If you are a US citizen, your brain is considered US territory no matter where it is physically located at the moment. The US believes that its laws apply to its citizens everywhere, not just within the US. Providing technical assistance or advice to foreign "munitions" projects is illegal.
The US government has very little sense of humor about this issue, does not make exceptions for freely-redistributable software, and does not consider good intentions to be sufficient excuse. Beware.
The FreeS/WAN project cannot accept software contributions, even small bug fixes, from US citizens or residents. We want it to be absolutely clear that our distribution is not subject to US export law; any contribution from an American might open that question to a debate we'd prefer to avoid. It might also put the contributor at serious legal risk.
Recent changes to US crypto export policy are described on the BXA site.
Information on various challenges to these laws is indexed in the Cryptography Export Control Archives.
One challenge to the constutionality
of parts of the export laws has succeeded in two levels of court
so far. It is quite likely to go on to the Supreme Court.
What's wrong with restrictions on cryptography
Some quotes from prominent cryptography experts:
The real aim of current policy is to ensure the continued effectiveness
of US information warfare assets against individuals, businesses and
governments in Europe and elsewhere.
Ross Anderson, Cambridge University
If the government were honest about its motives, then the debate
about crypto export policy would have ended years ago.
Bruce Schneier, Counterpane Systems
We should not be building surveillance technology into standards.
Law enforcement was not supposed to be easy. Where it is easy, it's
called a police state.
Jeff Schiller of MIT, in a discussion of FBI demands for wiretap
capability on the net, as quoted by Wired.
We are literally in a race between
our ability to build and deploy technology, and their ability to
build and deploy laws and treaties. Neither side is likely to
back down or wise up until it has definitively lost the race.
The Internet Architecture Board and the Internet Engineering Steering
Group made a strong statement in favour of
worldwide access to strong cryptography. Essentially the same statement
is in the appropriately numbered RFC 1984. Two critical paragraphs
are:
John Gilmore, FreeS/WAN project founder
We believe that such policies are against the interests of consumers and the business community, are largely irrelevant to issues of military security, and provide only a marginal or illusory benefit to law enforcement agencies, as discussed below.Our goal in the FreeS/WAN project is to build just such "strong cryptographic technology" and to distribute it "for all Internet users in all countries".The IAB and IESG would like to encourage policies that allow ready access to uniform strong cryptographic technology for all Internet users in all countries.
A number of countries:
Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom and United States
have signed the Wassenaar Arrangement which restricts export of munitions and other tools of war. Cryptographic sofware is covered there.
Wassenaar details are available from the Wassenaar Secretariat, and elsewhere in a more readable HTML version.
For a critique see the GILC site:
The Global Internet Liberty Campaign (GILC) has begun a campaign calling for the removal of cryptography controls from the Wassenaar Arrangement.We agree entirely.The aim of the Wassenaar Arrangement is to prevent the build up of military capabilities that threaten regional and international security and stability . . .
There is no sound basis within the Wassenaar Arrangement for the continuation of any export controls on cryptographic products.
The Lists do not control "software" which is either:There is a note restricting some of this, but it is a sub-heading under point 1, so it appears not to apply to public domain software.
- Generally available to the public by . . . retail . . . or
- "In the public domain".
Their glossary defines "In the public domain" as:
. . . "technology" or "software" which has been made available without restrictions upon its further dissemination.We therefore believe that software freely distributed under the GNU Public License, such as Linux FreeS/WAN, is exempt from Wassenaar restrictions.N.B. Copyright restrictions do not remove "technology" or "software" from being "in the public domain".
Most of the development work is being done in Canada. Our understanding is that the Canadian government accepts this interpretation.
If you make Linux CD-ROMs, please consider including this code, in a way that violates no laws (in a free country, or in a domestic-only CD product).
Please send a note about any new archive mirror sites or CD
distributions to linux-ipsec@clinet.fi so we can update the documentation.
Our list of web references on cryptography law and policy
is here.
Web References
Click below to go to: