Gregory Maxwell [ARCHIVE] on Nostr: 📅 Original date posted:2012-10-14 📝 Original message:On Sun, Oct 14, 2012 at ...
📅 Original date posted:2012-10-14
📝 Original message:On Sun, Oct 14, 2012 at 6:09 PM, Christian Decker
<decker.christian at gmail.com> wrote:
> Being an international team I'm pretty sure we can find someone who is in a
> more permissive country.
> Would someone knowledgeable point us to the specific laws, so that we can
> look it up in our respective jurisdiction?
The only restrictions I'm aware of are the EAR restrictions on the
export of cryptography.
These are generally not applicable to us for two reasons. One is that
we only use cryptography for authentication, which is explicitly
exempted:
http://www.bis.doc.gov/encryption/question2.htm
The other is that since Bernstein vs US
(http://en.wikipedia.org/wiki/Bernstein_v._United_States) there has
been absolutely no enforcement attempts against open source projects
as the precedent creating holding there makes it clear that these
regulations cannot inhibit the publication of source code.
Perhaps someone could make a little noise about binaries, but it would
be pure pretext: Especially since with the deterministic build process
we use anyone can produce bit-identical binaries (thus allowing builds
by untrusted third partities to be just as trustworthy as the official
ones).
> "more permissive country"
This made me laugh. It's hard to find places with better effective law
for most online and internet things. Many places copy the US's
statutes (either cargo culting, or as part of treaty compliance) but
do so without also copying our legislative history which is
/generally/ highly protective. For example, Australia has copied the
US munitions regulations exactly, but has no analog of Bernstein v. US
to limit the government's power.
Unfortunately sourceforce was rather vague about what regulations they
believe they're enforcing:
http://sourceforge.net/blog/clarifying-sourceforgenets-denial-of-site-access-for-certain-persons-in-accordance-with-us-law/
So unless someone has already done it, I'll get in touch with the EFF
and find out if they're aware of any particular precautions we should
take here.
📝 Original message:On Sun, Oct 14, 2012 at 6:09 PM, Christian Decker
<decker.christian at gmail.com> wrote:
> Being an international team I'm pretty sure we can find someone who is in a
> more permissive country.
> Would someone knowledgeable point us to the specific laws, so that we can
> look it up in our respective jurisdiction?
The only restrictions I'm aware of are the EAR restrictions on the
export of cryptography.
These are generally not applicable to us for two reasons. One is that
we only use cryptography for authentication, which is explicitly
exempted:
http://www.bis.doc.gov/encryption/question2.htm
The other is that since Bernstein vs US
(http://en.wikipedia.org/wiki/Bernstein_v._United_States) there has
been absolutely no enforcement attempts against open source projects
as the precedent creating holding there makes it clear that these
regulations cannot inhibit the publication of source code.
Perhaps someone could make a little noise about binaries, but it would
be pure pretext: Especially since with the deterministic build process
we use anyone can produce bit-identical binaries (thus allowing builds
by untrusted third partities to be just as trustworthy as the official
ones).
> "more permissive country"
This made me laugh. It's hard to find places with better effective law
for most online and internet things. Many places copy the US's
statutes (either cargo culting, or as part of treaty compliance) but
do so without also copying our legislative history which is
/generally/ highly protective. For example, Australia has copied the
US munitions regulations exactly, but has no analog of Bernstein v. US
to limit the government's power.
Unfortunately sourceforce was rather vague about what regulations they
believe they're enforcing:
http://sourceforge.net/blog/clarifying-sourceforgenets-denial-of-site-access-for-certain-persons-in-accordance-with-us-law/
So unless someone has already done it, I'll get in touch with the EFF
and find out if they're aware of any particular precautions we should
take here.