U.S. Crypto Export Controls
Rules on exporting cryptography outside the United States have been renewed:
President Bush this week declared a national emergency based on an “extraordinary threat to the national security.”
This might sound like a code-red, call-out-the-national-guard, we-lost-a-suitcase-nuke type of alarm, but in reality it’s just a bureaucratic way of ensuring that the Feds can continue to control the export of things like computer hardware and encryption products.
And it happens every year or so.
If Bush didn’t sign that “national emergency” paperwork, then the Commerce Department’s Bureau of Industry and Security would lose some of its regulatory power. That’s because Congress never extended the Export Administration Act after it lapsed (it’s complicated).
President Clinton did the same thing. Here’s a longer version of his “national emergency” executive order from 1994.
As a side note, encryption export rules have been dramatically relaxed since the oppressive early days of Janet “Evil PCs” Reno, Al “Clipper Chip” Gore, and Louis “ban crypto” Freeh. But they still exist. Here’s a summary.
To be honest, I don’t know what the rules are these days. I think there is a blanket exemption for mass-market software products, but I’m not sure. I haven’t a clue what the hardware requirements are. But certainly something is working right; we’re seeing more strong encryption in more software—and not just encryption software.
Patrick Coyle • August 5, 2005 7:44 AM
These export rules (as I understandthem, which could be wrong/outdated – I would welcome clarification) have always struck me as a bit odd. I can understand why the government doesn’t want to allow strong encryption out of the country (foreign embassys begin to provide messages home that the US cannot read…) but I don’t think they can actualy stop it.
You can get your hands on an older version of PGP on the web in any country, and in newer ones you can just lie and say that you are in the US/Canada…