Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Firefox Not In Violation of US Export Rules

Posted by Soulskill on from the no-news-is-good-news dept.

darthcamaro writes "While the internet may know no borders, the US government does. There are a number of rules that affect software vendors, including encryption export regulations from the US Department of Commerce and export sanctions by the Department of Treasury. But what do you do when your application is open source and freely available to anyone in the world? Do the same the rules apply? It's a question that Mozilla asked the US government about. The answer they received could have profound implications not just for Firefox but for all open source software vendors. 'We really couldn't accept the notion that these government rules could jeopardize the participatory nature of an open source project, so we sought to challenge it,' Harvey Anderson, VP and General Counsel of Mozilla, told InternetNews.com. 'We argued that First Amendment free speech rights would prevail in this scenario. The government took our filing and then we got back a no-violation letter, which is fantastic.'"

10 of 127 comments (clear)

  1. Oblig xkcd... by Cheesetrap · · Score: 5, Funny

    http://xkcd.com/504/

    Oh, and FireFirst? :)

    1. Re:Oblig xkcd... by Cheesetrap · · Score: 5, Insightful

      Oh wow... Either /. searches and penalises for the letters f-i-r-s-t appearing in a primary post, or I just got bitchslapped at the speed of light.

      I apologise.

      Also, I should also mention the fact that legislation against encryption is ridiculously counter-productive; if the feds are after someone for any good reason, and that person is a criminal, they aren't going to respect such a restriction if they're already violating more serious laws. If all they succeed in doing is reducing legitimate commercial trade in such products, they're hurting themselves but at the same time improving the market tremendously for illicit dealers (note this observation applies to drugs as well, hmm).

    2. Re:Oblig xkcd... by NoYob · · Score: 5, Insightful

      Crypto just takes some smart folks to create it. I get the impression that the US Government doesn't believe that people outside its borders are capable of developing their own.

      --
      It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
  2. So, according to our Government ... by NoYob · · Score: 5, Insightful

    However, that exemption is nullified if the source code is distributed to any of the countries on the U.S embargo list, such as Cuba, Iran or North Korea.

    Huh. I didn't realize that Cuba, Iran, and North Korea didn't have any mathematicians or anyone else that is capable of developing their own cryptography. Or that other countries that do not have a problem with those particular countries do not have that expertise either. I guess the US has a monopoly on that talent. It's a good thing that the US Government is embargoing crypto. It worked great for nuclear bomb technology after all!

    --
    It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
  3. Re:This is a common problem for OSS by Anonymous Coward · · Score: 5, Informative

    You're right. See their Crypto page. In fact, they build their binary releases only in Canada, Sweden, and Germany to avoid ITAR type restrictions.

  4. Re:free speech by StikyPad · · Score: 5, Funny

    Moot. M-O-O-T.
    n. Of no practical importance; irrelevant.

    Mute is what people wish you'd be. Moot is what you are.

    </nerdrage>

    --
    https://www.eff.org/https-everywhere
  5. this has been known for years by Pretzalzz · · Score: 5, Interesting
    This is why the non-US archive for Debian went away.

    Prior to the release of Debian 3.1, United States laws placed restrictions on the export of certain defense articles, which, unfortunately, included some types of cryptographic software. PGP and SSH, among others, fell into this category. It was legal however, to import such software into the US.

    To prevent anyone from taking unnecessary legal risks, some Debian packages were only available from a site in Leiden, The Netherlands, until the release of Debian 3.1, which incorporates this software thanks to changes in United States law.

    You should not need the non-US archive unless you are using a version of Debian from before Debian 3.1.

    Debian 3.1 corresponds to 2005. I'm amazed that Mozilla was unaware of this and needed to ask someone.

  6. Re:free speech by WNight · · Score: 5, Informative

    Yes, it contributed correctness to the world - always a good thing.

    Seriously, it also (if the original poster is able to take criticism) helped them avoid this mistake in the future, potentially in front of a prospective client/etc.

    There's a big difference between a typo or otherwise one-off failure and mistaking one word for another. It's nitpicking over typos because it's unlikely someone thinks 'teh' is correct, but when they use a word like mute in place of moot - not easily mistyped but easily mistaken - it's usually an indicator that they don't know better.

  7. Mozilla General Counsel considered clueless? by bonze · · Score: 5, Informative

    Ho-hum. Unrestricted export of open-source products incorporating encryption from the US has been legal for quite a while. All you have to do is file an application with the Feds under the Export Regs Section 740.13 "TECHNOLOGY AND SOFTWARE -- UNRESTRICTED (TSU)" before you make the source and binaries available, and you don't have to screen downloads or worry if the Officially Designated Bad Guys download your code: your ass is covered.

    This war was won a loooong time ago by Philip Zimmermann when the Feds wanted to crush him for releasing PGP. All props go to Phil!

  8. What the heck is going on today? by MoxFulder · · Score: 5, Interesting

    Did someone not tell me? Is it Government Does The Right Thing Day today???

    So far we have, in succession, on Slashdot:

    Not bad for one day. The cynic in me assumes all this is going to be reversed tomorrow... :-p

    --
    My bicyles