- Any crypto of any key length can be exported under a license
exception, after a technical review, to non-government end users in
any country except the seven "terrorist countries". Exports to
governments can be approved under a license.
- Retail crypto (i.e., crypto which does not
require substantial support and is sold in tangible form through
retail outlets, or which has been specifically designed for individual
consumer use) of any key length can, after a technical review,
be exported to any recipient in non-terrorist countries.
- Unrestricted crypto source code (like most "open source"
software) and publicly available commercial source code (like
"community source" code) can be exported to any end-user under a
license exception without a technical review. BXA must be given a copy
or the URL of the source code. All other source code can be exported
under license exception after a technial review to any non-government
end-user. One may not, however, knowlingly export source code to a
terrorist country, although source code may be posted on the WWW for
downloading without the poster having to check whether it is
downloaded from a terrorist country.
- Any crypto can be (re)exported to foreign subsidiaries of US
firms without a technical review. Foreign nationals working in the US
no longer require an export license to work for US firms on
encryption.
- The regulations implement the December 1998 Wassenaar changes
(notably, export of 56-bits and 64-bits (for mass-market products)
crypto to non-terrorist countries).
- Post-export reporting is required for exporting certain products
above 64 bits to non-US entities.
- Since 19 October 2000, a further liberalization of export
controls is effective, triggered by changes in the EU export
regulations (see the Federal Register Vol. 65, No. 203, pp. 62600-10,
available at BXA).
The liberalization was announced by the Clinton administration on 17
July 2000. A license exception is introduced for export of any crypto
product to any end user (so, the distinction between government
and non-government end users is dropped) in the 15 EU countries,
Australia, Czech Republic, Hungary, Japan, New Zealand, Norway,
Poland, and Switzerland. Also, US exporters can ship products
immediately after filing a commodity classification request, without
waiting for the technical-review results or the previously used 30-day
delay period.
|