alt Hacker NewsLegal question for the Tor team (disclaimer, I love Tor and use it in BrowserBox):
- Does Tor need an OFAC license to supply to Russian and Iranian (and other sanctioned entities)? What's your approach to stay compliant and globally helpful? I know 50% of your funding comes from US government (or did a few years back, still?), does this give you extra pathways to engage those regions?
I'm wondering because the system would seem to fall under ITAR due to its encryption, and even if non-ITAR is still a cyber product and these countries are heavily OFAC listed rn.
This is relevant for me right now as I was recetnyl contact by a significant entity in a sanctioned region with a massive deal for BrowserBox. Applying for an OFAC license to see if it's possible to serve them (but we have to make final determination on ethics/legal even if license is approved, I guess). My feeling is that broad sanctions don't hurt the things they are meant to but punish people in all countries from forming transnational links that might actually help to prevent conflicts and build relations however small. Idk, just my reflections after encountring this situation.
Replies
> supply
> product
OFAC regulates international trade. Isn't Tor's publication an act of pure speech, rather than commerce? They're not charging for it, and they aren't physically moving any goods across borders. How could Tor be subject to any restrictions here?
(not a lawyer, just someone who naively thought the Crypto Wars ended in the 90s)
> massive deal
OFAC applies to trade, like your "massive deal". OFAC's original authority comes from a law titled, literally "The Trading With the Enemy Act".
Tor publishes free software, asking nothing in return. That isn't trade. Neither are those evangelists who broadcast sermons on shortwave radio -- they certainly "serve" Iran in the sense that people in that country can hear their broadcasts.
"Cyber product" lolwut? I think you have been breathing too many beltway fumes.
This sounds a bit like the GrapheneOS shenanigans in France recently: it's an opensource project with no product per-se. There's no supplying to anyone; rather people help themselves to grab it. The debate would be should opensource projects like Tor or GrapheneOS prevent sanctioned people from grabbing the freely (as in both beer and speech) available project from the shelf.
(writing this message, I realized how hard it is not to write "product" for the thing graphene and tor make)