Export farce is just a neat way of scaring companies and individual contributors from developing and providing cryptographic systems within US.

100% accurate, but old, conclusions.

Anyone providing domestic crypto runs the risk of violating EARs. Manufacturers are ultimately responsible when their products end up overseas...

Can you give me an example of a commercial vendor who has suffered because someone bought a "dangerous" product ( Windows, for example ) at retail and carried it out of the country in a suitcase? My guess would be that anything sold at retail would pose no problem for the manufacturer unless domestic regulations were in place. Even then the retailer is the first in line for questioning.

[ For example, try to buy one of IBM crypto-cards - give them a call and ask what does it take to purchase one with hard crypto on it

Save me the phone call and describe your experience. BTW - IBM derives a large portion of its revenues from government contracts. They would be pretty easy to convince. An non-dependant might be different.

Would a US citizen have to produce ID in order to buy ?

Not until there are domestic regulations. Except for firearms, cigarettes, alcohol and prescription drugs I can't think of any. My guess would be that start-up manufacturers could get their tails twisted long before the retail shelf: Personal Audits Business Audits Supplier problems ( caused by similar techniques being threatened or applied ) FCC EMI Test Delays and Failures Credit Problems Lots of Traffic Tickets for everyone. It could be fun to try an embedded product. Make some development kits then try to license it. Let a manufacturer with some resources handle the heavy lifting. If you have trouble with that give 'em the bird - just write a damn book, source, VHDL etc. You can even export that. My favorites are: Secure phone - I know it exists already but still fun Disk encryptor - SCSI/EIDE, a bump in the wire between the motherboard and the disk drive. With its own smartcard/keypad interface, keys are never seen by OS. It doesn't solve the security problem while the system is on but it sure as hell makes the disk useless to opponents once it has been shut off. Good storage. Effectively shredded if you destroy the smart card or forget the key. The proper way to keep your data as long as the courts respect the Fifth Amendment. Oh well, Mike