Being a product manager is a tough job, you wouldn’t think that we’d need to worry about going to jail – but we do. I’m a big advocate of product managers acting as though we are the CEO’s of our products. Our careers both live and die along with the market success of our products and rightly so. However, there is a darker side to this gung-ho attitude. If your product is illegal and you do a really good job of marketing it, then you’re going to be going to jail.
Let’s Talk About Munitions
I’m going to assume that most of you are not selling heroin or hot cars (at least not every day) and so you may be thinking that you’re on safe ground. However, it’s amazing just how fast that “safe ground” can turn into “the yard” at a federal lock-up facility if you’re not careful.
One of the easiest ways to get into trouble is to add encryption to your product. No matter what market your product is designed to address, healthcare, finance, etc. you are probably under constant pressure to make it more secure. How you go about doing this will depend on the type of product that you are responsible for. However, if it has even an ounce of software associated with any part of it then the idea of adding encryption to how it transmits and receives data plus how it stores data may have crossed your mind.
This is where things start to get interesting: if you add encryption to your product, then you’ve just turned it into munitions. Guess what that’s going to do to your ability to legally export it…?
Say Hello To The U.S. Department Of Commerce
No matter what country you live and work in, the rules are going to be pretty much the same. Since I’m in the U.S., I’ll talk about this from my point-of-view. It turns out that adding source code implementations of cryptography algorithms to your product turns it into munitions and that means that you’re going to need a license to export it out of the country.
It turns out that the solution to this problem is not all that difficult. You basically have to complete some paperwork and pay a fee ($250 last time I checked) and your firm will have become an officially licensed munitions exporter.
For those of you who routinely publish software patches to your encryption-enabled products on the Internet or (gasp!) allow customers to purchase and download your product online, you’re going to have to tell the Department of Commerce first.
Are You Already In Trouble?
The best way to stay out of trouble is to do some internal checking – are you already using anything that may have turned your product into munitions without you even knowing about it? Jonathan Erickson over at Dr. Dobbs Journal has done some looking into this. He reports that by searching the Black Duck KnowledgeBase he was able to uncover 4,000 open source software projects that used encryption algorithms and which would require a license if exported.
If your product is using any of these open source projects (and these days, who isn’t?), then you may already be a munitions exporter. Looks like it’s time to do some double checking!
What All Of This Means For You
I’m hoping that no product manager ever wakes up in the morning thinking to him / herself “gosh, what can I do to get myself thrown into jail today?”. Even though we don’t do this, we can still find ourselves in hot water.
The simple act of trying to make our products more secure by adding encryption to how it communicates or stores information is what can get us into hot water. By doing this we’ve become munitions exporters and we need to apply for the proper license to engage in this kind of trade.
The fix is pretty simple – tell the government what you are up to. However, it’s being aware that you need to do this that’s the key. Look, you’re a good product manager – do some checking because we don’t want to only be able to see you during visiting hours!
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World Product Management Help
Question For You: Do you think that just by adding encryption functions to your product you now need a separate license to be allowed to export it?
Click here to get automatic updates when
The Accidental Product Manager Blog is updated.
P.S.: Free subscriptions to The Accidental Product Manager Newsletter are now available. It’s your product – it’s your career. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
Just who are you hoping that will buy your product? Sane, rational people who you’d be more than willing to invite over to your place for dinner? Or perhapsstark raving mad folkswhom you’d probably cross to the other side of the street were you to encounter them in public? I’m guessing that you’d probably pick the sane folks, but maybe you’d be wrong…