Export Control Myths and Facts

Over the last year or two a number of misconceptions have arisen over the nature of New Zealands export controls on encryption. This was caused by two things, the fact that the Ministry of Foreign Affairs and Trade (MFAT, pronounced "em-fat") seems to be either constantly changing its mind on issues of export policy or declines to comment on them, and the fact that I haven't taken the time to document the various issues involved apart from recording the general chronology of our export controls. The following document details the reality of the situation. To back it up, I've scanned a number of documents, including ones from MFAT and foreign governments, and various other sources. To keep the size down, some of them are scanned in black and white and the quality has suffered somewhat, but they're still readable. The text also contains links to background information, denoted with [Background], to a section at the end of the document which provides comprehensive background details which allow anyone to verify the claims in the body of the document. Hopefully this will clear some of the issues up once and for all.

The export myths which are covered are the following:

The Wassenaar Arrangement requires strict controls on the export of encryption software

NZ's export controls do not hurt NZ business

NZ's export control system is streamlined and efficient

NZ's export controls are required to stop encryption from falling into the hands of terrorists and criminals

The Wassenaar Arrangement is a completely new agreement, not a cold war era defence agreement

In the following text, the company referenced by "we" is Digital Data Security Limited, the organisation which sells the cryptlib security toolkit.

Myth: The Wassenaar Arrangement requires strict controls on the export of encryption software

Fact: The Wassenaar nations recognised that the original cold war COCOM controls were both archaic and completely unrealistic, reflecting a sitation which predated the existence of personal computers, fax machines, modems, the Internet, and the many other items we take for granted today. COCOM was run from the US embassy in Paris and was generally regarded in its later years as nothing more than an extension of the US State Department. See for example the complaints from the German Minister of Commerce (Bundeswirtschaftsminister) about its damaging effects on European trade.

Because of the unrealistic and anachronistic nature of COCOM, the member nations created a blanket exemption from any controls for public-domain and mass-market software. This exception, known as the General Software Note (GSN), allows the free and unrestricted export of all public domain, freely available, and mass-market computer software - items like word processors, spreadsheets, databases, email readers, web browsers, and every other type of software which is used daily by people the world over. The GSN also covers encryption software, and foreign governments have certified that this software isn't covered by export controls (for example the Canadian government certification that cryptlib isn't covered by export controls is available here.

Why then does MFAT claim the need to control exports? Because they added a special, New Zealand-only amendment to the Wassenaar Arrangement which stops NZ companies from exporting encryption software, the same software which other governments have certified isn't covered by export controls, and which foreign companies are free to export [Background info]. The existence of this special amendment is easily verified by comparing the NZ control lists to the control lists of other countries, and the fact that it was MFAT who made the amendment was confirmed by the Wassenaar Secretariat, the Vienna-based Wassenaar governing body. This provides MFAT with a convenient circular argument for enforcing encryption export controls - they are required to strictly control exports by a rule which they themselves created.

In fact, MFAT's NZ-specific amendment to the controls violates the terms of the Wassenaar Arrangement, which states very clearly that one of its four purposes is to "not impede bona fide civil transactions", a goal which is reaffirmed by the Wassenaar secretariats summary of the Wassenaar arrangement. The GSN provided the means of ensuring this. MFAT's amendment negates this intent.

Myth: NZ's export controls do not hurt NZ business

Fact: The fact that NZ companies need to go work their way through an apparently arbitrary export control regime while foreign companies are free to ship their products without restriction is enough to put us at a serious disadvantage when compared to foreign competitors. So far MFAT's position on exports has changed every single time they've been questioned about them [Background info]. In their most recent unexplained policy reversal, MFAT approved the export of cryptlib for effective worldwide distribution (by one company) under terms which it had explicitly indicated in the past would not be permitted for export. For example MFAT's permit of 11 June 1996 required DES encryption only and no source code, the permit of 31 May 1996specifically disallowed triple DES but did allow hash algorithms, the permit of of 8 June 1998 allowed export of everything provided it wasn't distributed to customers but was returned intact to the same location where it had been exported (this one was particularly pointless, a US observer called it a government license to run around in circles), and finally their permit of 24 August 1998 allowed export of everything, full-strength encryption in source code form, despite the fact that the conditions were identical to the 1996 export (export to the US, for re-export, and for financial use) for which only the relatively weak single DES was allowed, without source code, which made the export useless to the intended customer.

Let's look at what was involved in the sale to the US customer, XYPRO Technology Corporation located in California. Because of the apparently arbitrary nature of MFAT's export requirements, it proved almost impossible to provide them with any guarantees of what they would be able to use when the time came to apply for the export. In the light of this uncertainty, negotiations for the sale took more than a year, including three separate meetings with XYPRO on trips to the US. At the end of this period the time schedule was so tight that XYPRO needed the software very urgently, and made the comment that if they couldn't obtain it:

we will be forced to source equivalent products from alternative suppliers, resulting in considerable expense to XYPRO for the reengineering of our code.

In this case it was possible to piggyback the negotiation meetings with XYPRO on top of other travel to the US, and XYPRO went out of their way to accomodate us in this respect. If it hadn't been for this cost-saving measure, the process of negotiating the sale would have cost more than the sale itself was worth (to quote Pyrrhus of Epirus, "Another such victory and we are undone"). It simply isn't possible to run a business under these conditions.

What really makes this hurt is the fact that foreign competitors, who don't have to put up with this export nonsense, are free to flood the market with their products. Consider the recent announcement of 128i, New Zealand's first public Certification Authority. On one of their web pages they announce the fact that they're using technology provided by Baltimore Technologies in Ireland, C2 Net in the US, UK and Anguilla, Celo Communications in Sweden, Isode in the UK, and SSE in Ireland. Since none of these foreign companies have the New Zealand Ministry of Foreign Affairs and Trade impeding their business, they're free to sell their products in New Zealand (and the rest of the world) without running into any trade barriers.

Consider a typical computer trade show like CeBIT in Europe, which drew nearly 700,000 visitors from all over the world in 1998 (including nearly 1000 from Australasia), of which a staggering 60,000 turned up to see security/encryption technology. Because of this demand the show has an entire exhibition hall devoted to nothing but security products (hall 23 for CeBIT'99), with vendors from all over the world exhibiting their wares, including handing out demo versions of their encryption software to anyone who visits their stands (one company which does this is Eracom, whose RSA and DES encryption software demo I have here), and selling their encryption technology on the spot to anyone who asks for it. Some typical examples of other companies who are selling strong encryption software at CeBIT include vendors from Germany, Belgium, Switzerland, Germany, the Netherlands, Switzerland, the US, Argentina, Australia, Austria, Hong Kong, and the UK (this one has branches all over the world which sell their encryption technology), the Czech republic, the Czech republic again ("Our company is evidence that can be found High Tech companies not only in Silicon Valley, but also in a beautiful town like Prague. Our company cooperates with producers of data security throughout the world to achieve the best performance for our customers"), Russia, Latvia, Estonia, and the US, and Finland. The last brochure didn't come from CeBIT but was obtained locally - if you look at the bottom you can see that they're selling their Finnish encryption software in New Zealand without any restrictons. MFAT on the other hand would not allow NZ encryption software to be sent to Finland.

These sample scans represent only a small fraction of the encryption technology available at CeBIT. The full stack of brochures is more than a foot high and contains more than a thousand pages of encryption products sold by foreign firms. The Economic Strategy Institute, in findings mirrored by a dozen or more similar reports from other organisations, reports that as of September 1997 there were 1,601 different encryption products produced by 941 firms in 30 countries. Of these, 653 products came from 472 non-US firms not hampered by US-style export restrictions.

Now consider the lot of the NZ software producer. We have products which are every bit as good as, and often better than, those of foreign competitors. Unfortunately we can't hand out our software as demos at trade shows, or sell it over the counter like the foreign competition can. In trying to sell our products, we have two avenues open to us:

Apply for an export permit to ship the demo to the potential client. When this is approved and if the client is still interested, apply for another permit to ship them the full development version so their developers can build it into their product (since the development version includes full functionality with source code, it wouldn't fall under the same permit requirements as the basic demo version). Finally, when their product is ready for sale, apply for another permit to allow them to redistribute the encryption software (redistribution of the encryption is yet another set of conditions). Since a permit could be refused at any point in this chain, it's almost impossible to convince a customer to take this path (after the CypherCOM debacle, in which the company went bankrupt waiting for MFAT to make up their minds, no customer has dared go down this route). We haven't persued it either, since the need to obtain a permit just to give the customer a demo makes it completely unworkable - consider how Foodtown would be affected if they had to apply for a special permit in advance for each customer before they could sell them a loaf of bread or a bottle of milk, and you'll see why it doesn't work for other commodities like software either).
The alternative is to try to sell the customer the software as a "pig in a poke" and then apply for the full license as we did with XYPRO. This avoids the multi-stage export permit dance outlined in the previous option, but makes it extremely difficult to sell the product to customers because we can't send them a demo so they can see what they're getting, and they can't give it to their developers to play with before they decide to work with it. A much easier alternative for the customer is simply to obtain the same thing from foreign competitors who don't have to go through the bureaucratic mess. Although it's a bit hard to estimate the damage this is causing, it's likely that we're losing a considerable number of customers because of this - they'll enter into negotiations, discover what's involved and how complex and uncertain things could get, and we never hear from them again. Presumably they source their encryption from foreign companies who don't have to jump through the same export permit hoops we do.

The easiest alternative would be to move the entire operation offshore and sell our software from another country, unhampered by MFAT bureaucracy. Since other countries don't have these restrictions (see for example the Canadian Foreign Affairs certification that cryptlib isn't covered by any export controls), we would be free to ship cryptlib worldwide (including back to New Zealand) without any problems. It's kind of sad that the best way to run a NZ company selling encryption software appears to be to take the whole operation overseas and do it from there.

Contrast this with Orion Systems, whose flagship EDI messaging product Symphonia has been around for about the same amount of time as cryptlib. Unhampered by MFAT export controls, Orion have sold their product widely overseas, where it is now in use at over 600 sites, many of them quite sizeable (an example of a "site" is the state of British Columbia in Canada. Another site is the state of Manitoba - these aren't small-scale sales). Orion's typical sales strategy is to take a crate of CDROM's full of software to overseas trade shows (the most recent one being JavaOne) and hand them out to all comers. This tactic gets their software widely distributed throughout the industry, and generates a considerable number of sales and sales leads. Riding on the success of their exports, Orion have grown to a company providing full-time employment for 30 people, and in August 1998 won the TUANZ Best Technology Exporter award.

We can't even start to do this with cryptlib. For starters handing out samples of the software at trade shows is right out, and even if we could close a sale the licensing requirements would be prohibitive - a recent enquiry was for a license for the country of Switzerland, which would require just over 7 million export requests to be filed.

Myth: NZ's export control system is streamlined and efficient

Fact: This appears to be the case because so far we've gone out of our way to avoid applying for the full suite of export permits which would be required, due mainly to the difficulty in negotiating this with foreign customers and users. To get an indication of the scope of the problem, the online encryption information I provide (cryptlib and other encryption software) gets between one and two thousand hits a day. Although a web page hit is a very poor means of determing its popularity, the fact that the pages are widely mirrored overseas, and that I'm only counting hits on the NZ pages, would indicate that the overestimate due to web page hits is balanced out by an underestimate due to foreign mirrors which aren't accounted for.

In the two odd years in which it's been available, the online encryption information has had 990,000 hits (leading to a number of offers from pay-per-click advertising companies :-). Making the rather pessimistic assumption that a mere one tenth of the people accessing it would grab the data (the remaining 90% are assumed to be just tire kickers), this would result in 100,000 export permits to issue. It would take a typical 5ppm laser printer more than two weeks, working around the clock, to print them all out, consuming 200 reams of paper to produce a stack over 6 metres high. Faxing them to MFAT would tie up their fax machine for nearly five months, assuming you could keep it running around the clock for that period of time. If MFAT require one week to process a permit, it would them 2000 years to process the whole lot. Of course, since the flow never really stops, there'd be more export requests waiting once any stage of the above process has completed.

Although this grand export filibuster would be rather amusing to go through, it would probably lead fairly quickly to the introduction of some form of "export approval fee" to stop similar stunts in the future. No matter how you look at it, MFAT's export process would be utterly unable to cope with the real export requirements if we were to follow them to the letter.

Myth: NZ's export controls are required to stop encryption from falling into the hands of terrorists and criminals

Fact: Like the notorious "Have you stopped beating your wife?" question, this claim is based on an illogical assumption. Actually, it's based on two of them:

That encryption technology, which is freely available the world over, can somehow "fall into the hands" of terrorists. This concept is so illogical that it's a bit hard to grasp, but it's roughly equivalent to saying that New Zealand farmers can no longer export dairy products in case they fall into the hands of terrorists and criminals.
That terrorists and criminals have any desire to obtain encryption technology. Like the dairy products mentioned in the previous example, there would seem to be a limited amount of crime which can be committed with a floppy disk.

Let's look at each of these in turn. The first claim is that MFAT is somehow protecting the world from encryption products (that is, that the purpose of the encryption controls is to limit the availability of encryption outside NZ). Unfortunately they're about quarter of a century too late: DES encryption was made publicly available to the entire world in 1975, its predecessor Lucifer (with a 128-bit key) was made available in the early 1970's (there are several variants of Lucifer published at different times), Diffie-Hellman key exchange got out in 1976, and RSA public-key encryption in 1978. The Altavista search engine shows nearly 50,000 locations worldwide which contain encryption software, information, or technology. Computer magazines containing encryption code are published in a number of countries and sold worldwide, including New Zealand. One that I bought in a nearby dairy features encryption on the front cover. Another one, from a bookstand in Queen Street, Auckland, also contains encryption code (its somewhat blurry and buried at the bottom). Incidentally, if you were to buy these magazines at the airport to read on a flight out of the country, you could be prosecuted under the Customs Act - according to MFAT they're export controlled.

Other sources of encryption are public libraries all over the country (and in fact all over the world, since none of the books are from NZ) - I have a list of books containing encryption code which are available in libraries all over the country, including interloan by foreign terrorists. One of them, Applied Cryptography, was available in Whitcoulls on Queen Street, Auckland (it's now gone). The entire back part of the book consists of nothing but encryption code, ready for anyone to type in. Finally, as the brochures in the scans above demonstrate, anyone in any country can buy encryption software over the counter. RSA Data Security, a major US encryption vendor which license the RSA public-key encryption algorithm, claims there are 300 million copies of RSA encryption in use worldwide (that's not a typo, 300,000,000 copies).

In summary, MFAT's position is doing nothing at all to "protect the world". The only thing it's protecting is foreign companies ability to sell their products, by setting up a reverse trade barrier which stops NZ companies from effectively selling their encryption on the international market.

Let's assume, just for arguments sake, that terrorists have somehow obtained encryption software. Given the option of formally applying to MFAT for permission to obtain the software and leaving a nice paper trail halfway around the world, or of getting a book from the local library and typing it in themselves, they'll probably choose to take the latter option. So we have a terrorist sitting in front of a PC, heavily armed with a floppy disk.

(I'm not really sure how to continue here. So we have a terrorist armed with a disk containing some software typed in from a book in the local library. Now what? Are they supposed to blow up a building with it? Rob a bank? Bring down an airliner? It's easy enough to say "we need to stop terrorists getting it", but what are they expected to do with it if they do get it?).

Let's look at the real facts of computer crime. Virtually every other day we read stories of hackers breaking into computers, criminals stealing data, destroying information, cleaning out bank accounts, siphoning money from credit cards, and so on. Encryption technology - the same technology which MFAT is hindering the distribution of - is urgently needed in all of these areas to help fight crime. Financial information can be protected, patient data can be secured, critical communications and business records be kept safe, through the use of encryption. By hindering its widespread, international distribution, MFAT is doing nothing to fight crime, but instead seems to be actively helping criminals by leaving information systems vulnerable to attack. Their policy is completely backwards: Strong security measures stop crime, and the sooner we can get it into widespread use the better.

To counter this very strong argument for the use of encryption, we need to look at studies on the use of encryption carried out by criminals. There are exactly two of these, one from the FBI and one from Prof.Dorothy Denning, a long-time supporter of encryption restrictions. The first, from the FBI, was obtained through a lawsuit by EPIC, the Electronic Privacy Information Centre. For some time before that, the FBI had been claiming that there were a number of classified reports which contain conclusive evidence of an "encryption problem". The fact that the figures for cases changed every time they were quoted, and that noone had ever seen these mysterious reports, lead EPIC to file a lawsuit against the FBI to obtain copies of them. The FBI refused, claiming that it would take them a full five years to declassify the very brief report. US District Court Judge Charles Richney said he was stunned by the delay, and told the US attorney handling the case to "call Director Freeh [head of the FBI] and tell him this matter can be taken care of in an hour and a half". The resulting document, "Survey of Problems Encountered in Conducting Authorised Electronic Surveillance as Reported by FBI Field Offices", consists of a number of pages of solid black ink in which every detail has been blacked out to ensure that noone can determine for themselves the "proof" of the FBI's claims (I haven't scanned the documents, it's just a lot of black ink. If there's any demand I'll put them online - at least they'll compress well). This, then, was the FBI's "conclusive proof" that there was an encryption problem.

Because people weren't really buying the FBI's arguments, it was decided to create a study which would provide proof, once and for all, that they were right. The two people who worked on this study were Dorothy Denning, virtually the only supporter of the US governments policy apart from the US government itself, and a vice-president of SAIC, a large defence contractor often used for military "black" (secret) projects.

They toiled away for quite some time, and finally announced their results in late 1997 with the publication of "Encryption and Evolving Technologies in Organised Crime and Terrorism". Unfortunately the findings put them in a rather awkward position: Although the study was supposed to provide proof that there was some sort of "encryption problem" which needed to be countered, it instead showed that there wasn't really a problem at all. Sure, it showed that criminals occasionally use encryption, just like criminals also drive cars to the crime scene, call each other on the phone, and use other everyday technology which the rest of the world also uses. The important point was that the "encryption problem", the whole reason for the governments' claimed need to restrict encryption, by and large didn't exist.

It got even worse for the government though. So convincing was the evidence in the study that Denning - for years a very outspoken supporter of their policies - did an about-face and declared that she was no longer prepared to back government plans for restricting encryption until someone proved to her that there was a very good reason for it. This was reported in a number of US papers and publications which cover computer issues, for example the Mercury News, the largest silicon valley paper, reported "Denning unable to confirm FBI Assertions; alters her position"; Inter@ctive Week reported "Administration Supporter Having Second Thoughts On Encryption Plan":

That's the question encryption mavens ask as the Georgetown University computer scientist slowly lets the word out: She won't back government plans for key recovery, key escrow or anything else alleged to increase national security until backers show that the benefits of controls on encryption outweighs those of letting free market forces govern its use.
That's a far cry from the way she once talked about encryption technology. As recently as this year Denning was pegged as a strong backer of keeping controls on a wide range of computer-security products.

In summary, supporting the case for the widespread use of strong encryption, we have endless horror stories of hackers and criminals causing vast amounts of damage, problems which could be averted through the use of encryption. Supporting the case for restricting encryption, we have... nothing. There are no documented cases, anywhere on earth, of criminals or terrorists committing a crime and walking out of court free because they used encryption. That's pretty remarkable for a technology available to 300 million users. In the light of this evidence, you do have to wonder just whose side MFAT are actually on.

(It should be mentioned here that in the last few years it has become traditional to mention encryption in connection with every imaginable criminal act, even when the criminals not only didn't use encryption but didn't even use computers. Two recent examples in which computers were involved was the case of Osama bin Laden who allegedly used some sort of unspecified encryption, and the recent pedophile ring who used a previously unknown type of "KGB encryption". In neither of these cases did the alleged use of encryption cause any problems - law enforcement agencies quite successfully managed to round up the entire pedophile ring. This would seem to provide fairly conclusive proof of how weak the claim that "encryption helps criminals" really is).

Myth: The Wassenaar Arrangement is a completely new agreement, not a cold war era defence agreement

Fact: The text of the Wassenaar Arrangement is almost word-for-word identical to its predecessor, the cold war era COCOM agreement. COCOM ceased to exist on 31 March 1994, with the control regime being carried on via an arrangement known as the New Forum, which became the Wassenaar Arrangement on 1 November 1996 (a more complete history is provided by the Wassenaar secretariat). To go from the COCOM text to the Wassenaar text, do the following:

Cross out "COCOM" in the title and replace it with "Wassenaar".
Change the format of the section numbers and the position of the footnotes.

Deciding whether these cosmetic changes are enough to qualify Wassenaar as an entirely new agreement is left to the reader. To make it easy to verify the identical nature of the two, I've scanned one of the pages covering encryption software (this is the COCOM version, the Wassenaar version is practically identical). You may also notice that this sample page from "New Zealands Export Controls" has US spellings for the words, leaving little doubt as to where "New Zealands Export Controls" are really coming from.

Further proof of the origin of the controls comes from MFAT itself in one of their letters, in which they mention the specific requirements for eased export from New Zealand:

Consequently, each case requires individual consideration although some of the specifically defined algorithms (eg 40-bit RC4, 512-bit RSA) may be cleared without recourse to an evaluation.

These requirements are very specific, mentioning by name certain algorithms and associated key sizes. MFAT also specify the key sizes in another letter, and in at least two separate articles in the National Business Review, one on 31 January 1997 ("Software delays hit hard") and one on 24 January 1997 (in the letters to the editor). The requirement for 40-bit RC4 and 512-bit RSA was also mentioned in Computerworld some time in 1997 or 1998, but I can't find the article in the ones I have here.

So where did these requirements for NZ export come from, and what do they mean? To answer this question, we need to look at the Defense Trade News, published by the Office of Defense Trade Controls of the US State Department. In Volume 3, No.4 (October 1992), page 12, we find the conditions for export from NZ, conveniently published for New Zealanders by the US State Department:

In accordance with the Note in 22 C.F.R section 21.1 Category XIII(b)(1) [the US export controls], a mass market software product [long definition of mass-market and that it'll be given expedited export approval if]:
The data encryption algorithm must be RC4 and/or RC2 with a key space of 40 bits. The RC4 and RC2 algorithms are proprietary to RSA Data Security, Inc. To ensure that the subject software is properly licensed and correctly implemented, contact RSA Data Security at (415) 595-8782.
The key exchange algorithm used in the data encryption must be based on a public-key algorithm with a key space of less than or equal to a 512-bit modulus.

The second point translates to "512-bit RSA", it's just a more precise technical way of specifying it (an RSA public key key has multiple components, the modulus is the component from which the key size is taken).

What the above text doesn't mention (presumably because it's obvious to US readers) is that RSADSI is a privately-owned US company (recently bought up by Security Dynamics, a larger US security company and now worth considerably more than they used to be) who, besides the intellectual property rights on RC4, also has a patent on RSA which they are very diligent in enforcing. This means that MFAT's controls would require New Zealand companies to license technology owned by a US company in order to obtain eased export clearance, and that's ignoring the question of why MFAT's export policy appears to be defined by the US State Department.

Background Information

This section provides additional background information for the information provided above.

The General Software Note Exception

The General Software Note (GSN), which is present in every nations copy of the Wassenaar control lists, reads:

General Software Note (GSN)

  (This note overrides any control within section D of Categories 0 to 9)

  Categories 0 to 9 of this list do not control `software' which is either:

   a. Generally available to the public by being:
      1. Sold from stock at retail selling points, without restriction, by
         means of:
         a. Over-the-counter transactions;
         b. Mail order transactions; or
         c. Telephone order transactions; and
      2. Designed for installation by the user without further substantial
         support by the supplier; or
   b. `In the public domain'.

`In the public domain' is defined as:

  `Technology' or `software' which has been made available without restrictions
  upon its further dissemination (copyright restrictions do no remove
  `technology' or `software' from being `in the public domain').

(`technology' and `software' are further defined). This note covers all commercial, mass-market, public-domain, and otherwise generally available technology. The special exception which MFAT added to the GSN was to change the first sentence to read:

  With the exception of Category 5, Part 2 (Information Security), Categories 0
  to 9 of this list do not control `software' which is either:

Category 5, part 2, covers software intended to protect sensitive information such as financial information, medical records, business data, and personal, private data.

There are currently only five countries on earth who provide an exception to the GSN of this kind, of which three have historical reasons for so doing. The three countries with historical reasons are:

France, whose encryption restrictions go back to the "decret de 18 avril 1939", which defines munitions categories on a scale from 1 to 8, with 1 being the most dangerous. Encryption technology (which in 1939 consisted of complex electromechanical contraptions used primarily by the military) rates a 2 on this scale, making your average copy of Netscape the second most dangerous category of munitions recognised by the French government. France still regulates encryption today using this more than half-century-old mechanism which predates virtually all of the technology it's being used to control. Any use of encryption requires permission from the SCSSI (Service Central pour la Securite des Systemes d'Information), which answers directly to the Prime Minister. This permission, an "autorisation prealables", is only given to encryption technology which is easily broken (for example in 1996 use of 40-bit encryption was permitted by the SCSSI the week after a French researcher demonstrated how easy it was to break).
Although "encryption equipment" was always implicitly understood to include computers running encryption software, the "decret 86-250 du 18 fev 1986" explicitly extended the definition of encryption equipment to include software. It specified that each request for authorization for business or private usage of the equipment must be sent to the Minister of Telecommunications, and that the request must include a complete and detailed description of the "cryptologic process", and if this is materially possible, of two copies of the envisaged equipment. The "loi 90-1170 du 29 decembre 1990" states that export or use of encryption equipment must be previously declared when used only for authentication, and previously authorized by the Prime Minister in all other cases, with penalties of fines of up to 500,000F and three months in jail. A ban on the import of encryption equipment (but not encrypted data) goes back to the old "decret du 18 avril 1939" again (article 11).
Why was a law which predates World War II upgraded to cover technology which wasn't even dreamed about when the original law was passed? Because the French intelligence services are famous for industrial espionage carried out on a breathtaking scale. For example in 1992 the head of the French DGSE (Direction Generale de la Securite Exterieure) secret service publicly boasted that his organisation, through industrial espionage, helped French companies acquire over a billion dollars worth of business deals from foreign competitors (that's not to say that other countries don't do this as well, but only the French will boast about it afterwards). In a talk given to the Executives' Club of Chicago on 17 March 1994 by FBI Director Louis Freeh, he stated that:

"a nation's power is increasingly measured by economic prosperity at home and competitiveness abroad. And in some ways, the United States is a sitting duck for countries and individuals who want to take a short cut to power"
[At least 20 nations are] "actively engaged in economic espionage"
"This kind of information [cost and price structure, research and development results, marketing plans, bids and customer lists] can be intercepted from fax and satellite communications. It can be monitored from cellular and microwave telephone links. It can be retrieved from inadequately protected computer systems".
The use of weak encryption for French industrial espionage has long been a sore point with other nations doing business in France. For example in an October 1997 Wall Street Journal article entitled "French Proposal On Encryption Irks Businesses And EC", discusses concern over French government requirements that foreign businesses operating in France be required to hand over the encryption keys to French government-approved entities in which the majority of the capital or votes is retained by French nationals. Computer Reseller News in its May 1996 article "Channel feels pinch of export limitations -- VARs Hit Encryption Roadblock" warned of French industrial espionage problems.
The French problems are well known to large companies which do business in France. For example IBM in the 1980's routinely sent false economic information to French subsidiaries in order to foil the French intelligence agencies and, by extension, French business. Today, the approach is more sophisticated: multinationals who can afford to do this courier sensitive information into neighbouring countries (typically the UK, for Paris-based organisations) where it is encrypted and sent to the head office. Encrypted replies are decrypted in the UK and then carried by the courier back to France.
Anyone who isn't a multinational corporation is forced to live with the French government (and French industry competitors) listening in as an (un)trusted third party.
Incidentally, the French governments attitude towards private encryption use was summed up by J. Vincent-Carrefour, the head of the SCSSI, with "If you don't tell us you're using PGP, noone will bother you. If you ask us for permission to use it, we will refuse". There's nothing there about catching criminals or private users, it's only companies who use it to secure their business who can get into trouble. Noone has ever been prosecuted for using encryption in France, and a number of contributors to the development of encryption software are located there.
The US, whose restrictions are somewhat more recent than the French ones, dating from 1943. In that year the US government passed the International Traffic in Arms Regulations (ITAR), designed to stop Nazi Germany and Imperial Japan from obtaining US technology. The ITAR, 22 CFR commencing with section 120, has provisions in section 121.1, under Category XII (b) that "cryptographic devices and software" are considered to be defense articles subject to the State Department's Office of Defense Trade Controls authority with respect to export. In 1996, realising that the threat from Nazi Germany had abated somewhat in the more than half century since the ITAR was passed, the controls were renamed the EAR (Export Administration Regulations), mainly to stop people laughing at them when a floppy disk was rated as being a military weapon more dangerous than a howitzer or tank.
In fact, the EAR doesn't even exist as a law in the conventional sense, because the real law expired some years ago. The way the controls are enforced is as follows: In the third week of August of each year, the US president declares a national emergency under the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq), with the duration of the emergency being one year. Using the powers given to him by section 202(d) of the National Emergencies Act (50 U.S.C. 1622(d)), he issues a presidential decree which extends the export controls for another year. The following year at the same time, the charade is repeated.
The emergency powers act is derived from the Trading with the Enemy Act of 1917, passed with similar intent to the 1943 ITAR. It allowed the president to regulate as he wished, during wartime, the assets, fiscal transactions, and trading conducted by an enemy country. It was amended more or less in secret in 1933 during the Great Depression to allow anyone (not just the opposition in a declared war) to be declared to be "enemies" during a national emergency. President Roosevelt declared a national emergency and used it to push through his New Deal under the emergency powers. Since noone ever declared the original national emergency (the Great Depression) over, the president can continue to use the powers originally intended solely for wartime use whenever he feels the need to declare another emergency (there's a lengthy analysis of the legal aspects of this about two thirds of the way through Michael Froomkin's excellent article on the subject.
So there you have the functionaing of the US export controls in a nutshell: A series of presidential decrees used to extend a WWII law using powers from a WWI law. Needless to say, there have been some eyebrows raised about the constitutionality of such an approach.
What's the real intent of the export controls? Although the US pushes the standard "terrorists and criminals" line, the end result is the same as that of the French controls, but it applies to the entire world and not just the US: Since US companies and foreign subsidiaries of US companies are allowed strong encryption, and everyone else isn't, you end up with the computerised equivalent of the situation which occurred in 1939 when one European country had the latest tanks and its neighbour had medieval horse cavalry. Since US companies can protect their information assets using US software, while other countries are allowed only crippled, easy-to-break 40-bit encryption, foreign countries are vulnerable to both predatory US practices, and the same from their competitors. For an example of how this is used by the US, take the 1996 CIA hacking into European parliament and European commission computers as part of a concerted effort to steal economic and political secrets. A typical report, this one from the UK Sunday Times, reports that the information obtained gave the US a considerable advantage in that years GATT negotiations. According to the Times report, the network:

includes details of the private medical and financial records of many MEPs and officials, and discussion documents on confidential issues, including trade, tariff and quota agreements. The records of closed committees of inquiry into BSE and fraud are also stored on the system. The breach came to light when officials believed that American negotiators had been given advance warning of confidential European Union positions in last year's trade negotiations.
The most telling sentence in the report, though, is the statement that:

They were able to exploit the fact that parts of the system were manufactured by two American firms.
Ship them deliberately weakened security, then use it to steal their data.
Russia, whose controls are a tiny bit more recent than the French and US ones. On 6 April 1995, the Rossiyskaya Gazeta, No.68, contained the text of a presidential decree (ukaz), the Decree of April 3, 1995, #334. Giving as justification the standard line of "fighting crime", it placed encryption under the control of the Federal Agency for Governmental Communications and Information (FAPSI), a department of the (former) KGB. The intention behind this decree (passed without the consent of the Russian parliament or Duma) was rather curious: Why would any criminal in their right mind use a security system specifically designed for ease of KGB access? The real reason for the decree has little to do with fighting crime, and everything to do with capitalism: it requires that all commercial banks dealing with the Central Bank of Russia, and by extension businesses dealing with them (which in practice means pretty much all Russian business) use only FAPSI-approved encryption:

[...] prohibit the placement of state orders with enterprises and organizations using such equipment and encryption facilities not having a certificate of the Federal Agency for Government Communications and Information of the President of the Russian Federation.
It also goes on to require the various banks to use the FAPSI-approved encryption. All in all a very nice little guaranteed money-earner for the KGB.
(It should also be noted in passing that the KGB maintained a special division, Dirctorate T, whose mission was "Acceleration of Soviet scientific and technical progress by acquiring information and samples of equipment". Since the collapse of the Soviet Union, the use of the (former) KGB for industrial espionage has increased dramatically. The industrial espionage practices of Soviet intelligence agencies are discussed in more detail in "Soviet Industrial Espionage", which appeared on page 25 of the April 1987 edition of the Bulletin of the Atomic Scientists).
There is a Russian proverb "The severity of Russian law is compensated for by it's non-mandatoryness", and this is indeed the case with Decree #334. Individuals and companies in Russia openly use non-FAPSI licensed encryption without any problems. Russian encryption companies appear to be flourishing, if the following Russian encryption product brochure is anything to go by - they report branches all over Russia, as well as in Latvia, Estonia, and even the US.

Those were the three countries with historical or other reasons for having an exception to the GSN: France to make French economic espionage easier, the US because the haven't realised WWII is over yet and for similar reasons to the French, and Russia to ensure a guaranteed source of income for the (former) KGB.

There are two other countries which also have the exception to the GSN. Unlike the three countries above with historical reason, these two countries added the exception specifically to the newly-drafted Wassenaar Arrangement, and have no known explanation for the exception. These two countries are Australia and New Zealand.

New Zealand Export Requirements

These are MFAT's statements on the requirements for encryption export from New Zealand. The full text is the various letters and permits is available for reference via the crypto policy page:

31 May 1996:

No objection the the export of [...] DES (but not triple DES).

11 June 1996:

No objection the the export of [...] 64-bit DES [sic] and that the library is exported as "object" code, not "source" code.

21 October 1996:

We have not yet reached a final decision on [the export].

31 January 1997:

An export permit would only be required if it was 40-bit or stronger [sic].

13 February 1997:

The export of code in any form is regulated in New Zealand in terms of the guidelines below: They contain encryption limited to (i) 40-bit key lengths for symmetric algorithms; (ii) 512 bits for asymmetric algorithms; (iii) 56-bit DES for dedicated financial algorithms.

18 April 1997:

It is the responbility of the Ministry in its capacity as the licensing authority - rather than the exporter - to assess whether an encryption algorithm falls outside the threshold of requiring an export permit.

8 June 1998:

Consents to the export of cryptlib [provided that] the export is temporary and the product is returned to New Zealand within 90 days.

24 August 1998:

Consents to the export of cryptlib [in source code, with triple DES, keys of up to 4096 bits, and everything else we had previously been told was non-exportable].

In every single instance the requirements have been changed, often directly contradicting previous requirements. It simply isn't possible to create a business or sales strategy based on MFAT's requirements, because they seem to change at random whenever they're asked about them.