Revolution "software" to black listed nations

kee nethery kee at kagi.com
Sun Apr 9 02:10:12 EDT 2006 

On Apr 8, 2006, at 8:56 PM, Sivakatirswami wrote:

> Kee, assuming I promise not to have our legions of defense attorney  
> subpoena you to come to court to testify as an expert witness after  
> we have carefully coached you under hot lights without sleep, food  
> or water for three days... (smile).
>
> Can you help clarify:
>
> On Apr 08, 2006, at 5:11 PM, kee nethery wrote:
>
>> In my humble opinion, the US state department embargo list applies  
>> to software produced in the USA. If you are in the USA, it makes  
>> no difference what kind of software you have, you cannot do  
>> business with anyone in those embargoed countries period end of  
>> discussion.
>
> What is the definition of "Software" ? is an MS Word letter to your  
> mother -- a document  --"software' because it is a binary object  
> and not a piece of paper? or is this simply a "file" -- the  
> "product" of software, the latter being Microsoft Word.
>
> i.e. where does a binary object in a computer cross the line from  
> "file" to "software" if every "file" were bound by such contraints,  
> Adobe would have to issue an EULA to be accepted before anyone  
> could open even a single PDF!
>
> In our immediate context: Is an executable stack "standalone"  
> which, for example, let's you catalog tropical fruit trees and  
> their characteristics... is that the "product" of software or just  
> a generic file?  or is it software if you created that standalone  
> in the US.

There are two types of embargo, commerce and munitions.

It's my understanding that if your software is a weapon (munition)  
you have to prevent "the enemy" from acquiring it. The definition of  
a munition is not as wide as it was years ago. It's my understanding  
that general purpose encryption products are considered munitions  
(PGP has to be as careful as they can in preventing their software  
from going into an embargoed country). It is my understanding from  
the governmental people I talked to years ago that products that use  
encryption for some specific purpose (like encrypting credit card  
data) is not a munition as long as it cannot be repurposed to encrypt  
messages and such.

It's my understanding that a commerce embargo is exactly that, an  
embargo of commerce. Commerce is when you buy or sell (or trade)  
something. So if you buy or sell something with an embargoed country,  
you are violating the law. If you sell your time as a consultant and  
you verbally tell them the baseball scores that anyone can read in  
any newspaper, that is commerce, money changes hands, and it would  
violate the embargo. What you exchange for money is irrelevant. If  
you were to mail a newspaper to them for free, that is not commerce  
and as long as the newspaper is not classified as a munition, no  
violation of the law.

So it does not matter what it is, executable stack, generic file,  
standalone app, if no money changes hands (and you are not doing  
barter which is a form of commerce) then you are not violating the  
embargo. As for your online information, I think that as long as you  
don't sell to people that you can see are in an embargoed country,  
you should be OK. In general, I think if you take credit cards for  
purchases, it is likely that the card of someone in an embargoed  
country could not be used in the US.

Our database shows that for all the embargoed countries;
Iran has 2 banks issuing visa cards.
Iraq has 1 visa issuer.
Zimbabwe has 8 mastercard and 24 visa issuers.
And a quick scan of the millions of transactions in our database  
shows no transactions with any cards from any of those issuers. If a  
holder of one of those cards tried to use it on our store we'd have a  
record of it. So the fact that there are no entries with these cards  
leads me to believe that the cardholders of these cards know that  
they are useless in the US and have never even tried to use them on  
our store. Frankly, I'm surprised there were no attempts.

I'm guessing that if you accept credit cards and you have a US  
merchant account, you are not going to get anyone with an embargoed  
country credit card trying to buy from you.

Of course, as always, I'm no expert. If you really want to get a feel  
for what you should be doing, call the US state department and ask  
them. It's kinda fun running scenarios past them and seeing what they  
say. Back when we were looking into encryption for our old register  
programs, all our encryption questions were referred to "Tony" at a  
specific phone number. He didn't answer the phone, "State Department  
Tony Whatever speaking". All he ever did was answer, "Hello this is  
Tony". Never got his last name and never got the name of the  
organization he worked for. He knew a hella lot about encryption. I  
even kidded him about his anonymous greeting and he just repeated it  
"Yep, I'm Tony, what can I do for you?". I'm guessing he didn't work  
for the state department or commerce. But ... he was very helpful and  
completely understood the nuances of all the questions I was asking  
him. So, call them and ask.

<insert standard generic weasel I'm not a lawyer and have no idea  
what I am talking about disclaimers here>

Kee Nethery

More information about the use-livecode mailing list