I am really excited to announce the founding of the Open Research Institute. ORI is a non-profit organization focused on important areas of open science, including open-source software, hardware, standards, content, and research. ORI is led by luminaries Bruce Perens (co-founder of the Open Source Initiative, among other things), and Michelle Thompson (you can find her on page ~5 of your ARRL Handbook), and I am serving as a founding board member.

Bruce Perens first announced ORI on his blog, which you can read here: Open Source vs. Munitions Export Restrictions – Announcing Open Research Institute, Inc..

We have a few goals for ORI, including facilitating open R&D and reproducible science, and providing a home for open-source projects that might not be a natural fit in other organizations (e.g., FSF, SPI, Apache Foundation). The open-source movement is more than just software and hardware; things like open standards have been a crucial part of our largest technological advancements, such as the Internet, and I believe open source has an important role to play in the future of reproducible science - I'm excited to work on these areas with ORI.

Another major goal of ORI is to provide an umbrella organization with strict rules for projects that might otherwise be regulated by export control. Most engineers have thankfully never had to deal with export control directly, but it's a serious issue in many technical fields and mishandling it can land you in serious legal trouble. In many countries, certain types of technologies are classified as "munitions", and the export of those technologies to foreign nationals is tightly controlled. In the United States, these export controls are known as International Traffic in Arms Regulations (ITAR), administered by the US Department of State, and Export Administration Regulation (EAR), run by the US Department of Commerce.

ITAR & EAR are problematic for open source efforts, in particular, because things you create in total isolation can be regulated by them - this is acutely different from other types of information regulation, like data classified for national security. If, for example, you write a new software library, on your own and in your own time, it is not automatically classified information. If you post the library online or share it with friends, you can't be put in prison for distributing classified information. It is entirely possible for you to create something regulated by ITAR or EAR, though, even unintentionally.

If your creation falls into one of the restricted areas, it is a felony for you to make that information available to a foreign national - this includes e-mailing it to your friend who isn't a US citizen or green card holder, or posting it online (e.g., Github). And, unfortunately, determining whether or not a technology is a "munition" is not always easy. For example, systems that perform "energy detection on RF signals" can be regulated by ITAR - but that's exactly what your car stereo does when you "seek" between stations.

The cryptography community has had to deal with export control for years. One of the more famous cases is Bruce Schneier's textbook "Applied Cryptography". In the mid-90s, US courts ruled that the textbook, which contains the printed source code to certain cryptographic algorithms, could be exported, but that a floppy disk containing the exact same source code was a munition and could not be shared with non-US persons. That particular cryptography case was litigated by Phil Karn and the EFF and finally resolved in January of 2000, but the fundamental problem still exists. If you create something and distribute it, without realizing it's regulated by ITAR or EAR, it's up to the subjective opinion of a judge to determine whether or not you are a felon - and there are clear examples of the courts making nonsensical decisions in that regard.

This is particularly problematic for open source, which fundamentally relies on the sharing of information to be successful. Most open source projects, thankfully, are at no risk of being encumbered by ITAR or EAR. But, for those that are, export regulation poses a serious challenge. This is one of the problems that ORI solves. To be clear, ORI cannot retro-actively make ITAR / EAR information suddenly not regulated, and our goal is in no way to facilitate the sharing of such information (and that would be illegal). Rather, by being a member of ORI and enforcing our rules, the goal is to prevent a project from ever becoming export-regulated to begin with.

I'm really proud to be a part of ORI's founding, and I look forward to working with everyone involved. We're still working on getting content up on ORI's website, but if you're interested or have any questions, don't hesitate to get in touch! =)