Perry quoted part of the joint declaration of facts in my case and asked
Would this not mean that the government is estopped from ever again claiming that hash functions are export controlled under the ITAR?
Not according to them. They have made it clear throughout their filings that they consider each CJ request on a case-by-case basis. Furthermore, they repeatedly assert that under the power delegated to them by the President, they have the absolute power to add and delete items from the Munitions List and to make inexplicable, inconsistent and arbitrary rulings whenever they damn well feel like it, and no court can overrule them. They even feel free to ignore their own rules whenever they get too inconvenient. See my attorneys' brilliant analysis of why the ITAR as written clearly permits the export of public domain crypto code under the public domain exemption. It's about halfway through http://www.qualcomm.com/people/pkarn/export/karnresp.html But State wrote the rules, so they can ignore 'em whenever they feel like it. Why gosh, National Security is at stake! And that's something we mere mortals can't possibly know anything about. Grep for the word "estoppel" in their arguments -- I know they used it at least once to discuss this exact point. So the bottom line is this: at the moment the ODTC will let you export hash functions as long as they don't encrypt data. They'll probably grant CJ requests to that effect. But they could change their minds at any time if they feel like it. Isn't it wonderful to live under a government of laws, not of men? Phil