I was reading up on the history of the PGP encryption software when I realised its creator was under criminal charges for munitions export without a license for releasing the source code of PGP.
What was so dangerous about PGP at that point in time that it was an offence under the law? I mean, PGP is just an encryption and decryption algorithm; what am I missing here?
PGP was considered dangerous because it could have allowed Soviet spies and military officers to plan the nuclear annihilation of the western world without the CIA realizing what's happening before it's too late.
Time for some history.
During World War II, the importance of cryptography for military use became apparent. Being able to crack enemy cryptography while also having cryptography systems for oneself which can not be cracked, proved to be an important military factor which could result in victory or defeat.
During the subsequent universal arms-race during the cold war, all sides were aware of this. Having the upper hand in cryptographic technology over the other side was considered a strategical factor which could turn the tide in another world-war. That meant that any knowledge-transfer of cryptography know-how from the Western to the Eastern world had to be prevented.
As a result of this doctrine, cryptographic technology was considered of military value and thus filed under Category XIII in the United States Munitions List. That meant any data storage medium which contained cryptographic software was legally considered like live ammunition when it came to moving it across borders.
From today's point of view it might seem absurd to try to contain knowledge through export restrictions designed for physical goods, but it fitted into the isolationist viewpoint of the military strategists of the cold war era. Also remember that this was the 70s, long before the internet age. This was decades before the time where you were able to obtain any software in the world via the internet through your favorite piracy website. Getting a piece of software from computer A to computer B usually meant to put it on a physical medium like a floppy disk, magnetic tape or (even earlier) punch-cards, and the movement of such physical media across borders seemed controllable (at least in theory).
Technology marched on. In the 80s, the first international computer networks emerged, and the hacker community began to flourish. The world became increasingly interconnected and soon it became apparent that containing knowledge within geographical borders was an exercise in futility. But as usual, politics and laws didn't keep up with technical innovation, so when PGP emerged in the 90s, it was still subject to cold war era laws regarding cryptography exporting. The algorithms it used were open secrets, available to anyone in the world capable of buying a modem and making long-distance phone calls. Hackers were tattooing them on their bodies to ridicule the cryptography export restrictions. But as a commercial company, PGP had to play along and find a loophole in the form of exporting their source code in printed form and re-transcribe it.
Although the restrictions on cryptographic technology have been relaxed in the past decades, some of them are still in place.
For a long time, cryptography was something used by spies and armies, and was weak, and a lot of the weakness was tentatively fixed by keeping algorithms and methods as secret as can be. That's security through obscurity, which is BAD, but, to be honest, algorithms from the pre-computer era were so weak that they needed secrecy; security through obscurity was about the best that could be hoped for.
From this followed a strict system for controlling who could get access to cryptographic technology. Since USA have these nifty things called "constitutional rights", including "free speech", the best the US government could do was tightening things at the boundary, i.e. export regulations.
The field of cryptography changed quite a lot with the advent of computers and public research, specifically in the 1970s and 1980s. The regulations, though, were lagging, and military people were firmly clinging to strict rules because if there is something that armies know how to do, it is to maintain immobility at all costs.
Therefore, when Zimmerman tried to push PGP and export it, they all fell on his skin, by pure conservatism. The case was compounded by Phil Zimmerman's stance, who was overtly hostile to the Federal government, the military, the NSA, and just about everybody who exhibits the slightest bit of organization. He went for a fight; he got it.
It is illegal to export 128 bit symmetric encryption or certain levels of asymmetric. PGP exceeded these limits. These export control laws are why some security firms have clean room teams that build strong encryption without any US educated employees working on the team.
Technically, if you learned about high strength encryption in the US, you are not allowed to export or use that knowledge in certain countries.
It is considered munitions because it can be used for protecting information during a war.
According to Wikipedia the Arms Export Control Acts permitted (at the 1990's) only weak crypto to be exported outside the U.S.
Well back in the day even some commercial personal-level computers had export restrictions due to the cold war and the fear of illegal technology transfer to the enemy, but the reality is that the Soviets had an incredibly elaborated network used to procure foreign technology, let alone protect theirs.
From going straight to the source and bribing technicians and executives in nearly every industry to just sending someone to a store and smuggling it outside the country, like they did with the first Macs (the size helped a lot!)
It's know for example that the USSR created a network of fake banks and companies to acquire startups in Silicon Valley so they could have total and direct access to all data.
What happened with PGP was the dumb bureaucrat's idea of preventing a disaster, by the time they realized the problem with PGP the KGP most likely had already sent all materials home for analysis.
