Adam Back wrote:

The US export regulations no longer prevent export of crypto. PGP exported binary copies of PGP from US websites, as now do many other companies. Crypto source is exported also from numerous web sites.

I don't follow why all the discussion talking as if ITAR and EARs were still in effect in unmodified form.

Good point, except that PGP.com and Freeware still have export restrictions on downloads, as do most other US crypto export sites. This is probably due to the fact that nobody understands the export regs and better safe than lose out on fat government contracts, and corollary contracts with other corporations who dare not offend the authorities. Even some private sites which rushed to offer crypto on the Internet have withdrawn their offerings. And, according to Matt Blaze's tabulation of such offerings, they have nearly petered out. Don't forget that there is till a review required by BXA for strongest products. What happens in those reviews has not been disclosed as far as I know. Whether the NDA is voluntary to hide trade secrets, compulsary to hide dirty dealing, or worse to hide really nasty access requirements -- probably some of all these in the great American tradition of promising much and delivering not so much unless you play ball under the umpires clubhouse rules. Nicky Hager (of Secret Power fame) co-wrote another book on a PR war in NZ in which he covered at length the practice of governments and corporations hiding their filthy deals from freedom of information access through the loophole of protecting proprietary information from the public. Another commentator pointed out recently that the vast majority of FOIA requests are indeed made by people seeking commercial intelligence which is not intended to be made public , and relatively few seeking information to release to the public. So there is a bind on getting info on what actually happens at BXA and its co-agencies during crypto export review. However, in contrast to a few years back, I don't see many corporations or individuals calling for greater access to closed information about crypto export procedures. Could be all the crypto folks are doing just fine under the system, so why bitch about making it into the comfort zone. And, oh yeah, fuck the public interest now that the crypto public outreach PR campaigns did their job to get inside the sweetheart PR loophole. Doug Porter has written an interesting update about all this crypto flim-flam in the "Pocket Guide to NSA Sabotage:" http://cryptome.org/nsa-sabotage.htm And what the fuck is Schneier doing trashing crypto to build his security consulting business? That sounds like priests preaching Our Church Alone salvation to keep the flock frightened, dependent and shelling out for long term protection contracts. You know, like the one-world feds and all-world spooks.