Interesting People mailing list archives
IP: more on two on New Encryption Regulations
From: David Farber <farber () cis upenn edu>
Date: Thu, 13 Jan 2000 12:19 +0000
----Original Message----- From: shapj () us ibm com To: farber () cis upenn edu Subject: Re: IP: Twp on New Encryption Regulations Date: Thursday, January 13, 2000 7:05 AM [For IP]
* Source code that is "not subject to an express agreement for the
payment
of a licensing fee or royalty for commercial production or sale of any product developed with the source code" is freely exportable to all but
the
T-7 terrorist countries.[Brett Glass writes:] ...The way I read this, ... code licensed under the GNU General Public License (GPL) would not be exportable, because the license restricts the development of a commercial product based on the
code. I took part in some of the review process for the new regs, and I think Brett is mistaken. Code licensed under GPL does not require payment of a licensing fee or royalty and is therefore exportable under the above regulation. The fact that such code places the same restriction on the surrounding product is immaterial to the regulation. The curious point that nobody seems to want to comment on is that the regulation *only* lightens the load for open source code. The question that we really should be asking is: "What is it about open source that warrants this exemption, or shouldn't we extend it to software in general?" IMHO, the answers respectively are "nothing" and "of course." The second question we should be raising is "What about secure operating systems?" Crypto is essentially useless if the end system is insecure. Today, such operating systems are not exportable. The effect of this law is that you can't sell a secure OS to an international corporate customer. An OS you can't sell is pretty useless, so nobody develops them. What the current policy means that *everyone* is naked and vulnerable together. Because of the DoD's "commercial off the shelf procurement" policy (basically a good idea), the armed forces are in the same boat as the rest of us. For that matter, NATO derives a significant portion of its equipment from the US. Most importantly, the command and control designs for NATO are compatible with US designs. With apologies to Tom Lehrer: ... and if the bomb that drops on you gets the Chinese embassy too they'll be nobody left behind to grieve. Hopefully, we will fix this problem before some clever enemy commander drops a US-launched device on a US target. Jonathan S. Shapiro, Ph. D. Research Staff Member IBM T.J. Watson Research Center Email: shapj () us ibm com Phone: +1 914 784 7085 (Tieline: 863) Fax: +1 914 784 6576
Current thread:
- IP: more on two on New Encryption Regulations David Farber (Jan 13)
- <Possible follow-ups>
- IP: more on two on New Encryption Regulations David Farber (Jan 13)
- IP: more on two on New Encryption Regulations farber (Jan 13)
- IP: more on two on New Encryption Regulations farber (Jan 13)