Export Controls:

Encryption became a major national security concern during World War II, when Germany began

communication through an Enigma, an electromechanical rotor system that encrypted their

messages. Being able to decode these messages was a critical achievement for the Allied

forces. Because of this, encryption technology became listed on the Munitions List, as

administered by the Department of State.

This mindset continued until the end of the 20th century, when advancements in computing lead to

personal computing and therefore the widespread use of information technology. Information privacy,

and therefore encryption, was needed in both private businesses, personal use, and public

communication in general.

By 1996, 39 countries, including the United States, had signed the Wassenaar Arrangement, a treaty

that stipulated that cryptography with short key lengths would not be export controlled. In the same

year, the Clinton Administrations transferred control of “dual use” encryption from the State

Department to the Department of Commerce. This meant than encryption technology that was used by any

group other than (or in addition to) the military or intelligence agencies would be controlled by

the Department of Commerce, and would therefore fall under the Export Administration Regulations.

Since then, the US has become even less strict in terms of regulating the exportation of cryptography.

Due to this, most Internet users have access to and often use high quality cryptography whether they

realize it or not – through browsers, email clients, etc. Due to this, most governments have found

that it is not practical to try to control the distribution or quality of cryptography, so even when

these laws exist they are rarely enforced.

For more information on the current laws regarding the export of encryption systems, please

Sources:

Buzz