This article is from the PGP FAQ, by Jeff Licquia email@example.com with numerous contributions by others.
In addition to the comments about encryption listed above, there are a
couple of additional issues of importance to those individuals
residing in the United States or Canada.
First, there is a question as to whether or not PGP falls under ITAR
regulations which govern the exporting of cryptographic technology
from the United States and Canada. This despite the fact that
technical articles on the subject of public key encryption have been
available legally worldwide for a number of years. Any competent
programmer would have been able to translate those articles into a
workable encryption program. A lawsuit has recently been filed by the
EFF challenging the ITAR regulations; thus, they may be relaxed to
allow encryption technology to be exported.
Second, older versions of PGP (up to 2.3a) were thought to be
violating the patent on the RSA encryption algorithm held by Public
Key Partners (PKP), a patent that is only valid in the United States.
This was never tested in court, however, and recent versions of PGP
have been made with various agreements and licenses in force which
effectively settle the patent issue. So-called "international"
versions and older versions (previous to ViaCrypt PGP 2.4), however,
are still considered in violation by PKP; if you're in the USA, use
them at your own risk!