Note: downloaded from www.vtw.org so cannot guarentee correctness- "§2804. Unlawful use of encryption to obstruct justice" "Whoever willfully endeavors by means of encryption to obstruct, impede, or prevent the communication of information in furtherance to a felony which may be prosecuted in a court of the United States, to an investigative or law enforcement officer shall-..." Interesting wording - sounds almost like if you impede the *commission* of a felony, you is been had. Keyword would seem to be "willingly". Suspect they meant to say "...obstruct (etc) the investigation of a felony..." "(b) CONTROL OF EXPORTS BY SECRETARY OF COMMERCE.- "(1) GENERAL RULE.-Notwithstanding any other law, subject to paragraphs (2), (3), and (4), the Secretary of Commerce shall have exclusive authority to control exports of all computer hardware, software, and technology for information security (including encryption), except computer hardware, software, and technology that is specifically designed or modified for military use, including command, control, and intelligence applications. This would seem to extend ITAR, not limit it. "(2) ITEMS NOT REQUIRING LICENSES.-No validated license may be required, except pursuant to the Trading With The Enemy Act or the International Emergency Economic Powers Act (but only to the extent that the authority of such Act is not exercised to extend controls imposed under this Act), for the export or reexport of- "(A) any software, including software with encryption capabilities, that is- "(i) generally available, as is, and designed for installation by the purchaser; or "(ii) in the public domain or publicly available because it is generally accessible to the interested public in any form; or "(B) any computing device solely because it incorporates or employs in any form software (including software with encryption capabilities) exempted from any requirement for a validated license under subparagraph (A). Microsoft's CryptoAPI seems OK. PGP would seem to fall under both (i) and (ii). "(3) SOFTWARE WITH ENCRYPTION CAPABILITIES.-The Secretary of Commerce shall authorize the export or reexport of software with encryption capabilities for nonmilitary end-uses in any country to which exports of software of similar capability are permitted for use by financial institutions not controlled in fact by United States persons, unless there is substantial evidence that such software will be- "(A) diverted to a military end-use or an end-use supporting international terrorism; "(B) modified for military or terrorist end-use; or "(C) reexported without requisite United States authorization. Thank you MasterCard/VISA for SET. Note that it does not seem to say that you do not need a license, just that one shall not be witheld without "substantial evidence". "(4) HARDWARE WITH ENCRYPTION CAPABILITIES.-The Secretary shall authorize the export or reexport of computer hardware with encryption capabilities if the Secretary determines that a product offering comparable security is commercially available from a foreign supplier without effective restrictions outside the United States. Same comment except that token & INE vendors will have to demonstrate that a foreign competitor exists. Real lawyers please comment. Warmly, Padgett