 |
Wed Nov 24 23:03:04 EST 1999
Viral regulation
there are some pretty interesting discussions afoot on the
cryptography list (and i'm sure many others) about the new
US crypto draft regulations that <cough> leaked. it *seems*
that the BXA (Bureau of Export Administration, part of the
Commerce Department) may have stumbled onto YA way to keep
crypto under control. by linking export regulations to the
type of license that governs a given piece of software, it
may be able to 'infect' derivative software. put as simply
as i can manage, if the regulations require that something
written in the US and released with source under GPL be re-
viewed for export, then any subsequent software incorporat-
ing code from that GPLed software--regardless of where the
bulk of it was written -- must be reviewed prior to export
from the US. steve bellovin called this 'viral regulation.'
it's not a very happy idea that GPL/BSD/etc licenses could
be co-opted toward this end. the tucows OpenSRS system was
faced with an analogous problem: tucows itself is accredit-
ed by ICANN, so anyone who uses their open-source software
is subject to tucows' (how do you do that possessive?) con-
tract with ICANN, including the UDRP.
the problem--well, one of many problems--with this kind of
co-optation is that it tends to generalize liability. when
some domain dispute erupts within the tucows system, who's
going to get hauled into civil court? and if there's a dis-
pute about the authorship of some open-source software the
gubmint doesn't want exported, who'll get hauled into crim-
inal court? unfortunately, the likely answer in both cases
is *everyone within reach*. it may be a quick fix for pres-
sing problems, but it seems like it'll take a serious toll
on the rule of law in the long run.
|