This story in Wired serves as a good reminder that export control laws, particularly U.S. export control laws, do have teeth. In short: a retired US professor was sentenced to four years in jail for sharing his research with graduate students in China. Apparently, the U.S. government felt that the research he shared was restricted technical data, disclosure of which would put U.S. national security at risk.
In this particular case, the U.S. State Department had apparently warned him, but he disregarded the warnings and went ahead anyway. So, for most folks, it’s unlikely to be much of a risk, unless of course the State Department calls you up. That being said, if you are planning to travel to and/or do business in China, Iran, etc., it might be a good idea to think about what you might not want to bring over with you on your laptop, particularly if you will be presenting any of it to citizens of those countries or leaving anything there.
Unfortunately, export controls are not exactly straightforward, particularly those dealing with the type of things you can’t export. In Canada, this is particularly the for the what’s described as “dual-use” group. This group describes things that aren’t necessarily used for sensitive purposes, but could be, hence the “dual-use” moniker.
Just as an example, take a look at Category 5 – Part 2 of the Canadian Export Control List, which deals with cryptographic technology. Not exactly an easy read. Though thankfully over the years they have put in some common sense carve-outs. You’ll find them in the tiny, tiny notes at the beginning and end. Then there’s the U.S. Export Administration Regulations, which makes the Canadian requirements look comparatively straightforward.