Some programming languages such as Java and C# include encryption packages in their standard libraries. Others such as Python and Ruby make you download third-party modules to do strong encryption. I assume that this is for legal reasons; perhaps Sun Microsystems has enough lawyers that they aren’t afraid of getting sued, while Guido van Rossum feels more vulnerable.
But what does the law actually say about this? At this point, would open source authors have anything to fear if they included strong encryption in their programming languages’ standard libraries? If so, then why don’t they? If not, then how do Sun and Microsoft get away with it.
There are two issues: importation of encryption software, and exportation of encryption software.
Some countries (China, Russia, Iran, Iraq, Myanmar, etc.) restrict the use of cryptography by their citizens. It is illegal to import encryption software to those countries.
To enable unlimited encryption strength in the JDK, you have to download a new policy file. The software license there doesn’t allow you to use the software if you’re in a country that doesn’t allow importation of encryption. This is called the ‘Unlimited Strength Jurisdiction Policy,’ and below I include part of its README.txt.
Other countries, like the US, don’t want to export encryption software to the Axis of Evil. So, it can be illegal to export encryption software to those countries.
The US export restrictions have eased up considerably, probably in recognition of the futility of keeping encryption out of the hands of enemies, or possibly to encourage use of encryption that has been compromised by the NSA. But, they aren’t gone altogether. I don’t think the software can be licensed by terrorists.