Encryption Controls under the Export Administration Regulations
Encryption is generally defined as the process of converting information or data into a code, especially to prevent unauthorized access. Put simply, encryption makes a wide range of technologies more secure. Since 1996, most encrypted technology is controlled by the EAR. Some encrypted technology, which has military-related functionalities, is controlled by the International Traffic in Arms Regulations (“ITAR”). This article provides an overview of encryption controls under the EAR, outlines license exceptions for certain encrypted technologies, and provides best practices for export compliance.
Background on Export Administration Regulations
Over 95% of the world’s population is outside of the United States. Opportunities abound for U.S. companies that export. However, exporting is a privilege and not a right. U.S. exporters have an important responsibility to adhere to U.S. export control laws, including the Export Administration Regulations (“EAR”).
Administered by the U.S. Commerce Department, the EAR is a set of regulations which governs whether U.S. persons may export or transfer goods, software, and technology outside of the United States or to non-U.S. citizens. U.S. exporters have an important responsibility to adhere to the EAR. Violations of the EAR carry hefty civil and criminal penalties. Exporters can pay hundreds of thousands of dollars in penalties, lose export privileges, and even be imprisoned.
According to 15 CFR 742.15:
“Encryption items can be used to maintain the secrecy of information, and thereby may be used by persons abroad to harm U.S. national security, foreign policy and law enforcement interests. The United States has a critical interest in ensuring that […]