanity of export control, but just because the regs are insane doesn't mean we have to make them even more complex than they were. Now that I understand in concrete terms what was being talked about, I am ready to give a legal opinion: as to this set of facts, the argument about "infection" misunderstands relevant American law (nobody's fault, understanding this law was an activity for people with strong capacity to suspend disbelief). Incorporation of US-developed crypto in primarily non-US projects does nothing whatever to change the regulatory status of those products when they are "out" of the US. If the regs should become more restrictive in future, a topic already discussed sufficiently, copies "in" the US might not be able to leave, which would hardly matter since copies "out" of the US could enter the US freely and circulate outside the US freely without regard to US law (as opposed to the potentially equally insane laws potentially prevailing elsewhere). It used to be that giving export control advice consisted of helping clients to comprehend unbelievably ridiculous statements in the present tense. Giving such advice now largely consists of helping clients to comprehend unbelievably ridiculous statements in the future conditional subjunctive. That's some kind of progress. -- Eben Moglen voice: 212-854-8382 Professor of Law & Legal History fax: 212-854-7946 moglen@ Columbia Law School, 435 West 116th Street, NYC 10027 columbia.edu General Counsel, Free Software Foundation http://emoglen.law.columbia.edu --------------7F1E4019F170A6E51C9D2034-- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majordomo@openssl.org