Export regulations are the offspring of international treaties, in particular the Wassenaar Arrangement. The idea is that once countries decide that strong cryptography must be regulated within their borders, these countries make deals with other countries so that those other countries do not recklessly export strong cryptographic products, neither to them, nor to third parties who are deemed "not trustworthy enough" to receive them (e.g. the arrangement restricts export from USA to France and also from USA to North Korea, but not for the same reasons !).

Cryptography is here treated as if it was a kind of assault rifle. Indeed, until about a dozen years ago, cryptography was officially classified by the USA as ammunition. This implies the same kind of controls than those for importing or exporting weapons.

We can thank (or curse) the Web, and especially the whole let's-buy-things-on-the-Web business, for the normalization of cryptography: most crypto-related regulations which have been passed in the last decade have been designed so that it became legal to provide, export and import Web browsers with SSL support, for non-joke key lengths. Legislative bodies around the world are slowly coming to the realization that cryptography is not necessarily a bad guy tool; individuals and corporations may be entitled to use them for their own protection, too, especially in areas where more classical law enforcement agencies do not have the technical means to ensure the safety of everybody. SSL is legal because there is no practical way to proactively prevent eavesdropping.