Federal Export Control Compliance: Exporting Encrypted Goods

Internet Export Negotiation

This post is part of a series of posts entitled A Legal Guide to the Internet. For a comprehensive list of articles contained in this series, click here.

Since doing business on the Internet may involve global electronic transactions, it is important for businesses to be aware of federal export control regulations and to implement procedures to assure compliance. An individual should be designated with responsibility for monitoring federal export control regulations and communicating such information to the relevant staff. Distribution or license agreements should include provisions requiring compliance with the federal export control regulations.

Of particular interest are the United States government’s regulations on encryption software. Encryption allows for the protection of information by converting plain text into unreadable ciphertext. While the use of encryption may aid companies in protecting things such as trade secrets and confidential company records, the extent to which encryption provides such protection is great, and the protected information can all together be lost if the decryption key is ever misplaced.

The Export Administration Regulations (“EAR”), implemented by the Federal Department of Commerce, impose certain restrictions on the export of non-military encryption goods. Generally, one must obtain a license from the Bureau of Export Administration prior to exporting encrypted goods. EAR addresses the specific issue of exporting encryption products over the Internet. Under EAR, downloading, or causing downloading, outside of the United States, of encrypted source and object code software constitutes export. While the government maintains that the purpose of encryption laws is to safeguard national security and aid in the investigation and prosecution of crime, they have been challenged by some as burdensome, anti-business, and in a recent case, Bernstein v. U.S. Department of Justice, 176 F.3d 1132 (9th Cir. 1999), the Ninth Circuit Court of Appeals found that encryption software was speech protected by the First Amendment and restricting its export was an unconstitutional prior restraint. The Court of Appeals, however, recently withdrew the Bernstein opinion and granted a rehearing in the case. Such action is a prime example of the uncertainty and change in this area of law, like others involving regulations that change from time to time, and may require the counsel of experts who are knowledgeable in the most current government position. For up-to-date information and assistance, you can contact the United States Department of Commerce, Minneapolis Export Assistance Center at 612.348.1638.

This and the following posts have been copied or adopted from A Legal Guide To The INTERNET – Sixth Edition, published through a collaborative effort by the Minnesota Department of Employment & Economic Development and Merchant & Gould.