# FreeBSD and the Restriction on the Export of Cryptographic Software



## eternal_noob (Aug 21, 2020)

Hi,

i just wondered how the US restriction on the export of cryptographic software affects FreeBSD when reading a text on OpenBSDs cryptography.

The people at OpenBSD write:

"_Why do we ship cryptography?
In three words: because we can.
The OpenBSD project is based in Canada._"

They even explicitly look for "_non-American cryptographer_"s to work with them.

Since the FreeBSD foundation is US based i wonder if there are things which aren't allowed in FreeBSD because of US laws.

I mean, there is OpenSSH in the ports so what's the deal? Is it a crippled version of the original?

I am completely new to this topic so forgive me if i don't see the obvious.


----------



## mark_j (Aug 21, 2020)

I remember years ago there was a big thing about DES and FreeBSD (in particular) and how non-US residents had to download it elsewhere. The same I think went for PGP.
But, in answer to your question: I have no idea. (I'm glad I could help! )


----------



## eternal_noob (Aug 21, 2020)

vigole said:


> After 2000, those restrictions have changed.


I just read https://www.netbsd.org/docs/misc/index.html#exportability

This pretty much sums it up what's allowed and what isn't. Too bad i had to consult other OS documentation for that info. Didn't find any info here.



vigole said:


> There's some innuendo in that statement from OpenBSD.


Theo is a drama queen.


----------



## CoTones (Aug 21, 2020)

Wait a sec... so BSD license doesn't apply to crypto in FreeBSD? BSD granted for the US only?


----------



## SirDice (Aug 21, 2020)

CoTones said:


> Wait a sec... so BSD license doesn't apply to crypto in FreeBSD? BSD granted for the US only?


Source code is considered "free speech" and therefor covered by the first amendment. 









						EFF at 25: Remembering the Case that Established Code as Speech
					

One of EFF's first major legal victories was Bernstein v. Department of Justice, a landmark case that resulted in establishing code as speech and changed United States export regulations on encryption software, paving the way for international e-commerce. We represented Daniel J. Bernstein, a...




					www.eff.org


----------



## eternal_noob (Aug 21, 2020)

SirDice said:


> Source code is considered "free speech" and therefor covered by the first amendment.


Which doesn't apply if you want to talk to a cuban in cuba.


> None of this software may be downloaded or otherwise exported or re-exported into (or to a national or resident of) Cuba, Iraq, Libya, Sudan, North Korea, Iran, Syria or any other country to which the U.S. has embargoed goods.


----------



## CoTones (Aug 23, 2020)

SirDice said:


> Source code is considered "free speech" and therefor covered by the first amendment.
> 
> 
> 
> ...



Somehow government of US got the idea that it owns the FreeBSD. It explains a lot about a FreeBSD project and the OS itself.


----------



## ralphbsz (Aug 23, 2020)

CoTones said:


> Somehow government of US got the idea that it owns the FreeBSD. It explains a lot about a FreeBSD project and the OS itself.


I'm sorry to be so blunt, but that statement is complete nonsense. At the time of the PGP lawsuit (1995), FreeBSD barely had started existing, and it had nothing to do with the Bernstein and Junger cases. Which weren't about an operating system in the first place, they were about encryption software, teaching a computer security law class, and in the case of the PGP (Zimmerman) cases commercial encryption software.

Not to mention that export control is not the same thing as "owning".


----------



## CoTones (Aug 24, 2020)

Sorry if you got carried away by me quoting SirDice. Looks like FreeBSD devmarketers too busy for such information so I use available from NetBSD project:

"Is NetBSD exportable from the US?
Previously, the (US) domestic portion of NetBSD (both binaries and sources) containing code based on DES (such as KerberosIV, the bdes command etc.) have not been legally exportable from the United States or Canada.

Some time early in January 2000, the Bureau of Export Administration (BXA) of the US Department of Commerce published a new set of export regulations covering the export of cryptographic software. The new export regulations are more lenient in permitting export of cryptographic source code, but require that the BXA be notified when code is made available.

The NetBSD Project has now sorted out the details of this issue, and the outcome is as follows:

The cryptographic parts of our code are still under control by the Export Administration Regulations (EAR).
None of this software may be downloaded or otherwise exported or re-exported into (or to a national or resident of) Cuba, Iraq, Libya, Sudan, North Korea, Iran, Syria or any other country to which the U.S. has embargoed goods.
By downloading or using said software, you are agreeing to the foregoing and you are representing and warranting that you are not located in, under the control of, or a national or resident of any such country or on any such list.

Other use or export is no longer restricted. "

Any comments?


----------



## olli@ (Aug 24, 2020)

See: https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status

(I’m not a US citizen, so I really don’t care much.)


----------



## a6h (Aug 24, 2020)

I'm not a U.S. citizen, therefore my opinions are irrelevant. Every sovereign nation have their own laws. I don't care about internal affairs of other nationals, *vice versa they shouldn't either*. That's non of my business, and vice versa internal affairs of my nation is non of business of other countries. i.e. ==> *Mutual Respect *<==

[*Edit*] : I've *merged* my last post to this one. following paragraph:
By the way it's wrong to bring up national and cultural topics about other countries into Forums threads. It's going to be problematics. People are sensitive about these issues. They don't want to hear random people on the internet, talk about their country and its related national/cultural topics. Hence this is another stupid thread, and I think it's going to shut down soon. and that's a good thing!


----------



## olli@ (Aug 24, 2020)

vigole said:


> I'm not a U.S. citizen, therefore my opinions are irrelevant. Every sovereign nation have their own laws. I don't care about internal affairs of other nationals, *vice versa they shouldn't either*. That's non of my business, and vice versa internal affairs of my nation is non of business of other countries. i.e. ==> *Mutual Respect *<==


Basically you are right.
But I do *not* have respect for the governments of countries that suppress the freedom of their people.


----------



## Mjölnir (Aug 24, 2020)

vigole said:


> By the way it's stupid to bring topics about national and cultural topics about other countries into any Forums threads. It's going to be problematics. People are sensitive about these issues. They don't want to hear random people on the net, talk about their country and its national/cultural topic.
> Hence this is another stupid thread, and I think it's going to shut down soon. and that's a good thing!


No, it's not.  This is in fact relevant for those developers involved in open source cryptograpic software, depending on where the repository hosting the software is located.  How many are located in the U.S. vs. EU or any other countries?  BTW if I understand it correctly, BSD had to be opensource'd because it was done by university staff, these were paid through U.S. taxes, and consequently their work should benefit the public.  It is reasonable that a government does not want it's enemies to benefit from it, and if you see cryptography as beeing a weapon, you do not want it to be available for anyone.  I do not agree to the latter, but in a way it is _reasonable_.  EDIT: forgot a _"not"_ in the previous sentence.  Sorry for any misinterpretations.  Fixed.


----------

