This Note investigates U.S. export controls as they relate to free and open source software (FOSS), arguing that the U.S. government has responded to the challenges of modern software by attempting to force an ill-fitting framework to accommodate FOSS. A contemporary reexamination of the state of export controls over FOSS can help in mapping out the responses generated by national security interests to the challenges of the internet. In particular, the Note offers a detailed account of the ways in which federal export controls have excluded FOSS from their regulatory purview through a powerful public availability exemption. In doing so, regulators have essentially labeled publicly available software as unthreatening to national security, regardless of the potential uses of any particular code.

This paper has been published by the NYU Journal of Legislation & Public Policy, Vol 23, Issue 3 (2021). It originated in the Guarini Colloquium: Regulating Global Digital Corporations and also contributed to the Open Source Software as Digital Infrastructure project.