While the Internet may know no borders, the U.S Government does.
At it happens, numerous export controls from the Commerce and Treasury departments cast a long shadow over the software industry, but Mozilla has secured a critical exemption that could have a broad impact on the open source movement.
“We really couldn’t accept the notion that these government rules could jeopardize the participatory nature of an open source project so we sought to challenge it,” Mozilla General Counsel Harvey Anderson told InternetNews.com. “We argued that First Amendment free speech rights would prevail in this scenario. The government took our filing and then we got back a no-violation letter, which is fantastic.”
Anderson explained that there are export and sanction rules that prohibit the export and sharing of certain technologies.
Vendors with normal software containing encryption are required to file for a license exception, but that regulation offers an exemption to open source vendors.
However, that exemption is nullified if the source code is distributed to any of the countries on the U.S embargo list, such as Cuba, Iran or North Korea. Under the open source export exemption, the project isn’t supposed to have knowledge of distribution to any of the embargoed countries, Anderson said.
During a recent Firefox download event, Mozilla posted a map on its Web site showing where downloads were occurring. Anderson said it became clear that a substantial number of downloads were coming from Iran. Mozilla then had knowledge that it was exporting to Iran, which could have put it in violation of the U.S export regulations, exposing the firm to criminal and financial penalties.
At that point, Mozilla made a voluntary disclosure to federal authorities in the hopes of securing a no-violation letter.
“What it really came down to is that these regulations could cripple the way an open source project works,” Anderson said. “At its very heart, open source is participatory and if the ruling went against us it would limit participation, and that would be a terrible consequence.”
Anderson said that the no-violation letter, which affirmed that Mozilla’s disclosures are permitted under U.S. rules, is a win for both the firm and the larger open source movement.
“What I think it means is that the government made the right decision by respecting free speech rights and open source projects and the value that they provide,” Anderson said. “So the government bought into our argument that writing code is free speech, which really means that people around the world can engage in this kind of speech through open source projects.”
Short of the no-violation letter, Mozilla could have gone a few different routes to get around the export regulations.
Mozilla potentially could have simply blocked users from the embargoed countries from downloading Firefox. It also could have put the download servers in a different country. But for Mozilla, those were not attractive options.
“We thought that would be a terrible outcome to block users based on where they are,” Anderson said. “When we look out at the world we don’t see nationals of one country or another. We see a community and a user base. The notion of blocking by IP was offensive. That’s a brute force way to solve the problem.”
For Mozilla, the root of the issue is about participation, inviting people anywhere in the world to contribute to an open source project.
While Mozilla’s disclosure to the U.S government was limited to Firefox, Anderson believes that the no-violation letter has broader implications.
“I would interpret this no-violation to apply to Mozilla Thunderbird and other open source projects,” Anderson said. “Obviously folks should get their own legal counsel, but I think that there is a broader legal principle here. That is if you really are open source, participation by individuals around the world — irrespective of where — they are does not create a violation.”
That said, Anderson added that there are certain things that he remains cautious about. Whereas the distribution of source code appears to have won a regulatory exemption, direct commerce with nationals in embargoed countries that are subject to U.S sanction rules is a different issue.
In Anderson’s view, the U.S export rules still apply to open source organizations. It’s just that they don’t prohibit the specific activities that surround the open source exchange of information and technology.
Even though the no-violation letter is important to Mozilla and the open source community, Anderson does not see it as a precedent in a legal sense.
“This is an application of the regulations and case law that gave us a result,” he said. “‘Precedent’ is a pretty big word that is heavily weighted. But it’s a good result that is telling.”