The new rules do not decontrol encryption, and many concerns about free expression and privacy remain. The rules also set the stage for a new debate about appropriate legal protections for decryption keys and other personal data online.

Major features of the January 2000 regulations include:

• "Retail" encryption products are widely exportable to all but certain "terrorist" nations though still subject to a government review and reporting requirements.
• Non-retail products are also exportable, subject to similar requirements, to most non-government users.
• Encryption products with less than 64-bits are freely exportable.
• Some non-proprietary source code is exportable to most countries after notice to the government.

• Final Version of Encryption Regulations [.pdf] [.txt]
  
• CDT Press Release on New Regulations
• CDT Policy Post 6.02, January 21, 2000
• Rep. Bob Goodlatte's statement
• Department of Commerce, Bureau of Export Administration
  • Announcement 1/12/00
  • Fact Sheet 1/12/00
  • Questions and Answers [HTML] [PDF] 1/14/00
  • Licensing Chart [HTML] [PDF] 1/19/00
  • Export of Encryption Technology [HTML] [PDF] 2/28/00
• Questions Asked the BXA by Ariel Glenn, Systems Programmer at Columbia University

• Washington Post, January 13, 2000 U.S. Eases Encryption Export Rules
• New York Times, January 13, 2000 U.S. Removes More Limits on Encryption Technology
• New York Times, January 13, 2000 U.S. Sets Looser Encryption Export Rules

While CDT welcomed efforts by the Administration to grant greater export relief, the new regulations left some privacy and free speech concerns unresolved:

• The regulations do not decontrol encryption or remove complex requirements that may prove daunting to many individuals and small businesses.
• Some types of encryption source code are still restricted.