Monday, November 22, 2004
Click here to see Paul Arne's Bio!
Previous Posts
- More Microsoft and Patents
- Microsoft's IP Indemnity
- Microsoft Broadens IP Indemnity
- Microsoft Claims to Open Protocols?
- Open Source Losing its Way?
- Open Source and Trademarks
- Open Source Acceptance: Role of Analysts
- Open Source Acceptance
- Open Source Acceptance
- GPL License: What is a "Distribution"
Disclaimer
This Blog does not create an attorney/client relationship
with you and does not provide specific legal advice to you or your company. Certain legal concepts have not been fully
developed and certain legal issues have been stated as fact for which arguments
can be made to the contrary, due to space constraints. It is provided for educational purposes
only. In addition, all participants,
including Paul Arne, other members of Morris, Manning & Martin, and all
those providing comments, may take positions that they do not fully endorse or
that their companies or law firms do not fully endorse, for the purpose of
exploring the legal and business issues discussed. No positions taken by any participant should
be viewed or asserted as his or her true belief or legal position.
This work is licensed under a Creative Commons License.
9 Comments:
I think this could be successfully argued in the company's or individual's favor. There is already case law extant (though I don't have refs handy at the moment) that code can be considered speech in some contexts. Certainly speech isn't embargoed between the US and Cuba.
Secondly, most embargoed countries right now have export restrictions placed on commerce with that nation, not import restrictions. I can't sell strong encryption products to Iran, but I think I can buy encryption software from them if I wanted.
I think that, while some download instances might technically violate federal law, those instances are fewer than one might think on first blush. Also, many actual violations would be for things so trivial that any self-respecting federal prosecutor wouldn't waste his time on it. The feds have bigger things to worry about than whether or not I downloaded an OSS solitaire game from a Cuban programmer hobbyist for free, regardless of whether ir not that act violates any federal law.
Of course, if they needed to trump up charges on someone to pursue bigger crimes, they might use it. There is a rich history of using minor infractions to leverage larger investigations.
I used Cuba as the example, because there are clear import restrictions relative to Cuban goods (e.g. you can't buy Cuban cigars).
Given that software is frequently considered a "good" for UCC Article 2 purposes, I wouldn't rely on free speech grounds to protect you. It's an argument certainly, but I wouldn't bet the farm on it prevailing in every case.
I plan to explore export issues in another comment string.
I agree with you that this is a de minimus issue. It likely doesn't happen very often and when it does it isn't likely to be considered by a prosecutor as something worth considering. However...
1. This blog is intended to help corporate America get a handle on legal issues associated with open source. And corporate America doesn't really like the argument that using a particular software package may only violate the law "a little." Most large companies just don't want to violate the law at all.
2. Microsoft representatives in meetings that I have attended have raised the issue as one to consider, meaning that even if you think this is a non-issue, it is a part of the FUD. Regardless what you think of Microsoft, when they speak corporate America pays attention.
3. I've heard of at least one situation where a government entity (DHS, IIRC) has refused to license software for its use when it was principally developed in a country that doesn't have the best relationships with the U.S.
Based on the above, are there things that companies who want to use open source can do to protect themselves related to this issue?
> 2. Microsoft representatives ...
[...]
> Based on the above, are there things that
> companies who want to use open source can
> do to protect themselves related to this
> issue?
Given
http://news.com.com/Microsoft+flexes+more+open-source+muscle/2100-7344_3-5384769.html
I'd simply ask Microsoft. ;-)
regards,
alexander.
My response below is not in direct response to Alexander's comments (which were cute). What I say below is no slight to Alexander, who is starting to be a good contributor to this blog.
The purpose of this blog is in part to identify issues and then come up with rational, thoughtful ways to address them. If open source software is going to be adopted by the mainstream, these kinds of questions are going to come up, and we should develop some answers. It is important to think creatively about ways to address these issues.
Here's a start. Open source projects are developed by communities of programmers. These communities typically have project administrators. They also have key developers who play important roles in the creation of the code. These people congregate in places on the Internet, such as SourceForge.
In addition, attribution is an important aspect of many open source projects. In other words, people put their names on their contributions.
So, if a company is worried about whether they are importing code from an embargoed country, one way to identify and manage that risk is to contact the project adminstrator(s) and key developer(s) and ask them what country they live in. Ask them if they know of any developers who live in embargoed countries and what their contribution has been.
In addition, a company could search the source code for statements of attribution. Those whose names are in the code could be queried for their national origin.
All of this could be build into the procedures that a company has for using open source, if the company is worried about this issue.
Let me know if you can think of other ways to manage this risk. Thanks.
Hmmm... i want to ask a question, first of all i want to say that i'm not an american citizen so sorry for my english and if my question is dumb.
This is the question:
If the software is distributed as source code, and source code is actually a kind of language (from men to machines but also from men to other men who understand it), why can't it be considered as a free speech matter?
Do the import/export control laws there in USA forbid to an american citizen to talk with a person from Cuba? Can't the source code be thought just like a normal language that both of them understand and use to talk and exchange ideas together?
So, if an american citizen can talk to a cuban citizen... why can't the "chat" happen in say... Pascal? Or are american citizens forced to talk with cuban citizens only in English/Spanish/ecc?
Thank you,
Luca
Thanks for your question, Luca. The simple answer is that it might be speech under U.S. law, but probably not. I'd be happy to let others debate it on this blog, but for me that issue is beside the point.
If you're an attorney, you aren't going to advise your client that everything is OK because courts are going to clearly and unequivocally declare source code as speech. Just ask the developer of PGP (pretty good privacy), Phil Zimmerman. He released PGP on the Internet and was under criminal investigation for a long time for possible violation of U.S. laws against the export of cryptography. If it was speech under the First Amendment to the U.S. Constitution, his right to free speech would supercede any laws passed by Congress or Executive Orders (from the President) regarding export.
So, if a company considering using open source thinks that this is a potential problem, my goal is to provide a forum for collectively coming up with solutions for how to mitigate the risk, define the risk, or eliminate the risk. I wouldn't advise my clients to rely on U.S. courts ruling that source code is speech.
"Just ask the developer of PGP (pretty good privacy), Phil Zimmerman."
As far as PGP goes, IIRC, didn't they get the code out of the country in the end by printing it in an actual book and taking the book out of the country?
It has been a long time since I followed this issue.
A Nony Mouse
A Nony,
According to Wikipedia, it looks like PGP was first released by Zimmerman on Usenet, and then it found its way onto the Internet. Wikipedia isn't real clear, however. I don't remember the book story.
There was a fair amount of sympathy for Zimmerman in the technology community. IIRC, Wired Magazine attempted to turn it into pictures and other stuff, trying to show that it was speech. At a speakers' dinner I attended at a PLI conference in NYC in '93 or '94, one of the speakers made a personal plea to another speaker who was with the Justice Department to stop its actions against Zimmerman.
I believe that PGP eventually became sufficiently not strong that it was no longer treated as a muntion under ITAR (International Trafficing in Arms Regulations).
Whether or not source code is speech turns out to be contested. Several courts have ruled that source code is speech. For example, the 9th Circuit US Court of Appeals ruled in the Bernstein cryptography case that source code is indeed protected speech. In their decision, The 9th Circuit even quoted some Scheme code from the declaration of MIT Professor Harold Abelson, explaining why source code is an effective and sometimes preferred means of human communication. Professor Andrew Appel of Princeton University also filed a declaration explaining the importance for computer science of being able to publish source code. More recently, the 6th Circuit US Court of Appeals ruled in the Junger cryptography case that, independent of its functional significance, the expressive nature of source code affords it First Amendment protection.
In my mind, one of the best arguments that source code is speech is the
Gallery of CSS Descramblers, which shows that if source code is NOT speech, it's very difficult to draw the line where it becomes speech, and that this "line" is an extraordinarily slippery slope. This gallery shows the DeCSS algorithm in various formats; this algorithm allows Linux users to view DVDs, and was created expressly for that purpose, but various efforts have been created to try to make its mere dissemination illegal. If it's on a T-shirt, is it illegal? If it's part of a mathematical proof, is it illegal? How about if it's rendered as a dramatic reading? Part of a yearbook? Encoded as a prime number?
To be fair, on January 20, 2000, United States District Judge Lewis A. Kaplan of the Southern District of New York issued a preliminary injunction in Universal City Studios et al. v. Reimerdes et al., prohibiting the defendants from distributing computer code for reading encrypted DVDs. So "code is speech" is something for which there are rulings both for and against.
As far as PGP goes, PGP did not lose strength over time. What happened was that U.S. law changed, since the original laws only harmed law-abiding citizens. The old U.S. laws said you couldn't export most crypto, but you could import it. But they could not prevent BOOKS and TECHNICAL ARTICLES from being exported to other countries. And the U.S. could IMPORT as much as we wished. As a result, U.S. researchers could publish information about crypto, but if you wanted to sell products, you needed to make sure that you set up a non-U.S. firm to create all the crypto, which you could then import. As a result, crypto implementation work could flee the U.S. (where it was highly regulated) to elsewhere (where it wasn't). And these laws didn't stop bad guys from using encryption; it just made it hard to keep a software company in the U.S. The laws were overturned primarily on pragmatic grounds; they simply didn't do anything useful.
Post a Comment
<< Home