My experience is that government and gov't contractors have been turning their heads. The proliferation of E2E communication has been too fast to analyze and regulate with respect to WWII era regulations, similar to how cryptocurrency is to the financial market.
Interesting to note:
>Publicly available software under the EAR, as under the ITAR, is exempt from export control. However, before strong dual-use encryption code is made publicly available via the internet or otherwise placed electronically in the public domain, exporters must provide the US Government with either a copy of the strong dual-use encryption code or a one-time notification of the internet location (URL) of the code. This must be done before making the software publicly available. Notification after transmission or transfer of the software outside the US is an export control violation
Interesting to note:
>Publicly available software under the EAR, as under the ITAR, is exempt from export control. However, before strong dual-use encryption code is made publicly available via the internet or otherwise placed electronically in the public domain, exporters must provide the US Government with either a copy of the strong dual-use encryption code or a one-time notification of the internet location (URL) of the code. This must be done before making the software publicly available. Notification after transmission or transfer of the software outside the US is an export control violation
https://doresearch.stanford.edu/strong-encryption-export-con...
edit: More guidance on what's exempted from EAR is at https://www.bis.doc.gov/index.php/policy-guidance/encryption...