Many programs and algorithms used for security purposes are not available outside of the United States because of U.S. export law. Some policy makers are now calling for increased restrictions on the use of encryption in response to the September 11, 2001 terrorist attacks on the World Trade Center and the Pentagon. Before acquiring or using any encryption software, you will need to make sure that it is legal to use in your location. In most cases, this information will be included in the licensing agreement. When downloading or installing software, read the licensing agreements. For the software reviews in this guide, we've tried to ascertain whether the programs are available outside of the U.S., but ultimately it's up to you to determine whether a given program is legal to use where you live. Some of the links provided below may help.
Bureau of Export Administration Encryption Export Regulations, houses all encryption rules published by BXA since export control jurisdiction was transferred from the State Department to the Commerce Department in 1996. At the time this guide was published, the most recent update was in October 2000.
Electronic Frontier Foundation's Crypto Export archive (contains political articles, discussions, and notes).
Information Security and Privacy in Network Environments (lengthy Sept. 1994 political report; use your browser's Search or Find function with the text "Government Policies and Cryptographic Safeguards" to find the relevant chapter).
RSA Laboratories' FAQ about Today's Cryptography: United States Cryptography Export/Import Laws (particular note of interest: reports on the legality of RSA and Triple-DES export).
U.S. Department of Commerce / The Bureau of Export Administration / Office of Strategic Trade and Foreign Policy Controls / Information Technology Controls Division / Commercial Encryption Export Controls.
Next: Terminology | Back to Guide