[Fingerforce-devel] 0.4 release soon?
Daniel Drake
dsd at gentoo.org
Mon Nov 26 23:14:22 UTC 2007
Radek Bartoň wrote:
> OK, thanks for clearance. I understand that that there are no restrictions to
> use it in derived work anywhere
The export administration regulations do not reach into areas defined by
standard copyright law. But yes, like all NIST software the licensing of
this software is "uncopyrighted and in the public domain".
The export issues concern the contents/capabilities of the software.
> but they are if both you distribute it from
> US and it is not publicly avaiable anyway.
The EAR covers all exports by default but includes some exceptions that
make certain exports not subject to the EAR. One such exception is for
publicly available information, or information that is made public at
the point of exportation.
> This is then same issue as with
> cypher algorithms and for example FreeType library.
No, those issues are related to encryption and have entirely different
requirements under the EAR. For a full writeup of crypto stuff vs EAR,
see http://www.debian.org/legal/cryptoinmain
The exception I noted above (publicly available information) actually
has a counter-exception clause, the real exception is more along the
lines of: if your software is publicly available information, it is not
subject to the EAR, unless it contains crypto/cypher code.
So unfortunately projects like freetype/openssl/X aren't able to use the
same escape clause that we're using here.
> So the comments in NBIS
> code is just feint to fullfill US laws and not meaned as intentioned
> restriction for NBIS usage on the part of its developers.
Not sure exactly which comment you're referring to.
This comment is written by NIST:
> It is our understanding that this falls within ECCN 3D980, which covers
> software associated with the development, production or use of certain
> equipment controlled in accordance with U.S. concerns about crime control
> practices in specific countries.
>
> Therefore, this file should not be exported, or made available on fileservers,
> except as allowed by U.S. export control laws.
>
> Do not remove this notice.
They are not required to include that notice by law, but given that they
think it would be a violation then it's quite sensible for them to do
so. However NIST told me previously that they actually don't know
whether NBIS would be classified under ECCN 3D980, they just think that
it might and are playing it safe (and have no interest in finding out a
real answer).
In other words, they aren't very familiar with the EAR, which is obvious
considering they've also missed the public information exception and the
whole thing is made redundant.
The reason this comment exists is because they do not have an accurate
understanding of the EAR. I have confirmed that their export precautions
are unnecessary.
Or you may have been referring to this comment is written by me:
> /* NOTE: Despite the above notice (which I have not removed), this file is
> * being legally distributed within libfprint; the U.S. Export Administration
> * Regulations do not place export restrictions upon distribution of
> * "publicly available technology and software", as stated in EAR section
> * 734.3(b)(3)(i). libfprint qualifies as publicly available technology as per
> * the definition in section 734.7(a)(1).
> *
> * For further information, see http://reactivated.net/fprint/US_export_control
> */
This is not required by law and does not place any restrictions on the
use of the software. It's a simple clarification given that I have not
removed NIST's own notice.
Daniel
More information about the Fingerforce-devel
mailing list