FreeBSD and the Restriction on the Export of Cryptographic Software

[eternal_noob]

Hi,

i just wondered how the US restriction on the export of cryptographic software affects FreeBSD when reading a text on OpenBSDs cryptography.

The people at OpenBSD write:

"Why do we ship cryptography?
In three words: because we can.
The OpenBSD project is based in Canada."

They even explicitly look for "non-American cryptographer"s to work with them.

Since the FreeBSD foundation is US based i wonder if there are things which aren't allowed in FreeBSD because of US laws.

I mean, there is OpenSSH in the ports so what's the deal? Is it a crippled version of the original?

I am completely new to this topic so forgive me if i don't see the obvious.

 

[mark_j]

I remember years ago there was a big thing about DES and FreeBSD (in particular) and how non-US residents had to download it elsewhere. The same I think went for PGP.
But, in answer to your question: I have no idea. (I'm glad I could help! )

 

[eternal_noob]

After 2000, those restrictions have changed.

I just read https://www.netbsd.org/docs/misc/index.html#exportability

This pretty much sums it up what's allowed and what isn't. Too bad i had to consult other OS documentation for that info. Didn't find any info here.

There's some innuendo in that statement from OpenBSD.

Theo is a drama queen.

 

[CoTones]

Wait a sec... so BSD license doesn't apply to crypto in FreeBSD? BSD granted for the US only?

 

[SirDice]

Wait a sec... so BSD license doesn't apply to crypto in FreeBSD? BSD granted for the US only?

Source code is considered "free speech" and therefor covered by the first amendment.

EFF at 25: Remembering the Case that Established Code as Speech

One of EFF's first major legal victories was Bernstein v. Department of Justice, a landmark case that resulted in establishing code as speech and changed United States export regulations on encryption software, paving the way for international e-commerce. We represented Daniel J. Bernstein, a...

www.eff.org

 

[eternal_noob]

Source code is considered "free speech" and therefor covered by the first amendment.

Which doesn't apply if you want to talk to a cuban in cuba.

None of this software may be downloaded or otherwise exported or re-exported into (or to a national or resident of) Cuba, Iraq, Libya, Sudan, North Korea, Iran, Syria or any other country to which the U.S. has embargoed goods.

 

[CoTones]

Source code is considered "free speech" and therefor covered by the first amendment.

EFF at 25: Remembering the Case that Established Code as Speech

One of EFF's first major legal victories was Bernstein v. Department of Justice, a landmark case that resulted in establishing code as speech and changed United States export regulations on encryption software, paving the way for international e-commerce. We represented Daniel J. Bernstein, a...

www.eff.org

Somehow government of US got the idea that it owns the FreeBSD. It explains a lot about a FreeBSD project and the OS itself.

 

[ralphbsz]

Somehow government of US got the idea that it owns the FreeBSD. It explains a lot about a FreeBSD project and the OS itself.

I'm sorry to be so blunt, but that statement is complete nonsense. At the time of the PGP lawsuit (1995), FreeBSD barely had started existing, and it had nothing to do with the Bernstein and Junger cases. Which weren't about an operating system in the first place, they were about encryption software, teaching a computer security law class, and in the case of the PGP (Zimmerman) cases commercial encryption software.

Not to mention that export control is not the same thing as "owning".

 

[CoTones]

Sorry if you got carried away by me quoting SirDice. Looks like FreeBSD devmarketers too busy for such information so I use available from NetBSD project:

"Is NetBSD exportable from the US?
Previously, the (US) domestic portion of NetBSD (both binaries and sources) containing code based on DES (such as KerberosIV, the bdes command etc.) have not been legally exportable from the United States or Canada.

Some time early in January 2000, the Bureau of Export Administration (BXA) of the US Department of Commerce published a new set of export regulations covering the export of cryptographic software. The new export regulations are more lenient in permitting export of cryptographic source code, but require that the BXA be notified when code is made available.

The NetBSD Project has now sorted out the details of this issue, and the outcome is as follows:

The cryptographic parts of our code are still under control by the Export Administration Regulations (EAR).
None of this software may be downloaded or otherwise exported or re-exported into (or to a national or resident of) Cuba, Iraq, Libya, Sudan, North Korea, Iran, Syria or any other country to which the U.S. has embargoed goods.
By downloading or using said software, you are agreeing to the foregoing and you are representing and warranting that you are not located in, under the control of, or a national or resident of any such country or on any such list.

Other use or export is no longer restricted. "

Any comments?

 

[olli@]

See: https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status

(I’m not a US citizen, so I really don’t care much.)

 

[a6h]

I'm not a U.S. citizen, therefore my opinions are irrelevant. Every sovereign nation have their own laws. I don't care about internal affairs of other nationals, vice versa they shouldn't either. That's non of my business, and vice versa internal affairs of my nation is non of business of other countries. i.e. ==> Mutual Respect <==

[Edit] : I've merged my last post to this one. following paragraph:
By the way it's wrong to bring up national and cultural topics about other countries into Forums threads. It's going to be problematics. People are sensitive about these issues. They don't want to hear random people on the internet, talk about their country and its related national/cultural topics. Hence this is another stupid thread, and I think it's going to shut down soon. and that's a good thing!

 

[olli@]

I'm not a U.S. citizen, therefore my opinions are irrelevant. Every sovereign nation have their own laws. I don't care about internal affairs of other nationals, vice versa they shouldn't either. That's non of my business, and vice versa internal affairs of my nation is non of business of other countries. i.e. ==> Mutual Respect <==

Basically you are right.
But I do not have respect for the governments of countries that suppress the freedom of their people.

 

[Mjölnir]

By the way it's stupid to bring topics about national and cultural topics about other countries into any Forums threads. It's going to be problematics. People are sensitive about these issues. They don't want to hear random people on the net, talk about their country and its national/cultural topic.
Hence this is another stupid thread, and I think it's going to shut down soon. and that's a good thing!

No, it's not. This is in fact relevant for those developers involved in open source cryptograpic software, depending on where the repository hosting the software is located. How many are located in the U.S. vs. EU or any other countries? BTW if I understand it correctly, BSD had to be opensource'd because it was done by university staff, these were paid through U.S. taxes, and consequently their work should benefit the public. It is reasonable that a government does not want it's enemies to benefit from it, and if you see cryptography as beeing a weapon, you do not want it to be available for anyone. I do not agree to the latter, but in a way it is reasonable. EDIT: forgot a "not" in the previous sentence. Sorry for any misinterpretations. Fixed.