Encryption is the process of encoding a message so that it can be read only by the sender and the intended recipient.
Encryption software is software whose main task is encryption and decryption of data, usually in the form of files on hard drives and removable media, email messages, or in the form of packets sent over computer networks or the Internet.
Companies are allowed to export most non-encryption software without an export license as long as it does not involve transfers to countries that have been sanctioned (see List Screening, Debarment-Excluded Parties). However, certain specific technologies for encryption are subject to export controls and they cannot be transferred outside of the United States.
The export controls on commercial encryption products are administered by the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce. Rules governing exports of encryption items are found in the Export Administration Regulations (EAR) under 15 CFR Sections 740.13, 740.17 and 742.15.
Please be aware that the EAR may deem many types of seemingly routine activities, such as use of the Internet or visits by scientists with foreign citizenship as exports of technology. For instance, under EAR section 734.2(b)(9) merely posting encryption software on the Internet can be an "export" that is subject to export control regulations.
BIS provides a couple of tools to help in determining whether encryption software is subject to export controls:
See also: Checklist on Encryption and Other "Information Security" Functions