This article is from the Where to get the latest PGP FAQ, by Michael Paul Johnson firstname.lastname@example.org with numerous contributions by others.
Using and distributing Pretty Good Privacy is legal if you are careful
to obey the intellectual property and export rules, as well as any local
rules that may apply in the nation you are in.
U. S. export regulations are not as bad as they were, but you may be
required to give a notice to the U. S. Government to export or publicly
post source code (and the executable compiled from it) under license
exception TSU. You can't intentionally export PGP or GPG from the USA to
certain forbidden destination (state sponsors of terrorism, etc.) Check
the Department of Commerce web site at
http://www.bxa.doc.gov/Encryption/Default.htm for current rules.
The RSA patent caused considerable expense in the USA for PGP users,
until the Diffie-Hellman patent expired and DSA was offered by the U. S.
Government as not infringing. Some people still like to use older
versions of PGP that use RSA, especially outside of the USA.
Fortunately, the RSA patent is dead and anyone in the USA may use RSA
for either business or personal use without restrictions, just like
people in the rest of the world have been able to do for many years.
If you want to use PGP for commercial use, the most legal approach is to
use Gnu Privacy Guard (http://www.gnupg.org) for free, but you may also
be able to buy a license for the commercial version of PGP, still.
If you are in a country where the IDEA cipher patent holds in software
(including the USA and some countries in Europe), make sure you are
licensed to use the IDEA cipher commercially before using PGP
commercially, or avoid it by using Gnu Privacy Guard or a version of PGP
that allows the use of alternate algorithms like CAST, instead. (No
separate license is required to use the freeware PGP for personal,
noncommercial use). For direct IDEA licensing, contact Ascom Systec:
Erhard Widmer, Ascom Systec AG, Dep't. CMVV
Phone +41 64 56 59 83
Peter Hartmann, Ascom Systec AG, Dep't. CMN
Phone +41 64 56 59 45
Fax: +41 64 56 59 90
Mail address: Gewerbepark, CH-5506 Maegenwil (Switzerland)
Network Associates, Inc., has an exclusive marketing agreement for
commercial distribution of Philip Zimmermann's copyrighted code.
(Selling shareware/freeware disks or connect time is OK, as is building
on older GPL versions of PGP or the new GPG.)
If you modify PGP (other than porting it to another platform, fixing a
bug, or adapting it to another compiler), don't call it PGP (TM) or
Pretty Good Privacy (TM) without Philip Zimmermann's permission.
Within the U.S. there is no legal obstacle for use of strong encryption.
Export regulations used to be quite draconian in the USA, and are still
partially irrational, but they have greatly improved to the point where
U. S. Citizens no longer need to hesitate to publish (even on the
Internet) and use strong cryptography, as long as they send the required
notices of export and/or posting on the Internet described by
In an ideal world every honest person would have the right to use
encryption. Unfortunately, this isn't an ideal world.
France used to be quite restrictive, but now that nation allows its
citizens to use strong cryptography, recognizing its value in preventing
some crimes and strengthening electronic commerce.
Germany once considered banning the use and distribution of strong
cryptographic software in the name of "national security," but now the
German government has actually endorsed and helped fund the development
of Gnu Privacy Guard.
In Russia, you can be arrested for using cryptography and even be put in
jail for using a GPS receiver.
U. S. Citizens may want to view travel advisories at
http://travel.state.gov before visiting another country.
For a recent update on the legal situation see The Crypto Law