I am working in Japan (outside the U.S.A.) and am planning to export software made with “Go” to a third country. I believe “Go” is made in the U.S.A. and EAR must be applied to it (if not, please let me know). Could anybody provide me with information about EAR, ECCN, and CCATS for “Go”? If there are pages like (*1) of Microsoft and (*2) of Oracle, I would be more grateful.
That’s an interesting question. The closest to an answer I could find by some Googling is this, which is about Openssl, is 15 years old and not necessarily authoritative, but sounds reasonable:
Let’s bring ourselves to the ultimate issue: Where does this leave us
with respect to the wisdom of using US-produced components in
crypto-containing free software assembled outside the US? US-produced
components can be subject to EARs, which means that at the present
time they may be freely exported to all but seven countries (none of
which currently permits free access to the network to its own
citizens), so long as a copy of the source code is available to the
Bureau of Export Administration, which acts as a surrogate for NSA.
All free software fulfills this criterion by definition, although we
do have to nominate an official source-availability URL, as I
previously mentioned. In the worst case analysis, components exported
now might subsequently become non-exportable in the event that
regulations in the US become more restrictive. No one would be
subject to prosecution or interference as a result of export occurring
before the change in regulations (that’s a matter of constitutional
law in the US), but all subsequent development of those components
would then have to occur somewhere other than here. No code not
originally developed in the US would be subject to this tightened
regulatory environment, unless such code were “in” the US, in which
case the particular copy that was “in” the US wouldn’t be able to
leave again–a restriction which makes no difference.
EAR, like many regulations originally written for physical things that can actually reside in a physical space and move over borders, seems like a difficult fit for open source software…
(I’d add a disclaimer that I’m not a lawyer, but I don’t fall under US law so I don’t think I’d be liable to be successfully sued for providing bad advice. But then again, I’m not a lawyer…)