export policy, was Re: Package Maintainers Flags policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 26 May 2009, Tom "spot" Callaway wrote:

Though I am also not a lawyer, I did look into things, being upstream
for openswan and an author of a book containing crypto, a rather crypto
heavy application and book...

There are 6 countries that Fedora cannot be legally exported to (as a
result of US export restrictions):

Cuba, Iran, Iraq, North Korea, Sudan and Syria

I think technically, this restriction only applies on the export of the
software out of the US. For those outside the US, US law/doctrine does
not apply (even though the US claims it does). Rather, for most Western
countries, implementation of the Wassenaar Agreement in local law applies,
where some countries have extended the export restrictios as set forth in
the Wassenaar Agreement. In Europe, there is also the European Union
Dual-Use Export laws.

These are known as the "T-6" countries. No individual associated with
the Fedora project (or mirror site) should provide Fedora software to
anyone in those countries, even if they are not in the US.

This is again US doctrine. It becomes even stranger as in my case, Fedora
imports openswan from The Netherlands, and then tells me I could not obtain
my own GPL licensed code to do what is legal within my country? Though in
this case, there is a large overlap of implementation of the Wassenaar
Agreement.

"Because Fedora software contains encryption technology, Fedora software
and technical information is subject to the U.S. Export Administration
Regulations and other U.S. and foreign law, and may not be exported or
re-exported to certain countries (currently Cuba, Iran, Iraq, North
Korea, Sudan and Syria)

See above. Note that the Wassenaar Agreement excludes software that is
in the "public domain", eg free/open source software.

or to persons or entities prohibited from
receiving U.S. exports (including those (a) on the Bureau of Industry
and Security Denied Parties List or Entity List, (b) on the Office of
Foreign Assets Control list of Specially Designated Nationals and
Blocked Persons, and (c) involved with missile technology or nuclear,
chemical or biological weapons).

This is technically a violation of GPL, and could mean that
anyone distributing Fedora with those restrictions has lost their rights
to use and/or distribute the GPL software contained within Fedora.

You may not download Fedora software or
technical information if you are located in one of these countries, or
otherwise affected by these restrictions. You may not provide Fedora
software or technical information to individuals or entities located in
one of these countries or otherwise affected by these restrictions. You
are also responsible for compliance with foreign law requirements
applicable to the import and use of Fedora software and technical
information."

This is just boilerplate for more "US law applies to non-US citizens
because we say so" doctrine. Though it does not apply to non-US citizens,
there is a risk. I formulated it like this in the Openswan book:

Unrecognised international claims

Certain countries claim jurisdiction even outside their national
borders. Most notably, France claims the right to “regulate information
on foreign servers”, Italy assumes jurisdiction over sites "directed to
an Italian audience" and the US reserve the right to prosecute "offenses
against American interests" according to US law, irrespective of where
they take place.

You may want to consider the possibility that you can be sued or
prosecuted in another country. Additionally, if you are physically in
a country other than the Netherlands when you download our software,
you are probably subject to that country's jurisdiction anyway. And if
your download happens to pass a router under US control (say in Guam),
the US might make additional claims to rights for restriction of your
packets or even your person.


Note that this text was written a few years ago. For an updated situation,
one should probably consult their local lawyer, please the updates from
http://www.wassenaar.org/

Paul

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux