Subject: Re: New encryption regulations
From: <>
Date: Thu, 13 Jan 2000 12:09:19 -0800
Thu, 13 Jan 2000 12:09:19 -0800
On Thu, Jan 13, 2000 at 11:01:18AM -0500, Ben wrote:
> Frank Hecker wrote:
> [...]
> >Yes. To start with, 740.13(e) applies only to source code. I don't see


> And a point from a co-worker that I find interesting...
> "Stay the same?  No, quite worse, I would think: at least when open source
> was not specifically mentioned, you have a shot at letting a court clarify
> and extend the law through judicial process.  But when the legislative
> branch closes the loopholes by specifically mentioning open source and
> acknowledging awareness and applicability of the law to open source,
> goodbye judicial route...."

One important clarification.  This was an executive action, not a
legislative one.  While the legislature (Congress) establishes law, the
executive, um, executes it, through both policy and regulations.

While the regulation specifically mention "open source" (and proceeds to
misdefine it), there has been no new law passed regarding open source
software and ITAR/EAR restrictions.

I don't know what the court handling of this is, I would assume that
there is now a clarification of the executive's position WRT open source
and export controls, but I don't believe the underlying legal landscape
has shifted that much.  IANAL, and in particular, I'm not a
Constitutional lawyer.

I would tend to agree with your friend however, that there are times
when grey areas around the law can work in your favor.  If the rules
have been explicitly spelled out, then the rules are the rules.  If they
haven't, you can apply some creative interpretation.  When they have
been, you have to challenge the authority by which the rule was made in
the first place.  Higher bar to clear.

Karsten M. Self (
    What part of "Gestalt" don't you understand?

SAS for Linux:
Mailing list:  "subscribe sas-linux" to

["application/pgp-signature" not shown]