Talk:Export of cryptography from the United States

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Cryptography / Computer science   
WikiProject icon This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the quality scale.
 ???  This article has not yet received a rating on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science.

Import of Cryptography[edit]

I can't seem to find a page on Restrictions on the Import of Cryptography - some countries restrict the use of cryptographic tools (or have in the past). EPIC and GILC have produced a number of reports on this (1998 GILC Report, 2000 EPIC Report), but nothing more recent. A page on this would be both interesting and useful. Anyone here interested in participating? Dunxd 16:35, 8 February 2007 (UTC)

some further reading[edit]

An illustration of the foolishness (and general dumbth) in the execution of these policies is given by Peter Guttman in his My career as a Kiwi Arms Courier essay on his web site. It has the unusual virtue, in material on crypto subjects, of being quite funny as well. If there's no objection, and someone doesn't beat me to it, I'll add it as further reading with a comment. ww 14:01, 11 Aug 2004 (UTC) Matt beat me to it. ww 17:32, 13 Aug 2004 (UTC)

Long sentence[edit]

Could the author of the sentence "Since the demonstration of the benefits of wireless in WWI, the publication by Admiral Jackie Fisher and Winston Churchill in the 20's of the fact of that the English read German Naval codes in WWI, the revelation on two occasions (also in the 20s) by UK ministers of information that could only have come from reading encrypted Soviet messages, and the publication of Herbert Yardley's book, The American Black Chamber, in 1931 (revealing major breaks of diplomatic cryptography -- especially in connection with the Washington Naval Conference), nations had even more motivation than before to attempt to protect the communications confidentiality" (or any Wikipedian who understands it) possibly simplify the language? I can't make heads or tails of it, and I'm pretty sure I'm not alone. A Pattern O 06:22, 15 April 2006 (UTC)

LOL, yes. Moreover, as those sections say almost nothing about the export of cryptography during those periods, I've simply removed them. — Matt Crypto 18:30, 17 April 2006 (UTC)


"SSL-encrypted messages used the RC4 cipher, and used 128-bit keys. U.S. government export regulations would not permit crypto systems using 128-bit keys to be exported. The longest key size allowed for export without individual license proceedings was 40 bits, so Netscape developed two versions of its web browser. The "U.S." edition had the full 128-bit strength. The "International Edition" had its effective key length reduced to 40-bits by revealing 88 bits of the key in the SSL protocol."

should this be the other way - the US edition should have the 40-bits and the international have 128. Jon513 12:22, 25 July 2006 (UTC)

No, the article is correct as written. Netscape was a U.S. company. There was (and is) no restriction on use of strong cryptography within the U.S., only on its export. So the export version had to be weakened.--agr 13:17, 25 July 2006 (UTC)


This article does not clearly state exactly what "Export of cryptography" actually is. The first paragraph leads into reasons/history of it without clearly stating what it is. 07:26, 30 December 2006 (UTC)

Done. Only 8 1/2 months later. 22:58, 18 September 2007 (UTC)


There are many several-month-old citation needed notices in this article. If no one has cites, I'm going to remove the affected passages shortly. Alvis 06:56, 25 April 2007 (UTC)

Notification Requirements[edit]

The source for the notification requirements is broke, I did however find this source on the requirements, though I don't know if anything changed. Atomic1fire (talk) 14:12, 14 January 2015 (UTC)

On Merging with Import[edit]

Restrictions on export and import of cryptographic tools are of completely different nature (unlike, say import/export restrictions on commodities). Since there is no synergy, in my opinion, it makes little sense to merge. Dimawik (talk) 22:59, 3 August 2008 (UTC)

Agreed, articles should remain separate, unless someone makes a strong case why they should be merged. -- intgr [talk] 13:39, 4 August 2008 (UTC)
Nobody spoke for the merge; removing the merge request. Dimawik (talk) 22:25, 2 October 2008 (UTC)

Citations again[edit]

There has been some recent fact tag bombing on this article. As always, it's easy to go overboard in demanding citations and I think we're definitely at sea with many of these recent tags. My lifesaving ring for this problem is to remove the ones I think are most out of line. So I'll give this some time, and try to remember to come back and do it in a week or so.

Comment from others? ww (talk) 17:55, 19 March 2009 (UTC)

I happen to know chapter and verse for many of these, so, perhaps, it is easier to add references? Would you mind a long reference list at the bottom? Subject is contentious (for no good reason), so, perhaps, a good reference list will put rumors to rest. Dimawik (talk) 09:31, 20 March 2009 (UTC)
Yes, I think that would greatly ease the situation, though perhps not satisfy the more devoted tag bombers. If you're up to it (legal background, perhaps?) please don't hesitate.
I suspect the reason, or a reason, the subject is contentious, aside from WP tag bombing, is that it seems to be closely related to national security. Some of those who are aware of the role cryptanalysis has played in public policy, both diplomacy (eg, Zimmerman telegram or Washington Naval conference) and war (Midway or the early defeat of the Russians in WWI), seem to have jumped in, in an excess of partially informed zeal, and are fighting the last war yet again. When one stirs in a not uncommon conspiratorial bent, contention is likely inevitable.
And, of course, there is a political basis for some of the contention. One can use supposed errors in proper security policy to beat one's opposition about the head. Not very edifying, but in an era in which "thoughtful" and "political participation" have become mutually exclusive, more can't be much expected.
Some actual knowledge about the field (most prominently, that effectively unbreakable crypto is available to all and has been for some decades at this point) might help, but it is a widespread human trait to reach firm conclusions, strong enough on which to wage actual or virtual war, on the basis of little actual information or a dubious theoretical substructure. That horse left the barn a very long time ago. ww (talk) 11:53, 21 March 2009 (UTC)
References would be very helpful. There is quite a lot of confusion out there about export restrictions and it is amazingly difficult to find good references. (talk) 13:05, 21 March 2009 (UTC)
Moving, but very slowly. Added two reasonably modern encryption control history overviews. CRS is especially useful: although it is older, being the work of the US government, it is non-copyrightable and can be quoted verbatim. Dimawik (talk) 00:39, 24 March 2009 (UTC)
Added the link to "Cryptography's Role in Securing the Information Society", a report to Congress that summarized and to some extent shaped the approach to cryptography by both government and academia. It certainly can be used to satisfy the remaining requests for sources, with perhaps some minor re-phrasing. Fell free to volunteer (it is a good read, even though it is pretty old for this field), or I will find the chapter and verse for the remaining requests when the time will be available. Dimawik (talk) 21:21, 30 June 2009 (UTC)

The article is short and doesn't need that many tags. I have removed the remaining 12 fact and who tags and replaced them with the appropriate page-wide tags. Bwagstaff (talk) 05:53, 21 March 2009 (UTC)

I undid your change, because noting specifically where improvements are necessary is better than a catch-all request for citations. The article does use formulations that are not precise and there is quite some need for improvement. Additionally, the article contains some "commonly known facts", but a reader that would like to know more is lost, because there are no citations. (talk) 12:54, 21 March 2009 (UTC)

US Rules[edit]

I have started a brief description of he US rules covering the export of encryption; will do one to two sections on the days my schedule allows. Feel free to chip in. Sections still to be written:

  • Export rules
  • Exceptions
  • TSU (Publicly available source code)
  • TMP (Beta test)
  • NLR (No License Required)
  • ENC
  • Export License

Dimawik (talk) 06:23, 27 June 2009 (UTC)

Crypto Export relaxing[edit]

According to this article, the rules were relaxed in 1996; but I distinctly remember that the actual crypto rules were relaxed sometime around 2000. I know this because I was affected by the domestic/international division back in 1999. (talk) 19:19, 27 October 2009 (UTC)

You're right - I remember it well. I've updated the article, with a citation. ★NealMcB★ (talk) 17:14, 29 September 2011 (UTC)

Name change?[edit]

Should't the title of this article be "Export of cryptography from United States"? Dimawik (talk) 00:15, 21 January 2010 (UTC)

Agree. Any objections?--agr (talk) 15:34, 30 November 2011 (UTC)


"The expectation seems to have been that this would further national interests in reading 'their' communications and prevent others from reading 'ours'."

Who is the person that perceived what the expectation seemed to have been?

Is the use of 'their' and 'ours' presuming that the reader is a citizen of the United States?

"The First Amendment made controlling all use of cryptography inside the U.S. difficult, but controlling access to U.S. developments by others was thought to be more practical — there were at least no constitutional impediments."

Who said this? Who is it that declares that our law makes it difficult to control the use of cryptography inside the U.S. difficult?

"This policy was also adopted elsewhere for various reasons."

Is it too much to actually specify some of these various reasons, or is this to be left to the imagination of the reader?

"The development, and public release, of Data Encryption Standard (DES) and asymmetric key techniques in the 1970s, the rise of the Internet, and the willingness of some to risk and resist prosecution, eventually made this policy impossible to enforce, and by the late 1990s it was being relaxed in the US, and to some extent (e.g., France) elsewhere."

Who is the person making this claim? Is it the same person who earlier claimed that the policy was merely difficult, rather than impossible?

Is it correct to infer from this article that our law merely presented a difficulty to those who desire to control the use of cryptography, but it was the public release of encryption standards, the rise of the internet, and the desire of some people to rid the people of this policy that actually made it impossible to enforce? — Preceding unsigned comment added by (talk) 19:41, 14 August 2013 (UTC)