Letter to the US Department of Commerce on Exporting Linux to Iraq
Silicon Valley Linux Users Group
99 E. Middlefield Road #17
Mountain View, CA 94043
December 9, 2003
Ms. Sheila Quarterman
Regulatory Policy Division
Bureau of Industry and Security
Department of Commerce
P.O. Box 273
Washington, DC 20044
Re: Comments on foreign policy-based export controls
Dear Ms. Quarterman,
On behalf of the Silicon Valley Linux Users Group, I would like to thank you for the opportunity to comment on the "Effects of Foreign Policy-Based Export Controls" published in the October 21, 2003 Federal Register (68 Fed. Reg. 60050).
Headquartered in San Jose, California, the Silicon Valley Linux Users Group (SVLUG) is the oldest and one of the largest Linux user groups in the world. It is a group of hobbyists, professionals and enthusiasts in the vicinity of San Jose, California, which is also internationally known as Silicon Valley. SVLUG members share interests in Linux and other free, or open source, software. The group was originally formed in 1988 as the PC-Unix Special Interest Group of the Silicon Valley Computer Society.
SVLUG would like to provide comments on Section 746.3 of the EAR regarding the foreign policy controls for Iraq. SVLUG believes that open source code and the corresponding object code resulting from the compiling of such source code should be exempt from the licensing requirements for Iraq.
Linux is the Free/Open Source UNIX-like operating system kernel that runs on many modern computer systems. Linux is available under the GNU General Public License, which means that users may freely copy, change, and distribute it, but must make source code available to recipients and may not impose any restrictions on further distribution. Linux does contain some security features that use encryption. As such, it is classified under ECCN 5D002. Because Linux is open source, it is eligible for export under License Exception TSU in accordance with 15 CFR 740.13(e).
On May 7, the President exercised his authority under the Wartime Supplemental Authorization Act of 2003 to suspend most of the provisions of the Iraq Sanctions Act of 1990. On June 27, 2003, the Treasury's Office of Foreign Assets Control (OFAC) published an interim final rule (68 Fed. Reg. 38188) amending the Iraqi Sanctions Regulations, 31 CFR part 575, to include a general license authorizing certain new transactions. The export of items controlled by the Department of Commerce was addressed in 31 CFR 575.533(b)(2):
The exportation from the United States or, if subject to U.S. jurisdiction, the exportation or rexportation from a third country to Iraq of any goods or technology (including technical data or other information) controlled by the Department of Commerce under the Export Administration Regulations (15 CFR chapter VII, subchapter C) for exportation to Iraq must be separately authorized by or pursuant to this part.
The term "controlled by the Department of Commerce" means subject to a license requirement under the Department of Commerce's Export Administration Regulations (EAR). Items subject to a license requirement under the EAR include items on the Commerce Control List that are listed in 15 CFR 746.3 as requiring a license for exportation or reexportation to Iraq.
Under Section 746.3 of the EAR, an export license is required to export or reexport to Iraq any item on the CCL containing a NS Column 1 in the Country Chart Column of the License Requirements section of an ECCN. Software classified under ECCN 5D002 is controlled for NS Column 1.
It is important to note that proprietary operating system software such as Microsoft Windows and Sun Solaris have been classified as mass-market encryption products and are eligible for export under ECCN 5D992. These products may be exported to Iraq without a license under the interim final rule (68 Fed. Reg. 38188) amending the Iraqi Sanctions Regulations.
Under the provisions of License Exception TSU, open source and the corresponding object code may be exported to all destinations except Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. Thus, open source and the corresponding object code are treated as if subject only to AT (anti-terrorism) controls. Items subject to AT controls may be exported to Iraq under the interim final rule (68 Fed. Reg. 38188) amending the Iraqi Sanctions Regulations.
It is incongruous that publicly available software such as Linux has more restrictions than proprietary operating system software. Thus, we respectfully suggest that BIS amend Section 746.3 to permit exports to Iraq of open source and the corresponding object code.
In the alternative, we suggest modifying Section 740.13(e)(4) to permit exports to Iraq. This would reflect the change in policy toward Iraq allowing AT controlled items to be exported to Iraq.
Thank you for the opportunity to submit these comments. We hope they prove helpful and would be pleased to discuss them in more detail with you. If you have any questions, you may contact me at 650-967-1840 or via e-mail at firstname.lastname@example.org.
Silicon Valley Linux Users Group
Don Marti is Editor in Chief of Linux Journal.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide