John Young
Federal Register: December 30, 1996: Page 68572-68587
Bureau of Export Administration
Encryption Items Transferred From the U.S. Munitions List to the Commerce Control List
... Note to paragraphs (b)(2) and (b)(3) of this section: A printed book or other printed material setting forth encryption source code is not itself subject to the EAR (see Sec. 734.3(b)(2)). However, notwithstanding Sec. 734.3(b)(2), encryption source code in electronic form or media (e.g., computer diskette or CD ROM) remains subject to the EAR (see Sec. 734.3(b)(3)). ...
It's curious that they're still making this distinction. I've got to wonder, if push came to shove, how they'd differentiate between, say, a book and a TeX document of the same book, on a CD. Unfortunately, the person testing this may go to prison for a long time. I saw no mention of prison time or fines for breaking these provisions -- I can only assume that the teeth are buried in other Commerce regulations. Does anyone know offhand what penalties are involved? Also, the choice of the Commerce Department to play gatekeeper is an interesting one, tactically. Is the addition of a few "or import" clauses likely? "One small step..." as they say. (me)