Commit eb07be29 authored by Bastien Nocera's avatar Bastien Nocera

Fix links to some US government agencies

Fix a couple of dead links.
parent 99dfb7b1
Pipeline #54638 failed with stage
in 1 minute and 43 seconds
......@@ -26,7 +26,7 @@ A couple of other projects existed which could get images from other devices, bu
We can download images from the Microsoft devices, but how do we login with them? We need some kind of image processing, and then comparison of the processed images. Not a small problem.
[I looked into some open source solutions](http://www.reactivated.net/weblog/archives/2006/08/fingerprint-enhancement-and-recognition/) but didn't get too far. In September 2006 I started playing with [NBIS](http://fingerprint.nist.gov/NBIS/index.html) (formerly NFIS2), code from the US government to process and compare fingerprints. It [worked splendidly](http://www.reactivated.net/weblog/archives/2006/10/nfis2-works/), but the project halted due to concerns that we couldn't distribute this from the US without violating the U.S. Export Administration Regulations.
[I looked into some open source solutions](http://www.reactivated.net/weblog/archives/2006/08/fingerprint-enhancement-and-recognition/) but didn't get too far. In September 2006 I started playing with [NBIS](https://www.nist.gov/services-resources/software/nist-biometric-image-software-nbis) (formerly NFIS2), code from the US government to process and compare fingerprints. It [worked splendidly](http://www.reactivated.net/weblog/archives/2006/10/nfis2-works/), but the project halted due to concerns that we couldn't distribute this from the US without violating the U.S. Export Administration Regulations.
The [Software Freedom Law Center](http://www.softwarefreedom.org/) provided a little advice but this did not really go anywhere or produce any positive findings. NIST themselves were responsive by email but did not like to talk about the legal side, they weren't really sure about the export control restrictions on this software but were playing it safe by limiting distribution to CD only.
......
......@@ -8,7 +8,7 @@
As detailed in [project history](project-history.html), libfprint originated from an earlier project, which aimed solely to make DigitalPersona fingerprint readers on Linux. These are imaging devices, and after successfully managing to retrieve images from such devices, we ran into a larger problem: how can we process images in order to determine "scan A is the same finger as scan B, login authorised"?
While hunting around for potential solutions, I came across NIST's NFIS2, which is now known as [NBIS](http://fingerprint.nist.gov/NBIS/index.html). You can see on their site that parts of their software are export controlled. At the time, the entire project was export controlled and there was not any description of which parts might potentially be under which export classifications. Now it says:
While hunting around for potential solutions, I came across NIST's NFIS2, which is now known as [NBIS](https://www.nist.gov/services-resources/software/nist-biometric-image-software-nbis). You can see on their site that parts of their software are export controlled. At the time, the entire project was export controlled and there was not any description of which parts might potentially be under which export classifications. Now it says:
> It is our understanding that NFSEG and BOZORTH3 fall within ECCN 3D980, which covers software associated with the development, production or use of certain equipment controlled in accordance with U.S concerns about crime control practices in specific countries.
>
> As US export control applies to all exports, such information indicates that _all_ fingerprint processing code (not just NIST's implementation) is subject to these restrictions. Regardless of whether we were to use NFIS2 or not, if NIST's information was anything to go by, our code would fall under special restrictions when being exported from the US. NIST avoided the issue by limiting distribution to CDROM only -- they used your postal address to ensure you are not located in any country designated as terrorist-supportive. Such distribution control is obviously not suitable for an open source project.
......@@ -17,7 +17,7 @@ I contacted NIST, and Craig Watson was kind enough to provide some useful respon
James Vasile of the [Software Freedom Law Center](http://www.softwarefreedom.org) kindly spent some time investigating the matter, but no good news emerged.
Some time later, I sat down to really analyse the [Export Administration Regulations](http://www.access.gpo.gov/bis/ear/ear_data.html) to look for solutions. It turns out that distributing NBIS in an open source project is not restricted, for reasons explained below.
Some time later, I sat down to really analyse the [Export Administration Regulations](https://www.bis.doc.gov/index.php/regulations/export-administration-regulations-ear) to look for solutions. It turns out that distributing NBIS in an open source project is not restricted, for reasons explained below.
## Justification for export safety
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment