If it wasn't for ITAR the Net would already have secure encryption and authentication, and most such hacker attacks would be impossible (or at least impractical).
The non-responsive answer is stricken from the record. :-) You mean "secure" as Netscape was secure from sameer et al.?
I don't think it's non-response, I just think you don't understand yhour expert witness. If not for the ITAR then I could distribute my secure applications as a binary library with the security part as source. When you got Netscape you'd read the security code or ask local experts to do so. You'd verify that the code was correct (or at least not stupid). You'd then compile the security code and link it against the main object module and away you'd go. If you didn't have a C compiler, you'd get a binary from someone you trusted. Of course, all this would be going on in parallel at thousands of sites around the world. Everyone looking at the code, finding holes, reporting them, fixing security bugs, and so on. But ITAR won't let you do that. Or netscape would just make calls to the common open multiple-crypto API that existed in a shared library in your machine. But apparently the ITAR won't even let you do this. /r$