The first meeting of the OpenChain Export Control Work Group took place on the 22nd of November 2022. This meeting focused on setting the parameters for future discussion.
In our open discussion, we explored topics firstly by framing the challenges, and then by discussing the types of resources available to support individual organization understanding and workflow.
During this discussion we explored a series of links based on audience contribution.
For example, the US export control overview:
The US Encryption and Export Administration Regulations (EAR):
The type of definitions used:
The American Conference Institute overview of US EAR encryption controls:
Exclusions to US cryptographic export control related to financial services:
A recent article regarding open source and export control:
An old but potentially useful (especially if refreshed) list of export controls by country:
An example of cryptography detected by the tool SCANOSS Minr:
We have decided to reach out to experts to see if there are other resources available that may be useful.
Two future resources flagged as useful are:
- A list of tools to help detect cryptographic algorithms in open source.
- A document listing what encryption is strong and what is standard.
Our outcome was to search for resources like this, and also to check the type of parameters that our work group could continue the discussion while ensuring everyone is comfortable and no suggestion of organizational advice or recommendations could be misunderstood as existing.
The OpenChain Export Control Work Group will hold its second meeting on the 13th of December at 09:00 PST (17:00 UTC).
This meeting will have the following agenda:
- Open discussion about how our community can contribute to the field