DCSSI Authorisation for Free BSD Software

Bill Moran wmoran at collaborativefusion.com
Fri May 5 19:44:59 UTC 2006


ExportControls <exportcontrols at UK.EY.COM> wrote:
> Hi Bill,
> 
> Thank you for your prompt reply.
> 
> Our client Reuters Ltd. operates a system whereby they collate a number of 
> products, approved for use by certain Reuters offices, onto a disk 
> (FreeBSD is part of these programmes). The assembly of the disk is done in 
> the UK, and upon completion the disk is sent to the US where it is loaded 
> onto a central server which the approved Reuters offices can access and 
> download the programme(s). 
> 
> Consequently, this means that Reuters purchase the product in the UK, 
> export it to the US, and potentially import it again to France if a French 
> office is approved to install the product.
> 
> Additionally, because FreeBSD contains what is considered "strong 
> cryptography", French authorities (the "DCSSI") requires that an 
> authorisation is obtained for the item if it is to be imported to, 
> supplied in, used in, or exported from France. 
> 
> It is Reuters policy to be complaint with all relevant regulations in the 
> countries they operate, and as Reuters will potentially be doing all of 
> the activities mentioned above it is essential that they obtain the 
> relevant authorisation from the DCSSI prior to importing to, supplying in, 
> using in, or exporting FreeBSD from France. Consequently, Reuters cannot 
> export FreeBSD from its server in the US to its French offices until said 
> authorisation has been obtained.
> 
> Therefore, we would appreciate if you could investigate whether such an 
> authorisation has been obtained for FreeBSD v4.1, alternatively refer us 
> to a legal contact that may be able to answer our query.
> 
> Hopefully this motivates our query, but please do not hesitate to contact 
> me if you require additional information.
> 
> I look forward to your reply, in the meantime, thank you very much for 
> your assistance.

First off, please don't top-post.

Secondly, you initially contacted the mailing list question at freebsd.org,
which consists of volunteers who assist people with the use of FreeBSD
in their spare time.  It's poor form to contact a volunteer outside of
the list unless the volunteer has requested it.  I've returned this
discussion to the list to remedy that.

Thirdly, it sounds as if you want some sort of legal certification.  You're
not liable to find anyone who's willing to volunteer that sort of information.
I suggest you contact the FreeBSD Foundation
(http://www.freebsdfoundation.org/) which has some formal presence, and may
be able to help.  Otherwise, you may want to look here
http://www.freebsd.org/commercial/ for a vendor who is willing to provide
consulting services.

> Bethan Phillips <bphillips at UK.EY.COM> wrote:
> 
> > Good Afternoon,
> > 
> > We are working with our client Reuters to help them comply with EU and 
> US 
> > export control regulation. In this regard, Reuters have some Free BSD 
> v4.1 
> > software, which they are sending to France. A declaration or 
> authorisation 
> > may be needed for this software for import into, use in, supply in, or 
> > export from France. Can you please advice us if FreeBSD have obtained a 
> > French encryption authorisation for the above mentioned software from 
> the 
> > DCSSI?
> > 
> > If this is the case we would be grateful if you could provide us with a 
> > copy of this authorisation, as Reuters will need this to export this 
> > product to/from France, and the DCSSI does not supply this information 
> to 
> > third parties.
> 
> I am not a lawyer.  This is not legal advise.
> 
> However:
> http://www.fr.freebsd.org/
> 
> The site is actually _hosted_in_ France.  Thus you are wasting your time.
> There is no need to export the software at all, it's already in France.
> 
> -- 
> Bill Moran
> Potential Technologies
> http://www.potentialtech.com
> 
> 
> 
> This e-mail and any attachment are confidential and contain proprietary information, some or all of which may be legally privileged.  It is intended solely for the use of the individual or entity to which it is addressed.  If you are not the intended recipient, please notify the author immediately by telephone or by replying to this e-mail, and then delete all copies of the e-mail on your system.  If you are not the intended recipient, you must not use, disclose, distribute, copy, print or rely on this e-mail.
> 
> Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment has been checked for viruses, we cannot guarantee that they are virus free and we cannot accept liability for any damage sustained as a result of software viruses.  We would advise that you carry out your own virus checks, especially before opening an attachment.
> 
> The UK firm Ernst & Young LLP is a limited liability partnership registered in England and Wales with registered number OC300001 and is a member practice of Ernst & Young Global.  A list of members' names is available for inspection at 1 More London Place, London, SE1 2AF, the firm's principal place of business and its registered office.
> 


-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com


More information about the freebsd-questions mailing list