Return-Path: <push>
Return-Path: moglen@columbia.edu
Received: from old.law.columbia.edu (mail@emoglen.law.columbia.edu [128.59.176.134])
	by brev.stacken.kth.se (8.9.3/8.9.3) with SMTP id TAA02117
	for <levitte@stacken.kth.se>; Thu, 16 Mar 2000 19:13:13 +0100 (MET)
Received: from eben  by old.law.columbia.edu
	with local id 12Velj-0003Vc-00; Thu, 16 Mar 2000 13:13:11 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Richard Levitte - VMS Whacker <levitte@stacken.kth.se>
Subject: Re: [Eben Moglen <moglen@columbia.edu>] Re: US crypto export restrictionsand GNU (fwd)
In-Reply-To: Richard Levitte - VMS Whacker's message of Thu, 16 Mar 2000 09:39:43 +0100
      <20000316093943B.levitte@pizza.stacken.kth.se>
References: <E12VUq1-000371-00@old.law.columbia.edu>
	<20000316093943B.levitte@pizza.stacken.kth.se>
From: Eben Moglen <moglen@columbia.edu>
Message-Id: <E12Velj-0003Vc-00@old.law.columbia.edu>
Date: Thu, 16 Mar 2000 13:13:11 -0500

On Thu, 16 March 2000, Richard Levitte - VMS Whacker wrote:

  Hello Eben,
  
  I'm one of the OpenSSL deevelopers, and I'm personally very grateful
  that you came out and set the record straight for us all, as I'm sure
  basically everyone you've reached is.  Thank you.
  
  Now, there's a lieelt thing I want to make sure I got right.  My
  english is not always that good, so I just want to tell you how I
  interpreted what you wrote below, and all I want to know is if my
  interpretation was correct or not:
  
  moglen> [...].  In the worst case analysis, components exported
  moglen> now might subsequently become non-exportable in the event that
  moglen> regulations in the US become more restrictive.  No one would be
  moglen> subject to prosecution or interference as a result of export occurring
  moglen> before the change in regulations (that's a matter of constitutional
  moglen> law in the US), but all subsequent development of those components
  moglen> would then have to occur somewhere other than here.  No code not
  moglen> originally developed in the US would be subject to this tightened
  moglen> regulatory environment, unless such code were "in" the US, in which
  moglen> case the particular copy that was "in" the US wouldn't be able to
  moglen> leave again--a restriction which makes no difference.
  
  I interpret it as this: if we insert a piece of US-originated code
  into OpenSSL today, or receive something from the US today that we
  plan to insert into OpenSSL the day after tomorrow, and the
  regulations are changed to something restrictive tomorrow, we're safe
  and don't have to remove that code from OpenSSL.
  
  Correct or not?  I'm under the interpretation that it is correct, but
  I've had discussions with people that are paranoid around this
  scenario.

Correct.  What's exported will stay exported.  Further development of
such code might have to occur outside the US, but no code will have to
be removed.

Best regards.

-- 
 Eben Moglen                       voice: 212-854-8382 
 Professor of Law & Legal History    fax: 212-854-7946        moglen@
 Columbia Law School, 435 West 116th Street, NYC 10027      columbia.edu
 General Counsel, Free Software Foundation   http://emoglen.law.columbia.edu