[oostevo]

I'm nothing close to a lawyer, but I bet the people you linked to would indeed get in trouble if they started shipping their parts overseas.

The law (ITAR[1] and the Arms Control Export Act[2]) wasn't designed to keep home-milled ArmaLite parts out of the hands of US citizens. The goal was to prevent someone like Lockheed from doing something like selling stealth fighters to an adversary without checking in with someone first. It's basically written as banning the export of military technology to foreign countries without the proper paperwork.

Apparently, to the folks at the State Department, stuff like PGP[3] and plans for a 3D-printable gun count as "military technology" and putting it on the internet counts as "export". That's pretty different from the ATF deciding that a lower receiver without holes in it doesn't need a firearms dealer for a transfer.

[1]http://en.wikipedia.org/wiki/Arms_Export_Control_Act

[2]http://en.wikipedia.org/wiki/International_Traffic_in_Arms_R...

[3] http://stason.org/TULARC/security/pgp/99-Appendix-VI-A-State...

[warmwaffles]

I'm interested on the PGP stuff with Zimmerman. If I encrypt a file using PGP and send it to a friend in Europe, would this act be in violation of ITAR or AECA?

If it is a violation, then how has HTTPS not been challenged?

[cdjk]

There's no problem sending encrypted data internationally. The "munition" is the code/program that does the encryption.

Export controls on crypto were relaxed in the late 90s (I'd have to look up the exact dates), and before then there were "export" versions of Netscape Navigator that only supported 40 bit keys.

[iterion1]

True, but 3D plans for the AR-15 are also easy to find online. Which, I suppose, is a point I should have included.