Subject: Re: GNU and classified software
From: Frank Hecker <frank@collab.net>
Date: Sun, 01 Apr 2001 23:17:49 -0400

Frank Hecker wrote:
> Not to speak for others, but I believe the argument is that it is: That
> the issue regarding the GPL is not whom you choose to distribute the
> software to, but that
> 
> a) you have distributed the software with the additional proviso that it
> be treated as classified data (and hence subject to all the regulations
> concerning how classified data must be handled);
> 
> b) you had (at least in theory) the ability not to treat the software as
> classified, i.e., you could have sought declassification of it prior to
> distributing it; and
> 
> c) the recipients of the software do not have that ability -- they are
> bound to treat the software as classified data, and cannot declassify it
> themselves (because they didn't create it -- I think this is how
> declassification works).

And I should have added that whether or not the argument that this
violates the GPL is "correct" or not, if you negate either (b) or (c)
above then IMO the argument no longer holds. In other words, the key to
the argument is that the distributor of the software had the freedom to
cause the GPL-licensed software to be put under an additional
restriction or not, but the recipient lacked the ability to undo
the effect of the restriction once imposed. If the distributor was under
the exact same constraints as the recipient, or if the recipient could
undo the restriction on their own, then arguably the terms under which
the software was distributed were consistent with the GPL.

The previous example of export-controlled encryption software can be
used to explore this thought:

In the "first order" analysis of US encryption export control pre-2000,
if I as a US resident wrote encryption software and distributed it to
another US resident under the GPL, arguably no GPL violation would have
occurred: I would be under the restriction that I could not distribute
the software outside the US, and so would the recipient. The recipient's
freedom to export my encryption software would have been no greater nor
less than the recipient's freedom to export their own encryption
software; my actions woud not have decreased the recipient's freedom and
hence would not be inconsistent with the GPL.

In the "second order" analysis we have to take into account the fact
that although I would have been restricted from exporting my software in
electronic form (as would the recipient), I would not have been
restricted from exporting my software in printed form. (First Amendment
to the rescue here.) Thus I would have had the freedom of action to
distribute the software to the recipient in a form not subject to the
restriction (i.e., printed form). This corresponds to point (b) above,
and presumably then compliance with the GPL would have required my
distributing the document in the unrestricted printed form, not the
restricted electronic form. But as it turns out the recipient in this
case would also have had the freedom to convert the electronic form of
the work into printed form and export it from the US. So point (c) in
the above argument does not hold: the recipient of the software would
have had the power to remove the software from the export control
restriction (the exact same power that I would have had), hence my
distributing the software in electronic form would still have been
consistent with the GPL.

So I will concede Norbert Bollow's point here: distributing classified
software is not exactly analogous to distributing export-controlled
encryption software (pre-2000), if in fact the distributor has the power
to declassify the software prior to distribution and the recipient of
the software does not have such power once they've received the
software.

Frank
-- 
Frank Hecker            work: http://www.collab.net/
frank@collab.net        home: http://www.hecker.org/