Magazine article National Defense

Use Caution When Traveling with Encryption Software

Magazine article National Defense

Use Caution When Traveling with Encryption Software

Article excerpt

* If you bring a laptop or smartphone outside of the United States, you need a basic understanding of how international export control laws may apply to your device's encryption software.

Encryption software that is resident on a laptop or a smartphone is subject to export control regulations by the Commerce Department's Bureau of Industry and Security, which enforces the export administration regulations. This is a separate issue from any technical data that may be resident on a device, which is governed by International Traffic in Arms Regulations.

The level of regulation and available license exceptions under the export administration regulations for encryption software depends on its technical specifications and the public availability of the source code.

First, laptops with pre-loaded encryption software may qualify for the temporary exports-tools of the trade (TMP) license exception, permitting the outbound export of a laptop for professional use purposes. The TMP exception applies to symmetric commercial-grade encryption with a key length of fewer than 64 bits. It does not apply to items containing cryptography functionality such as dual-use cryptanalytic or quantum. To comply with a TMP license, the item must be used for professional purposes, returned within 12 months, and be kept under effective control of the exporter, such as in a hotel safe when not in use. The exporter must take precautions against the unauthorized release of controlled technology. The TMP license exception is not available to embargoed countries, such as Cuba, Iran, Syria and Sudan.

Also, depending on the encryption grade and the traveler's expected use of the item with encryption software, license exceptions are available under the export regulations, including encryption commodities and technology for higher grade encryption.

Outbound U.S. regulations are not the only consideration for those traveling with encryption software. Many countries regulate the inbound use of encryption software. In China, for example, the State Cryptography Administration (SCA) serves as the national authority for regulating encryption products and has promulgated multiple rules on encryption controls. Although thousands of individuals carry laptops and smartphones with encryption in and out of China daily, it is not risk free. Under SCA policy, standard mass-market products are not subject to the encryption regulations, but the encryption regulations remain incongruent with this policy and provide the latent underpinning for broader enforcement.

The policy predates the rise of smart-phones and certain advancements in encryption software commonplace on laptops. If traveling to China with encryption software, one should consider checking the encryption regulations and following up with any applicable encryption license applications.

Through the Wassenaar arrangement, participating countries have created a "personal use" exemption for people traveling with encryption software. Wassenaar is an international export control agreement that contributes to regional and international security by promoting transparency in the transfers of conventional arms, dual-use items and technologies among the participating countries. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.