Export control classification number?

I got an email:

Hi Ned
Thanks for maintaining coverage.
Do you know whether it is Not controlled, or if it has an Export control classification number (ECCN) in compliance with US export control laws ?
(Bureau of Industry and Security website : http://www.bis.doc.gov/)

I dont know what an ECCN is, so I guess coverage.py doesn’t have one? Is it better or worse if it has one?

To get an ECCN you have to affirmatively apply to the US government for one, so you probably don’t have one :slight_smile: It basically certifies that you’ve jumped through some hoops around encryption.

As a general matter, open source software in 2019 typically does not require an ECCN (the big exceptions are software that provide, or heavily use, encryption). I don’t think coverage.py would need one, per discussion here: https://www.bis.doc.gov/index.php/policy-guidance/encryption/2-items-in-cat-5-part-2/a-5a002-a-and-5d002-c-1/iv-5a002-a-1-a-4

If coverage.py did need one (or if someone here is curious), by virtue of being open source you’d still mostly just have to notify the government once, since you’re open source. Good documentation on that here: https://www.magicsplat.com/blog/ear/

Great, that’s very helpful. So just to get the terminology straight, I would say, “coverage.py is not export controlled.” Yes?

To be more precise, might say “To the best of my knowledge, coverage.py is not subject to United States export control restrictions.” I am not your lawyer, and you don’t want to be their lawyer either :slight_smile:

1 Like

You’re the best not-my-lawyer I have! :slight_smile:

1 Like