It never ceases to amaze me how inconsistent the anti-crypto people are on this issue ... I just took a look at VADM McConnell's answers during a Senate hearing on May 3, 1994 ... http://csrc.nist.gov/keyrecovery/ees_q-a.txt Questions from Senator Murray: Q: In my office in the Hart building this February, I downloaded from the Internet an Austrian program that uses DES encryption. This was on a laptop computer, using a modem over a phone line. The Software Publishers' Association says there are at least 120 DES or comparable programs world wide. However, U.S. export control laws prohibit American exporters from selling comparable DES programs abroad. With at least 20 million people hooked up to the Internet, how do U.S. export controls actually prevent criminals, terrorists, or whoever from obtaining DES encryption software? A: Serious users of encryption do not entrust their security to software distributed via networks o bulletin boards. There is simply too much risk that viruses, Trojan Horses, programming errors, and other security flaws may exist in such software which could not be detected by the user. Serious users of encryption, those who depend on encryption to protect valuable data and cannot afford to take such chances, instead turn to other sources in which they can have greater confidence. Such serious users include not only entitles which may threaten U.S. national security interests, but also businesses and other major consumers of encryption products. Encryption software distribution via Internet, bulletin board, or modem does not undermine the effectiveness of encryption export controls. Why is it, then, that we don't just allow non-commercial software to be exported? 1. I don't believe, for a moment that "serious users" of cryptography cannot entrust their security to "software distributed via networks o bulletin boards". Those are precisely the mediums through which PGP became popular. 2. Phil Z was being harassed precisely because PGP is most definitely a serious threat in the trend toward undermining ITAR. 3. Phil K's export request was rejected, and MIT was harassed over the PGP source book, precisely because source code is source code. It does not matter if it came on a disk or through a network or through a bulletin board or on a book. The point is that the NSA DOES view this as a serious threat, so they are fighting this tooth and nail. Ern