Math professor wins landmark crypto ruling
By Courtney Macavinta
Staff Writer, CNET News.com
May 6, 1999, 4:25 p.m. PT
URL: http://www.news.com/News/Item/0,4,36217,00.html
U.S. export limits on encryption are unconstitutional, the Ninth Circuit
Court of Appeals ruled in a precedent-setting decision today.
In a 2-to-1 vote, a federal panel affirmed U.S. District Judge Marilyn
Patel's 1997 landmark ruling in Daniel Bernstein vs. the Justice
Department. That decision states that software source code is a language,
and therefore the export controls violate the University of Illinois math
professor's First Amendment right.
Bernstein had wanted to post crypto code on his Web site as part of an
international course he teaches, but was blocked by a Clinton
administration policy regulating software cryptotography as falling within
the interests of national security.
Today's loss for the government is no doubt a blow to the administration's
policy. Legal experts say the ruling is a huge endorsement for online
privacy and essentially applies to anyone who wants to post crypto source
code--without a license--from within the Ninth Circuit. Although the
opinion doesn't apply to off-the-shelf products, companies such as Pretty
Good Privacy (PGP), which is based in California, could get regulatory
relief, because its source code is freely available around the world.
"We hold that the challenged regulations constitute a prior restraint on
speech that offends the First Amendment," states the Ninth Circuit
majority opinion by Judge Betty Fletcher. "As a result, Bernstein and
other scientists have been effectively chilled from engaging in valuable
scientific expression."
When Bernstein sued the government in early 1995, the Clinton
administration regulated encryption as a potential weapon, requiring an
export license to ship products. The State Department had classified
Bernstein's encryption program, dubbed Snuffle, as munitions and said he
needed a license to "export" the code via his Web site. This position
didn't change even when the Commerce Department began administering the
regulations in December 1996.
"We find that the export administration regulations operate as a
prepublication licensing scheme that burdens scientific expression, vest
boundless discretion in government officials, and lack adequate procedural
safeguards," Fletcher wrote in the ruling.
The Justice Department is expected to appeal the ruling to the Supreme
Court, in which case the Appeals Court ruling could be stayed.
Nonetheless, Bernstein's legal team is celebrating its victory.
"The decision declares that the regulations are unconstitutional, period,"
said Bernstein's lead attorney, Cindy Cohn.
"As a practical matter, the government is not enjoined from applying its
regulations--except to Bernstein. But we're one step closer to doing away
with the regulations," she added. "The ruling shows that Justice saw the
real reason we are fighting this--this case is about whether you and me
and everyone has access to the tools to protect our privacy or not."
Crypto's contentious history Encryption export limits have been at the
center of a contentious debate for years.
On one side are law enforcement officials who say the restrictions are
necessary to deter tech-savvy criminals from using the technology to cover
their tracks. On the other side are civil liberties advocates who argue
that the laws impede speech and global consumers' rights to computer
privacy, as well as U.S. software and hardware companies which say the
restrictions prevent them from competing with their foreign counterparts.
Bernstein's attorneys argued that source code was a form of speech for
programmers, and that he should not be subject to prior review by the
government before publishing his ideas. The government countered that
source code doesn't express ideas and is simply used to control the
operation of a computer.
The Appeals Court today agreed with Bernstein.
"First, it is not at all obvious that the government's view reflects a
proper understanding of source code," the ruling stated. "Source code is
not meant solely for the computer, but is rather written in a language
intended also for human analysis and understanding."
The ruling went on to say that code is used to convey ideas.
"Cryptographers use source code to express their scientific ideas in much
the same way that mathematicians use equations or economists use graphs,"
the opinion stated. "We conclude that encryption software, in its source
code form and as employed by those in the field of cryptography, must be
viewed as expressive for First Amendment purposes, and thus is entitled to
the protections of the prior restraint doctrine."
Judge Thomas Nelson, however, dissented on grounds that Bernstein should
never have been allowed to bring the free speech challenge. "The ultimate
purpose of encryption code is, as its name suggests, to perform the
function of encrypting messages…it is inherently a functional device."
White House reproached What struck legal and privacy advocates today was
the sentiment of the ruling. The opinion took on the entire White House
policy, saying it was "retarding the progress of the flourishing science
of cryptography." Moreover, the ruling addressed encryption's role in
protecting privacy in the digital world.
"In this increasingly electronic age, we are all required in our everyday
lives to rely on modern technology to communicate with one another. This
reliance on electronic communication, however, has brought with it a
dramatic diminution in our ability to communicate privately," the ruling
stated.
Michael Froomkin, a professor of law at the Unversity of Miami, said the
ruling has broad implications.
"The court also attacks the entire regulatory structure," he said. "It is
important to note, however, that this decision does not apply directly to
actual ready-to-run programs. But the tone of it is that crypto applies to
the social protection of privacy."
Added Marc Rotenberg, executive director of the Electronic Privacy
Information Center, which filed a friend-of-court brief in the case: "This
is the leading case right now in the United States on the right to use
encryption. It provides a powerful and far-reaching rationale in
supporting privacy and the right to use encryption."
Supporters of legislative efforts such as the Security and Freedom through
Encryption Act (SAFE), which would cut the red tape for U.S. companies
that want to sell strong encryption overseas, also cheered today's ruling.
"This decision demonstrates the judicial branch's understanding of the
encryption debate," Rep. Anna Eshoo (D-California) said in a statement.
"Now is the time for Congress and the administration to follow suit. This
means passing and signing into law the SAFE Act."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
Received on Wed May 12 18:44:47 1999