Legal challenges by
Peter Junger and other civil libertarians and privacy advocates, the widespread availability of encryption software outside the U.S., and the perception by many companies that adverse publicity about weak encryption was limiting their sales and the growth of e-commerce, led to a series of relaxations in US export controls,
culminating in 1996 in President Bill Clinton signing the Executive order 13026 transferring the commercial encryption from the Munition List to the Commerce Control List. Furthermore, the order stated that, "the software shall not be considered or treated as 'technology'" in the sense of Export Administration Regulations. The Commodity Jurisdiction process was replaced with a Commodity Classification process, and a provision was added to allow export of 56-bit encryption if the exporter promised to add "key recovery" backdoors by the end of 1998. In 1999, the EAR was changed to allow 56-bit encryption and 1024-bit RSA to be exported without any backdoors, and new SSL cipher suites were introduced to support this (
RSA_EXPORT1024 with 56-bit RC4 or DES). In 2000, the
Department of Commerce implemented rules that greatly simplified the export of commercial and
open source software containing cryptography, including allowing the key length restrictions to be removed after going through the Commodity Classification process.
