Submitting Code to ITAR for Export?

wowbagger asks: "I have the (mis)fortune to be working on a commercial product that will contain encryption/decryption capability. Since the product is targeted for export as well as use within the US, I get to file with the various TLAs showing my product isn't going to destroy the world. Joy. Does anybody else have experience in this? Yes, the ITAR regs aren't merely a case of 'locking the barn door after the horse has fled', but rather 'locking the barn door after the horse has fled, raised a family, evolved into sentience, developed technology, come back with flamethrowers, burned the barn to the ground, sown the lot with salt, and left for another star system'. But unfortunately I have to comply. So, does anybody else have any experience with this process?" A better place to ask this would be the cypherpunks or wasabisystems.com crypto mailing lists...

My experience

[Raiford]

If your application has primarily a commercial focus then EAR restrictions dictate export control. If you were doing something very scientific like electromagnetic scattering codes (like I was) then ITAR will be the controlling broader restriction. The idea behind these export controls is basically to prevent rapid proliferation of codes that could be used by a hostile government. No one even pretends to think that software won't make its way to every stretch of the globe. What you are trying to protect is technology or technology-use lead-time. Even the best kept secrets find their way to the so-called wrong hands eventually. It's more a matter of delaying the process as long as possible.

There is a description of the differences between ITAR and EAR in the following link (note:it is a Powerpoint presentation) --> link