2. A Conversation Started Last Month
● The first meeting of the OpenChain Export Control Work Group took place on
the 22nd of November 2022. This meeting focused on setting the parameters
for future discussion.
● In our open discussion, we explored topics firstly by framing the challenges,
and then by discussing the types of resources available to support individual
organization understanding and workflow.
3. There are many links
in these slides
You can access them
via this QR code
4. First Point: People are talking about two things
● One is export control, which apply to distributing something from one
geography to any other geography
● The other are sanctions, which apply to distributing something from one
geography to a specific other geography
6. During this discussion we explored a series of
links based on audience contribution
● For example, the US export control overview:
https://www.trade.gov/us-export-controls
● The US Encryption and Export Administration Regulations (EAR):
https://www.bis.doc.gov/index.php/policy-guidance/encryption
● The type of definitions used:
https://www.bis.doc.gov/index.php/documents/new-encryption/1652-cat-5-
part-2-quick-reference-guide/file
7. Digging deeper we found increased context
● The American Conference Institute overview of US EAR encryption controls:
https://www.americanconference.com/ear-boot-camp-821l16-chi/wp-
content/uploads/sites/932/2016/08/Day1_4.45_Sorrentino.Crooks.Hansson.
pdf
● Exclusions to US cryptographic export control related to financial services:
https://www.bis.doc.gov/index.php/policy-guidance/encryption/2-items-in-
cat-5-part-2/a-5a002-a-and-5d002-c-1/v-decontrol-notes
● A recent article regarding open source and export control:
https://academic.oup.com/book/44727/chapter/378967490
8. We uncovered some stuff that was useful
● An old but potentially useful (especially if refreshed) list of export controls by
country:
http://www.cryptolaw.org
● An example of cryptography detected by the tool SCANOSS Minr:
https://github.com/scanoss/cryptographic_algorithms
● We have decided to reach out to experts to see if there are other resources
available that may be useful.
9. Two future resources flagged as useful are:
1. A list of tools to help detect cryptographic algorithms in open source.
2. A document listing what encryption is strong and what is standard.
Our outcome was to search for resources like this, and also
(a) to check the type of parameters that our work group could continue the
discussion while
(b) ensuring everyone is comfortable and
(c) no suggestion of organizational advice or recommendations could be
misunderstood as existing.
10. The OpenChain Export Control Work Group will
hold its second meeting on the 13th of December at
17:00 UTC
This meeting will have the following agenda:
1. Introductions
2. Open discussion about how our community can contribute to the field
Join via Zoom:
https://zoom.us/j/93456802267