This is kind of a risky policy to take. The general feeling I get that allowing non green-card holders access to strong cryptography is sort of decriminalised, in that the police aren't likely to break down your door and have your AFS server accidentaly fall down stairs. However, it is still against the law, and could be used against the university in other unrelated circumstances.
Actually, its not. There is precedent, in that at one point (rumour mode on -- I have not verified this story) MIT was asked to not allow certain students into the MIT nuclear reactor. These international students had been accepted into the Nuclear Engineering program, which sort of requires them to have access. MIT's response was to tell the gov't that if they didn't want to let these students have access to the nuclear reactor, then they should not be allowed in the country, since MIT will not discriminate against students based on silly criteria such as where they live. The state department said they couldn't do that, since they had nothing to keep the students out of the country. MIT responded that they couldnt do it either, and the gov't backed down. I'm not convinced that it is as risky as you say. Besides, MIT does have a lot of political power, so they are more likely to get away with it than other places might. However I think it is a reasonable position for an educational institution to take. -derek