The US Bureau of Industry and Security published today: http://cryptome.org/bis060602.txt (108KB) Revisions and Clarifications to Encryption Controls in the Export Administration Regulations--Implementation of Changes in Category 5, Part 2 (``Information Security''), of the Wassenaar Arrangement List of Dual-Use Goods and Other Technologies SUMMARY: This rule amends the Export Administration Regulations (EAR) to reflect changes made to the Wassenaar Arrangement List of dual-use items, and to update and clarify other provisions of the EAR pertaining to encryption export controls. Consistent with the Wassenaar changes, Note No. 3 (``Cryptography Note'') to Category 5--part II (Information Security) of the Commerce Control List (CCL) is amended to allow mass market treatment for all encryption products, including products with symmetric algorithms employing key lengths greater than 64-bits, that previously were not eligible for mass market treatment. As a result, for the first time, mass market encryption commodities and software with symmetric key lengths exceeding 64 bits may be exported and reexported to most destinations without a license under Export Control Classification Numbers (ECCNs) 5A992 and 5D992, following a 30-day review by the Bureau of Industry and Security (BIS) (formerly the Bureau of Export Administration (BXA)). In addition, this rule, for the first time, allows equipment controlled under ECCN 5B002 to be exported and reexported under License Exception ENC. For all other information security items, including encryption source code that would be considered publicly available, this rule updates and clarifies existing notification, review, licensing and post-export reporting requirements. Restrictions on exports and reexports of encryption items to terrorist- supporting states (Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria), their nationals and other sanctioned persons (individuals and entities) are not changed by this rule. DATES: This rule is effective June 6, 2002.