The issue is whether mere use of USA-illegally exported crypto is itself illegal. AFAIK (anybody OCRed it?), it contains no clause that would cover the use of software or rocket launchers that have already been exported. The text of the ITAR is available at one or both of eff.org or cpsr.org. I purposefully elided over this point in my first post in order to more clearly talk about jurisdiction. (This may not have been best.) I don't know if such use is illegal; for the purpose of discussion above, I assumed it was. It may be otherwise, however. Suppose it's not explicitly illegal. Does that mean you can't get prosecuted for it, or convicted? Whatever the answer is, it's not "clearly no". Inside every prosecutor's office is a legal hacker try to push the boundaries of criminal law, trying to make more things _illegal_. (Not exactly what you want to hear, I'm sure.) What creative arguments might an agressive prosecutor use? Conspiracy is a good one. The argument could be that there's so much publicity about PGP that any user must know that 2.6 was USA-illegally exported, and, therefore, was blindly conspiring with the original exporter. This is an apparently ludicrous argument, but could it fly? Ever heard of the twinkie defense? Eric