[okfn-discuss] Export Controls and OKD § 7.

Luis Villa luis at tieguy.org
Mon Jun 23 15:09:50 UTC 2008

On Mon, Jun 23, 2008 at 7:57 AM, Rufus Pollock <rufus.pollock at okfn.org> wrote:
> On 17/06/08 00:32, Jonathan Gray wrote:
>> I was just adding a package [1] to CKAN and was looking through its
>> Terms and Conditions to check its assertion that it is an 'open database'.
>> I discovered a section on 'Jurisdictional Issues', which reads as follows:
>> "The BIOCYC DATABASES are controlled by SRI from its offices within the
>> State of California. SRI and its Licensors make no representation that
>> the BIOCYC DATABASES are appropriate or available for use in other
>> locations.  Those who choose to access the BIOCYC DATABASES from other
>> locations do so at their own initiative and are responsible for
>> compliance with local laws, if and to the extent local laws are
>> applicable.  The BIOCYC DATABASES are further subject to United States
>> export controls.  The BIOCYC DATABASES may not be installed, downloaded
>> or otherwise exported or reexported (i) into (or to a national or
>> resident of) any country as to which the U.S. has embargoed goods; or
>> (ii) to anyone on the U.S. Treasury Department's list of Specialty
>> Designated Nationals or the U.S. Commerce Department's Table of Deny
>> Orders.  By installing, downloading or using the BIOCYC DATABASES, you
>> represent and warrant that you are not located in, under the control of,
>> or a national or resident of any such country on any such list." [2]
>> This doesn't seem compatible with point 7 of the OKD, "No Discrimination
>> Against Persons or Groups".
>> Any thoughts?
> I think you are right that this violates item 7. I also think this issue
> has (frequently?) come up in the F/OSS world, especially in relation to
> cryptography stuff (which I think was considered of potential military
> relevance by US govt) where they have also taken the same line (it is
> not open). I'd welcome others comments/knowledge here.

Generally speaking in the FOSS context we don't put it in the
licenses, we leave it up to the distributors. Since the distributors
have no obligation to distribute to everyone- just to distribute
source to whoever *they choose* to distribute binaries to- there is
considered to be no problem.

Typical language out of an OSI-approved license (CDDL) that might be a
useful model for OKD licensors: "You agree that You alone are
responsible for compliance with the United States export
administration regulations (and the export control laws and regulation
of any other countries) when You use, distribute or otherwise make
available any Covered Software." Puts the problem of legal compliance
in the distributor's hands, not the licensor's.

That said, I don't know what OSI has said about more explicit export
control clauses in licenses. The wise and aged wordsmiths there might
have found a way around it, don't know.


More information about the okfn-discuss mailing list