SourceForge Clarifies Denial of Site Access

Recently there were some complaints from certain users outside the US stating that they were no longer able to access SourceForge.net. SF.net (who shares a corporate overlord with Slashdot) has outlined the reasons for these bans, and until someone with sufficient power to alter US law or the lists governing who is allowed to access what data from where, there is unlikely to be a change in these bans. It is worth noting that SF.net is not alone in these difficulties, as the same problems have been reported from other repositories, like Google Code. "As one of the first companies to promote the adoption and distribution of free and open source software, and one that still puts open source at the center of its corporate ideals, restrictions on the free flow of information rub us the wrong way. However, in addition to participating in the open source community, we also live in the real world, and are governed by the laws of the country in which we are located. Our need to follow those laws supersedes any wishes we might have to make our community as inclusive as possible. The possible penalties for violating these restrictions include fines and imprisonment. Other hosting companies based in the US have similar legal and technical restrictions in place."

Re:Time to move the servers?

[Lordrashmi]

If they want to have any corporate entity in the US they have to follow these laws, the actual physical location of the servers doesn't matter (according to the lawyers I worked with).

It really is quite stupid, it just causes problems and doesn't help anything.

Re:Failure of thought

[achbed]

Because they are based in the US, and they are owned by a company that is based in the US. US export laws apply to both the parent company as well as the child, and sanctions for violating the export laws are severe. Relocating to another country is a possibility, but they would have to start over. The company taking assets (or assets under corporate supervision) to another country would also fall under the same law. So, there's the chicken and the egg problem. Also, most of the countries on the US list are also on similar lists in the rest of the world due to treaties, etc. I'm sure there are some countries out there that would be happy to have you host there and export without limitation (and possibly break copyright laws too). But as the Pirate Bay is finding, those places are fewer and fewer these days.

Oh, and if you're planning on staying in the US and not moving to the country you host in, you're still under the US export laws, as your location is in their jurisdiction. Even if you can find a lawyer to make the argument, plan on spending a ton of money on the defense. And if you have that much money to start with, you wouldn't be reading this :)

Violation to freedoms of Free Software

[neo00]

As a Syrian developer who contributed so several open source project, I call this action unnecessary and outrageous. Sorry, I can’t understand this decision which was taken silently and cowardly by sf.net . I understand that the US law prohibits US companies from exporting their products to the “axis of evil” countries. But what I don’t understand is how sf.net considers the projects they're hosting as US products? It doesn’t make any sense. SF.net DID NOT create these projects. It just HOSTS them. Most of these projects are got contributions from people around the world including people from these countries. Suddenly they can’t access their own work, because sf.net considers them American products! That’s stupid!
Furthermore, it’s a direct violation of the freedoms of Free Software and section 5 of opensource definition:

5. No Discrimination Against Persons or Groups”
The license must not discriminate against any person or group of persons.
Rationale: In order to get the maximum benefit from the process, the maximum diversity of persons and groups should be equally eligible to contribute to open sources. Therefore we forbid any open-source license from locking anybody out of the process.

I hope sf.net reconsider their decision. And at least to stand positively to defend the basic principles of FLOSS.

Sad but real

[dtmos]

The alternative is to end up like Prof. John Ross of the University of Tennessee [tradelawyersblog.com], convicted of export control violations and sentenced to 4 years in prison -- at the age of 72.

What few in the US recognize is that the rules are even more stringent than indicated by SourceForge. To be convicted of an export violation, one needs merely to discuss a controlled technology with a foreign national on one of the lists [doc.gov] -- which means, in addition to many other individuals, entities, and countries, any citizen of China or Iran. Sending anything overseas is unnecessary to violate the law -- merely speaking to a group containing one such person in the audience (like at a private industry consortium meeting) is all that is needed. And the list of controlled technologies is incredibly long: See the Commerce Control List [gpo.gov], especially Category 3 - Electronics [gpo.gov], Category 4 - Computers [gpo.gov], Category 5 (Part 1) - Telecommunications [gpo.gov], Category 5 (Part 2) - Information Security [gpo.gov], and Supplement No. 2 to Part 774 - General Technology and Software Notes [gpo.gov].

Re:Failure of thought

[O('_')O_Bush]

That doesn't exempt you from the laws of the country where your company is located.

No, it doesn't

[l2718]

The GPL doesn't force you to distribute the code, or prohibit you from selecting recipients according to any criterion you wish. It only prohibits you from placing restrictions on what the recipients can do with the code after they get it from you. In other words, the GPL doesn't require SF-hosted projects to directly distribute their code in Syria. It only prohibits the projects from forbidding downstream recipients from distributing to Syrians, or from forbidding Syrians to run the code.

Re:Failure of grammar..

[Anonymous Coward]

embargo's is a possessive. No doubt you meant embargoes. What's really odd is that you managed to get restrictions correct.

Re:You don't fight Internet censorship...

[fm6]

This isn't about censorship, this is about denying countries we don't like access to our technology. That said, I agree that it's a stupid law that doesn't do anything at all useful.

Re:Anyone who can use SourceForge

[Abreu]

There's several open source repositories outside the US where people can get code.

I know for a fact that many cubans download Open Source software from the National University of Mexico

Re:Sad but real

[darkmeridian]

You have a good point, but citing the case of John Reece Roth doesn't make a lot of sense. Prof. Roth was working on "plasma actuators" for use on US Air Force drones. They were considered military secrets. The terms of the contract he signed forbid the transfer of any sensitive data with foreign nationals. He was warned to keep these documents guarded. He documents acknowledging that the export limitations applied, and that he was aware that the law required him to secret the data. Yet he transferred the information to people he knew were Chinese nationals. It's a pretty open and shut case to me.

Re:Time to move the servers?

[Anonymous Coward]

No they didn't get in trouble for witnessing, photographing or videoing the seal hunt because those are not crimes, or even regulatory violations.

The Sea Shepherd group violated both marine permit regulations and marine safety laws.