Re: The USA again
Certain levels of encryption are still regulated as munitions in the US. That only applies to exports, not imports. It was always completely legal to import PGP* into the US. (On the import side the question you get from the security wonks is whether or not you can trust the code, so usually not workable inside government.) And it was completely legal for entities outside the US to export and import PGP depending on their local laws.
*If you're going to tell the PGP story it is important to tell the whole story. It wasn't PGP per se that was outlawed. At the time you couldn't export triple DES either. The sticking point was whether or not the algorithm allowed for more than 52 (56?) bits of encryption. Since PGP wasn't algorithmically limited it was illegal to import. At that point in time MS even had to distribute two versions of IE because the US version allowed more encryption than the law allowed. The insanity was eventually recognized for the insanity it was and the law was harmonized with reality. On the question of whether or not encryption should be treated as a munition, given the outcome of WW2 it seems pretty obvious encryption is worth more than a whole lot of munitions. Not sure it compares to nuclear bombs, but not sure it doesn't exceed them either.
Biting the hand that feeds IT
