This page provides detailed information on the export control status of the Guardian Project’s products, as well as pointers to the open source code from which those products are built.
Exporting Guardian Project Apps
The Guardian Project is an open-source project based in the United States of America. All of our products are developed via online collaboration in public forums and distributed from a central server within the U.S. Therefore, U.S. export laws and regulations apply to our distributions and remain in force as products and technology are re-exported to different parties and places around the world. Information on export control classifications and associated restrictions may be required for exporting, re-exporting, record keeping, bundling/embedding of GP products, encryption reporting, and shipping documentation. More information on U.S. Export Regulations can be found at “ https://www.bis.doc.gov/ ”.
The Bureau of Industry and Security (BIS) , a branch of the U.S. Department of Commerce, regulates exports through the Export Administration Regulations (EAR). The regulations describe the export rules and restrictions on a wide range of commodities, technologies, and software. This document is no substitute for understanding those regulations; the GP cannot anticipate how they might apply to third party distributions or for specific export decisions made by those parties. End-user, end-use and country of ultimate destination may affect export licensing requirements.
Below is a general listing of GP software products and their source links for which we have determined an export classification for that product as distributed by the Guardian Project. The matrix is to be used in conjunction with the EAR to provide classification information in order to assist exporters in the export of GP products and to provide guidance to BIS employees that seek the source code for GP products. All export classification information contained in the matrix is subject to change without notice.
GP software and/or technical data may NOT be exported/reexported, either directly or indirectly, to any destination subject to U.S. embargoes or trade sanctions unless formally authorized by the U.S. Government. Note that said embargoed destinations are subject to change and the scope of what technology is included in the embargo is specific to each embargoed country. For the most current information on U.S. embargoed and sanctioned countries, see the U.S. Export Administration Regulations and Treasury Department regulations.
Denied Parties List
U.S. export regulations require that all international and domestic transactions be screened against the U.S. Government listing of prohibited end users. Shipments to certain individuals, organizations, or institutions who have violated U.S. export laws are prohibited. The United States government maintains export prohibited lists , including but not limited to the Treasury Department’s Specially Designated Nationals List and Commerce Department’s Entity and Denied Persons Lists.
GP Product Classification Matrix
The Guardian Project (GP) makes NO WARRANTY or representation that the information contained in the GP Product Classification Matrix is accurate, current, or complete. It is your obligation as the exporter to comply with the current applicable requirements of United States export rules and regulations. Any use of such information by you is without recourse to the GP and is at your own risk. The GP is in no way responsible for any damages, whether direct, consequential, incidental, or otherwise, suffered by you as a result of using or relying upon such information for any purpose.
Each GP product is classified with an Export Control Classification Number (ECCN) if it is believed to correspond to an entry in the Commerce Control List (CCL) and subject to the EAR. All ASF software is published in a publicly available source code form. Since publicly available software is only subject to the EAR when it is classified as ECCN 5D002 or 5D992 , all GP software product versions that do not fit those two classifications are noted as ECCN “n/a” (not applicable) or not included in the matrix.
Products classified as ECCN 5D002 , are exported by the GP under the TSU exception in EAR 740.13(e) , which applies to software containing or designed for use with encryption software that is publicly available as open source. Exception TSU further provides that “ _Posting encryption source code and corresponding object code on the Internet (e.g., FTP or World Wide Web site) where it may be downloaded by anyone neither establishes “knowledge” of a prohibited export or reexport for purposes of this paragraph, nor triggers any “red flags” necessitating the affirmative duty to inquire[…]_ ” Note that exporters other than the GP within the US may or may not be eligable for exception TSU, and it is each specific exporter’s responsibility to understand and comply with all export regulations applicable within their jurisdiction.
|Product Name||Versions||ECCN||Controlled Source|
|Orbot||development||5D002||The Tor Project https://gitweb.torproject.org/orbot.git|
|1.5 and later||5D002||The Tor Project https://www.torproject.org/docs/android.html.en|
|1.x and later||5D002||GP https://guardianproject.info/apps/gibber/|
|SQLCipher for Android||development||5D002||GP https://github.com/guardianproject/android-database-sqlcipher/|