Shopping on line can be easy, simple and save you lots of money. It can also take a lot of your time, frustrate you, and result in unwanted purchases. Now the same can be said for regular high street shopping, but with the vast opportunity presented by the Internet it will pay you to spend a few minutes reading this and understanding how to better optimize your Export Of Cryptography shopping experience:

1. Compare - without doubt the biggest advantage that the Export Of Cryptography offers shoppers today is the ability to compare thousands of Export Of Cryptography at a time. This is a great thing, but not necessarily all the time! Too much can be daunting at times so take advantage of the great comparison sites and where possible let them do the hard work for you.

2. Research - if it has been said it will be on the internet. Ignorance is no longer a justifiable reason for buying the wrong thing. Take the time to research in detail everything that you could possible want to know about

3. Testimonials - don't know anybody that has bought a Export Of Cryptography? Wrong! If the Export Of Cryptography is good the internet will let you know. Use the Internet as a friend and get testimonials before you buy.

4. Questions - Got a question about Export Of Cryptography then search the Forums, FAQ's, Blogs etc. Don't be afraid to ask .....

5. Reputation - Never heard of the company selling Export Of Cryptography? Don't worry, no reason why you should know every company in the world, but you know someone that does! Use the internet to find out what people are saying about Export Of Cryptography and build up a picture of their reputation for sales, returns, customer service, delivery etc.

6. Returns - still worried that even after all of the above your Export Of Cryptography wont be what you want? Check out the returns policy. There is so much competition now that someone, somewhere is bound to offer the terms that you are comfortable with.

7. Feedback - happy with your Export Of Cryptography then let people know, after all you are depending on others people input in your buying decision, so why not give a little back.

8. Security - check for the yellow padlock on the Export Of Cryptography site before you buy, and the s after http:/ /i.e. https:// = a secure site

9. Contact - got a question about Export Of Cryptography, or want to leave a comment then check out the sites contact page. Reputable companies have them and respond.

10. Payment - ready to pay for your Export Of Cryptography, then use your credit card or PayPal! Be aware of companies that don't accept them, there may be genuine reasons but given the huge amount of choice you have when buying online there is no reason at all not to buy via credit card or PayPal.

The export of cryptography refers to the transfer from one country to another of devices and technology related to cryptography. Since World War II, Western governments, including the United States and its NATO allies, have regulated the export of cryptography for national security considerations, and, for a time, defined cryptography to be a munition.

In light of the enormous impact of History of cryptography, it was abundantly clear to these governments that denying current and potential enemies access to cryptographic systems looked to be militarily valuable. They also wished to monitor the diplomatic communications of other nations, including the many new nations that were emerging in the colonialism and whose position on Cold War issues was regarded as vital. (Kahn, The Codebreakers, Ch. 19) Since the U.S. and United Kingdom had, they believed, developed more advanced cryptographic capabilities than others, there arose a notion that controlling all dissemination of the more effective crypto techniques might be beneficial. The First Amendment to the United States Constitution made controlling all use of cryptography inside the U.S. difficult, but controlling access to U.S. developments by others was thought to be more practical — there were at least no constitutional impediments. Accordingly, regulations were introduced as part of munitions controls which required licenses to export cryptographic methods (and even their description); the regulations established that cryptography beyond a certain strength (defined by algorithm and length of key (cryptography)) would not be licensed for export except on a case-by-case basis. The expectation seems to have been that this would further national interests in reading 'their' communications and prevent others from reading 'ours'. This policy was also adopted elsewhere for various reasons.

The development, and public release, of Data Encryption Standard and asymmetric key algorithm techniques in the 1970s, the rise of the Internet, and the willingness of some to risk and resist prosecution, eventually made this policy impossible to enforce, and by the late 1990s it was being relaxed in the US, and to some extent (e.g. France) elsewhere. Nevertheless, some officials in the United States believe that widespread availability of strong cryptography world-wide has hampered the ability of the NSA to read intercepted communications that might reveal important information about intentions hostile to the United States. Others feel that the export controls in place in the last half of the 20th century discouraged incorporation of widely known cryptographic tools into commercial products, particularly personal computer operating systems, and are a root cause of the present crisis in information security, aside from interfering with U.S. trade in such products. They observe that many of the advances, including asymmetric key cryptography and many of its algorithms, were already public in any case.

Cold War era In the early days of the cold war, the United States and its allies developed an elaborate series of export control regulations designed to prevent a wide range of Western technology from falling into the hands of others, particularly the Eastern bloc. All export of technology classed as 'critical' required a license. CoCom was organized to coordinate Western export controls.

Two types of technology were protected: technology associated only with weapons of war and dual use technology, which also had commercial applications. In the U.S., dual use technology export was controlled by the Department of Commerce, while munitions were controlled by the State Department. Encryption technology (techniques as well as equipment and, after computers became important, crypto software) was classified as a munition. However, this hardly mattered in practice since secure encryption was not, certainly in the immediate post War period, available to the general public. By the 1960s, however, financial organisations were beginning to require strong commercial encryption on the rapidly growing field of wired money transfer.

The U.S. Government's introduction of the Data Encryption Standard in 1975 meant that commercial uses of high quality encryption would become common, and serious problems of export control began to arise. Generally these were dealt with through case-by-case export license request proceedings brought by computer manufacturers, such as IBM, and by their large corporate customers.

==PC era==Encryption export controls became a matter of public concern with the introduction of the personal computer. Phil Zimmermann's Pretty Good Privacy cryptosystem and its distribution on the Internet in 1991 was the first major 'individual level' challenge to controls on export of cryptography. The growth of electronic commerce in the 1990s created additional pressure for reduced restrictions. Shortly afterward, Netscape Communications Corporation's Transport Layer Security technology was widely adopted as a method for protecting credit card transactions using public key cryptography.

SSL-encrypted messages used the RC4 (cipher) cipher, and used 128-bit key (cryptography). U.S. government export regulations would not permit crypto systems using 128-bit keys to be exported. At this stage Western governments had, in practice, a split personality when it came to encryption; policy was made by the military cryptanalysts, who were solely concerned with preventing their 'enemies' accquiring secrets, but that policy was then communicated to commerce by officials whose job was to support industry. Some of the proposals made at this time, for instance, that government should be provided with every strong crypto key used by industry, seem laughable when viewed from the point of view of 2005.

The longest key size allowed for export without individual license proceedings was 40-bit encryption, so Netscape developed two versions of its web browser. The "U.S. edition" had the full 128-bit strength. The "International Edition" had its effective key length reduced to 40-bits by revealing 88 bits of the key in the SSL protocol (cryptography). Acquiring the 'U.S. domestic' version turned out to be sufficient hassle that most computer users, even in the U.S., ended up with the 'International' version, whose weak 40-bit encryption could be broken in a matter of days using a single personal computer. Much the same thing happened with Lotus Notes and for the same reasons.

Bernstein v. United States by Peter Junger and other civil libertarians and privacy advocates, the widespread availability of encryption software outside the U.S., and the perception by many companies that adverse publicity about weak encryption was limiting their sales and the growth of e-commerce, led to a series of relaxations in US export controls, culminating in 1996 in the effective elimination of export controls on mass-market "shrinkwrap" and open source software containing cryptography (which, in any case, a "rogue state" could have downloaded, and subsequently verified, from file sharing networks or servers outside the US).

Current status Cryptography exports from the U.S. are now (as of 2006) controlled by the Department of Commerce's Bureau of Industry and Security. Some restrictions still exist, even for mass market products, particularly with regard to export to "rogue states" and terrorism organizations. Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license. Many items must still undergo a one-time review by or notification to BIS prior to export to most countries. The regulations, though relaxed from pre-1996 standards, are still complex, and often require expert legal and cryptographic consultation. Other countries, notably those participating in the Wassenaar Arrangement, have similar restrictions.

See also

• Bernstein v. United States
• Junger v. Daley
• Restrictions on the Import of Cryptography

External links

• Crypto law survey
• Bureau of Industry and Security — An overview of the US export regulations can be found in the licensing basics page.
• My life as a Kiwi arms courier — Peter Gutmann (computer scientist)'s farcical account of his experiences exporting cryptographic software from New Zealand.
• Export Control Blog

The export of cryptography refers to the transfer from one country to another of devices and technology related to cryptography. Since World War II, Western governments, including the United States and its NATO allies, have regulated the export of cryptography for national security considerations, and, for a time, defined cryptography to be a munition.

In light of the enormous impact of History of cryptography, it was abundantly clear to these governments that denying current and potential enemies access to cryptographic systems looked to be militarily valuable. They also wished to monitor the diplomatic communications of other nations, including the many new nations that were emerging in the colonialism and whose position on Cold War issues was regarded as vital. (Kahn, The Codebreakers, Ch. 19) Since the U.S. and United Kingdom had, they believed, developed more advanced cryptographic capabilities than others, there arose a notion that controlling all dissemination of the more effective crypto techniques might be beneficial. The First Amendment to the United States Constitution made controlling all use of cryptography inside the U.S. difficult, but controlling access to U.S. developments by others was thought to be more practical — there were at least no constitutional impediments. Accordingly, regulations were introduced as part of munitions controls which required licenses to export cryptographic methods (and even their description); the regulations established that cryptography beyond a certain strength (defined by algorithm and length of key (cryptography)) would not be licensed for export except on a case-by-case basis. The expectation seems to have been that this would further national interests in reading 'their' communications and prevent others from reading 'ours'. This policy was also adopted elsewhere for various reasons.

The development, and public release, of Data Encryption Standard and asymmetric key algorithm techniques in the 1970s, the rise of the Internet, and the willingness of some to risk and resist prosecution, eventually made this policy impossible to enforce, and by the late 1990s it was being relaxed in the US, and to some extent (e.g. France) elsewhere. Nevertheless, some officials in the United States believe that widespread availability of strong cryptography world-wide has hampered the ability of the NSA to read intercepted communications that might reveal important information about intentions hostile to the United States. Others feel that the export controls in place in the last half of the 20th century discouraged incorporation of widely known cryptographic tools into commercial products, particularly personal computer operating systems, and are a root cause of the present crisis in information security, aside from interfering with U.S. trade in such products. They observe that many of the advances, including asymmetric key cryptography and many of its algorithms, were already public in any case.

Cold War era In the early days of the cold war, the United States and its allies developed an elaborate series of export control regulations designed to prevent a wide range of Western technology from falling into the hands of others, particularly the Eastern bloc. All export of technology classed as 'critical' required a license. CoCom was organized to coordinate Western export controls.

Two types of technology were protected: technology associated only with weapons of war and dual use technology, which also had commercial applications. In the U.S., dual use technology export was controlled by the Department of Commerce, while munitions were controlled by the State Department. Encryption technology (techniques as well as equipment and, after computers became important, crypto software) was classified as a munition. However, this hardly mattered in practice since secure encryption was not, certainly in the immediate post War period, available to the general public. By the 1960s, however, financial organisations were beginning to require strong commercial encryption on the rapidly growing field of wired money transfer.

The U.S. Government's introduction of the Data Encryption Standard in 1975 meant that commercial uses of high quality encryption would become common, and serious problems of export control began to arise. Generally these were dealt with through case-by-case export license request proceedings brought by computer manufacturers, such as IBM, and by their large corporate customers.

==PC era==Encryption export controls became a matter of public concern with the introduction of the personal computer. Phil Zimmermann's Pretty Good Privacy cryptosystem and its distribution on the Internet in 1991 was the first major 'individual level' challenge to controls on export of cryptography. The growth of electronic commerce in the 1990s created additional pressure for reduced restrictions. Shortly afterward, Netscape Communications Corporation's Transport Layer Security technology was widely adopted as a method for protecting credit card transactions using public key cryptography.

SSL-encrypted messages used the RC4 (cipher) cipher, and used 128-bit key (cryptography). U.S. government export regulations would not permit crypto systems using 128-bit keys to be exported. At this stage Western governments had, in practice, a split personality when it came to encryption; policy was made by the military cryptanalysts, who were solely concerned with preventing their 'enemies' accquiring secrets, but that policy was then communicated to commerce by officials whose job was to support industry. Some of the proposals made at this time, for instance, that government should be provided with every strong crypto key used by industry, seem laughable when viewed from the point of view of 2005.

The longest key size allowed for export without individual license proceedings was 40-bit encryption, so Netscape developed two versions of its web browser. The "U.S. edition" had the full 128-bit strength. The "International Edition" had its effective key length reduced to 40-bits by revealing 88 bits of the key in the SSL protocol (cryptography). Acquiring the 'U.S. domestic' version turned out to be sufficient hassle that most computer users, even in the U.S., ended up with the 'International' version, whose weak 40-bit encryption could be broken in a matter of days using a single personal computer. Much the same thing happened with Lotus Notes and for the same reasons.

Bernstein v. United States by Peter Junger and other civil libertarians and privacy advocates, the widespread availability of encryption software outside the U.S., and the perception by many companies that adverse publicity about weak encryption was limiting their sales and the growth of e-commerce, led to a series of relaxations in US export controls, culminating in 1996 in the effective elimination of export controls on mass-market "shrinkwrap" and open source software containing cryptography (which, in any case, a "rogue state" could have downloaded, and subsequently verified, from file sharing networks or servers outside the US).

Current status Cryptography exports from the U.S. are now (as of 2006) controlled by the Department of Commerce's Bureau of Industry and Security. Some restrictions still exist, even for mass market products, particularly with regard to export to "rogue states" and terrorism organizations. Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license. Many items must still undergo a one-time review by or notification to BIS prior to export to most countries. The regulations, though relaxed from pre-1996 standards, are still complex, and often require expert legal and cryptographic consultation. Other countries, notably those participating in the Wassenaar Arrangement, have similar restrictions.

See also

• Bernstein v. United States
• Junger v. Daley
• Restrictions on the Import of Cryptography

External links

• Crypto law survey
• Bureau of Industry and Security — An overview of the US export regulations can be found in the licensing basics page.
• My life as a Kiwi arms courier — Peter Gutmann (computer scientist)'s farcical account of his experiences exporting cryptographic software from New Zealand.
• Export Control Blog

Export of cryptography - Wikipedia, the free encyclopedia
The export of cryptography refers to the transfer from one country to another of devices and technology related to cryptography. Since World War II, Western governments, including ...

Talk:Export of cryptography - Wikipedia, the free encyclopedia
edit] Import of Cryptography. I can't seem to find a page on Restrictions on the Import of Cryptography - some countries restrict the use of cryptographic tools (or have in the ...

STRATEGIC EXPORT CONTROLS: THE IMPACT ON CRYPTOGRAPHY
STRATEGIC EXPORT CONTROLS: THE IMPACT ON CRYPTOGRAPHY A Response by THE FOUNDATION FOR INFORMATION POLICY RESEARCH to the DEPARTMENT OF TRADE AND INDUSTRY This paper was prepared ...

US Export of Cryptography
After reviewing OpenBSD's current policies on US contributions of cryptography, and current US law, I'd like a clarification. Current US law (c.f. the short guide http://www.bis ...

Cryptography Export Restrictions
Many nations restrict the export of cryptography and some restrict its use by their citizens or others within their borders. US Law US laws, as currently interpreted by the US ...

Cryptography History : 2000 BIS Reduces Export Restrictions
Cryptography History : 2000 BIS Reduces Export Restrictions ... Cryptography History : Bureau of Industry and Security Reduces Restrictions on export of Cryptographic Materials

The Export of Cryptography in the 20th Century and the 21st
The Export of Cryptography in the 20th Century and the 21st Whitfield Diffie and Susan Landau

Export of Cryptography in the 20th Century and the 21st, The
Author(s): Whitfield Diffie and Susan Landau: Report Number: Date Published: Available Formats: TR-2001-102 October 2001 Portable Document Format (PDF)

Cryptography Export Control Archives
This page indexes various cryptography-export related items. Contributions are welcome; send them to gnu@toad.com. Last updated 18 January 1996. [Many things have happened in ...

Cryptography and Encryption Database - Black Duck™ Export CryptoBase ...
exportIP CryptoBase identifies cryptography and encryption algorithms to meet regulations around export.