Comments on: The Firefox in the Win House? http://www.exportlawblog.com/archives/630 Latest News on DDTC, BIS, OFAC, and other export law matters Fri, 10 Feb 2012 10:06:23 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Hillbilly http://www.exportlawblog.com/archives/630/comment-page-1#comment-91670 Hillbilly Fri, 25 Sep 2009 17:18:30 +0000 http://www.exportlawblog.com/?p=630#comment-91670 The strict liability standard was set out in Iran Air v. Kugelman, so it would probably take a deliberate rule change or a published interpretation for BIS to sound a "retreat" that exporters could rely upon. In this case, one would suspect that First Amendment concerns and Berman Amendment concerns require this result with respect to open source software. The exclusion of open source encryption software from the definition of publicly available technology that is not "subject to the EAR" has always raised First Amendment red flags. As the Sixth Circuit found in Junger v. Daley, encryption source code is protected expression, but its functionality merits something less than strict scrutiny. A strict liability standard as applied to downloads available free on the web would probably not pass any of the three prongs of the Central Hudson test. The Bernstein court was even less kind to the government. The strict liability standard was set out in Iran Air v. Kugelman, so it would probably take a deliberate rule change or a published interpretation for BIS to sound a “retreat” that exporters could rely upon. In this case, one would suspect that First Amendment concerns and Berman Amendment concerns require this result with respect to open source software. The exclusion of open source encryption software from the definition of publicly available technology that is not “subject to the EAR” has always raised First Amendment red flags. As the Sixth Circuit found in Junger v. Daley, encryption source code is protected expression, but its functionality merits something less than strict scrutiny. A strict liability standard as applied to downloads available free on the web would probably not pass any of the three prongs of the Central Hudson test. The Bernstein court was even less kind to the government.

]]> By: Mike Turner http://www.exportlawblog.com/archives/630/comment-page-1#comment-91669 Mike Turner Fri, 25 Sep 2009 12:21:01 +0000 http://www.exportlawblog.com/?p=630#comment-91669 Clif - I'm pretty sure we don't have to worry (hope?) that BIS will step back from its strict liability interpretation of the EAR for enforcement purposes! My guess would be that the internal BIS review of the opinion as it was drafted, didn't note the potential impact of this statement. Clif -

I’m pretty sure we don’t have to worry (hope?) that BIS will step back from its strict liability interpretation of the EAR for enforcement purposes! My guess would be that the internal BIS review of the opinion as it was drafted, didn’t note the potential impact of this statement.

]]> By: Reader http://www.exportlawblog.com/archives/630/comment-page-1#comment-91668 Reader Fri, 25 Sep 2009 12:02:56 +0000 http://www.exportlawblog.com/?p=630#comment-91668 While true it can be "spoofed" by making it appear you're in the US when in reality you're in Iran, in this case they are talking about IPs originating in Iran, which is not a place likely to be "spoofed" :) Best practice would be to restrict downloads from those IP blocks associated with embargoed countries. It's trivial. It would not stop somebody using a proxy but would at the very least show that you are attempting to comply with the law. While true it can be “spoofed” by making it appear you’re in the US when in reality you’re in Iran, in this case they are talking about IPs originating in Iran, which is not a place likely to be “spoofed” :)

Best practice would be to restrict downloads from those IP blocks associated with embargoed countries. It’s trivial. It would not stop somebody using a proxy but would at the very least show that you are attempting to comply with the law.

]]> By: jd http://www.exportlawblog.com/archives/630/comment-page-1#comment-91667 jd Fri, 25 Sep 2009 10:12:44 +0000 http://www.exportlawblog.com/?p=630#comment-91667 Is BIS (or anyone) aware of the simple fact that IP addresses can be trivially spoofed by anyone through anonymizers (or leased shell accounts) making restrictions based on IP address virtually meaningless? Is BIS (or anyone) aware of the simple fact that IP addresses can be trivially spoofed by anyone through anonymizers (or leased shell accounts) making restrictions based on IP address virtually meaningless?

]]> By: Doug Jacobson http://www.exportlawblog.com/archives/630/comment-page-1#comment-91663 Doug Jacobson Fri, 25 Sep 2009 01:59:59 +0000 http://www.exportlawblog.com/?p=630#comment-91663 Clif, thanks for making these points. I didn’t publish anything on this due the significant misinformation in the original article and several subsequent reports.

As you correctly pointed out, the critical aspect here is the last sentence of BIS’s Advisory Opinion that refers to OFAC’s sanctions regimes. Anyone contemplating downloads of software in embargoed countries must also take a close look at the prohibitions on direct or indirect exports of software contained in those regulations (i.e., 31 CFR § 560.204) before authorizing such downloads.

-Doug Jacobson

]]>