According to an August 13, 1997 story by Robert Lemos in PC Week, currently readable at: http://www8.zdnet.com/pcweek/news/0811/13acryp.html source code was for PGP 5.0 was "legally" posted at a University of Oslo web site. The source code was published in a book, and the book was scanned into a machine by hackers, who proofread the code and posted it. According to the article, the source code had previously been posted on a Dutch site, but there had been no assertion that the export was legal. It is not clear from the article whether the U.S. courts have actually decided that the form of export reportedly used to generate the Oslo version is exempt from the ITAR regulations; see Cipher EI#14, "Federal District Court Rules Source Code is Protected Speech."