Bruce Perens writes: > From: Seth David Schoen <[EMAIL PROTECTED]> > > The OSI does worry about export restrictions as license conditions; that > > was a problem with the original Apple Public Source License. There is > > still some controversy about that license, but the OSI got Apple to remove > > the export-restriction language from the license entirely. > > The problem with the APSL export language was that it broadened the scope > of U.S. law to cover other countries, etc. The ATT language does not. It > says you assure ATT you won't violate U.S. export laws. This: > > 1. Lets ATT off the hook if you do - very important.
Users should perhaps have to affirm that they are aware of the export laws when they download the software -- but _not_ promise to abide by them as a license condition! Some software distributors make you say "I am aware of the export laws" and some make you say "I promise to abide by the export laws". There is a _huge_ difference between the two policies; the former is doing you a service by preventing you from getting in trouble by accident, while the latter is adding new restrictions on your behavior. (Whether these restrictions are "new" in the sense of creating previously nonexistent obligations is a very contentious political debate. But, as I will mention below, there is a practical consequence: there could be more or different penalties associated with violating the restrictions.) > 2. Only applies if you violate U.S. laws in their scope. If you export the > software from Europe, it's not a violation. The US government shows a tendency toward believing that the export laws have been violated when code written by US citizens ends up outside of the US _at all_ (in places where the government doesn't want it to be), even if there are theoretically legal means by which it could have gotten there. (I'm thinking of the investigation of Phil Zimmermann.) So maybe the US will even say at some point that US export laws are extraterritorial. The license certainly doesn't say anything about whether the laws are extraterritorial or not. > There's no cryptography in there, anyway. I don't think there was any BXA-restricted cryptography in Apple's release of Darwin either. The applicable export restrictions are not the controls on cryptography but the prohibitions against providing technical assistance to the "state sponsors of terrorism" and their citizens. I believe that there there are currently seven countries on that list. I had a very broad objection to the whole idea of writing any export restrictions into a free software license at all. My original statement of that objection was a little long-windered. Let me see whether I can express it more concisely with an example. Suppose that there is some supposedly free software package which is useful to someone in country Foo, whose government is a state sponsor of terrorism, or country Bar, whose government isn't a state sponsor of terrorism, but, if this package perhaps contains cryptography, to whose citizens the US nonetheless makes it illegal to send this package. Disbelieving in the legitimacy of those restrictions, free software user Baz, a US citizen, sends copies of the package to friends in Foo and Bar. If Baz is discovered by the US government, and it's in a bad mood, he might be punished for violating the Arms Export Control Act or various other export restriction laws. OK, Baz understood what he was doing, and hopefully he encrypted the package before exporting it -- but perhaps he gets caught somehow and prosecuted. There's not much he can do about that. But now the author of the package, or a contributor, can sue Baz for _copyright infringement_ for exporting the package illegally, because this violates the license terms and so infringes copyright! So, not only is Baz potentially criminally liable for violating export laws, but he is then _also_ potentially liable for a separate civil copyright penalty. That means that the copyright holder, by writing export law into the license, has helped _enforce_ the export law by creating a new penalty for violating it. It's not reasonable to say that "free software authors will never sue people for exporting packages". Free software authors are human, too -- or sometimes corporate. Perhaps they don't like Baz for other reasons, or the government encourages them to sue, or they have political beliefs of their own and may disapprove of Baz's decision to help make the software more widely available. Or they may just want to send a message or help protect their copyright. If a restriction in a license would _never_ be enforced by a copyright holder, it shouldn't be in the license. That's why the OSD/DFSG says that the license "must not discriminate"; I said concerning that APSL that if your license helps enforce a discriminatory law, by making people promise to discriminate or by creating an extra penalty for people who don't discriminate, then your license _does_ discriminate. I think this is true with this license, also: if the license requires people in the US not to send the software to (for instance) citizens of the state sponsors of terrorism, then the license is discriminating against those people. Also, under international copyright treaties, it might be difficult for people in other countries to use the package if they got it as a result of an action which violated the terms of the license. I could even imagine that users might be expected to demonstrate how they got their software legally, which is an extra burden on them. (Think what this would mean for crypto software, or even for an anonymous crypto patch to a US-origin package with a license condition about compliance with US export laws!) I would also argue that the possibility that transfers to particular groups of users should ultimately fail to provide those users with a valid license to use the software is inconsistent with the "Distribution of License" requirement in the OSD/DFSG. If you get a package as a result of an illegal export, your rights under copyright law to use that package should not be affected. -- Seth David Schoen <[EMAIL PROTECTED]> | And do not say, I will study when I Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5