Strong crypto is in quite wide circulation. One might (theoretically) just download PGP6 via a US proxy, for example. Sun Micro sourced their crypto algorithms in Europe to circumvent US munitions policies. Specifically from Elvis+ Co., a Russian company.
AFAIK what the EU is talking about is not bothering to monitor what or where you export, unless its to Iraq or a shortlist of nation states considered volatile or a threat.
This provokes a thought - under NATO and the cold war, technologies were developed and deployed to maintain ideological hegemonies as equally their stated purpose : security.
Now, if you allow that the uptake of commercial software and its use is a function of marketing and adspend, and its implementation associated with FUD with regards trade security and flows (should a UK company be forced to default to weak keys to transact online with a US company e.g.?), are we experiencing technolgies as the de facto tool in grabbing commercial and international mindshare? (As with the central capitalist tenet "let capital and ideas flow and capitalism will flow with them")
Some existing and implicit arguments are posturing. "See our strong keys and weep - you'll never crack them. We (US / EU economies) are on top, follow our moves".
But equally it is hard to explicitly trust a government (NSA or GCHQ) involvement in the export qualification process.
Some Novell keys have been estimated to be weakened on export, or deliberate backdoors. So no doubt the successors of Bletchley might request or insist upon the same.
From what I can find out, the EU is suggesting governments "get out of the loop" as much as is possible. Only no sales to Mr. Saddam.
But where in all this is clarity for the users, the sysadmins, the officers of companies responsible to users and trade counterparties?
How often do users get the chance to view and analyse commercial source, and how much trust can be placed in either EU or US bodies if they do say they will step aside?
If you've been forced to use crippled products, what were your experiences?
And finally, since much lobbying has been done by commercial interest groups claiming freer crypto will aid export sales, will you change your buying habits? Personally? Company wide?
As a postscript and to wrap up some looser ideas from earlier (and maybe promote an optional simultaneous thread) I'd like to add this :
SMCC Inc can't export munitions so buys them from the Russians (a furtive exchange is rumoured to have taken place in the Intourist Hotel Moscow where I once stayed) - a elegant and even symbolic circumvention. Without doubt technologies have been spurred on by Cold War fears (howsoever founded, funded, or kept still under wraps).
But now, in the absense of Red Terror, the only part of the world which seems as remote and poorly understood as maybe was the USSR, is the Islamic nations, in particular maybe the Arab states, or in total roughly half us human beings. Since the word "algorithm" derives from a Persian man called al-Khwarism, is anyone aware of developments in crypto use in the Muslim world, particularly the Arab states?
Might a US - EU bilaterality of interest with crypto be prepared to lock out a culture even further distant from those of the Soviet Union? And who would break the export rules, or circumvent them to trade with a post - Saddam Iraq, or more liberal Iran?
[ Following comment and much welcomed advice from two more experienced users, this story has been re composed. ]