Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!haven.umd.edu!umd5.umd.edu!roissy.umd.edu!mark From: mark@roissy.umd.edu (Mark Sienkiewicz) Newsgroups: comp.os.386bsd.questions Subject: Re: FreeBSD outside of US?? Date: 23 Aug 1993 16:40:35 GMT Organization: University of Maryland Lines: 85 Message-ID: <25aru3$cdv@umd5.umd.edu> References: <WS.93Aug22212223@kurt.tools.de> <258qov$i3e@landin.ecs.soton.ac.uk> <1993Aug23.083546.5676@gmd.de> NNTP-Posting-Host: roissy.umd.edu In article <1993Aug23.083546.5676@gmd.de> veit@mururoa.gmd.de (Holger Veit) writes: >So this brings up another interesting idea. Say we had a free site outside >the US, reasonably fast accessible from the US internet area, >give the FreeBSD people an account to log in there, and let them compose >the release of FreeBSD with "some crypt version" from Denmark. There should >be no legal restrictions on distributing this product, because the BSD code >itself is not restricted, and no line of crypt would have left the states. >What then about *importing* code into the US? Since numerous US ftp sites >carry gnu-crypt, and this should have come into the land through some network, >*I* would consider hosting of FreeBSD on an non-US site a solution to this >problem. Perhaps someone could explain the real legal status of such a >workaround? According to "International Traffic in Arms Regulations" (ITAR), anything that does encryption is a "munition". Such items require approval for both export *and* import. [See footnotes below] I propose that the solution is this: 1. *BSD should have a common source and object tree without encryption. 386bsd 0.1 did this. 2. There should be a US encryption package. This should be distributed only within the US. 3. There should be a non-US encryption package. This should be distributed only outside the US. The correct steps to fetch a *BSD distribution then become: 1. Get the common part (i.e. nearly everything) from wherever you can find it. Install it. 2. Get the encryption package for your site. This doesn't have to be from the same site. There could be some sites that have only the encryption package. Install it. It would be nice if the no-encryption version could work without fetching one of the encryption packages, but I don't consider that necessary. Footnote: Rare instance of me using a disclaimer: I'm not an expert in these areas. I'm just a guy who knows how to read (and type :). Section 121.1 General. The United States Munitions List. Category XIII - Auxiliary Miltary Equipment ... (b) Speech scramblers, privacy devices, cryptographic devices and software (encoding and decoding), and components specifically desinged or modified therefore, ...etc... ... Category XVIII Technical data (as defined in section 120.21) relating to the defense articles listed in other categories of the United States Munitions List. Section 123.1 Requirements for export licenses. (a) Any person who intends to export a defense article must obtain a license from the Office of Munitions Control prior to the export unless the export qualifies for an exemption under the provisions of this subchapter. ... Section 123.2 Imports No defense article may be imported into the United States unless (a) it was previously exported temporarily under a license issued by the Office of Munitions Control; or (b) it constitutes a temporary import/intransit shipment license under section 123.3; or (c) its import is authorized by the Department of the Treasury (see 27 CFR parts 47, 178, and 179). ... According to my reading, this makes it illegal to import or export the algorithm for Ceasers Cipher... Section 120.18 defines "Public Domain", but I couldn't find any reference to public domain in any of the other sections. There may be a loophole here somewhere...