Fingerprinting legal issues update

Thanks for the responses to my plea for help up to this point. I’ve also contacted a few people who I’m waiting for responses from.

I’ve been told that most of NFIS2 will become a downloadable open source project soon, which is encouraging. However, this project will NOT include the fingerprint matching algorithm, instead it will only include the analysis tools. This implies that scope of the export control issues is limited only to the actual matching and identification part, and leaves me with exactly the same problem.

I’ve also been informed that NFIS2 distribution is subject to ECCN 3D980. Basically, if your export can be classified under the ECCN, you need a license before you can export it (at least this my is interpretation, which may be wrong). Such licenses aren’t exactly open-source compatible.

Previously I was only looking under category 4 (Computers) but apparently they also put software under category 3 (Electronics). Here’s the text of 3D980:

“Software” specially designed for the “development”, “production”, or “use” of items controlled by 3A980 and 3A981.

3A980 is unrelated, but 3A981 says:

Polygraphs (except biomedical recorders designed for use in medical facilities for monitoring biological and neurophysical responses); fingerprint analyzers, cameras and equipment, n.e.s.; automated fingerprint and identification retrieval systems, n.e.s.; psychological stress analysis equipment; electronic monitoring restraint devices; and specially designed parts and accessories, n.e.s.

Opinions or thoughts on the interpretation of this new info are much appreciated.

6 thoughts on “Fingerprinting legal issues update

  1. Donnie Berkholz

    From a technical POV, that _is_ open-source compatible. Open-source licenses give extra permissions regarding copyright and sometimes patents, they do not address any of the other possible country-specific laws to which you may need to adhere such as cryptographic (or other) export control.

    The only problem is that it’s a PITA.

  2. Pingback: dsd’s weblog » Blog Archive » Misc updates

  3. ann

    Hello could you please just give me a brief list on what legal laws are broken with fingerprinting and which codes of conducts are broken thank you very much

  4. Chris Sherlock

    So, why don’t you do what the PGP guy did? Print the sourcecode in booklet form, then send it to a developer in a non-constrained country?

    Or do what the Kerberos guys did. They built the software, added in stub functions where they needed to encrypt the software. Then an Australian developer implemented the encryption by filling in the stub functions.

    Just a thought.

Comments are closed.