It made some sense at the time the law was conceived. SSL was crippled to uselessness by US export restrictions. IE 6 had a monopoly. So they built their own much more secure encryption (using ActiveX to plug into IE) and mandated its use for everything that matters.
The incompetence was in mandating a certain implementation instead of writing a technology-neutral law requiring a certain security level.
The incompetence was in mandating a certain implementation instead of writing a technology-neutral law requiring a certain security level.