The Wassenaar Arrangement (WA) was founded in 1996 by a group of 33 countries including United States, Russia, Japan, Australia, and the members of the European Union. Its purpose is to control exports of conventional weapons and sensitive dual-use technology, which includes cryptographic products; ``dual-use'' means that a product can be used for both commercial and military purposes. The Wassenaar Arrangement controls do not apply to so-called intangible products, which include downloads from the Internet.
WA is the successor of the former Coordinating Committee on Multilateral Export Controls (COCOM), which placed export restrictions to communist countries. It should be emphasized that WA is not a treaty or a law; the WA Control lists are merely guidelines and recommendations, and each participating state may adjust its export policy through new regulations. Indeed, there are substantial differences between the export regulation policies of the participating countries.
As of the latest revision in December 1999, WA controls encryption and key management products where the security is based on one or several of the following:
- A symmetric algorithm with a key size exceeding 56 bits.
- Factorization of an integer of size exceeding 512 bits.
- Computation of discrete logarithms in a multiplicative group of a field of size is excess of 512 bits.
- Computation of discrete logarithms in a group that is not part of a field, where the size of the group exceeds 112 bits.
Other products, including products based on single-DES, are decontrolled. For more information on the Wassenaar Arrangement, see http://www.wassenaar.org/.