Skip to main content

Press Room

December 13, 2001

Russian Programmer Freed, Must Testify Against Employer

U.S. Federal Court Judge Ronald Whyte today signed a court agreement permitting Russian programmer Dmitry Sklyarov to return to his native land after a five-month enforced stay in the U.S. The agreement should eventually clear him of all charges brought against him for distributing software that permits electronic book owners to convert the Adobe e-book format so they can make use of e-books without access restrictions.

As part of the agreement, Sklyarov will testify for the government in the case that remains against Elcomsoft, Sklyarov's employer. He will likely testify on behalf of Elcomsoft as well.

"Dmitry programmed a format converter which has many legitimate uses, including enabling the blind to hear e-books," explained EFF Intellectual Property Attorney Robin Gross. "The idea that he faced prison for this is outrageous."

"There was a tremendous outpouring of grassroots support for Dmitry and against the current U.S. copyright law, and EFF is proud to have been part of such a successful effort," stated EFF Executive Director Shari Steele. "I'm disappointed, however, that the government has decided to string this along instead of admitting its mistake in bringing these charges against Dmitry in the first place."

EFF weakened the case against Sklyarov by negotiating with Adobe representatives on July 20, 2001, resulting in a statement from Adobe saying that the company no longer wished to pursue any case against Sklyarov. EFF also met with representatives of the U.S. Department of Justice for the Northern District of California on July 27 pursuing negotiations aimed at dropping all charges against Sklyarov and securing his immediate release from jail.

The 27-year-old programmer was arrested on July 16 and held in jail until August 6, when he was released on $50,000 bail on condition he remain in California.

Sklyarov, who has been living in San Mateo with his wife and two children pending resolution of the case, has often expressed his eagerness to return to Russia.

Sklyarov's case is the first time a programmer was jailed simply for coding and distributing software. The software developer faced up to 25 years in prison under the Digital Millennium Copyright Act (DMCA) in the first criminal prosecution brought under the controversial statute which forbids distributing technology or information that can be helpful in bypassing technological restrictions. The case is one of a series of cases brought under the DMCA, a law many experts feel pushes the balance of copyright law too far toward the companies holding the copyrights and away from traditional fair use of copyrighted materials, for example in research and education.

August 30, 2001

Plead Not Guilty to Conspiracy and Circumvention Trafficking Charges

Russian programmer Dmitry Sklyarov and his employer Elcomsoft today pled not guilty to charges of providing electronic book format conversion software in the United States. Sklyarov, who had the benefit of a court interpreter, spoke the plea himself in English.

The court heard a five-count grand jury indictment against Elcomsoft and previously jailed programmer Sklyarov on charges of trafficking and conspiracy to traffic in a copyright circumvention device.

Sklyarov -- who is out of custody on US$50,000 bail -- could face a prison term of up to twenty-five years and a US$2,250,000 fine. As a corporation, Elcomsoft faces a potential US$2,500,000 fine.

"Dmitry has programmed a format converter which has many legitimate uses including enabling the blind to hear eBooks," explained Cindy Cohn, Electronic Frontier Foundation Legal Director. "The idea that he faces prison for this is outrageous. The EFF will support Dmitry through the end of this ordeal."

"We were hoping that the government would see the wisdom and justice in not pursuing a case against Sklyarov," said his attorney, Joseph M. Burton of Duane Morris in San Francisco. "Even if one were to ignore the serious legal questions involving the DMCA, this case hardly cries out for criminal prosecution. Sklyarov's and Elcomsoft's actions are not conduct that Congress intended to criminalize. We will vigorously contest these charges."

Sklyarov and his attorneys appeared at the arraignment with US Magistrate Judge Richard Seeborg presiding. The next court appearance scheduled in the case is 9:00 AM Pacific on September 4 before Judge Ronald Whyte in the San Jose Federal Court building.

Well-dressed observers attended the arraignment and nonviolent protests occurred in Moscow (Russia), London (England), Boston, San Francisco, Los Angeles, Reno, and Black Rock City, Nevada.

August 28, 2001

The United States Attorney's Office for the Northern District of California announced that Elcom Ltd. (also known as Elcomsoft Co. Ltd.) and Dmitry Sklyarov, 27, both of Moscow, Russia, were indicted today by a federal grand jury in San Jose, California on five counts of copyright violations.

The defendants were each indicted on one count of conspiracy to traffic in technology primarily designed to circumvent, and marketed for use in circumventing, technology that protects a right of a copyright owner, in violation of Title 18, United States Code, Section 371; two counts of trafficking in technology primarily designed to circumvent technology that protects a right of a copyright owner, in violation of Title 17, United States Code, Section 1201(b)(1)(A); and two counts of trafficking in technology marketed for use in circumventing technology that protects a right of a copyright owner, in violation of Title 17, United States Code, Section 1201(b)(1)(C).

This is the first indictment under the Digital Millennium Copyright Act ("DMCA"), enacted by Congress in 1998. The DMCA requires that the government prove a defendant offered to the public, provided, or trafficked in technology that was primarily designed to circumvent copyright protections, or was marketed for use in circumventing copyright protections. The statute provides criminal penalties where the copyright violations are perpetrated for purposes of commercial advantage or private financial gain. The DMCA also contains certain exemptions for nonprofit libraries, archives, and educational institutions, as well as for reverse engineering and encryption research.

According to the indictment, Elcom and Mr. Sklyarov are alleged to have conspired, for commercial advantage and private financial gain, to traffic in a technology that was primarily designed and produced for the purpose of circumventing, and was marketed by the defendants for use in circumventing, the Adobe Acrobat eBook Reader. The indictment alleges that prior to June 20, 2001, Mr. Sklyarov and others wrote a program called the Advanced eBook Processor ("AEBPR"), the primary purpose of which was to remove any and all limitations on an ebook purchaser's ability to copy, distribute, print, have the text read audibly by the computer, or any other limitation imposed by the publisher or distributor of the ebook.

The indictment alleges that Elcom made the AEBPR program available for purchase on the website elcomsoft.com which was hosted in Chicago, Illinois. According to the indictment, individuals wishing to purchase the AEBPR program were permitted to download a partially functional copy of the program from elcomsoft.com, and then were directed to pay approximately $99 to an online payment service RegNow, based in Issaquah, Washington. Upon making a payment via the RegNow website, Elcom provided purchasers a registration number permitting full-use of the AEBPR program.

The indictment states that Adobe Systems Inc. distributes the Adobe Acrobat eBook Reader for the reading of electronic books on personal computers. Consumers wishing to purchase ebooks formatted for the Adobe Acrobat eBook Reader can download a free copy of the eBook Reader to their personal computer and then purchase the ebook from an online retailer. Upon purchasing the ebook from the online retailer, a series of electronic communications between and among the computers of the online retailer - including, typically, an Adobe-supplied server - and the consumer's computer authorized the ebook to be read on the computer from which the purchase was made.

It is further alleged that when an eBook purchased for viewing in the Adobe eBook Reader format is sold by the publisher or distributor, the publisher or distributor of the ebook can authorize or limit the purchaser's ability to copy, distribute, print, or have the text read audibly by the computer. The eBook Reader permits the management of such digital rights so that in the ordinary course of its operation, the eBook Reader effectively permits the publisher or distributor of the ebook to restrict or limit the exercise of certain copyright rights of the owners of the copyrights for books distributed in the eBook Reader format.

The maximum statutory penalties for each count in violation of Title 17, United States Code, Sections 1201(b)(1)(A) and 1201(b)(1)(C) are five years imprisonment for an individual and a fine of $500,000 for an individual or corportation. The maximum penalties for a violation of Title 18, United States Code, Section 371, are five years imprisonment and a fine of $250,000 for an individual, and a fine of $500,000 for a corporation. However, any sentence following conviction would be dictated by the Federal Sentencing Guidelines, which take into account a number of factors, and would be imposed in the discretion of the Court. An indictment simply contains allegations against an individual or corporation and, as with all defendants, Elcom and Mr. Sklyarov must be presumed innocent unless and until convicted.

Mr. Sklyarov made his initial appearance in federal court in San Jose on August 6, 2001. He was released on bail based on an agreement between the United States and the defendant. The corporation has not yet made an initial appearance in federal court. The next scheduled appearance is at 9:30 a.m. on August 30, 2001 for arraignment for both defendants before Judge Seeborg.

The prosecution is the result of an investigation by the Federal Bureau of Investigation. Scott Frewing and Joseph Sullivan of the Computer Hacking and Intellectual Property ("CHIP") Unit are the Assistant U.S. Attorneys who are prosecuting the case with the assistance of legal technician Lauri Gomez.

August 23, 2001

Prior Restraint of Internet Publishers Unconstitutional

Contact:

David Greene, FAP Executive Director / Staff Counsel
  fap@thefirstamendment.org
  +1 510-208-7744

 

Robin Gross, EFF Intellectual Property Attorney
  robin@eff.org
  +1 415-436-9333 x112
 +1 415-637-5310 (cell)

 

San Jose, California - A California appeals court today heard a debate over whether a lower court should have ordered dozens of Internet publishers to "stop the presses" pending the outcome of a California trade secrets trial.

In January 2000, as part of a trade secrets case brought by the motion picture industry, Santa Clara County Superior Court Judge William Elfving ordered Andrew Bunner and numerous other defendants to halt Internet publication of DeCSS pending the outcome of the trial. DeCSS is free software that allows people to play DVDs without technological restrictions, such as platform limitations and region codes, that are imposed by movie studios.

Today Bunner, represented by the Electronic Frontier Foundation (EFF) and the First Amendment Project (FAP), argued on appeal that this injunction violates his free speech rights under the First Amendment and the California Constitution. The argument took place in San Jose before three judges of the Sixth District California Court of Appeals.

"It is well-established that publishers of computer code are protected by the First Amendment. In granting the injunction against Mr. Bunner, the Superior Court failed to adequately consider Bunner's First Amendment rights," said David Greene, Executive Director and staff counsel to the First Amendment Project, who argued the appeal on behalf of Mr. Bunner. "The mere invocation of 'trade secrets' does not trump a publisher's First Amendment rights."

During today's oral arguments, the judges clearly appreciated the important First Amendment issues raised and asked probing questions of both sides. Upon completion of the oral arguments, the court took the matter under submission. A decision is expected in approximately 4-8 weeks.

 

Background on the DVD Copy Control Assoc. Inc. v. Bunner, et al. case:
  http://www.eff.org/IP/Video/DVDCCA_case/

About EFF:

The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most linked-to Web sites in the world:
  http://www.eff.org/

About FAP:

The First Amendment Project is a nonprofit, public interest law firm and advocacy organization dedicated to protecting and promoting freedom of information, expression, and petition. FAP provides advice, educational materials, and legal representation to its core constituency of activists, journalists, and artists in service of these fundamental liberties and has a website at:
  http://thefirstamendment.org/

August 22, 2001

Dmitry Sklyarov Issues Statement Thanking Supporters

Russian programmer Dmitry Sklyarov will appear in a California federal court next week, for an arraignment on charges of trafficking in a copyright circumvention device. For programming a software application that appears to be legal in Moscow where he wrote it, Sklyarov -- who is out of custody on $50,000 bail -- faces a potential prison term of five years and a $500,000 fine.

The arraignment is scheduled for 9:30am PT, Thursday, August 30 (it was delayed one week for the originally announced date of Aug. 23). The hearing will be held with US Magistrate Judge Richard Seeborg presiding, in courtroom 4, 5th floor of the Federal District Court for the Northern District of California, San Jose Branch, 280 South 1st Street, in San Jose, California.

Nonviolent protests will be scheduled outside the hearing in San Jose, and in Moscow (Russia), Cambridge (England), London (England), Minneapolis, Boston, San Francisco, Los Angeles, and Black Rock City, Nevada.

Dmitry Skylarov issued the following statement thanking the activists who have taken up his cause:

To everyone who spent their time helping me:

During the three weeks I spent in jail I learned that many people were protesting against my arrest. I also learned that Adobe withdrew its support of my arrest after meeting with EFF. But I was not able to see that or to read letters and articles about my case.

After being released from jail on August 6, I was really surprised and impressed by the scale of the action and the number of people involved in the protests. I'm not an IT superman. I'm just a programmer, like many others. It was unexpected by me that so many people would support a guy from another country that nobody heard about before.

Your support means a lot to me and my family and makes a difference for all.

This experience is going to change me in a profound way that I cannot even appreciate fully as yet. Thank you very much.

Dmitry Sklyarov

Directions and map to San Jose Federal Building:
http://www.cand.uscourts.gov/cand/CourtInfo.nsf/6f311f8841e7da2488256405006827f0/f3b46c67b334132e88256682007f6ba9OpenDocument

Background on the Sklyarov case:
http://www.eff.org/IP/DMCA/US_v_Sklyarov/

Calendar of protests related to the Sklyarov case:
http://www.freesklyarov.org/calendar/

Coincidentally, the same afternoon nearby in San Jose, a California state appellate court will hear oral arguments regarding whether dozens of Internet publishers can be ordered to "stop the presses" pending the outcome of a California trade secrets trial.

In January 2000, as part of a trade secrets case brought by the motion picture industry, Santa Clara County Superior Court Judge William Elfving ordered that Andrew Bunner and numerous other defendants halt Internet publication of the source code for DeCSS pending the outcome of a trial. DeCSS is free software that allows people to play DVDs without technological restrictions, such as platform limitations and region codes, that are preferred by movie studios.

Bunner, represented by the Electronic Frontier Foundation and the First Amendment Project, is appealing this prior restraint on his free speech rights. The case is In Re: DVD Copy Control Assoc., Inc. v. Bunner, case no. H021153. Oral arguments will begin at 1:30 PM before California's Sixth Appellate Court, located at 333 West Santa Clara Street, Suite 1060, San Jose, CA 95113.

Directions and map to San Jose Appellate Court Building:
http://www.courtinfo.ca.gov/courts/courtsofappeal/6thDistrict/location.htm

Background on the DVD Copy Control Assoc., Inc. v. Bunner case:
http://www.eff.org/IP/Video/DVDCCA_case/

August 8, 2001

On August 7th, the California Sixth Appellate District issued an opinion denying Matthew Pavlovich's motion to dismiss the case against him for lack of personal jurisdiction over him.

Pavlovich, who was a college student in Indiana and now lives in Texas, claims postings made to the LiVID mailing list, which he ran from his home computer should not subject him to defending himself in California. LiVID is an open source development team working to build a DVD player compatible with the Linux operating system that could compete with the movie studios' monopoly on DVD players. In January 2000, a California judge issued an injunction banning dozens of individuals, including Pavlovich, from publishing DeCSS computer code.

Today, the court held that because Pavlovich knew the movie business was in California, publishing information that might have an effect on its profits was a sufficient connection to find Pavlovich within the court's purview.

This ruling magnifies the ability of Hollywood or other businesses to successfully sue anyone in the world who publishes information on the Internet which the movie studios claim could hurt their profits. Pavlovich is considering an appeal of the order to the California Supreme Court on Constitutional Due Process grounds.

August 3, 2001

Praises Experience of Joseph Burton, Russian Programmer's Attorney

The Electronic Frontier Foundation (EFF) today welcomed the announcement of Joseph M. Burton as defense attorney for jailed Russian computer scientist Dmitry Sklyarov. Burton has represented Sklyarov since July 20.

Sklyarov was arrested July 16 on charges of distributing software that circumvents copyright protections, in violation of provisions of the Digital Millennium Copyright Act (DMCA).

The FBI arrested Sklyarov shortly after he gave a presentation at the DEF CON conference in Las Vegas outlining security flaws in Adobe eBook software. A Ph.D. student from Moscow, Russia, Sklyarov showed that industry claims about electronic book software were unfounded.

"I believe absolutely in Dmitry's innocence," Burton said Thursday. "I feel particularly confident, given the widespread support he's garnered, that we will be able to prove that innocence. This prosecution raises serious issues that need to be addressed if we are to enjoy the same rights in the new digital millennium as we have in the past."

Burton, a former Assistant United States Attorney, was chief of the Silicon Valley Office of the U.S. Attorney's Office for the Northern District of California, where he brought several pioneering high technology prosecutions. He is a member of the White Collar Crime and Complex Crimes committees of the Section of Litigation of the American Bar Assocation and former chair of the Computer Crime Subcommittee. Burton is also a member of the Bar Association of San Francisco's Judiciary Committee, the Federal Bar Association and the Charles Houston Bar Association.

EFF, which has called for Sklyarov's release, praised the choice of Burton, a partner in the San Francisco office of national law firm Duane, Morris & Heckscher LLP.

"His experience in criminal law and technology cases is exactly what Dmitry needs," said EFF Senior Staff Attorney Lee Tien.

Cindy Cohn, legal director of the San Francisco-based EFF, said "We are very pleased that Dmitry Sklyarov has capable criminal representation."

"We did not seek to represent Mr. Sklyarov ourselves because our legal expertise is concentrated in civil liberties, not in direct criminal defense," said Cohn. "However, as experts in the implications of the Digital Millennium Copyright Act, we plan to work closely with Mr. Burton and the rest of Mr. Sklyarov's defense team. And, of course, we will continue our role in informing the public and in organizing and participating in other efforts to free Dmitry."

The DMCA, enacted in 1998, imposes civil and criminal penalties for circumventing technologies that protect a copyright holder's interests. EFF, along with computer professionals, academics, librarians, and others, has maintained that the law goes too far, criminalizing legitimate activity and threatening computer security research.

EFF is counsel for defendants in an earlier civil DMCA case, Universal City Studios v. Reimerdes. In that case, currently on appeal, the defense team argued for 2600 Magazine's right to publish and link to a computer program that decrypts DVDs, allowing them to be played on Linux and other operating systems. In addition, EFF represents Princeton University Professor Edward Felten and his colleagues in a recent civil case challenging the DMCA and defending their right to publish academic research on copy protection systems.

July 30, 2001

Dismisses Defamation Suit Against Breast Implant Activist as Meritless

Electronic Frontier Foundation Media Release

Oakland, CA - In a trail-blazing 27-page order, Alameda Superior Court Judge James A. Richman dismissed a defamation lawsuit filed against a breast implant awareness activist, finding that it was a meritless SLAPP (Strategic Lawsuit Against Public Participation). The court held that a 1996 federal law protects individuals from civil liability for posting to an Internet newsgroup a statement created by another.

Ilena Rosenthal, Director of the Humantics Foundation in San Diego, was sued for defamation based on her postings on Internet newsgroups. On July 25, 2001, Judge Richman granted Rosenthal's motion to dismiss the complaint against her as a meritless SLAPP. Two self-proclaimed "Quackbusters," Stephen Barrett, M.D., of Allentown, Pennsylvania, and Terry Polevoy, M.D., of Canada, joined by their attorney and co-plaintiff, Christopher Grell, of Oakland, California, filed suit against the activist. Judge Richman found that none of the plaintiffs had valid claims against Rosenthal. He ruled that Rosenthal's statements calling Barrett and Polevoy "quacks," and Barrett "arrogant" and a "bully" who tried to "extort" her, were not actionable because "they do not contain provably false assertions of fact, but rather are expressions of subjective judgment."

Judge Richman further found that only one statement by Rosenthal was arguably defamatory -- a document written by someone else which Rosenthal re-posted to an Internet newsgroup. Judge Richman held that this statement by Rosenthal was protected under section 230 of the federal Communications Decency Act (CDA), a law Congress enacted in 1996 expressly "to promote the continued development of the Internet and other interactive computer services," which Congress declared should be "unfettered by Federal or State regulation."

Judge Richman held that section 230 of the CDA "provides immunity to users, as well as providers, of interactive computer services." He found that Rosenthal, "as a user of an interactive computer service, that is, a newsgroup, . . . is not the publisher or speaker" of statements made by a third person. Thus, Judge Richman concluded, "she cannot be civilly liable for posting it on the Internet. She is immune."

Lee Tien, Senior Staff Attorney for the Electronic Frontier Foundation (EFF), the leading Internet civil liberties organization, said "in enacting section 230, Congress tried to protect free speech on the Internet from chilling threats of costly litigation. This decision will help achieve that goal and marks a solid victory for free expression. Internet speech would be stifled if individuals could be found liable for the defamatory statements of others."

Mark Goldowitz, counsel for defendant Rosenthal and the Director of the California Anti-SLAPP Project, said, "Judge Richman's opinion is significant. To my knowledge, this is the first court to rule that Internet re-posting is immune from civil liability under federal law. This ruling greatly advances freedom of speech on the Internet. Also, it is very rare for a trial court judge to issue anything even close to a 27-page order."

Ilena Rosenthal, one of several defendants named in this high-profile Internet libel case, heads an international support group for women harmed by breast implants. Rosenthal believes that this suit, one of several the so-called "Quackbusters" have filed against critics of their tactics, has been used to intimidate and threaten others into silence for fear of being named as a "Doe" in this lawsuit. "They are a dominant threat to alternative and complementary medical practices and practitioners," Rosenthal said. "Their campaigns obstruct health freedom and attempt to chill the voices of their critics and opponents."
Links:

* For a copy of Judge Richman's 27-page opinion in Barrett v. Clark:
http://www.healthfreedomlaw.com/Court%20Documents/Rosenthal%20SLAPP/Rosenthal%20Ruling.htm
(For discussion of section 230 of the CDA, see pages 17-20.)
* For a copy of section 230 of the Communications Decency Act, 47 U.S.C. Sec. 230:
http://www.casp.net/47usc230.html
* For a copy of memoranda filed in support of Rosenthal's special motion to strike:
http://www.casp.net/caldocs.html

Contact:

Lee Tien, EFF Senior Staff Attorney,
tien@eff.org

Mark Goldowitz, Director, California Anti-SLAPP Project (CASP),
mg@casp.net

Ilena Rosenthal, defendant in Barrett v. Clark,
breast implant awareness activist, Director, Humantics Foundation,
ilena2000@hotmail.com

About EFF:
The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member supported organization and maintains one of the most linked-to Web sites in the world:
http://www.eff.org/
About CASP:
The California Anti-SLAPP Project (CASP) is a public interest organization dedicated to the eradication of SLAPPs (Strategic Lawsuits Against Public Participation) in California. Founded in 1991, CASP has led a broad coalition for anti-SLAPP legislation, which resulted in enactment of California's pioneering legislation to protect against SLAPPs in 1992, and amendments to strengthen the law's protections in 1997 and 1999. CASP monitors implementation of the anti-SLAPP law and assists SLAPP targets and their attorneys with use of the law. For more information about CASP and SLAPPs:
http://www.casp.net/
About defendant Ilena Rosenthal:

For more information about defendant Ilena Rosenthal and her work on breast implant awareness, email her at ilena2000@hotmail.com. See also:

Breast Implants: The Myths, The Facts, The Women, by Ilena Rosenthal (information booklet)
http://www.internet-connect.com/implants/dowchemresults1.html

Article on saline implants in Glamour Magazine, Nov. 2000:
http://community-1.webtv.net/lany25/GlamourMagazineNov/

"Breast Implants, America's Silent Epidemic," in Total Health Magazine, Nov.-Dec. 2000)
http://www.mercola.com/2001/jun/6/breast_implants.htm

Note: EFF has no official position on breast implants or possible health risks thereof. Our interest in this case is the First Amendment issues raised. Press inquiries relating to Ms. Rosenthal's work should be directed to the Humantics Foundation, not EFF.

July 27, 2001

After Meeting with US Attorney's Office

Contact:

Robin Gross, EFF Staff Attorney - Intellectual Property,
+1 415-436-9333 x112,
robin@eff.org

[NOTE: Will Doherty will be out of the office until
August 8, so please direct media requests to Robin
or to press@eff.org]

San Francisco, CA - Representatives of the Electronic Frontier Foundation (EFF) met with representatives of the U.S. Attorney's office in San Francisco today. There was a productive dialog, however the U.S. Attorney's office did not agree to drop the prosecution against Russian programmer Dmitry Sklyarov.

"The people from the U.S. Attorney's office heard our concerns and asked probing questions about the Digital Millennium Copyright Act," explained EFF's Executive Director Shari Steele. "However, they did not give any indication of their plans for Dmitry, so we encourage everyone to keep up the pressure and join the protests."

Having explored good faith negotiations, the Electronic Frontier Foundation rejoins the call for nonviolent protests worldwide to secure the immediate release of Dmitry Sklyarov and drop all criminal charges against him.

A protest is already scheduled in San Francisco for 11:30am this coming Monday, July 30, at the Federal Courthouse at 450 Golden Gate Ave. Additional July 30th protests are scheduled in Los Angeles, Boston, Chicago, and Minneapolis, and future protests will likely occur in 25 or more cities worldwide in coming weeks.

July 26, 2001

from crypto researcher Ross Anderson, Cambridge U., UK

Ross Anderson, FIEE, FIMA
Reader Security Engineering
University of Cambridge
Computer Laboratory

Robert S. Mueller, III
United States Attorney
450 Golden Gate Avenue,
Box 36055
San Franscisco, Ca 94102
Fax: (415) 436-7234

July 26, 2001

Dear Mr Mueller,
The Sklyarov case

I lead the security group at Cambridge University. We are recognised as one of the leading research groups in the world in the field of information security. The research that we do is scientifically important, useful, legitimate and benefits mankind. I wrote the seminal paper on peer-to-peer systems ('The EternityService') which has since led many companies -- from Microsoft down to small start-ups -- to work on mechanisms for large-scale distributed data storage and retrieval, in which hundreds of millions of users may share the spare capacity on eachothers' hard disks for data backup. I coauthored the seminal paper on physical attacks on smartcards, which has led to a EU research project to develop next generation smartcard processors -- in which my team is a major player. I also coauthored the paper that introduced 'soft tempest' -- the idea of reducing the compromising electromagnetic emanations from electronic equipment using software rather than hardware; this technique is already fielded in the flagship email encryption product from Network Associates Inc. and has the potential to save the military forces of NATO countries over a billion dollars a year. I also coauthored the seminal paper on the vulnerabilities of copyright marking schemes, which has led to a tool (Stirmark) that is now the industry benchmark for testing marking systems. Colleagues in my group coauthored the seminal papers on cryptographic protocols and on protocol verification.

The arrest of Dmitri Sklyarov is of extreme concern to me. Security research at an internationally competitive level is inherently an adversarial business; the field advances through a coevolution of attack and defence. Understanding and documenting the vulnerabilities of existing systems is critical to progress. The prospect that I might be arrested in the USA for research work done here at Cambridge University , and published in a responsible way through the usual academic channels, is alarming. The arrest has also alarmed many of my colleagues.

I serve on the program committees of a number of leading international conferences, including the Information Hiding Workshop. The DMCA risks have persuaded my colleagues to hold the next workshop in Eindhoven, Holland, rather than at MIT. Another conference on whose committee I serve, the Fast Software Encryption workshop, was held last year in New York and this year in Tokyo; it is unlikely to return to the USA until thef reedom of speech issues are resolved. Computer security and cryptography academics in Europe and elsewhere are getting the impression that the USA is becoming a hostile place.

A former student of ours, Igor Drokov, has known Dmitry Sklyarov for about ten years, and assures me that he is a talented researcher who is known as a law-abiding citizen rather than as a hacker/cracker.

I am concerned about reports that his arrest was due to a civil dispute between his employer and Adobe, Inc. If a law-abiding serious researcher can face arrest because his work is seen as inconvenient or harmful by a big US company, then many if not most of the top researchers in the field are at risk. For example, my smartcard work is conducted in partnership with the French company Gemplus and the Israeli company NDS. It poses a direct competitive threat to a US company, Atmel. If I publish an attack that breaks their product but not Gemplus's or NDS's product -- even unwittingly -- then can Atmel have me arrested? Will I be held without bail for years since -- as a foreign national -- I am considered to be a potential fugitive?

Many countries including my own encourage academics to work closely with industry, so that the fruits of research can be realised more quickly for the benefit of the whole economy. Is US polic yabout to provide a strong disincentive for people in the IT sector to engage in competitive and pre-competitive research? Our whole experience at Cambridge is that good research in science and technology tends to be driven by real problems; academics who retreat into theory tend to be much less productive.

I realise that neither you nor the FBI can change the law. However, I hope that you hav e, and will exercise, discretion not to prosecute in cases that are highly questionable or marginal, especially where these cases may cause international incidents, harm the US economy, and damage the excellent reputation that your country has earned for the defence of freedom of speech worldwide over the last two generations.

I have for years been an opponent of the anti-Americanism that becomes fashionable in Europe from time to time, and that unfortunately reared its head again recently at Genoa. The Sklyarov case does not help those of us who consider ourselves to be America's friends.

Yours sincerely

Ross Anderson

Computer Laboratory
New Museums Site
Pembroke Street
Cambridge CB2 3QG England
Tel: +44 1223 334733
Fax: +44 1223 334678
E-mail: Ross.Anderson@cl.cam.ac.uk

July 25, 2001

Congressman Rick Boucher Urges Reaffirmation of Fair Use Rights

The American public has traditionally enjoyed the ability to make convenience and incidental copies of copyrighted works without the necessity of obtaining the prior consent of the owner of the copyright. These traditional "fair use" rights are at the foundation of the receipt and use of information by the American public.

From the college student who photocopies a page from a library book for use in writing a report to the typical television viewer who records a broadcast for viewing at a later time to the prudent home computer owner who makes back-up copies of the information he has lawfully stored on his hard drive, we all depend on the ability to make limited copies of copyrighted material without having to pay a fee or obtain prior approval from the owner of the copyright prior to making the copy.

In fact fair use rights to obtain and use a wide array of information are essential to the exercise of First Amendment rights. The very vibrancy of our democracy is dependent on the information availability and use facilitated by the Fair Use Doctrine.

The time, in my view, has come for the Congress to reaffirm the Fair Use Doctrine and to bolster specific fair use rights which are now at risk.

In 1998, responding to the concerns of copyright owners, Congress passed the Digital Millennium Copyright Act. Its announced purpose was to protect from piracy copyrighted material in an environment which poses special concerns for copyright owners. The copyright owners made the valid point that unlike analog technology in which each successive copy degrades in quality, with digital technology a copy of a copy of a copy contains the same clarity and integrity as the original of the work. They also made the valid point that in the networked environment, perfect copies by the thousands can be sent simultaneously across the globe with a single click of a computer mouse. Copyright owners urged that the Congress provide greater protections to them to guard against piracy of copyrighted works in the digital networked era.

The Digital Millennium Copyright Act is the Congressional response to these realities. There are some who believe that it went too far and that in the extension of new protections to copyright owners that it placed in peril the traditional fair use rights of the users of information.

For example, it creates in Section 1201 (a) a new crime of circumventing a technological protection measure which guards access to a copyrighted work. Under Section 1201, the purpose of the circumvention is immaterial. It is a crime to circumvent a password or other gateway even for the purpose of exercising fair use rights. There is no requirement under Section 1201 that the circumvention be for the purpose of infringing a copyright. Any action of circumvention without the consent of the copyright owner is made criminal by this provision.

Some now foresee a time when through the operation of Section 1201 what is available for free on library shelves today may only be available in the future on a "pay per use" basis. A time will arrive when virtually all new material will be sent to libraries on CD-Roms. That material may easily be guarded by a password, which under the provisions of Section 1201(a) would qualify as a "technological protection measure." In exchange for a fee for each viewing, the password may be used. It would be a simple matter for the creator of the content to impose a requirement that a small fee be paid each time the copyrighted work is accessed by library patrons. Under this scenario, the most recently arrived library material would be available only on a pay per use basis. The student who wants even the most basic access to material to write his term paper would have to pay for each item he reads.

Several members of Congress made the effort in 1998 to limit the new crime under Section 1201 to circumvention for the purpose of infringing the copyright, but the momentum to enact the measure essentially unamended was too strong, and our effort fell short. With a growing realization on the part of the education community and supporters of libraries of the threat to fair use rights which Section 1201 poses, perhaps the time will soon come for a Congressional re-examination of this provision and for the assemblage of a national effort of sufficient size and intensity to enable a much needed modification of the provisions of Section 1201 (a) to occur.

Perhaps the only conduct which should be declared criminal is circumvention for the purpose of infringing the copyright. Perhaps a more limited amendment could be crafted to insure the continued exercise of fair use rights in libraries and in scholastic settings notwithstanding the provisions of Section 1201.

And there are other challenges.

I am concerned about the apparent attempt of some in the content community who are seeking to protect their copyright interests in material contained in digitally broadcast television programs by insisting that the television signal quality be degraded or by insisting on the use of set- top box technology which could potentially prohibit all copying. The reasonable expectations of television viewers to be able to make home recordings of programs for time shifting and other historically accepted purposes are now placed at risk.

There is a way to protect copyrights in digitally broadcast programs and to permit television viewers to make copies of television programs for home use. The model is contained in Section 1201 (k) of the Digital Millennium Copyright Act which was designed for analog television broadcasts.

The Section requires video cassette recorders to respond to Macrovision, a copy prevention technology, and to block copying of rental movies encoded with Macrovision. In exchange for this statutory mandate, viewers are granted the right to make unlimited copies of off-the-air television broadcasts and one copy for time shifting purposes of pay per view movies which may only be purchased at specific times.

Where there is no reasonable expectation of being able to make a copy, such as in the case of a movie rented from a video store, the VCR will block all copying in its response to Macrovision encoding.

This arrangement for the world of analog broadcasts offers a model for resolution of the present debate over how to protect copyrights associated with digital broadcasts. In exchange for a reasonable set of guaranteed home recording rights, along the lines of Section 1201 (k), I am hopeful that an arrangement can be achieved through a negotiated agreement to employ in the video stream watermarks or other encodings which would prevent copying that is inconsistent with the recording rules and to require that recording equipment recognize and respond to the encoding. Such an agreement should extend to all digital TV programming whether it is delivered by cable, satellite or over the air.

The time has come for the motion picture studios to present a proposal along these lines to the manufacturers of recording equipment. There is an urgent need for an agreement which will simultaneously protect copyrights and the home recording rights of television viewers.

In the meantime, I hope that the creative community will not attempt unilateral approaches to protecting content which would either defeat home recording rights or degrade the quality of digital broadcasts.

Congress should also reaffirm fair use principles in other specific areas:

Traditional distance learning applications use broadcast and closed circuit television, and a special copyright exemption accommodates these educational broadcasts. Today, a new era of distance learning has arrived in which personal computers and the Internet are replacing the television set and closed circuit systems as the delivery medium. The copyright exemption should be broadened to include the new technology and to expand to the home the setting in which distance learning can occur.

1. The First Sale Doctrine should be made applicable to on-line sales accompanied by downloads of the purchased material. Under current law, a book or CD purchased in a "bricks and mortar" store can be given to a friend or sold to another person without obtaining the consent of the copyright owner. The key to the permissibility of the transaction is that at any given point in time only one copy of the material is extant. The same principle should apply to material downloaded from the Internet. The technology exists to enable the transfer of a downloaded item to a third party with the simultaneous deletion of the material from the hard drive of the individual who is transferring it. The analogy to the transaction I previously described in the physical world is exact, and the First Sale Doctrine should be extended to apply to the on- line experience with equal force.
2. Given the architecture of the Internet and personal Computers, the simple act of viewing a downloaded image, listening to webcasting, or sending an e-mail message creates an incidental or temporary reproduction, and many consumer electronics products temporarily store bits, representing audio clips or audio visual works in a buffer as part of their normal operation. These temporary copies, which are essential to the operation of digital products and networks, should be made unequivocally lawful under the copyright law.
3. Current law permits a computer user to make back-up copies of software so that the program can be restored in the event of a hard disk crash. But current law does not permit an archival copy to be made of copyrighted data associated with the program. For example, under current law, the software which enables the recording on a hard drive of music lawfully downloaded from the Internet can be archived for back-up purposes. However, the music which was lawfully downloaded cannot be archived. In the event of a hard disk crash, the purchaser of the music would be required to go back to the seller and purchase another copy. The current exemption permitting the archive of software should be expanded to permit the archive of any copyrighted data which is lawfully acquired and is associated with the software.
4. The in store exemption for music sampling should be expanded to cover samples of music which are accessed over the Internet for purposes of determining whether or not to make a purchase of the music. Under the current in store exemption, bricks and mortar stores are able to share with their customers samples of recorded music, and millions of Americans routinely put on headphones in record stores and listen to the music before they purchase it. The same opportunity should be provided for sales accomplished over the Internet. Brief samples of recorded music should be made available without the need to obtain the permission of the owners of the music copyrights.
5. Purchasers of audio CDs should be able to contract with on -line services for the storage of music on the CDs they have purchased which they can access over the Internet at a time and place of their choosing. The misic would be stored in an on-line locker specific to each subscriber. Today, people physically carry their CDs from their home to their car to their office to a friend’s home for the purpose of listening to the music they have purchased. The Internet offers the opportunity for enhanced convenience by enabling people to leave their CDs at home and have access to their music by downstream from an on- line locker at any location where they can obtain Internet access. The owners of music copyrights are fully compensated, in this example, when the individual purchases the CD at the outset. He should then have complete freedom without interference from the copyright owner to access the music on that CD over the Internet at a time and place of his choosing.

This are [sic] some of the steps which taken together would constitute an appropriate reaffirmation of fair use rights for consumers, and I look forward to the time in the very near future when the attention of Congress will turn to the need through these and potentially other steps to create a better balance between the rights of copyright owners and the rights of the users of copyrighted information.

July 25, 2001

Contact:

Will Doherty, EFF Online Activist / Media Relations,
wild@eff.org,
+1 415 436 9333 x111

Robin Gross, EFF Staff Attorney - Intellectual Property,
robin@eff.org,
+1 415 436 9333 x112

San Francisco - Representatives from the Electronic Frontier Foundation will meet at 9:00am Pacific Time, this Friday, July 27, with representatives from the office of the U.S. Attorney for the Northern District of California.

EFF will make a good faith attempt at negotiations aimed at dropping all charges against Dmitry Sklyarov and securing his immediate release from jail.

For more information about the Sklyarov case, see:
http://www.eff.org/IP/DMCA/US_v_Sklyarov/

Free Dmitry Sklarov campaign sites:
http://www.freesklyarov.org/
http://www.freedmitry.org/
About EFF:

The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most linked-to Web sites in the world:
http://www.eff.org/

July 25, 2001

There's been a lot of debate about the recent jailing of a young Russian named Dmitry Sklyarov, who helped write a controversial program that used to be sold by his employer, a Moscow company named Elcomsoft.

This missive will be a bit different from some of the others you've read because I'm an ebook publisher -- one of the first. In addition, I've made pretty much all the money I've got from publishing copyrighted material online, have written professionally myself, am the son of full-time author and a heavy defender of the rights of authors.

Back in 1992 and 1993 I made two pioneering (and foolishly far too early) moves in ebooks. First, I built a subscription library of top science fiction, offering readers "all you can read" for a flat monthly fee. In 93 I published an online and CD-rom anthology that even today is one of the largest anthologies of current fiction ever published in one volume. So I have some history in this market. Yet I'm also chairman of the Electronic Frontier Foundation (EFF), the organization that's been leading the fight against the problems with the new copyright laws and the prosecution of Sklyarov.

The program that got him arrested, the Advanced eBook Processor, "unlocks" books published in the Adobe eBook format, so that you can extract the ordinary text of the book and do what you want with it. That includes a variety of harmless things like moving it to your new computer when you upgrade, or reading it 20 years from now when the publisher has gone out of business.

It also includes nefarious actions, like republishing the book out to people who didn't pay for it.

The Adobe eBook system, like many other "digital rights management" tools, provides a tool to encrypt books and "lock" them so that they can only be read using the eBook reader. In turn, the reader software only lets you do certain things with the books it decodes. Only things the publisher of the book has decided to let you do.

Making an "unlocker" for such systems was made illegal under a new revision of copyright law in 1998 called the Digital Millennium Copyright Act. In fact, though normally copyright is the subject of lawsuits, the DMCA made certain actions federal crimes. And that's how Sklyarov ended up in jail. He helped his employer write a program that bypasses the locks, and his employer briefly sold it in the USA. (They sold a grand total of 7 copies, 15% of them to Adobe.)

His employer, it seems, violated the U.S. law when it sold the program in the USA. Writing and selling such software is not just legal, but encouraged in Russia, where there are limits on the locks that publishers can put on books.

The Department of Justice alleges that because Sklyarov helped write the program and his employer sold it that he is personally a criminal. They arrested him at his hotel in Las Vegas as he was on his way to the airport to go back home. He had come to a convention in Las Vegas called DefCon, where computers security people and hackers of both the good and bad stripes gather to discuss computer security issues.
Cryptanalysis

He went there because he got started in all this doing the well respected practice called cryptanalysis. Cryptanalysis is code-breaking. It involves looking at code-based security systems for flaws. Cryptanalists like Alan Turing are now widely regarded as among the greatest contributors to the defeat of Nazi Germany -- they are some of the greatest heros of the 2nd world war.

Sklyarov is a PhD student in Moscow, and as an academic exercise in such research, he examined the security of the Adobe eBook locking system. Truth is, he found it to be of a very poor design, with several flaws. He described these, and then got employed by Elcomsoft to make a program to demonstrate the flaws. Adobe makes the claim, quite possibly valid, that Elcomsoft's goal was to make money selling a tool to let people illicitly copy books locked by Adobe's tools. Sklyarov, however, is mainly an academic and employee -- he owns no part of Elcomsoft and got his salary regardless of how well the program did.

Unfortunately, because he's a Russian, he's in a lot more trouble. He's thousands of miles from home and family and the world he knows. And the courts will feel that if they let him out in the street, he would be a fool not to be on the next plane to Moscow. So they have to keep him in jail, where a U.S. resident would be out on bail, planning his defense.
DRM

Digital Rights Management (DRM) is controversial in part because it changes the rules of how publishing works. Publishers ask for DRM because digital books are trivially easy to copy, and in particular, to copy without paying for them. Paper books can also be copied, but putting all the pages through a photocopier is a fair bit of work, so most people don't do it.

This difference of degree is important to the publishers. The ease of digital copying is so great that the whole world can get a book with only one person buying it, if the world is so inclined. They have reason to be scared of that.

At the same time, DRM allows a degree of control over publishing that's far beyond what existed in the paper world. As noted, paper books can also be copied if you have the time or a fancy machine. More commonly people copy a single page out of a book for reference later, and most publishers don't mind a great deal. An eBook can be set to not allow even the slightest copying, not even the copy and paste of a single sentence.

Paper books can be lent to friends, but of course you can't read them while they are on loan, and you can only loan to one person at a time. eBooks that are unlocked can be lent to the whole world at once (which scares the publishers) but can also be set so they can not be lent at all, and commonly are.

Paper books can be sold, in fact copyright law explicitly assures this with a special doctrine describing the rights after "first sale" on a copyrighted work. Locked ebooks can be set so they can't be sold, and again they commonly are.

Ordinary text files on a computer, like web pages, can be read in all sorts of programs -- web browsers, ebook readers, word processors etc. -- and easily moved to different machines (Windows, Apple, Linux, Palm) on demand. Locked ebooks can only be read in their special reader program, and normally only on the computer or device they were sold for.

Regular books and computer files are subject to a number of special exemptions to copyright law called "fair use" in the USA. These exemptions, defined by the courts and the congress, are in place to make sure that copyright law doesn't get out of hand, and especially to make sure it doesn't violate the first amendment. For example, you can copy and paste a page out of this article (or any other copyrighted work) if you want to write something critical about it, or teach about it, or make fun of it. You don't have to ask me. You can do it even if I tell you not to.

This is essential. Movie critics would never be able to show clips of movies they are panning otherwise, and that would limit their 1st amendment right to be critics.

You can also make a backup copy of it, or move it from one machine of yours to another to read it there, again without me being able to deny you.

In theory you have the rights to do all this with an ebook, but a locked eBook can be sealed up so you don't have the physical ability to do it.

Now locked eBooks, when done well, can solve some of these problems. They can be programmed to be able to move from machine to machine (this is a must for people who, like me, upgrade their computer every few years.) They can be programmed so you can loan them out, or give them away, or sell them, losing your own access in the process. Adobe has done some of these things.

Unfortunately in these cases, the usual means provided for acts like these is to contact the publisher or provider of locked ebook software, and ask them to give you the magic keys to perform such a special operation. If they let anybody copy from machine to machine, then they face that great fear of one copy going to the whole world. As such, the ability to do things that are inherently possible with paper books becomes a privilege which is bestowed, and which can be revoked. Or, even more likely, it can become impossible because the publisher is no longer in business.

Walk through the halls of a fine library or antiquarian book store, and consider what it would be like if the books on the shelves that come from publishers who are now out of business could no longer be read. Imagine if this were true simply because the supplier of the printing press or the inks were out of business.

Or perhaps they can still be read -- but only on that old 286 computer running DOS 6.0 that you threw out 15 years ago. Such is the risk of tying reading of a book to a single device until granted otherwise by the publisher or maker of the publishing tools.

You can imagine why people are concerned about this. We have publishers scared to death of being unable to sell their books, and readers scared of books turning into pages in guarded steel boxes without many of the useful abilities they took for granted.

It can be argued that people retain all the rights of trade, first sale and backup on the encrypted bits. But this dodges the issue. The encrypted bits are literally just noise unless there is a tool to read them, so when it comes down to defining the nature of reading, we have to look at what people can actually do with their books.
Stop the tools!

The publishers, scared as they were, saw the need for locked books (and more-so music and movies) and lobbied congress for a convoluted law -- the DMCA -- to protect the locks. In the past, copyright law protected the books, making the actual unauthorized copying unlawful. They changed the law to make the copying tools themselves illegal, and in some cases criminal.

It's like, in many ways, making the photocopier itself illegal rather than dealing with the person doing the photocopying. It's like making locksmith's tools illegal because they can unlock doors, rather than just making breaking and entering illegal.

Uncharitably, Sklyarov's company sold a lock-picking tool. More charitably they made an electronic analog of a photocopier that handles deliberately hard to photocopy books. He found the flaws in Adobe's locks and helped design the tool. That's part of how he ended up in jail.

(There are laws in several states against carrying lock-picks, but almost all these laws make it illegal only if they are carried for criminal purpose, and it's rare for their manufacture to be illegal.)

One thing people don't like about the law is that it protects even really badly designed computer locks. If they put on the simplest security that a high school student can break, a person who publishes how to break it in software code can still go to jail. Even if -- and this is literally true in this case -- the books are locked just by replacing every letter with the one 13 letters later in the alphabet, a code you may remember from when you were ten years old.

This isn't to say that the victim is at fault in a burglary because they have a simple lock anybody can break. It does say that when you make it illegal to even publish how to get past a trivial lock that even the people who want strong locks will never get them. (Cryptographers know that the only way to make strong codes is to make sure they are constantly strained and tested.)

Now the picture I've painted so far makes it seem crazy that he's in jail or could go to jail for what he did, especially since he did it in Moscow, where it's all perfectly legal.

Yet reasonable people are pushing to keep him in jail. Until we made compelling arguments to them on the matter, Adobe was so angered by the program he wrote that they -- a company full of programmers -- landed this programmer in jail and were encouraging keeping him there.

Some people don't buy the philosophy that making tools should be legal, and the nefarious uses of the tools should be what's illegal. This is nothing new, and this split occurs in all sorts of other debates, most around things like guns, marijuana pipes and even lock-picks. Most of the time the camp that blames the tools loses, though not always. Generally most support a justice system based on the presumption of innocence. If a tool has a legitimate use, it should be legal, even if the majority of its use is illicit.

I think those siding with punishing the toolmaker rather than the copyright infringer should step back and look at the scale of this. One can understand, when the subject is guns, and killing people, how some people side with banning guns and thus interfering with the legal uses of the weapons by innocent people. Indeed they advocate such bans even in spite of the arguments that the 2nd amendment disallows them.

But we're talking copyright infringement here, not murder. Yes, it can be costly, but on the grand scheme, most people don't see jail time as an appropriate response to the actual pilfering of ebooks, let alone the making of tools that might facilitate such infringement.

There are valid uses for Elcomsoft's tool, and as such the good or evil lies in the hands of the user, not the programmer.

Adobe was particularly concerned, I think, because Elcomsoft was selling the tool. Others have made unlockers before and given them away, but this company was making a (meagre) business of it. Adobe felt hurt, I think, at a company making a business out of reversing their hard work. They were annoyed that the company was in Russia and could ignore them, because Russia didn't have such a law. They complained to the FBI, and told them one of the programmers was coming to Nevada. The FBI promptly arrested him. In the end Adobe realized that was the wrong way to deal with this problem.
Jurisdiction

This is particularly true because, while he did play a role in writing the program, Sklyarov is just an employee. All the countries of the world routinely pass their own local (and to other perspectives, bizarre) laws but don't enforce them on people in other lands. Imagine a world where, if the U.S. company you worked for country did things that violated obscure laws in Saudi Arabia this could result in you or any other employee being hauled into jail if you visited Saudi Arabia or any other place that extradited to it. I suspect a lot of people could never travel the world if this were how things operated.

The internet is raising these jurisdiction questions all the time. Americans were rightly incensed when France ordered Yahoo to stop allowing their users to auction off Nazi memorabilia, whose sale is illegal in France. Even more angry when Germany moved to jail a Compuserve executive because Compuserve carried newsgroups with content potentially illegal in Germany.

These issues won't go away, but it's sad to see the first person jailed by the USA would be the foreign programmer of a software tool who had been invited to the USA as a guest. The DMCA criminal issues are contentious enough as they are. Throwing in the jurisdictional question muddies the issue, and benefits nobody. Obviously not the man denied bail, but also not the legal eagles on both sides who want to set DMCA precedents.
Hard to use

As an early ebook publisher, I know that right now the public is mostly resistant to ebooks. This resistance derives mostly from a feeling that people don't want to read a book on a computer. Turns out that once you design your ebooks and the devices well, this prejudice is abandoned by many readers, but other problems persist, including weight, limited battery life, flickering displays and inability to browse.

The publishers of ebooks need to put fewer barriers in front of the reader, not more, so it's bemusing that some have put such a strong focus on DRM. Those who release books in open formats that can be read anywhere do face more illicit copying than they would find in the paper world, but in many cases they also get more sales.

Publishers are looking for new models for how to get financial return in the electronic world. They are out there, and a number of promising suggestions are already being tried. The problem many have with DRM is that, in spite of the goals, it doesn't simulate the dynamic of the old paper book, but locks it up even more.

Perhaps if paper had allowed publishers to make books that could not go in libraries or used book stores they would have. Perhaps they would have made books that professors couldn't photocopy a few pages from to hand to their literature class. Is this the legal regime we would have wanted?

The problem with the DMCA gets worse, however. If publishers want to put their books in a super lockbox, they should still have the right to do so. But the DMCA goes far further. It lets them put the books in a weak lockbox, and then arrest anybody that shows how the lock is weak, and writes software that opens it. This actually encourages the design of poor locking systems, as was the case for DVD movies.

People have the right to keep secrets, for example, and to pile on security to protect them. But the DMCA question is not really one of whether the publishers can have locks. Whether they should use them is a moral question. The DMCA question is akin to asking, if the secrets get out because of poor security, are the people who found out how to get past the security liable or criminal? If Coca-cola holds up their secret formula to a window you can see with a telescope once a day, you might feel that people who see it still shouldn't publish it. But is the person who reveals where the window is a criminal?

The DMCA contains exemptions for researchers, reverse engineers, cryptanalysts and even fair use. But in practice, in real court cases, those exemptions have shown to be close to useless. When one magazine published the results of reverse engineers who figure out how to play a locked DVD movie, the judge ruled that the magazine itself was not a reverse engineer or cryptographer, it just published their work. As such it could be shut down. Not much of an exemption.
Where is the answer?

Well, first of all, release Sklyarov. He's not the right test case for anybody and his kids miss their father.

Next realize that before you can work out the best dynamic for protecting ebooks to keep them commercial, you need to have an industry in the first place. Ebook sales are still tiny, and nobody has really worked out the right way to sell them. I personally favour the subscription model (which I tried to build in 1992, offering all you can eat and dividing up the money to the authors based on who got most widely downloaded) or possibly a system I call "microrefunds" or the "Don't Pay" button, where people can freely trade content, and silently pay a small fee to the rights-holder when they do, but have the ability to ask not to pay (get a microrefund) at any time.

Criminalizing the tools just creates a pointless war. Computer experts just consider an attempt at a lock to be a challenge, and the weak systems can and will be broken even with the threat of jail. The jail will just make them do it underground, releasing the programs for free rather than selling them. No book reader for a PC can every truly protect its content, since it's always possible for a program to read the screen (whose contents are in the computer's memory) and convert it back to text.

Open formats encourage everybody, commercial and non-commercial, to make great tools to read and distribute the formats, and even great tools to help make money from them. If the proprietary formats provided some benefit to the actual reader, then one could imagine a market for them. But they don't, they only limit the reader, giving the reader very little reason to want them. The publishers want them, or think they do. (While the American Publisher's Association -- or some of it -- lauded the jailing, the Electronic Publishers Coalition condemned it.)

The debate over how to publish digital books will continue for some time. However, the issue of whether a young programmer from another country should sit without bail in a jail cell is much simpler. Whether you love DRM or hate it, sending people to jail for writing programs accomplishes little that's positive. It will make those who work in the area of computer security and cryptanalysis very frightened -- it has already done so. Sadly, it frightens both the "white hats" and "black hats" at the same time, as evidenced by the fact that a very white hat Princeton professor had to cancel giving a paper at a conference due to a letter threatening DMCA penalties.

While the white hats sit in fear, the black hats (and some of the white) will move underground, producing programs but releasing them anonymously, for free. Adobe was particularly concerned about a commercial product unlocking their books, but they and other DRM vendors would suffer much more commercial damage from free programs, and have less dialogue with those who find the flaws in their systems.

Nobody benefits. And most of all, the consumer doesn't benefit, and in the end the customer is always right. When I published e-books, I did them in open formats, and frankly never got any significant reports of lost sales due to piracy. Due to an inability to get rights outside the USA on two stories, I did have to do a simple DRM on those, and it caused far more problems and customer hassle than having the stories was worth.

Digital books are bigger today, but I don't think that equation has changed. The customer is still always right, and the fight to get any sort of adoption at all for ebooks is far more important than the fight to lock them up. The fight should never have led to putting a programmer in jail.
Executive Summary

Skylarov made an eBook unlocking tool while he was in Russia. That's legal to do in Russia. His employer -- not him -- then allegedly sold 7 copies of the tool into the USA. Assuming the tool is ruled a "circumvention device" under the DMCA, that's illegal.

A just society punishes those who actually do harm, not those who make tools which can be used to do harm. While the law does waver from that ideal, it seems that copyright infringement, and this case in particular, is a poor arena to make one of the exceptions. Especially one of the criminal exceptions.

In fact, the tool has a number of legitimate purposes, because without it, the dynamic of reading books changes, and removes a variety of fundamental rights and abilities that society has traditionally found to be of great benefit. Those include the "fair uses" which allow copying without the permission of the copyright holder.

On top of all the other contentious issues, this case brings up sticky international jurisdiction questions. Can the USA punish programmers in Russia who do things that are legal in Russia the moment they walk on U.S. soil? Should it?

The foreign aspect deepens the injustice more. While a U.S. programmer charged with this crime would be out on bail working on his defense, Sklyarov is forced to sit in jail, possibly for a long time, because he can't get bail as a flight risk. (You would be a flight risk in his shoes, too.)

As we've seen, punishing those who find the flaws in the security of the locks on digital content does more than stop pirates. It scares academics and silences protected speech.

Even if you feel that publishers have the right to use DRM if they want to, without us telling them it's bad for them, the real question behind the DMCA is whether we should throw those who fairly break the protection into jail.

There are other answers to selling online content that don't involve draconian DRM.

The DMCA needs a test case, but this one isn't it. It's not a good case for the pro-DMCA folks because of jurisdictional issues and the fact that it's his employer who sold the program not him. It's not a good case for anti-DMCA folks because a man stays in jail, thousands of miles from his family while the case is worked out.
4 stages of looking at what Dmitry did and is accused of
Did Dmitry make infringing copies of some eBook? Shouldn't that be illegal?

It is illegal, but he didn't do anything like that.
Did he sell a program in the USA that makes infringing copies of eBooks?

He didn't sell anything in the USA. He did help write a program that his employers allegedly sold a few copies of in the USA.
So this program his employers sold, it makes infringing copies of eBooks?

No, the copies it makes are generally legal. The program would normally be run by people who have legally bought a locked eBook. It would give them an unlocked regular file. It is legal for them to make and have this file, since they paid for the book in the first place.
So where is the copyright infringement going on here?

Once a person runs the program and has their own legal, unlocked copy, they have the ability to make further copies that they give away or sell. That would be a copyright infringement.

Of course, what Dmitry's employer allegedly did -- selling the unlocking program in the USA -- is not an infringement of any book publisher's copyright, but is illegal under the new DMCA law. So now Dmitry, the employee who designed the software, is in jail without bail.

July 24, 2001

Seeking Release of Dmitry Sklyarov

By Facsimile and Personal Delivery

Robert S. Mueller, III,

United States Attorney

450 Golden Gate Ave., Box 36055
San Francisco CA, 94102

Fax (415) 436-7234

Re: United States v. Sklyarov

Dear Mr. Mueller:

I am the Executive Director of the Electronic Frontier Foundation (EFF). I write to request a meeting with you to discuss the Sklyarov case. We have been attempting to contact you by telephone since Monday afternoon, but have not yet been successful.

As you may be aware, yesterday Adobe Systems, Incorporated, in a joint press release with the EFF, recommended the release of Mr. Sklyarov from federal custody. We attach a copy of the joint press release for your convenience.

Since the original complainant no longer wishes that this case be prosecuted and since Mr. Sklyarov remains in custody in Las Vegas, NV, far from his home and family, we would like to meet with you to discuss how Mr. Sklyarov can be freed.

We are available to meet at your convenience. Given the broad attention that this matter has garnered, Adobe's change of heart and the fact that Mr. Sklyarov remains in custody, we expect that there soon will be significant protests aimed at your offices calling for his release. While the EFF does not have the ability to control independent protests, if you indicate your willingness to meet with us by the end of the day Wednesday, July 25, we will, as a sign of good faith, refrain from calling for or organizing additional protests before that time.

We were pleased with Adobe's willingness to discuss this matter in a frank and open manner and hope that you will be willing to do the same. You can reach me on my office phone (415) 436-9333 x 103.

Sincerely,

SHARI STEELE

Executive Director

July 21, 2001

of Russian Programmer

Contacts for EFF:

Will Doherty, EFF Online Activist / Media Relations,
wild@eff.org,
+1 415-436-9333 x111

Robin Gross, EFF Staff Attorney - Intellectual Property,
robin@eff.org,
+1 415-436-9333 x112

Contact for Adobe:

Holly Campbell, Senior Corporate Public Relations Manager,
campbell@adobe.com,
+1 408-536-6401

San Jose, Calif. - Adobe Systems Incorporated (Nasdaq: ADBE) and the Electronic Frontier Foundation (EFF) today jointly recommend the release of Russian programmer Dmitry Sklyarov from federal custody.

Adobe is also withdrawing its support for the criminal complaint against Dmitry Sklyarov.

"EFF praises Adobe for doing the right thing," said Shari Steele, EFF Executive Director. "We are pleased to see that Adobe has lived up to the high standard of integrity that has made the company successful. While we don't agree on every detail of the Digital Millennium Copyright Act (DMCA), we look forward to working together with Adobe to secure Dmitry's immediate release."

"We strongly support the DMCA and the enforcement of copyright protection of digital content," said Colleen Pouliot, Senior Vice President and General Counsel for Adobe. "However, the prosecution of this individual in this particular case is not conducive to the best interests of any of the parties involved or the industry. ElcomSoft's Advanced eBook Processor software is no longer available in the United States, and from that perspective the DMCA worked. Adobe will continue to protect its copyright interests and those of its customers."

Sklyarov was arrested July 16 on a criminal complaint filed by the U.S. Attorney for the Northern District of California under the DMCA. ElcomSoft is the Moscow-based company employing Sklyarov.
About Adobe Systems Incorporated

Adobe Systems Incorporated ( http://www.adobe.com ) builds award winning software solutions for Network Publishing, including Web, print, video, wireless and broadband applications. Its graphic design, imaging, dynamic media and authoring tools enable customers to create, manage and deliver visually-rich, reliable content. Headquartered in San Jose, Calif., Adobe is the second largest PC software company in the U.S., with annual revenues exceeding $1.2 billion.

July 20, 2001

to Attorney General John Ashcroft

Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110

The Honorable John Ashcroft
Attorney General
Department of Justice
950 Pennsylvania Avenue N.W.
Washington, D.C. 20530

July 20, 2001

Dear Attorney General Ashcroft:

At the request of Adobe Corporation, Dmitry Sklyarov was arrested by the FBI on July 16th and charged with crimes under the Digital Millennium Copyright Act (DMCA). Mr. Sklyarov is a Russian national who came to the United States to deliver an academic presentation on his technological innovations. His arrest and subsequent detention without bail are shameful and opportunistic actions against an individual who was here simply to share his knowledge and technical expertise with American scientists.

Dmitry Sklyarov is not accused of any copyright infringement of any sort. He is a computer programmer. He stands accused of writing software that enables purchasers of electronic books to exercise their lawful fair use rights when viewing their eBooks. Such software is both legal and required in Russia, where it was written and developed. And while the DMCA does not prohibit its use in the US, providing the technology is banned under the DMCA. Courts have determined time and time again that computer code is creative expression worthy of First Amendment protection. Mr. Sklyarov is currently being held captive for the content of his ideas that demonstrate the flaws in Adobe's software and because he expressed them in the most precise scientific language available to his profession, computer code. Mr. Sklyarov's right to free expression under the U.S. Constitution and international treaty obligations must be respected.

Not only are Dmitry Sklyarov's human and civil rights being abused, the inability of programmers to distribute fair use tools infringes on the free speech rights of all of citizens who legitimately need them. Fair use is an integral part of the bargain of rights struck between the public and authors under U.S. copyright law. The U.S. Supreme Court has held that fair use provides the necessary breathing room to prevent a conflict between copyright and the guarantees of freedom of expression under the First Amendment. Although the Constitution mandates that copyrighted works pass into the public domain, the DMCA has outlawed all tools necessary to gain access to the works, even after those works rightfully belong to the public. Technology permits publishers to restrict access to and control the use of copyrighted works in ways that dangerously exceed the bounds of copyright, encroaching upon the public's rights to use and access knowledge.

While copyright holders are not accountable for the manner in which they release a work, the people must be permitted to take necessary steps in order to exercise their rights under the law. Jailing Dmitry Sklyarov strips people everywhere of that right and chills important research. The DMCA must be reigned in to comport with the limits set by the US Constitution.

When the DMCA was passing through Congress in 1998, the copyright industry promised it was needed as a shield for protection. Now as law, its used as a powerful sword to squelch speech and competition and kill fair use. Congress never intended for the DMCA to destroy fair use, in fact it expressly tried to protect it. As Attorney General, we ask that you honor this intent and your obligation to uphold the Constitution by dropping the charges against Dmitry Sklyarov and allowing him to return home to his wife and two small children.

Sincerely,

Shari Steele
Executive Director
Electronic Frontier Foundation

July 19, 2001

EFF Urges His Immediate Release

The Electronic Frontier Foundation and community activists urge concerned citizens to join in a San Francisco Bay Area protest on Monday, July 23, against software firm Adobe's role in the jailing of programmer Dmitry Sklyarov.

The local protest is part of a multinational effort to secure the release of Sklyarov, who was arrested for distributing electronic book software that expands the capabilities for reading, sharing, printing, and making backups of electronic books.

According to a Justice Department complaint used by the FBI in the Las Vegas arrest of Sklyarov earlier this week, Adobe requested that the Justice Department take action against the programmer, resulting in his arrest shortly after giving a conference presentation on security weaknesses of Adobe's eBook Reader software.

"Adobe, seeking to protect electronic property rights at any cost, has apparently pushed the U.S. Department of Justice into an ill-advised arrest of a Russian programmer under the Digital Millenium Copyright Act," reported EFF Executive Director Shari Steele.

Robin Gross, EFF Staff Attorney, said, "We join the international community in expressing outrage at the selective arrest of programmer Dmitry Sklyarov for allegedly distributing software that we believe is perfectly legal and helpful to electronic book purchasers."

"Our hearts go out to Dmitry's wife, children, and colleagues who are likely distraught by what appears to be a most disgraceful arrest," added Will Doherty, EFF Online Activist. "We protest Adobe's role in perpetrating this grave miscarriage of justice."

The San Francisco Bay Area protest will occur at Adobe Headquarters, from 11:00 am to 1:00 pm this Monday, July 23. Protestors will gather in San Jose at the Quetzalcoatl snake sculpture at the south end of Cesar de Chavez Park, at the corner of South Market St. and West San Carlos St, then march to Adobe Headquarters at 345 Park Avenue in San Jose.

Protest organizers include the Electronic Frontier Foundation, BoycottAdobe.com, and a loose-knit group of activists linked together through the free-sklyarov email list.

The organizers request that attendees bring along U.S. or Russian flags and signs. Free T-shirts from a group called BoycottAdobe.com will be distributed to the first fifty attendees.

Protests are also expected in Moscow, Denver, Boston, Seattle, and other locations.

For the latest information on the Sklyarov case, media releases, legal filings, and the protests, including ridesharing options, see:
http://www.eff.org/Alerts/

July 19, 2001

Publishers Hail Government Action Against Russian Ebook Hacker

Publishers Hail Government Action Against Russian Ebook Hackers

Washington, DC: The nation's largest association of book and journal publishers today hailed the actions of the U.S. Department of Justice in arresting and charging a Russian cryptographer for trafficking in software that was primarily designed to "hack" technological safeguards that prevent unauthorized copying and distribution of ebooks.

The actions at issue were taken in accordance with provisions of the Digital Millennium Copyright Act (DMCA), which was enacted by Congress in 1998 to implement two international copyright treaties that were adopted by the World Intellectual Property Organization (WIPO) and endorsed by the United States and nearly 100 other nations two years earlier. Among other things, the DMCA prohibits the manufacture or distribution of products or services that are primarily designed or produced to circumvent technological protection measures used by copyright owners, thereby meeting the treaties' requirement that signatory countries provide "adequate legal protection and effective legal remedies against circumvention" of such measures.

According to news reports and documents filed by the Justice Department in the case, Dmitry Sklyarov is the alleged author of a program, "Advanced eBook Processor," which was designed to unlock and strip the technological protection measures from the "eBook Reader" produced by Adobe Systems Incorporated. Sklyarov, who was arrested a day after addressing a "hackers convention" in Las Vegas on the subject of this software, is an employee of ElcomSoft, a Russian software company that has allegedly been selling the software through its website.

Pat Schroeder, President and Chief Executive Officer of the Association of American Publishers (AAP), hailed the Justice Department's actions as consistent with the DMCA's "anticircumvention" provisions and the underlying Congressional intent to promote the availability of books and other copyrighted works on the Internet and in other digital formats.

According to Mrs. Schroeder, "It's only common sense to expect that, if the public wants desirable books to be available online and through other digital media like the Adobe Reader, the authors and publishers who have the legal rights to commercially exploit such works in the global digital marketplace must have reasonable assurances that the market value of their works can be protected from the extraordinary risks of illegal reproduction and distribution that are made possible by the capabilities of digital media. Congress understood this when it enacted the DMCA to help promote the online availability of copyrighted works."

"Distribution of the means to strip ebooks of their access and copyright protections is not a public service, any more than it would be a public service to distribute the keys that unlock a bookstore or public library," Mrs. Schroeder said. "It merely facilitates theft, and makes it less likely that ebooks will soon become a popular reading format."

The Association of American Publishers is the national trade organization of the U.S. book publishing industry. AAP's 310 members include most of the major commercial publishing houses, along with many small and medium-sized houses, university presses, and scholarly societies. Among the Association's top priorities is the protection of intellectual property rights in all media.

July 18, 2001

from EFF Executive Director Shari Steele

Once again, the Digital Millineum Copyright Act (DMCA) is proving itself to be as harmful to civil liberties as we predicted it would be. The latest victim is a Russian programmer named Dmitry Sklyarov, who authored a program that permits copying, printing and lending of electronic books by unlocking a proprietary Adobe electronic book format.

Mr. Sklyarov has been brought up on criminal charges under the DMCA for distributing a product designed to circumvent copyright protection measures. This is different than the 2600 and Felten cases, which are civil lawsuits. In a civil lawsuit, one private citizen (or company) sues another for money and/or the cessation of a particular action. In a criminal case, the government brings charges against an individual (or company) and the punishment for conviction can be prison and/or fines.

EFF has been in contact with the Assistant U.S. Attorney (AUSA)'s office trying to track Mr. Sklyarov's whereabouts and speak with him directly. While the arrest took place in Las Vegas, the complaint was executed in San Jose, meaning that Mr. Sklyarov will be sent to California to stand trial. We have spoken with his colleagues, criminal defense attorneys and others to help with his defense. After he arrives in California, our first order of business is to get Mr. Sklyarov out of jail on a bond pending his trial. EFF has begun to pull together a top-notch legal team to help him defend his right to talk about and distribute the Advanced eBook Processor software program, and we'll be ready to step in as soon as it is appropriate.

EFF knew when we took on the 2600 Case over a year ago that fixing the DMCA would require several legal challenges. EFF remains committed to chipping away at this law until it no longer poses a threat to our right to free speech.

Lest anyone be confused, this case is not about copyright infringement. Mr. Sklyarov is not accused of infringing anyone's copyrights. He is accused of building the Advanced eBook Processor, a tool that allows the legitimate purchaser of an e-book to translate it from one digital format into another (from Adobe's eBook format into Adobe's Portable Document Format). Mr. Sklyarov is not being prosecuted for using the tool himself -- in fact, such a prosecution would be impossible, since using such a tool (as distinguished from building or distributing one) breaks no law. Mr. Sklyarov has entered the strange Twilight Zone of the DMCA, where using a tool is legal, but building it is a crime.

We invite your support. If you are not yet an EFF member, please join with us at http://www.eff.org/support. If you already are a member and wish to make a donation, you can use that same link to get to our donation page.

Together we will keep the pressure on anyone who chooses to degrade our basic rights. Thanks for your help.

July 17, 2001

Distributed Tool that Increases Purchaser's Control of eBooks

The FBI arrested Russian citizen Dmitry Sklyarov in Las Vegas, Nevada, yesterday on charges of distributing a product designed to circumvent copyright protection measures. Sklyarov, who was in Las Vegas to deliver a lecture on electronic book security, allegedly authored a program which permits editing, copying, and printing of electronic books by unlocking a proprietary Adobe electronic book format.

Charged in one of the first United States criminal prosecutions under the Digital Millenium Copyright Act (DMCA), Sklyarov is currently in custody in Las Vegas pending transfer to the Northern California US Federal District Court.

The case involves Advanced eBook Processor (AEBPR), software developed by Sklyarov's Russian employer Elcomsoft. According to the company's website, the software permits eBook owners to translate from Adobe's secure eBook format into the more common Portable Document Format (PDF). The company maintains that the software only works on legitimately purchased eBooks.

Adobe's eBook format restricts the manner in which a legitimate eBook buyer may read, print, back up, and store electronic books. The Advanced eBook Processor appears to remove these usage restrictions, permitting an eBook consumer to enjoy the ability to move the electronic book between computers, make backup copies, and print. Many of these personal, non-commercial activities may constitute fair use under U.S. copyright law. Of course, the Advanced eBook Processor software may also make it easier to infringe copyrights, since eBooks, once translated into open formats like PDF, may be distributed in illegitimate ways.

Robin Gross, attorney with the Electronic Frontier Foundation (EFF), explained, "The U.S. government for the first time is prosecuting a programmer for building a tool that may be used for many purposes, including those that legitimate purchasers need in order to exercise their fair use rights."

Jennifer Granick, Clinical Director at the Stanford Law School Center for Internet and Society, commented that "the DMCA says that companies can use technology to take away fair use, but programmers can't use technology to take fair use back. Now the government is spending taxpayer money putting people from other countries in jail to protect multinational corporate profits at the expense of free speech."

Alexander Katalov, President and Owner of Elcomsoft, expressed anger and disappointment over Sklyarov's arrest: "Dimitry is only one of the programmers who worked on this program, so I don't understand why it is his sole responsibility. In Russia, we have no law like the DMCA. In fact, distributing Adobe's eBook software is illegal in Russia, since Russian law requires that the software permit the purchaser to make at least one legal copy."

June 6, 2001

Electronic Frontier Foundation Challenges Record Companies

Trenton, NJ -- The Electronic Frontier Foundation (EFF) today asked a federal court to rule that Princeton University Professor Edward Felten and his research team have a First Amendment right to present their research on digital music access-control technologies at the USENIX Security Conference this August in Washington, DC, despite threats from the recording industry.

When scientists from Princeton University and Rice University tried to publish their findings in April 2001, the recording industry claimed that the 1998 Digital Millennium Copyright Act (DMCA) makes it illegal to discuss or provide technology that might be used to bypass industry controls limiting how consumers can use music they have purchased.

Like most scientists, the researchers want to discuss their findings and publish a scientific paper about the vulnerabilities of several technologies they studied. Open discussion of music customer control technologies has resulted in improved technology and enhanced consumer choice.

"Studying digital access technologies and publishing the research for our colleagues are both fundamental to the progress of science and academic freedom," stated Princeton scientist Edward Felten. "The recording industry's interpretation of the DMCA would make scientific progress on this important topic illegal."

Felten's research team includes Princeton University scientists and plaintiffs Bede Liu, Scott Craver, and Min Wu. Also members of the research team and plaintiffs are Rice University researchers Dan Wallach, Ben Swartzlander, and Adam Stubblefield. Another scientist and plaintiff is Drew Dean, who is employed in the Silicon Valley. The USENIX Assocation has joined the case as a plaintiff.

The prominent scientist and his research team originally planned to publish the paper in April at the 4th International Information Hiding Workshop. However, the scientists withdrew the paper at the last minute because the Recording Industry Association of America (RIAA) and the Secure Digital Music Initiative (SDMI) Foundation threatened litigation against Felten, his research team, and the relevant universities and conference organizers.

SDMI sponsored the "SDMI Public Challenge" in September 2000, asking Netizens to try to break their favored watermark schemes, designed to control consumer access to digital music. When the scientists' paper about their successful defeat of the watermarks, including one developed by a company called Verance, was accepted for publication, Matt Oppenheim, an officer of both RIAA and SDMI, sent the Princeton professor a letter threatening legal liability if the scientist published his results.

EFF filed the legal challenge in New Jersey federal court against RIAA, SDMI, Verance, and the U.S. Justice Department so that the researchers need not fear prosecution under DMCA for publishing their research.

"When scientists are intimidated from publishing their work, there is a clear First Amendment problem," said EFF's Legal Director Cindy Cohn. "We have long argued that unless properly limited, the anti-distribution provisions of the DMCA would interfere with science. Now they plainly have."

"Mathematics and code are not circumvention devices," explained Jim Tyre, an attorney on the legal team, "so why is the recording industry trying to prevent these researchers from publishing?"

USENIX Executive Director Ellie Young commented, "We cannot stand idly by as USENIX members are prevented from discussing and publishing the results of legitimate research."

EFF is challenging the constitutionality of the anti-distribution provisions of the DMCA as part of its ongoing Campaign for Audiovisual Free Expression (CAFE). The CAFE campaign fights over-reaching intellectual property laws and restrictive technologies that threaten free speech in the digital age. "The recording studios want to control how consumers can use the music they buy. Now they want to control scientists and publishers, to prevent consumers from finding out how to bypass the unpopular controls," said EFF Staff Attorney Robin Gross.

Media professionals have been invited to attend a June 6 press conference and simultaneous teleconference on the Felten case featuring the legal team and Professor Felten.

The legal team includes EFF attorneys Lee Tien, Cindy Cohn, and Robin Gross. Outside lead counsel Gino Scarselli, argued the Junger case where the 6th Circuit Court of Appeals ruled unanimously that computer code is creative expression worthy of First Amendment protection. Also members of the legal team are James Tyre, a technology savvy lawyer from Southern California who co-founded the Censorware Project and wrote an amicus brief in Universal v. Reimerdes, and Joe Liu, a Professor of Law at Boston College. Local counsel in New Jersey are First Amendment specialists Frank Corrado of Rossi, Barry, Corrado, Grassi and Radell, and Grayson Barber, chair of the ACLU-NJ privacy committee.

For more background on Professor Felten and his team's legal challenge:
http://www.eff.org/sc/felten/

For EFF's legal filing in the Felten case:
http://www.eff.org/sc/felten/20010606_eff_complaint.html

RIAA/SDMI letter threatening Professor Felten and his team:
http://www.eff.org/sc/felten/20010409_riaa_sdmi_letter.html

Professor Felten's website:
http://www.cs.princeton.edu/sip/sdmi/

Listen to an audio file about EFF's legal challenge to SDMI (MP3):
http://www.eff.org/sc/felten/felten_audio.html

For more information on the August USENIX Security conference:
http://www.usenix.org/events/sec01/

About EFF:

The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most linked-to Web sites in the world: http://www.eff.org/

About USENIX:

The USENIX Association, an organization representing some 10,000 computer research scientists is dedicated to the free exchange of scholarly information through its many conferences and publications. See its website at: http://www.usenix.org/

April 20, 2001

ISP Subpoena for User's Identity Quashed in 2TheMart.com case

For Immediate Release -- Apr. 20, 2001
Contact:

Lauren Gelman, Public Policy Dir.
gelman@eff.org
+1 202 487-0420

Seattle -- In a precedent-setting ruling on free speech in cyberspace, a federal court in Seattle yesterday upheld the right to speak anonymously on the Internet. U.S. District Court Judge Thomas Zilly quashed a subpoena seeking to force an Internet service to disclose the identity of persons who spoke anonymously on an Internet message board. The American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) represented J. Doe, one of the anonymous speakers, in blocking the subpoena.

The subpoena was filed by 2TheMart.com, Inc., which is currently defending itself against a class-action lawsuit alleging the company engaged in securities fraud. The subpoena requested that InfoSpace turn over the identities of 23 speakers who used pseudonyms in participating on the Silicon Investor Web site owned by InfoSpace.

The ruling is the first of its kind nationally in a case involving anonymous speech by a third party. The case differs from many other Internet anonymity cases because J. Doe, who used the pseudonym "NoGuano," is not a party to the case, and no allegations of liability against Doe have been made. While Doe does maintain a Silicon Investor account, Doe never made any statements about 2TheMart, nor has Doe ever posted on Silicon Investor's 2TheMart message board.

"This is an important ruling for free speech on the Internet. The court recognized that you should be able to express opinions online without having to worry your privacy will be invaded because of a lawsuit that has nothing to do with you," said Aaron Caplan, staff attorney for the American Civil Liberties Union, an organization with an 80-year history of defending freedom of speech. "You have the right to speak anonymously on an Internet bulletin board just as you have the right to distribute a leaflet using a pseudonym," added Caplan. Caplan argued the case on behalf of J. Doe before the Court.

"By ruling for Doe, Judge Zilly has sent a clear message that the courts will not tolerate lawsuits designed to chill online speech," said Lauren Gelman, director of public policy for the Electronic Frontier Foundation, a civil liberties organization working to protect rights in the digital world. "We hope that this decision will force companies to think twice before they issue subpoenas, and encourage users to step forward and protect their rights if they receive a subpoena."

The ACLU and EFF argued that the Court should adopt the same test currently used to determine whether to compel identification of anonymous sources of journalists or members of private organizations. Under that test, the Court must first determine whether the person seeking the protected private information (in this case 2TheMart.com) has a genuine need for the information in the context of the case and cannot discover the information any other way. If so, the Court must then balance the harm to the anonymous speakers against the plaintiff's need to discover the identity of the speaker. Anonymity should be preserved unless the identity of the anonymous person is clearly shown to be of central importance to the case. In his ruling, Judge Zilly said that the information sought by the subpoena clearly was not central to the case of 2TheMart.com.

2TheMart.com was a fledgling company that intended to launch an online auction house. After its stock price plunged in 1999, a number of investors sued for securities fraud, alleging that the company had misled them about its prospects. Like many Internet start-ups, 2TheMart.com had a number of people who chatted about the company on investor-related bulletin boards. One of these bulletin boards was operated by Silicon Investor, a Web site now owned by Seattle-based InfoSpace. The postings were made under 23 different user names, including "The Truthseeker," "Edelweiss," and "NoGuano."

J. Doe was represented by ACLU staff attorney Aaron Caplan and Cindy Cohn, legal director for EFF. InfoSpace also submitted a brief supporting the right of its users to speak anonymously, and Brent Snyder of Perkins Coie argued the case before Judge Zilly on behalf of InfoSpace.

The briefs may be found at the EFF website at:
http://www.eff.org/Legal/Cases/2TheMart_case
and may also be available on the ACLU-WA website at: http://www.aclu-wa.org
An opinion will be published in the case and will be posted on the websites when it is available.
About EFF:

The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most linked-to Web sites in the world:
http://www.eff.org

February 26, 2001

EFF & ACLU-WA Defend Pseudonym-Using Message Board User

For Immediate Release
Contact:

Cindy Cohn
Director of Legal Services
Electronic Frontier Foundation
(415)436-9333 x 108

Doug Honig
ACLU
(206)624-2184

Seattle- In a case involving free speech and privacy rights online, the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) today asked a federal court in Washington to quash a subpoena that would force an Internet service to disclose the identity of a person who spoke anonymously on an Internet bulletin board.

The ACLU and EFF are representing J. Doe in seeking to block a subpoena by 2TheMart.com, Inc., which is currently defending itself against a class-action lawsuit alleging the company engaged in securities fraud. The subpoena requests InfoSpace turn over the identities of 23 speakers who used pseudonyms in participating on the Silicon Investor Web site owned by InfoSpace. The motion to quash the subpoena was filed in U.S. District Court in Seattle.

This case differs from many other Internet anonymity cases because J. Doe, who used the pseudonym "NoGuano," is not a party to the case, and no allegations of liability against Doe have been made. While Doe does maintain a Silicon Investor account, Doe never made any statements about 2TheMart, nor has Doe ever posted on Silicon Investor's 2TheMart message board.

"If the courts don't establish a standard for the issuance of subpoenas in cases where the anonymous speaker is not a party, every party in every civil action could start subpoenaing the identities of online speakers in the desperate hope of finding something useful for their case," said Cindy Cohn, Legal Director for the Electronic Frontier Foundation, a civil liberties organization working to protect rights in the digital world. "The courts should not allow subpoenas to be used for 'fishing expeditions' when individuals' First Amendment rights are at stake. The chilling effect on free speech would be catastrophic."

"People commonly use pseudonyms when speaking on the Internet. This promotes a diversity of viewpoints in cyberspace. The right to speak anonymously on an

Internet bulletin board should be upheld just as is the right to distribute a leaflet using a pseudonym," said Aaron Caplan, staff attorney for the American Civil Liberties Union, an organization with an 80-year history of defending freedom of speech.

In their brief filed today, the ACLU and EFF argue that the Court should adopt the same test currently used to determine whether to compel identification of anonymous sources of journalists or members of private organizations. Under that test, the Court must first determine whether the person seeking the protected private information (in this case 2TheMart.com) has a genuine need for the information in the context of the case and cannot discover the information any other way. If so, the Court must then balance the harm to the anonymous speakers against the plaintiff's need to discover the identity of the speaker. Anonymity should be preserved unless the identity of the anonymous person is clearly shown to be of central importance to the case.

2TheMart.com was a fledgling company that intended to launch an online auction house. After its stock price plunged in 1999, a number of investors sued for securities fraud, alleging that the company had misled them about its prospects. Like many Internet start-ups, 2TheMart.com had a number of people who chatted about the company on investor-related bulletin boards. One of these bulletin boards was operated by Silicon Investor, a Web site now owned by Seattle-based InfoSpace. The postings were made under 23 different user names, including "The Truthseeker," "Edelweiss," and "NoGuano."

John Doe is being represented by ACLU staff attorney Aaron Caplan and Cindy Cohn, legal director and senior staff attorney for EFF.

The brief may be found at the EFF Web site at: http://www.eff.org/Legal/Cases/2TheMart_case/

About EFF:

The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most linked-to Web sites in the world:
http://www.eff.org

Related Issues:
May 15, 2000

'Prior Restraint' of Speech Unconstitutional

Contacts:

Katina Bishop - EFF Communications Manager
+1 415 436 9333 x101
katina@eff.org

Robin Gross - EFF Staff Attorney
robin@eff.org

 

San Francisco CA -- The Electronic Frontier Foundation today appealed a January 20 order barring publication of DeCSS software on dozens of Web sites. The appeal to the California Sixth Appellate Court seeks to overturn the preliminary injunction that unfairly valued the DVD- CCA's claim of potential future financial harm above important First Amendment rights.

DeCSS is free software that allows people to play DVDs without technological restrictions, such as region codes, that are preferred by movie studios.

"The trial court simply ignored the defendant's First Amendment right to publish DeCSS on his Website," said David Greene, Executive Director and staff council to the First Amendment Project, and a member of EFF's DVD legal defense team. "The court's injunction is a prior restraint on free expression, one of the most severe civil penalties in our legal system. Even a momentary deprivation of the right to speak or publish causes serious and irreparable harm, far more grave than any monetary loss."

A "prior restraint" is government action that prevents a citizen's speech or publication from reaching its listeners. It can only be imposed for a very brief period, in extreme situations where the act of publishing threatens an interest more fundamental than the First Amendment itself, such as the safety of troops in wartime. In this case, the Preliminary Injunction prohibited publication of DeCSS after only a brief examination of dubious evidence. Furthermore, the order is unclear about exactly what is prohibited.

DVD-CCA claims that the defendants were mis-appropriating its trade secrets by posting DeCSS on their Websites. However, trade secret law only prevents publication by those who entered into contracts to protect the secret.

According to Eben Moglen, law professor at Columbia University, " In this appeal, EFF raises the central Constitutional question concerning the use of sweeping injunctions to control the flow of discussion and information on the Internet on allegations that commercial secrets are involved. I look forward to a decision in the court of appeals that takes Constitutional rights seriously."

EFF's Appeal brief is available at:
  http://www.eff.org/IP/Video/DVDCCA_case/20000515-appeal-brief.html

Background

The movie industry initiated legal attacks against Web publishers in California, New York, Connecticut, and Norway over the DeCSS software code posted on their sites. EFF is defending the DVD cases as part of its Campaign for Audiovisual Free Expression (CAFE). CAFE was launched last year to address complex social and legal issues raised by new technological measures for protecting intellectual property.

For complete information on the MPAA and DVD-CCA cases, see:
http://www.eff.org/IP/Video
http://www.eff.org/IP/Video/DVDCCA_case/20000515-appeal-brief.html

For more information on The First Amendment Project, see:
http://www.thefirstamendment.org

For more information concerning EFF's Campaign for Audiovisual Free Expression, see:
http://www.eff.org/cafe

The Electronic Frontier Foundation (http://www.eff.org) is the leading global nonprofit organization linking technical architectures with legal frameworks to support the rights of individuals in an open society. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most-linked-to Web sites in the world.

The First Amendment Project (http://www.thefirstamendment.org) is a nonprofit, public interest law firm and advocacy organization dedicated to protecting and promoting freedom of information, expression, and petition. FAP provides advice, educational materials, and legal representation to its core constituency of activists, journalists, and artists in service of these fundamental liberties.

April 6, 2000

EFF Gives $50,000 to Finder of Largest Known Prime Number

Contact:
Katina Bishop - Electronic Frontier Foundation
(415) 436-9333 ex. 101

San Francisco, CA -- The Electronic Frontier Foundation (EFF) has announced that it has awarded the first of four Cooperative Computing Awards on April 6th at the Computers, Freedom and Privacy conference in Toronto, Canada. (see http://www.cfp.org). The $50,000 prize will go to Nayan Hajratwala of Plymouth, Michigan, a participant of the Great Internet Mersenne Prime Search (GIMPS), for the discovery of a two million digit prime number found using the collective power of tens of thousands of computers on the Entropia.com network.

"GIMPS represents much of the best spirit of the Internet, and Entropia is proud to be its distributed computing platform," said Kurowski. "Capturing the imaginations of the young and old alike, GIMPS is community oriented, frontier expanding, and foremostly founded on fun and the love of recreational discovery."

"GIMPS leader George Woltman and Entropia wanted the full award amount to go to the individual or team whose computer found the winning prime," stated Scott Kurowski, founder of Entropia.com, Inc., the company that created and operates the network that powers GIMPS and similar computing efforts. "We believed this added excitement for all GIMPS participants - everyone had an equal chance of winning a substantial award."

EFF sponsors the Cooperative Computing Awards to encourage innovative computing that brings together ordinary Internet users to collectively contribute to solving huge scientific problems. EFF hopes to spur the technology of cooperative networking and encourage Internet users worldwide to join together in solving scientific problems involving massive computation. EFF is uniquely situated to sponsor these awards, since part of its mission is to encourage the harmonious integration of Internet innovations into the whole of society. Future prizes for larger primes will be given, up to $250,000. See http://www.eff.org for more details.

"The EFF awards are about cooperation," said John Gilmore,EFF co-founder, Interim Executive Director, and project leader for the awards. "Prime numbers are important in mathematics and encryption, but the real message is that many other problems can be solved by similar methods."

The Cooperative Computing Award will be held on the evening of April 6, 2000 in Toronto's historic St. Lawrence Hall as part of the Ninth Annual EFF Pioneer Award Ceremony. The ceremony and reception are made possible by a contribution from Anonymizer.com.

"It has been an honor to participate in a project that has brought so much publicity to the distributed computing world," stated winner Nayan Hajratwala. "Thanks to George and Scottfor the amazing work they have done on GIMPS. The EFF's CooperativeComputing Awards will no doubt spur more interest and participation in the GIMPS project and bring us bigger and better primes."

For more information on the Cooperative Computing Awards, see:
http://www.eff.org/awards/coop.html

For more information on GIMPS, see:
http://www.mersenne.org/prime.htm

For more information on Entropia.com, Inc., see:
http://entropia.com

The Electronic Frontier Foundation ( http://www.eff.org ) is the leading global nonprofit organization linking technical architectures with legal frameworks to support the rights of individuals in an open society. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most-linked-to Web sites in the world.

[Note to EFF members: Your membership dues do NOT go into the Cooperative Computing Awards fund. The CCA program is funded entirely by a single earmarked individual donation.]

March 3, 2000

in Bernstein v. DoJ

LETTER BRIEF
BY ORDER OF THE COURT

Ms. Cathy Catterson
Clerk, United States Court of Appeals
for the Ninth Circuit
P.O. Box 193939
San Francisco, CA 941119-3939

Re: Bernstein v. Department of Justice
Case No. 97-16686
Please circulate to Justices B. Fletcher, T. Nelson and M. Bright

Dear Ms. Catterson:

We write pursuant to the Order of the Court dated January 31, 2000, modified to extend time for filing on February 7, 2000. The Court has asked us to address the advisability of a remand in light of the issuance of the new interim export regulations relating to encryption software on January 14, 2000. The Court also asked us to address the question of the form of such a remand, if such is ordered.

Having now had the opportunity to review both the new interim regulations and the Advisory Opinion issued by the Defendants on February 17, 2000, Plaintff believes that a remand to the District Court is appropriate. The amendments make a number of significant changes in the export licensing requirements at issue in this case. These changes appear to impace the legal and factual context of this case. See e.g. Hays v. Concannon 921 F.2d 240 (9th Cir. 1990) (remand to District Court appropriate when legislation passed to "address problems created by" previous regulations).

While Plaintiff remains concerned about the Constitutionality and ambiguity of the new interim regulations, and while they do not appear to affect Professor Bernstein's scientific activities, we are continuing to seek clarification from the Defendants and believe that, regardless of the outcome of that process, the questions concerning the new interim regulations should be heard in the District Court in the first instance.

Plaintiff and Defendants have engaaged in discussions concerning the impact of a remand on the injunctive relief granted by the District Court and upheld by this Court. The injunctive relief was granted by the District Court and subsequently stayed in part by the District Court and in part by this Court pending determination of the appeal of this matter. The injunctive relief ordered as follows:

6) defendants are permanently enjoined from doing or causing to be done the following acts:

a) further and future enforcement, operation or execution of the statutes, regulations, rules, policies and practices declared unconstitutional under this order, including criminal or civil prosecutions with respect to plaintiff or anyone who uses, discusses or publishes, or seeks to use, discuss or publish plaintiff's encryption program or related materials described in paragraph 5[1] of this order, and

b) threatening, detaining, prosecuting, discouraging or otherwise interfering with plaintiff or any other person described in paragraph 6) above in the excercise of their federal constitutional rights as declared in this order.

Defendants have requested that the injunctive relief be vacated pending further order of the District Court.

Plaintiff sees no need for this Court to vacate the injunctive relief already granted. First, such action is premature without a briefing on the merits and scope of the relief granted before this Court of the District Court. Second, this request is puzzling, since Defendants have publicly claimed that the regulations no longer restrain Professor Bernstein or others engaged in similar activities. While Plaintiff is seeking further clarifications about this claim, it is difficult to understand why the injunctive relief should be vacated if Defendants no longer intend to enforce their prior regulations against Professor Bernstein and others.

Nonetheless, in order to accomodate Defendants' concerns, Plaintiff has offered to allow the stays of injunctive relief currently in force to remain in force pending further order of the District Court. Defendants have refused this offer and instead have asked the court to affirmatively vacate the previous injunctive relief.

There is no basis to grant Defendants this relief at this time. Defendants have choses to revise their regulations. Nothing about this decision, which was made without consultation with the Court of Plaintiff, justifies the affirmative vacating of the District Court's prior issued relief in this action, which relief was upheld by this Court on appeal.

Accordingly, Plaintiff requests that this case be remanded to the District Court for consideration of the impact on the case of the changes in the export regulations issued on January 14, 2000. To the extent they have any further applicability in light of the new regulations, the says placed by the 9th Circuit and District Court may remain in effect pending this further review by the District Court.

Footnote

[1] Paragraph 5 states: "the court declares that the Export Administration Regulations, 15 C.F.R. Pt. 730 et seq. (1997) and all rules, policies and practices promulgated or pursued thereunder insofar as they apply to or require licensing for encryption and decryption software and related devices and technology are in violatio of the First Amendment on the grounds of prior restraint and are, therefore, unconstitutional as discussed above, and shall not be applied to plaintiff's publishing of such items, including scientific papers, algorithms or computer programs."

Sincerely,

MCGLASHAN & SARRAIL
Professional Corporation

[signature]
CINDY A. COHN
Attorneys for Appellee
DANIEL J. BERNSTEIN

October 1, 1999

On September 30, 1999, the Ninth Circuit Court of Appeals announced that it is granting the government's request to rehear the case Bernstein v. U.S. Department of Justice en banc. The case had been previously decided in Professor Bernstein's favor by a three-judge panel of the court. By granting the government's request, the court has withdrawn the panel's earlier decision and has agreed to having all 21 members of the court rehear the case. No dates have been set yet for this reconsideration.

The Electronic Frontier Foundation (EFF) is disappointed by the court's decision, but we are not surprised. The ramifications of this case are far-reaching, and most legal scholars agree that this matter will eventually end up before the Supreme Court of the United States. We are confident that the full Ninth Circuit court will recognize the unconstitutionality of the export restrictions on encryption and will hold as the three-judge panel did, in our favor.

We do not believe that the Clinton Administration's recent announcement on liberalizing the export controls on encryption has any bearing on this case. The export control laws on encryption are unconstitutional as a prior restraint on speech, because they require people to submit their encryption algorithms to the government for review before those algorithms can be exported. The new regulations, which are not due out until sometime in December, will continue to require source code to be reviewed before it can be exported. While the government's new policy appears to make it easier for companies to export encryption products designed for mass markets, it does little to address the constitutional deficiencies in the regulations. In fact, EFF was disappointed that the government's announcement did not even acknowledge that courts have found the export restrictions on encryption to be unconstitutional.

For more information on the Bernstein case, please visit the EFF web site

We'll be sure to send around another update when we learn the rehearing date from the court.

Shari Steele
Director of Legal Services
Electronic Frontier Foundation
ssteele@eff.org

June 21, 1999

As expected, the U.S. Government today sought further review by the 9th Circuit of a 3 judge panel's recent decision holding that the federal government's regulations of encryption is unconstitutional. The Petition, which seeks both rehearing from the panel and rehearing en banc by an 11 judge panel, asserts two basic arguments, neither of which is new to the case.

The government argues that the 9th Circuit panel incorrectly determined that the export restrictions on source code are facially unconstitutional. This argument is based upon an entirely unsupported assertion that source code is only used expressively "on occasion."

"This should come as a big surprise to the millions of people who study, write, read, and develop their ideas using programming languages," noted lead counsel, Cindy Cohn. "This includes most of the inhabitants of Silicon Valley, as well as the mathematics, physics, computer science and other departments of high schools, universities, and businesses worldwide where such expressions are written, read, and reviewed daily. It is also is directly contradicted by evidence included in the record of this case."

The government also argues that the court should have rewritten the regulations to make them Constitutional rather than strike them down. By this, the government is asking the Court to step into the shoes of the agency and rewrite the regulations.

"Obviously this is not a proper role for a court," stated Ms. Cohn. "Indeed had the Court done so the government would have protested the 'judicial activism' of the Court. Writing regulations that meet the constitutional standards for free speech is certainly within the abilities of the Commerce Department."

"In sum, the Petition for Rehearing is not surprising, nor does it raise any new arguments," Cohn concluded. "It instead indicates the intention of the Government to delay justice for Professor Bernstein and the millions of others who are restricted by the encryption regulations for as long as possible."

Background

The Ninth Circuit Court of Appeals ruled on May 6, 1999 that the federal government's restrictions on encryption are unconstitutional, affirming a lower court's ruling that export control over cryptographic "software and related devices and technology are in violation of the First Amendment on the grounds of prior restraint."

The case has been sponsored by EFF since 1995 because of its importance to society, free expression, electronic commerce, and privacy in the digital world.

Encryption, the process of coding and decoding computerized information, is the most critical technological solution to protecting privacy and keeping computer networks secure. Acknowledging this point, the appeals court said "[t]he availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty."

The EFF Bernstein legal team consists of: Cindy A. Cohn, McGlashan & Sarrail; Lee Tien; James Wheaton & Elizabeth Pritzker, First Amendment Project; Robert Corn-Revere, Hogan & Hartson; M. Edward Ross, Steefel, Levitt & Weiss; and Dean Morehous & Sheri A. Byrne, Thelen, Marin, Johnson & Bridges.

June 21, 1999

As expected, the U.S. Government today sought further review by the 9th Circuit of a 3 judge panel's recent decision holding that the federal government's regulations of encryption is unconstitutional. The Petition, which seeks both rehearing from the panel and rehearing en banc by an 11 judge panel, asserts two basic arguments, neither of which is new to the case.

The government argues that the 9th Circuit panel incorrectly determined that the export restrictions on source code are facially unconstitutional. This argument is based upon an entirely unsupported assertion that source code is only used expressively "on occasion."

"This should come as a big surprise to the millions of people who study, write, read, and develop their ideas using programming languages," noted lead counsel, Cindy Cohn. "This includes most of the inhabitants of Silicon Valley, as well as the mathematics, physics, computer science and other departments of high schools, universities, and businesses worldwide where such expressions are written, read, and reviewed daily. It is also is directly contradicted by evidence included in the record of this case."

The government also argues that the court should have rewritten the regulations to make them Constitutional rather than strike them down. By this, the government is asking the Court to step into the shoes of the agency and rewrite the regulations.

"Obviously this is not a proper role for a court," stated Ms. Cohn. "Indeed had the Court done so the government would have protested the 'judicial activism' of the Court. Writing regulations that meet the constitutional standards for free speech is certainly within the abilities of the Commerce Department."

"In sum, the Petition for Rehearing is not surprising, nor does it raise any new arguments," Cohn concluded. "It instead indicates the intention of the Government to delay justice for Professor Bernstein and the millions of others who are restricted by the encryption regulations for as long as possible."

Background

The Ninth Circuit Court of Appeals ruled on May 6, 1999 that the federal government's restrictions on encryption are unconstitutional, affirming a lower court's ruling that export control over cryptographic "software and related devices and technology are in violation of the First Amendment on the grounds of prior restraint."

The case has been sponsored by EFF since 1995 because of its importance to society, free expression, electronic commerce, and privacy in the digital world.

Encryption, the process of coding and decoding computerized information, is the most critical technological solution to protecting privacy and keeping computer networks secure. Acknowledging this point, the appeals court said "[t]he availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty."

The EFF Bernstein legal team consists of: Cindy A. Cohn, McGlashan & Sarrail; Lee Tien; James Wheaton & Elizabeth Pritzker, First Amendment Project; Robert Corn-Revere, Hogan & Hartson; M. Edward Ross, Steefel, Levitt & Weiss; and Dean Morehous & Sheri A. Byrne, Thelen, Marin, Johnson & Bridges.

Details on the Bernstein case, including information on the lower court's rulings, are available on the Internet at http://www.eff.org/bernstein.

May 7, 1999

On May 6, a three-judge panel of the United States Court of Appeals for the Ninth Circuit in San Francisco issued a decision in a case involving government controls on encryption exports. The Department of Commerce and the Department of Justice are currently reviewing the Ninth Circuit's decision in Daniel Bernstein v. United States Department of Justice and United States Department of Commerce. We are considering possible avenues for further review, including seeking a rehearing of the appeal en banc in the Ninth Circuit.

The regulations controlling the export of encryption products currently remain in full effect. The Ninth Circuie effect until the court issues its mandate, which will not occur for at least 45 days. If the government asks the Ninth Circuit to rehear the appeal during that time, the mandate will not issue until after the Ninth Circuit has acted on the government's request.

The district court injunction in this case relating to the encryption export regulations has been stayed by orders isued earlier by the district court and the Ninth Circuit, and the stays of the injunction remain in effect until the mandate issues. Accordinaly, all persons who wish to engage in encryption export activity, including the posting or other distribution of encryption software on the Internet, must still comply with the export licensing requirements of the Export Administration Regulations, administered by the U.S. Department of Commerce's Bureau of Export Administration (BXA).

May 7, 1999

EFF-Sponsored Case Scores Big Victory for Free Speech, Privacy, and Security on the Internet

The Ninth Circuit Court of Appeals has ruled that the federal government's restrictions on encryption are unconstitutional, affirming a lower court's ruling that export control over cryptographic "software and related devices and technology are in violation of the First Amendment on the grounds of prior restraint."

"The Court understood the strong First Amendment issues at stake here," noted Cindy Cohn, lead counsel for the Bernstein litigation team. "The decision is thorough and should stand up to further review."

The case has been sponsored by EFF since 1995. "We sponsored Professor Dan Bernstein's case because of its importance to society, free expression, electronic commerce, and privacy in the digital world," said Tara Lemmey, EFF's President and Executive Director.

Encryption, the process of coding and decoding computerized information, is the most critical technological solution to protecting privacy and keeping computer networks secure. Acknowledging this point, the court said "[t]he availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty."

The court recognized the case's impact on society by saying "...it is important to point out that the [Bernstein case] is a suit not merely concerning a small group of scientists laboring in an esoteric field, but also touches on the public interest broadly defined."

"The US government has wielded these export controls to deliberately eliminate privacy for ordinary people," said John Gilmore, co-founder of EFF. "The controls created wireless phones that scanners can hear, e-mail that's easy to intercept, and unsecured national infrastructures that leave us all vulnerable. Misguided national security bureaucracies use these controls everyday, to damage the nation they are sworn to protect, and to undermine the constitution they are sworn to uphold. Today's ruling is a giant step toward a sane policy."

The government, led by Justice Department attorney Scott McIntosh, argued that the export control laws on encryption are necessary to protect U.S. national security. Even if the export control laws are in fact regulated speech, McIntosh argued, if the government's intent was to regulate something other than publication, it only needed to show that the rules were "narrowly tailored" to serve a "substantial government interest." The court disagreed. "[B]ecause the prepublication licensing regime challenged here applies directly to scientific expression, vests boundless discretion in government officials, and lacks adequate procedural safeguards, it constitutes an impermissible prior restraint on speech," wrote the two assenting judges.

Judge Bright indicated that due to the importance of the case "it may be appropriate for review by the US Supreme Court." EFF anticipates that the government will ask for a stay of this ruling pending appeal. If granted, the stay would prohibit encryption exports even within the Ninth Circuit's jurisdiction, including all federal courts in California, Oregon, Washington, Arizona, Montana, Idaho, Nevada, Alaska, Hawaii, Guam and the Northern Mariana Islands, until the matter is finally resolved.

Related Issues:
May 6, 1999

"I'm pleased the federal appeals court has affirmed Federal District Court Judge Marilyn Patel's original decision that in the name of national defense, the U.S. government should not restrict the very liberties it is supposed to be defending. This decision demonstrates the judicial branch's understanding of the encryption debate. Now is the time for Congress and the Administration to follow suit. This means passing and signing into law the SAFE ACT, which will promote the ever increasing growth of electronic commerce in a secure environment."

Rep. Eshoo is an original cosponsor of H.R. 850, the Security and Freedom through Encryption (SAFE) Act, which would allow U.S. manufacturers to export encryption software no more powerful than software already available in other countries. As a member of the House Commerce Committee, which has partial jurisdiction over the legislation, she has fought Administration efforts to weaken the SAFE Act and impose harsher encryption export curbs than currently exist. Rep. Eshoo hosted a major conference on encryption reform at Stanford University during the 104th Congress.

March 31, 1999

Netizens Encouraged to Enlist Idle Computers in the Name of Science

SAN FRANCISCO -- The Electronic Frontier Foundation (EFF) is sponsoring cooperative computing awards, with over half a million dollars in prize money, to encourage ordinary Internet users to contribute to solving huge scientific problems.

"We're providing incentives to stretch the computational capabilities of the Internet," said Tara Lemmey, EFF's Executive Director. "We hope to spur the technology of cooperative networking and encourage Internet users worldwide to join together in solving scientific problems involving massive computation. EFF is uniquely situated to sponsor these awards, since part of our mission is to encourage the harmonious integration of Internet innovations into the whole of society," she added.

The prizes will be awarded for finding huge prime numbers, that is, numbers that can only be divided by 1 and themselves. The first million-digit prime found will be worth $50,000; a ten-million-digit prime will claim $100,000; a hundred-million-digit prime garners $150,000; and the finder of the first billion-digit prime will receive $250,000. The largest known prime number, discovered by the Great Internet Mersenne Prime Search (GIMPS), has 909,526 digits.

"The EFF awards are about cooperation," said John Gilmore, EFF co-founder and project leader for the awards. "Prime numbers are important in mathematics and encryption, but the real message is that many other problems can be solved by similar methods."

Finding these prime numbers will be no simple task, given today's computational power. It has taken mathematicians years to uncover and confirm new largest known primes. However, the computer industry produces millions of new computers each year, which sit idle much of the time, running screen savers or waiting for the user to do something. EFF is encouraging people to pool their computing power over the Internet, to work together to share this massive resource. In the process, EFF hopes to inspire experts to apply collaborative computing to large problems, and thereby foster new technologies and opportunities for everyone.

Prizes and cooperative projects to find prime numbers or demonstrate weaknesses in encryption systems have existed for some years, although they have not yet found mass market appeal. "The approach that we're taking with prime numbers could be used for other scientific problems, such as analyzing the human genome, weather prediction, or searching for signs of life in space," said Gilmore.

"In the long run, we hope to move beyond prizes," he said, "catalyzing a market where ordinary people can sell the spare time on their computers to others who need to compute something overnight on thousands or millions of machines. This would reduce the net cost of owning a personal computer, and open new opportunities in animation, product design, economics, cryptanalysis, science, and business."

According to Landon Curt Noll, chair of the award advisory panel and discoverer of many large primes, the prizes are spaced so that winning each successive award would require over 100 times more effort. "While one could wait for computers to get 100 times faster, it would be much smarter to attract 100 times the number of people to cooperate on the problem, or to invent a more efficient prime searching procedure. Both methods offer benefits to society."

"Given current technology, I would estimate that GIMPS could discover a million digit prime within a year," said Simon Cooper, a member of the award advisory panel. "Discovering a ten million digit prime may take several more years." One of the easiest ways for people to join the effort is via the GIMPS project (see http://www.mersenne.org/prime.htm).

A prize claim must provide the date and time of discovery, and fully disclose all hardware and software used. Each claim must be verified by an independent party knowledgeable in the field of computation, and must be published in a refereed academic journal.

July 17, 1998

ELECTRONIC FRONTIER FOUNDATION PROVES THAT DES IS NOT SECURE

SAN FRANCISCO, CA -- The Electronic Frontier Foundation (EFF) today raised the level of honesty in crypto politics by revealing that the Data Encryption Standard (DES) is insecure. The U.S. government has long pressed industry to limit encryption to DES (and even weaker forms), without revealing how easy it is to crack. Continued adherence to this policy would put critical infrastructures at risk; society should choose a different course.

To prove the insecurity of DES, EFF built the first unclassified hardware for cracking messages encoded with it. On Wednesday of this week the EFF DES Cracker, which was built for less than $250,000, easily won RSA Laboratory's "DES Challenge II" contest and a $10,000 cash prize. It took the machine less than 3 days to complete the challenge, shattering the previous record of 39 days set by a massive network of tens of thousands of computers. The research results are fully documented in a book published this week by EFF and O'Reilly and Associates, entitled "Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design."

"Producing a workable policy for encryption has proven a very hard political challenge. We believe that it will only be possible to craft good policies if all the players are honest with one another and the public," said John Gilmore, EFF co-founder and project leader. "When the government won't reveal relevant facts, the private sector must independently conduct the research and publish the results so that we can all see the social trade-offs involved in policy choices."

The nonprofit foundation designed and built the EFF DES Cracker to counter the claim made by U.S. government officials that governments cannot decrypt information when protected by DES, or that it would take multimillion-dollar networks of computers months to decrypt one message. "The government has used that claim to justify policies of weak encryption and 'key recovery,' which erode privacy and security in the digital age," said EFF Executive Director Barry Steinhardt. It is now time for an honest and fully informed debate, which we believe will lead to a reversal of these policies."

"EFF has proved what has been argued by scientists for twenty years, that DES can be cracked quickly and inexpensively," said Gilmore. "Now that the public knows, it will not be fooled into buying products that promise real privacy but only deliver DES. This will prevent manufacturers from buckling under government pressure to 'dumb down' their products, since such products will no longer sell." Steinhardt added, "If a small nonprofit can crack DES, your competitors can too. Five years from now some teenager may well build a DES Cracker as her high school science fair project."

The Data Encryption Standard, adopted as a federal standard in 1977 to protect unclassified communications and data, was designed by IBM and modified by the National Security Agency. It uses 56-bit keys, meaning a user must employ precisely the right combination of 56 1s and 0s to decode information correctly. DES accounted for more than $125 million annually in software and hardware sales, according to a 1993 article in "Federal Computer Week." Trusted Information Systems reported last December that DES can be found in 281 foreign and 466 domestic encryption products, which accounts for between a third and half of the market.

A DES cracker is a machine that can read information encrypted with DES by finding the key that was used to encrypt that data. DES crackers have been researched by scientists and speculated about in the popular literature on cryptography since the 1970s. The design of the EFF DES Cracker consists of an ordinary personal computer connected to a large array of custom chips. It took EFF less than one year to build and cost less than $250,000.

This week marks the first public test of the EFF DES Cracker, which won the latest DES-cracking speed competition sponsored by RSA Laboratories (http://www.rsa.com/rsalabs/). Two previous RSA challenges proved that massive collections of computers coordinated over the Internet could successfully crack DES. Beginning Monday morning, the EFF DES Cracker began searching for the correct answer to this latest challenge, the RSA DES Challenge II-2. In less than 3 days of searching, the EFF DES Cracker found the correct key. "We searched more than 88 billion keys every second, for 56 hours, before we found the right 56-bit key to decrypt the answer to the RSA challenge, which was 'It's time for those 128-, 192-, and 256-bit keys,'" said Gilmore.

Many of the world's top cryptographers agree that the EFF DES Cracker represents a fundamental breakthrough in how we evaluate computer security and the public policies that control its use. "With the advent of the EFF DES Cracker machine, the game changes forever," said Whitfield Diffie, Distinguished Engineer at Sun Microsystems and famed co-inventor of public key cryptography. "Vast Internet collaborations cannot be concealed and so they cannot be used to attack real, secret messages. The EFF DES Cracker shows that it is easy to build search engines that can."

"The news is not that a DES cracker can be built; we've known that for years," said Bruce Schneier, the President of Counterpane Systems. "The news is that it can be built cheaply using off-the-shelf technology and minimal engineering, even though the department of Justice and the FBI have been denying that this was possible." Matt Blaze, a cryptographer at AT&T Labs, agreed: "Today's announcement is significant because it unambiguously demonstrates that DES is vulnerable, even to attackers with relatively modest resources. The existence of the EFF DES Cracker proves that the threat of "brute force" DES key search is a reality. Although the cryptographic community has understood for years that DES keys are much too small, DES-based systems are still being designed and used today. Today's announcement should dissuade anyone from using DES."

EFF and O'Reilly and Associates have published a book about the EFF DES Cracker, "Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design." The book contains the complete design details for the EFF DES Cracker chips, boards, and software. This provides other researchers with the necessary data to fully reproduce, validate, and/or improve on EFF's research, an important step in the scientific method. The book is only available on paper because U.S. export controls on encryption potentially make it a crime to publish such information on the Internet.

EFF has prepared a background document on the EFF DES Cracker, which includes the foreword by Whitfield Diffie to "Cracking DES." (See http://www.eff.org/descracker/). The book can be ordered for worldwide delivery from O'Reilly & Associates via the Web (http://www.ora.com/catalog/crackdes), or phone (1 800 998 9938, or +1 707 829 0515.)

The Electronic Frontier Foundation is one of the leading civil liberties organizations devoted to ensuring that the Internet remains the world's first truly global vehicle for free speech, and that the privacy and security of all on-line communication is preserved. Founded in 1990 as a nonprofit, public interest organization, EFF is based in San Francisco, California. EFF maintains an extensive archive of information on encryption policy, privacy, and free speech at the EFF Web site (http://www.eff.org).

August 29, 1997

Yesterday a federal judge here denied a
government motion to silence mathematician Daniel Bernstein.

On August 25, District Court Judge Marilyn Hall Patel declared the
Commerce Department's cryptography regulations unconstitutional.
Judge Patel also issued an injunction to prohibit prosecution of Prof.
Bernstein and others who publish Prof. Bernstein's work.

In response to an emergency motion from the government on August 28,
Judge Patel ruled that most of the injunction would be put on hold
until the 9th Circuit Court of Appeals has had a chance to review
Prof. Bernstein's case. However, part of the injunction will remain
in effect: after September 8, Prof. Bernstein will be free to publish
his Snuffle 5.0 software on the Internet without fear of prosecution.
Snuffle 5.0 is at the heart of Prof. Bernstein's lawsuit against the
government.

Scanned images of the Government's emergency request for a stay
are available from EFF's online archives at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/
Legal/970827_stay_motion.images

Prof. Bernstein's opposition to the stay is at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/
Legal/970827_stay.opposition

Full text of the lawsuit and other paperwork filed in the case is
available from EFF's online archives at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/

Press Contacts:

Shari Steele, Staff Attorney, Electronic Frontier Foundation
301/375-8856, ssteele@eff.org

John Gilmore, Founding Board Member, EFF
541/354-6541, gnu@toad.com

Cindy Cohn, McGlashan & Sarrail
415/341-2585, cindy@mcglashan.com

August 26, 1997

The Justice Department said today it is considering
what further legal measures it will take following yesterday's ruling by
the U.S. District Court in San Francisco that certain aspects of the
government's regulations on the export of encryption software are
unconstitutional. Another federal court upheld the export controls on
encryption software.

The Administration is committed to promoting the legitimate use of
encryption. Through encryption--or the coding of messages--businesses
can protect trade secrets, hospitals can safeguard medical records, and
individuals can be assured that personal messages on the information
superhighway remain private.

But, as President Clinton stated upon issuing an Executive Order on this
subject on November 15, 1996, the use of encryption products by
unfriendly parties outside the United States can jeopardize the foreign
policy and national security interests of the United States, and public
safety of U.S. citizens.

Judicial proceedings in Bernstein v. Department of State are not yet
concluded, and the decision governs only that case. In March 1996, in
another pending case in Washington, D.C., Karn v. Department of State,
the District Court ruled that export controls on encryption software are
constitutional under the First Amendment and serve important interests
of the United States. That case is still pending to consider export
controls on encryption now administered by the Commerce Department.

Until this issue is resolved, export controls on encryption software
remain in place. Individuals or companies wishing to export encryption
software by any means must continue to adhere to applicable export
licensing controls on such software before exporting it abroad.

August 26, 1997

The Federal District Court here
struck down Commerce Department export restrictions on the privacy
technology called encryption yesterday, concluding that "the
encryption regulations are an unconstitutional prior restraint in
violation of the First Amendment." For the first time, Judge Marilyn
Hall Patel ordered the government not to prosecute or harass the
plaintiff, Professor Daniel Bernstein, and those who use or publish
his encryption software. The decision knocks out a major part of the
Clinton Administration's effort to force companies to design
government surveillance into computers, telephones, and consumer
electronics.

"This is wonderful news," said Prof. Bernstein. "I hope I can get
some of my ideas published before they change the law again."

The decision is a victory for free speech, academic freedom, human
rights, and the prevention of crime. American scientists and
engineers will now be free to collaborate with others in the United
States and in foreign countries. This will enable them to build a new
generation of tools for protecting the privacy and security of our
communications.

"Once again, it took a federal court to sort out technology and the
Constitution," said Lori Fena, Executive Director of the Electronic
Frontier Foundation, which backed the suit. "Let this decision signal
the other two branches of government that when making laws pertaining
to the Internet, they must honor their oaths to uphold the
Constitution."

The decision is strategic because the Clinton Administration has been
using the export restrictions to influence domestic privacy policy.
Companies that agree to build "key recovery" technology into their
products are exempt from most of the restrictions. Key recovery, a
follow-on to the Clipper Chip, is designed to give the government
untraceable access to users' private information.

The Federal District Court of the Northern District of California
last December struck down the ITAR, a set of encryption restrictions
enforced by the State Department. A few weeks later, the Government
created virtually identical restrictions in the Commerce Department's
Bureau of Export Administration (BXA). Yesterday's decision
invalidates the new restrictions, stating, "the encryption regulations
issued by the BXA appear to be even less friendly to speech interests
than the ITAR." She warns that "the government cannot avoid the
constitutional deficiencies of its regulations by rotating oversight
of them from department to department," though concluding that she
"does not believe that such was the intent here."

"Our right to create, use, and deploy encryption come from our basic
civil rights of free speech, freedom of the press, freedom from
arbitrary search, due process of law, and privacy. Judge Patel has
affirmed those roots in the First Amendment," philosophizes John
Gilmore, Electronic Frontier Foundation co-founder. "Our Founding
Fathers used encryption -- and even invented some -- and did not
intend any ``crypto exceptions'' to the Bill of Rights."

DETAILS OF MONDAY'S DECISION

In the heart of the ruling, "The court declares that the Export
Administration Regulations . . . insofar as they apply to or require
licensing for encryption and decryption software and related devices
and technology, are in violation of the First Amendment on the grounds
of prior restraint and are, therefore, unconstitutional as discussed
above, and shall not be applied to plaintiff's publishing of such
items, including scientific papers, algorithms or computer programs."

The Court also held that the government's licensing procedure fails
to provide adequate procedural safeguards. When the Government acts
legally to suppress protected speech, it must reduce the chance of
illegal censorship by the bureacrats involved, for example by making
the government go to a judge to decide the issue. The EAR does not
require this; in fact, it precludes it. "And most important, and most
lacking, are any standards for deciding an application. The EAR
reviews applications for licenses ``on a case-by-case basis'' and
appears to impose no limits on agency discretion."

The Court dissected the export controls' exemption for printed
materials at length, calling it "so irrational and administratively
unreliable that it may well serve to only exacerbate the potential for
self-censorship." The government's "distinction between paper and
electronic publication . . . makes little or no sense and is untenable."

The Court not only declared that these regulations are invalid and
unenforceable, but also prevented the Government from "threatening,
detaining, prosecuting, discouraging, or otherwise interfering with
plaintiff or any other person described . . . above in the exercise of
their federal constitutional rights as declared in this order."

The immediate effect of this decision is that Prof. Bernstein may
publish his encryption software, and that others may read, use,
publish and review it. In addition, others in industry are studying
the court's analysis, and might decide to publish their own software
on the Internet as well.

Pretty Good Privacy, Inc, is one such company, which believes that
future courts will find Judge Patel's reasoning persuasive. "We are
particularly pleased the court has reconfirmed that computer programs,
like other literary works, are accorded full protection under the
First Amendment," said Bob Kohn, vice president and general counsel
for Pretty Good Privacy.

The final form of the judgment will be negotiated between the parties,
and presented to the court within a week. The government could either
seek an emergency appeal of the injunction, or take up to 60 days from
the entry of judgment to appeal.

ABOUT THE ATTORNEYS

Lead counsel on the case is Cindy Cohn of the San Mateo law firm of
McGlashan & Sarrail, who is offering her services pro bono. Major
additional legal assistance is being provided by Shari Steele of the
Electronic Frontier Foundation; Lee Tien of Berkeley; James Wheaton
and Elizabeth Pritzker of the First Amendment Project in Oakland; and
Robert Corn-Revere of the Washington, DC, law firm of Hogan & Hartson.

ABOUT THE ELECTRONIC FRONTIER FOUNDATION

The Electronic Frontier Foundation (EFF) is a nonprofit civil
liberties organization working in the public interest to protect
privacy, free expression, and access to online resources and
information. EFF is a primary sponsor of the Bernstein case. EFF
helped to find Bernstein pro bono counsel, is a member of the
Bernstein legal team, and helped to collect members of the academic
community and computer industry to support this case.

Full text of the lawsuit and other paperwork filed in the case is
available from EFF's online archives at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/

Scanned images of Monday's decision are available at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/
Legal/970825_decision.images/

The full text of Monday's decision will soon be available at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/
Legal/970825.decision

Professor Daniel Bernstein will be building his new Constitutionally-
protected cryptography web page at:
http://pobox.com/~djb/crypto.html

Electronic Frontier Foundation Contacts:

Shari Steele, Staff Attorney
301/375-8856, ssteele@eff.org

John Gilmore, Founding Board Member
541/354-6541, gnu@toad.com

Cindy Cohn, McGlashan & Sarrail
415/341-2585, cindy@mcglashan.com

June 17, 1997

WHAT: Press Conference

Immediately following oral arguments in front of Federal Judge
Marilyn Hall Patel, Professor Dan Bernstein, his lawyer and the
Electronic Frontier Foundation will hold a press conference. After
brief statements issued by each, there will be a media question and
answer period.

NOTE: This will be the first time that Dan Bernstein publicly
discusses the issue of encryption and his case specifically.

After Judge Patel declared that government restriction of Professor
Dan Bernstein's freedom to publish and speak on encryption technologies
was a violation of the First Amendment, the federal government moved
encryption oversight from the State Department to the Commerce
Department. With this oversight authority change, the government
claimed that it could still enforce the unconstitutionally-ruled
regulations. Bernstein, the professor who first challenged the
government's regulation, is once again taking steps to insure that First
Amendment rights are not violated.

Judge Patel will be hearing oral arguments to decide if the same
restrictions under different authority are still a violation of the
First Amendment.

WHO: Statements and Q&A sessions will be conducted by:
Professor Dan Bernstein, Plaintiff
Cindy Cohn, Legal Counsel for Plaintiff
John Gilmore, Board Member, Electronic Frontier Foundation

WHERE: Federal Building
450 Golden Gate Avenue, San Francisco
Turk Street entrance

WHEN: Wednesday, June 18th
10:15pm (Oral Arguments)
12:00pm (Press Conference)

CONTACT: Dave Steer
Fleishman-Hillard, Inc.
415.356.1024 or steerd@fleishman.com

December 31, 1996

Electronic Frontier Foundation Contacts:

Shari Steele, Staff Attorney
+1 301 375 8856, ssteele@eff.org

John Gilmore, Founding Board Member
+1 415 221 6524, gnu@toad.com

Cindy Cohn, McGlashan & Sarrail
+1 415 341 2585, cindy@mcglashan.com

San Francisco - Laywers for Professor Dan Bernstein today asked the
Government to delay enforcement of new encryption restrictions until
they can be reviewed by a court for Constitutionality. The new
regulations contain the same features struck down earlier this month
by Judge Marilyn Hall Patel.

"The government apparently decided to ignore Judge Patel's findings.",
said Cindy Cohn, lead attorney in the case. "Instead of listening
to Judge Patel's analysis and attempting to fix the regulations, they
simply issued new ones with the same problems. We are giving them a
a chance to fix this before we bring the issue up in court."

President Clinton ordered on November 15 that the regulations be moved
from the State Department to the Commerce Department. Judge Patel's
decision of December 6 (released December 16th) struck down the State
Department regulations as a "paradigm of standardless discretion" that
required Americans to get licenses from the government to publish
information and software about encryption. Over Christmas, the
Clinton Administration published its new Commerce Department
regulations, containing all the same problems, and put them into
immediate effect today.

The new regulations once again put Professor Bernstein at risk of
prosecution for teaching a class on encryption and publishing his
class materials on the Internet. His class begins on January 13 at
the University of Illinois at Chicago.

Professor Bernstein's letter of today proposes that the Government
agree to delay enforcement of the new regulations while Judge Patel
reviews them for Constitutionality. Failing that, Professor Bernstein
will ask the court for a temporary restraining order to block
their enforcement.

"The government is forcing us to go back to Judge Patel again to have
the new regulations declared facially unconstitutional." said Ms.
Cohn. "This time we believe that a nationwide injunction against
their enforcement is merited."

"The new encryption rules are a pointless shell game," said John
Gilmore, co-founder of the Electronic Frontier Foundation, which
backed the suit. "Industry and Congress had asked that the draconian
State Department regulations be eliminated in favor of existing,
reasonable, Commerce Department regulations. Judge Patel invalidated
the State Department regulations because they were draconian. Rather
than address the concerns of either, President Clinton moved the
draconian regulations into the Commerce Department -- and made them
tougher in the process. It's his political decision whether to ignore
and anger industry leaders, but he can't ignore a federal district
court judge."

Civil libertarians have long argued that encryption should be widely
deployed on the Internet and throughout society to protect privacy,
prove the authenticity of transactions, and improve computer security.
Industry has argued that the restrictions hobble them in building
secure products, both for U.S. and worldwide use, risking America's
current dominant position in computer and communications technology.
Government officials in the FBI and NSA argue that the technology is
too dangerous to permit citizens to use it, because it provides privacy
to criminals as well as ordinary citizens.

Background on the case

The plaintiff in the case, Daniel J. Bernstein, Research Assistant
Professor at the University of Illinois at Chicago, developed an
"encryption algorithm" (a recipe or set of instructions) that he
wanted to publish in printed journals as well as on the Internet.
Bernstein sued the government, claiming that the government's
requirements that he register as an arms dealer and seek government
permission before publication was a violation of his First Amendment
right of free speech. This was required by the Arms Export Control
Act and its implementing regulations, the International Traffic in
Arms Regulations. The new regulations have the same effect, using the
International Emergency Economic Powers Act, the Export Administration
Regulations, and a "state of national emergency" that President
Clinton declared in 1994 and has re-declared annually.

In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment. On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.

On December 6, Judge Patel ruled that the Arms Export Control Act is a
prior restraint on speech, because it requires Bernstein to apply for
and obtain from the government a license to publish his ideas. Using
the Pentagon Papers case as precedent, she ruled that the government's
"interest of national security alone does not justify a prior
restraint."

Judge Patel also held that the government's required licensing
procedure fails to provide adequate procedural safeguards. When the
Government acts legally to suppress protected speech, it must reduce
the chance of illegal censorship by the bureacrats involved -- in this
case, the State Department's Office of Defense Trade Controls (ODTC).
Her decision states, "Because the ITAR licensing scheme fails to
provide for a time limit on the licensing decision, for prompt
judicial review and for a duty on the part of the ODTC to go to court
and defend a denial of a license, the ITAR licensing scheme as applied
to Category XIII(b) acts as an unconstitutional prior restraint in
violation of the First Amendment."

She also ruled that the export controls restrict speech based on the
content of the speech, not for any other reason. "Category XIII(b) is
directed very specifically at applied scientific research and speech
on the topic of encryption." The new regulations continue to insist
that the Government is regulating the speech because of its function,
not its content.

The judge also found that the ITAR is vague, because it does not
adequately define how information that is available to the public
"through fundamental research in science and engineering" is exempt
from the export restrictions. "This subsection ... does not give
people ... a reasonable opportunity to know what is prohibited."
Judge Patel also adopted a narrower definition of the term "defense
article" in order to save it from unconstitutional vagueness.

December 19, 1996

Electronic Frontier Foundation Contacts:

Shari Steele, Staff Attorney
301/375-8856, ssteele@eff.org

John Gilmore, Founding Board Member
415/221-6524, gnu@toad.com

Cindy Cohn, McGlashan & Sarrail
415/341-2585, cindy@mcglashan.com

San Francisco - On Monday, Judge Marilyn Hall Patel struck down Cold War
export restrictions on the privacy technology called cryptography. Her
decision knocks out a major part of the Clinton Administration's
effort to force companies to build "wiretap-ready" computers,
set-top boxes, telephones, and consumer electronics.

The decision is a victory for free speech, academic freedom, and the
prevention of crime. American scientists and engineers will now be
free to collaborate with their peers in the United States and in other
countries. This will enable them to build a new generation of tools
for protecting the privacy and security of communications.

The Clinton Administration has been using the export restrictions to goad
companies into building wiretap-ready "key recovery" technology. In a
November Executive Order, President Clinton offered limited
administrative exemptions from these restrictions to companies which
agree to undermine the privacy of their customers. Federal District
Judge Patel's ruling knocks both the carrot and the stick out of
Clinton's hand, because the restrictions were unconstitutional in the
first place.

The Cold War law and regulations at issue in the case prevented
American researchers and companies from exporting cryptographic
software and hardware. Export is normally thought of as the physical
carrying of an object across a national border. However, the
regulations define "export" to include simple publication in the U.S.,
as well as discussions with foreigners inside the U.S. They also define
"software" to include printed English-language descriptions and
diagrams, as well as the traditional machine-readable object code and
human-readable source code.

The secretive National Security Agency has built up an arcane web of
complex and confusing laws, regulations, standards, and secret
interpretations for years. These are used to force, persuade, or
confuse individuals, companies, and government departments into making
it easy for NSA to wiretap and decode all kinds of communications.
Their tendrils reach deep into the White House, into numerous Federal
agencies, and into the Congressional Intelligence Committees. In
recent years this web is unraveling in the face of increasing
visibility, vocal public disagreement with the spy agency's goals,
commercial and political pressure, and judicial scrutiny.

Civil libertarians have long argued that encryption should be widely
deployed on the Internet and throughout society to protect privacy,
prove the authenticity of transactions, and improve computer security.
Industry has argued that the restrictions hobble them in building
secure products, both for U.S. and worldwide use, risking America's
current dominant position in computer technology. Government
officials in the FBI and NSA argue that the technology is too
dangerous to permit citizens to use it, because it provides privacy to
criminals as well as ordinary citizens.

"We're pleased that Judge Patel understands that our national security
requires protecting our basic rights of free speech and privacy," said
John Gilmore, co-founder of the Electronic Frontier Foundation, which
backed the suit. "There's no sense in `burning the Constitution in
order to save it'. The secretive bureaucrats who have restricted these
rights for decades in the name of national security must come to a
larger understanding of how to support and preserve our democracy."

Reactions to the decision

"This is a positive sign in the crypto wars -- the first rational
statement concerning crypto policy to come out of any part of the
government," said Jim Bidzos, President of RSA Data Security, one of
the companies most affected by crypto policy.

"It's nice to see that the executive branch does not get to decide
whether we have the right of free speech," said Philip Zimmermann,
Chairman of PGP, Inc. "It shows that my own common sense
interpretation of the constitution was correct five years ago when I
thought it was safe to publish my own software, PGP. If only US
Customs had seen it that way." Mr. Zimmermann is a civil libertarian
who was investigated by the government under these laws when he wrote
and gave away a program for protecting the privacy of e-mail. His
"Pretty Good Privacy" program is used by human rights activists
worldwide to protect their workers and informants from torture and
murder by their own countries' secret police.

"Judge Patel's decision furthers our efforts to enable secure electronic
commerce," said Asim Abdullah, executive director of CommerceNet.

Jerry Berman, Executive Director of the Center for Democracy and
Technology, a Washington-based Internet advocacy group, hailed the
victory. "The Bernstein ruling illustrates that the Administration
continues to embrace an encryption policy that is not only unwise, but
also unconstitutional. We congratulate Dan Bernstein, the Electronic
Frontier Foundation, and all of the supporters who made this victory
for free speech and privacy on the Internet possible."

"The ability to publish is required in any vibrant academic discipline,"
This ruling re-affirming our obvious academic right will help American
researchers publish without worrying," said Bruce Schneier, author of
the popular textbook _Applied Cryptography_, and a director of the
International Association for Cryptologic Research, a professional
organization of cryptographers.

Kevin McCurley, President of the International Association for
Cryptologic Research, said, "Basic research to further the
understanding of fundamental notions in information should be welcomed
by our society. The expression of such work is closely related to one
of the fundamental values of our society, namely freedom of speech."

Background on the case

The plaintiff in the case, Daniel J. Bernstein, Research Assistant
Professor at the University of Illinois at Chicago, developed an
"encryption algorithm" (a recipe or set of instructions) that he
wanted to publish in printed journals as well as on the Internet.
Bernstein sued the government, claiming that the government's
requirements that he register as an arms dealer and seek government
permission before publication was a violation of his First Amendment
right of free speech. This is required by the Arms Export Control Act
and its implementing regulations, the International Traffic in Arms
Regulations.

In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment. On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.

Details of Monday's Decision

Judge Patel ruled that the Arms Export Control Act is a prior restraint
on speech, because it requires Bernstein to apply for and obtain from
the government a license to publish his ideas. Using the Pentagon
Papers case as precedent, she ruled that the government's "interest of
national security alone does not justify a prior restraint."

Judge Patel also held that the government's required licensing
procedure fails to provide adequate procedural safeguards. When the
Government acts legally to suppress protected speech, it must reduce
the chance of illegal censorship by the bureacrats involved -- in this
case, the State Department's Office of Defense Trade Controls. Her
decision states, "Because the ITAR licensing scheme fails to provide
for a time limit on the licensing decision, for prompt judicial review
and for a duty on the part of the ODTC to go to court and defend a
denial of a license, the ITAR licensing scheme as applied to Category
XIII(b) acts as an unconstitutional prior restraint in violation of the
First Amendment." Professor Bernstein is now free to publish his ideas
without asking the government's permission first.

She also ruled that the export controls restrict speech based on the
content of the speech, not for any other reason. "Category XIII(b) is
directed very specifically at applied scientific research and speech on
the topic of encryption." The Government had argued that it restricts
the speech because of its function, not its content.

The judge also found that the ITAR is vague, because it does not
adequately define how information that is available to the public
"through fundamental research in science and engineering" is exempt
from the export restrictions. "This subsection ... does not give
people ... a reasonable opportunity to know what is prohibited." The
failure to precisely define what objects and actions are being
regulated creates confusion and a chilling effect. Bernstein has been
unable to publish his encryption algorithm for over four years. Many
other cryptographers and ordinary programmers have also been restrained
from publishing because of the vagueness of the ITAR. Brian
Behlendorf, a maintainer of the popular public domain "Apache" web
server program, stated, "No cryptographic source code was ever
distributed by the Apache project. Despite this, the Apache server
code was deemed by the NSA to violate the ITAR." Judge Patel also
adopted a narrower definition of the term "defense article" in order to
save it from unconstitutional vagueness.

The immediate effect of this decision is that Bernstein now is free to
teach his January 13th cryptography class in his usual way. He can
post his class materials on the Internet, and discuss the upcoming
class's materials with other professors, without being held in
violation of the ITAR. "I'm very pleased," Bernstein said. "Now I
won't have to tell my students to burn their notebooks."

It is unclear exactly where Judge Patel's decision applies -- in the
Northern District of California (containing San Francisco and Silicon
Valley) or throughout the country. Check with your own lawyer if
you contemplate taking action based on the decision.

It is not yet clear from the decision whether the export controls on
object code (the executable form of computer programs which source
code is automatically translated into) have been overturned. It may
be that existing export controls will continue to apply to runnable
software products, such as Netscape's browser, until another court
case challenges that part of the restrictions.

Related Issues:
September 30, 1996

Government Argues That Law Professor Cannot Challenge Regulation
Requiring Him to Get Permission Before Teaching and Publishing
Because He Did Not Apply for That Permission

Oral Argument in Junger v. Christopher Set for Wednesday, November 20

Cleveland, Ohio, Tuesday, October 1, 1996
For Immediate Release

For More Information Contact:

Raymond Vasvari (216) 522-1925
Gino Scarselli (216) 291-8601

Or see URL: http://samsara.law.cwru.edu/comp_law/jvc/

Cleveland, Ohio, Oct. 1 -- Lawyers for Professor Peter D. Junger today
filed a brief and a motion for summary judgment in Junger v.
Christopher, the case challenging the licensing of the communication of
``cryptograhic software'' that is pending before Judge Donald C. Nugent
in the Federal District Court here.

Junger seeks an injunction against the enforcement of provisions of
the International Traffic in Arms Regulations that require him to get
the permission of the State Department's Office of Defense Trade
Controls (the "ODTC") before he can communicate information about
cryptographic software to foreign persons, ``whether in the United
States or abroad.'' The penalty for failing to get such permission
before disclosing the information can be as great as a fine of one
million dollars and imprisonment for ten years. These provisions
effectively prevent Junger from admitting foreign students to the
course that he teaches about Computers and the Law at Case Western
Reserve Law School in Cleveland, Ohio, and keep him from publishing
his course materials and articles containing cryptographic software,
or explaining what it does, how and where to get it, and how to use
it.

The challenged licensing scheme threatens the long-run viability of
the United States software industry and, according to a blue-ribbon
panel of the National Research Council, already costs that industry at
least ``a few hundred million dollars per year ..., and all
indications are that this figure will only grow in the future.'' The
regulations have been extensively criticized by industry and bills to
repeal or limit them are now pending in Congress.

Junger's legal challenge is not based, however, on the economic damage
that the ITAR's cryptographic licensing scheme imposes on the software
industry and the nation's economy, but rather on the unconstitutional
restraints that it imposes on anyone who wants to speak or write
publically about any computer program that has, in the words of the
ITAR, the ``capability of maintaining secrecy or confidentiality of
information or information systems.'' Junger does not challenge the
constitutionality of requiring one to get a license before exporting a
physical cryptographic device: ``It isn't unconstitutional for the
Office of Defense Trade Controls to damage the computer industry and
our economy by requiring export licenses for cryptographic hardware,
but information about cryptographic software is, as the National
Research Council has pointed out, `pure knowledge that can be
transported over national borders inside the heads of people or via
letter.' Requiring the permission of the government before one can
communicate knowledge is unconstitutional. Such a prior restraint is,
in fact, the paradigmatic example of a violation of the First
Amendment.''

THE GOVERNMENT ARGUES THAT PLAINTIFF MUST APPLY FOR PERMISSION
TO SPEAK BEFORE HE CAN CHALLENGE THE REQUIREMENT
THAT HE APPLY FOR SUCH PERMISSION

In motions and briefs submitted August 21st, the government has asked
the court to dismiss the lawsuit, or in the alternative, to grant the
government judgment prior to trial.

The government makes the initial argument that Junger lacks standing
to claim that the provisions of the ITAR requiring him to get a formal
license or other permission from the ODTC before he publically
communicates information about cryptographic software, including the
contents of the software itself, are unconstitutional. And it also
argues that that claim is neither ``ripe'' nor ``colorable'', because
Junger has not applied to the ODTC for such permission.

Junger takes the position that as a law teacher who venerates the
First Amendment it would be as improper for him to request the federal
censors for permission to speak and publish as it would be for him
openly violate the law. As he puts it: ``My duty is to challenge
these unconstitutional regulations, not to give in to them nor to
violate them in an act of civil disobedience.'' His lawyers point out
in their briefs that few propositions of constitutional law are better
established than the rule that a plaintiff does not have to submit to
an unconstitutional restraint on speech and on the press before
challenging it in court.

``Those arguments by the government are rather strange,'' says Gino
J. Scarselli, one of Junger's lawyers, ``they seem to be based on
their argument that cryptographic software is actually hardware
because it is functional.'' And then he adds, ``Of course, that
argument is also rather strange.''

THE GOVERNMENT ARGUES THAT SOME OF THE MATERIAL AT ISSUE
IS EXEMPT UNDER THE ITAR

The government also contends that some of the information at issue may
be exempt from the ITAR's licensing requirements as technical data
that is in the ``public domain'' because it is available to the public
through ``fundamental research in science and engineering'' or through
``sales at newsstands and bookstores.''

``That hardly is a defense,'' says Scarselli, ``since it is quite
clear that the government will not concede that all of the information
that Professor Junger wants to be able publish and discuss is in the
public domain. And to make matters worse, the only way that Professor
Junger can actually find out whether the government will treat
particular information as being exempt from the formal licensing
requirements is to apply to the ODTC for it calls a Commodity
Jurisdiction Determination, which in reality is just another form of
license.''

``It is not as if I am engaged in fundamental research in science and
engineering.'' Junger adds. ``What I want to publish and discuss has
to do with the political and legal issues that are raised by computer
technology, including, of course, cryptography.

``For just one example, since lawyers have a legal and ethical duty to
protect the confidences of their clients, I am convinced that lawyers
who use electronic mail or other computer technologies to communicate
with their clients, or to store information supplied by their clients,
are in some circumstances ethically, and perhaps even legally,
required to use cryptography to maintain the confidentiality of that
information. And yet I cannot publically explain to law students and
lawyers--and lawyers cannot publically explain to their clients--how
to obtain and use effective cryptographic software without first
getting the government's permission to disclose that information.
And, of course, if the cryptographic software really is effective,
then there is little or no chance that the government will permit its
disclosure.''

THE GOVERNMENT ARGUES THAT CRYPTOGRAPHIC SOFTWARE
IS NOT PROTECTED BY THE FIRST AMENDMENT
BECAUSE IT IS FUNCTIONAL

There is no law in the United States that forbids or regulates the use
of cryptography. Yet the government argues that the information in
texts containing cryptographic software, including recipes for
creating such software, can be used in a computer to preserve secrecy
and confidentiality, and concludes that cryptographic software is
``conduct'' and ``functional'' and is thus not a text that is
constitutionally protected as speech.

Junger's lawyers, on the other hand, say that his claims do not relate
to the conduct of running a cryptographic program on a
computer--conduct that is not regulated by the ITAR, after all--and
that he only challenges the restraints that the ITAR impose on the
communication of information about how to carry on such legal conduct.

``Expressive conduct is exactly what is protected by the First
Amendment,'' says Raymond Vasvari, another of Junger's lawyers. ``And
if that expression were not functional, if it were not effective,
there would be no need to protect it. The government's argument turns
two hundred years of First Amendment jurisprudence on its head.''

``The government's arguments about software being conduct and
functional are striking examples of the sort of confusion that
pervades the whole area of Computers and the Law,'' Junger says.
``Trying to clear up such confusion is my major goal in my course in
Computers and the Law. In fact, when I started teaching that course
in 1993, I wrote some cryptographic software to assist my students in
grasping the distinction between software as a text that can be
communicated, and that is protected by copyright law and the First
Amendment, and software as a process that runs in a computer's central
processor that can be protected by patents, but not by copyrights. If
it weren't so frustrating, it would almost be funny that I cannot
publish that software because of the prior restraints imposed by the
defendants' interpretation of the ITAR, even though it is perfectly
legal for me, or for any one else, including `foreign persons,' to
actually run such software on a computer. The government's confusion
is so extensive that an agent of the ODTC has actually told me that
software, cryptographic software, is actually hardware.''

``It is quite clear to me,'' Junger adds, ``that the State Department
and the National Security Agency and other elements in the executive
branch of the government are attempting to restrain the communication
of information about cryptographic software not only abroad, but also
within the United States, because they do not want us actually to be
able to use cryptography to preserve the privacy of our thoughts and
our communications. It is as if the government required one to get a
license before explaining how to make or use an envelope, even though
it did not forbid the use of envelopes themselves. After all, all
that cryptographic software is is a way of making electronic
envelopes.''

ORAL ARGUMENT SCHEDULED

Junger v. Christopher has been placed on a fast track by Judge Nugent.
On September 5 he established a briefing schedule: the plaintiff's
brief was due and was filed today and the government's response is due
on Friday, October 18.

Oral argument is scheduled for Wednesday, November 20.

Judge Nugent's decision is expected before the first of the year.

BACKGROUND ON THE LITIGATION

Litigation is expensive. Professor Junger and his volunteer lawyers
were only able to bring the suit because of a generous gift by an
anonymous donor of $5,000 that was used to create the ITAR Legal
Attack Fund. Additional donations by Professor Junger and others have
increased that fund to more than seven thousand dollars.

Scarselli and Vasvari are lawyers in private practice in Cleveland who
have dedicated much of their professional lives to the protection of
First Amendment freedoms. The third lawyer on the team is Kevin
O'Neill, a law professor at Cleveland State University and the former
legal director of the Ohio Chapter of the American Civil Liberties
Union.

--30--

- --
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu
URL: http://samsara.law.cwru.edu

September 18, 1996

Electronic Frontier Foundation Contacts:

Shari Steele, Staff Counsel
301/375-8856, ssteele@eff.org

John Gilmore, Founding Board Member
415/221-6524, gnu@toad.com

Cindy Cohn, McGlashan & Sarrail
415/341-2585, cindy@mcglashan.com

San Francisco, CA -- On Friday, September 20, 1996, Judge Marilyn Hall
Patel will hold hearings in a case with far-reaching implications for
personal privacy, U.S. competitiveness, and national security. Mathematician
Daniel J. Bernstein, a Research Assistant Professor in the Department of
Mathematics, Statistics and Computer Science at the University of Illinois at
Chicago, has sued several Federal agencies on the grounds that the
agencies' requirement that he obtain a license prior to publishing his
ideas about cryptography violates his First Amendment right to freedom
of speech.

Cryptography is the science of secret writing. It is the technology
to use for providing privacy or proving authenticity over distances.
All kinds of communications, from cellular phones to corporate or
government databases, depend on cryptography for protection. The
security of computers against intruders, the privacy and integrity of
the Internet, ATM machines, satellite and cable TV, and the world
financial networks all depend on cryptographic protection. In fact,
the very future of the global Internet, especially as a tool for
commerce, political organizing and scientific development of new ideas,
depends upon the availability of strong encryption.

The U.S. government has restricted cryptography since it was useful in
winning World War II. However, cellular telephones, satellites, ATM
machines, and the Internet did not exist in 1945; advances in
communication and cheap computation have made cryptography useful in
many new applications. In addition, strong encryption is already
available abroad, making laws restricting their export obsolete and
damaging the ability of U.S. businesses to compete in overseas markets.
In fact, Congress is currently considering three pieces
of legislation that would all update the export control laws and remove
encryption from its current place on the U.S. Munitions List.

While Washington toils with Pro-CODE and the other introduced bills, this
hearing will examine the various legal tests that will determine
whether the export laws and regulations (the "ITAR") are
constitutional. Professor Bernstein argues that they violate
the First Amendment in several different ways:

LEGAL ARGUMENTS

* Any legal framework that allows a government bureaucrat to
censor speech before it happens is an unconstitutional prior restraint.
The government is not allowed to set up such a drastic scheme
unless they can prove that publication of such information will
"surely result in direct, immediate, and irreparable damage to our
Nation or its people" and that the regulation at issue is necessary
to prevent this damage. The government must also tightly restrain
the discretion given to the bureaucrats to ensure that they don't
misuse this power. The government has not met this burden
regarding the ITAR legal framework.

* Because restrictions on speech about cryptography are based on the
content of what is being said, the court must apply a strict scrutiny test
to determine whether individuals can be punished for engaging in this
speech. This requires that the regulation be necessary to serve a
compelling state interest and that it is narrowly drawn to achieve that
end. The ITAR regulatory scheme has adopted a too- restrictive approach,
by prohibiting many forms of speech in the area of cryptography.

* The ITAR regulatory framework lacks the necessary procedural
safeguards. Grants of administrative discretion must be limited by clear
standards, and judicial review must be available. "Quite simply, the ITAR
Scheme allows its administrative agencies to make inconsistent, incorrect
and sometimes incomprehensible decisions censoring speech, all without the
protections of judicial review or oversight."

* The ITAR framework is unconstitutionally vague. The government
doesn't even seem to know what its regulations include and exclude! Here,
they told Professor Bernstein that he could not publish his academic paper
for over three years, only changing their collective mind and withdrawing
that decision after being sued. The lack of standards has allowed the
government to misuse a statute aimed at commercial, military arms sales
to limit academic and scientific publication.

* The ITAR regulatory scheme is overbroad. In an internal memo
written almost 20 years ago, the government's own Office of Legal Counsel
concluded that the ITAR's licensing standards "are not sufficiently
precise to guard against arbitrary and inconsistent administrative
action." The OLC specifically warned that the coverage was so broad it
could apply to "communication of unclassified information by a technical
lecturer at a university or to the conversation of a United States
engineer who meets with foreign friends at home to discuss matters of
theoretical interest." This is exactly what is happening here, and it is
unconstitutional.

Judge Patel will hear arguments from attorneys for Bernstein and the
government concerning their respective motions for summary judgment. The
hearing on Friday is scheduled for 12:00 noon at the United States
District Court for the Northern District of California, San Francisco
Headquarters, at 450 Golden Gate Avenue. The hearing is open to the press
and to the public.

CASE BACKGROUND

Bernstein completed the development of an "encryption algorithm" (a recipe
or set of instructions) he calls "Snuffle." In order to contribute Snuffle
to the marketplace of scientific ideas, and to allow other scientists to
evaluate and test his ideas, Bernstein wishes to publish (a) a paper in
English describing and explaining the algorithm, (b) the "source code" for
a computer program that uses the algorithm (this source code more
precisely describes and implements the idea), and (c) instructions for how
a person could use the source code and a computer to encrypt communications.
He wishes to publish them in print journals as well as on the Internet.
Bernstein also wishes to discuss these items at mathematical conferences, in
college classrooms, on the Internet, and in other open, public meetings. In
fact, he would like to use Snuffle as part of his course material for a
cryptography class he will be teaching next spring.

The Arms Export Control Act and the International Traffic in Arms
Regulations (the ITAR regulatory scheme) required Bernstein to submit
his ideas about cryptography to the government for review, to register
as an arms dealer, and to apply for and obtain from the government a
license to publish his ideas. Failure to do so would result in severe
civil and criminal penalties. Bernstein believes this is a violation
of his First Amendment rights and has sued the government.

In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment. On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.

Because of its far-reaching implications, the Bernstein case is being
watched closely by privacy advocates, the computer industry, the export
and cryptography communities, and First Amendment activists. In fact,
several members of these communities provided declarations that were
submitted in support of Bernstein's motion.

August 17, 1996

Federal Civil Rights Action Seeks Injunction Against State Department And National Security Agency

For Immediate Release
Cleveland, Wednesday, August 7, 1996

For More Information Contact:
Raymond Vasvari (216) 522-1925
Gino Scarselli (216) 291-8601

More Information Will Be Available at:
URL: http://samsara.law.cwru.edu

_________________________________________________________________

A Case Western Reserve University law professor filed suit today in
federal court, challenging government regulations which restrict his
ability to teach a course in computer law. Peter Junger, a twenty-five
year veteran of the law school faculty, will file a federal civil
rights action this afternoon in the United States District Court in
Cleveland. The suit names the Department of State and the secretive
National Security Agency, which administer federal regulations
limiting Professor Junger's ability to teach.

The case involves the International Traffic in Arms Regulations, or
ITAR, federal regulations which restrict the export of military
technology. Under the ITAR, cryptographic computer software, which
encodes text to preserve the privacy of messages on the Internet, is
considered a "munition" and subject to strict export control. The
regulations raise significant First Amendment questions by defining
"export" to include discussing technical information about
non-classified software with foreign nationals, such as students
registered for Professor Junger's course.

In recent months, the State Department has sent a series of letters
threatening possible criminal action to a Florida man who posted a
simple cryptographic algorithm to the "sci.crypt" Usenet Newsgroup, an
Internet site popular with cryptography enthusiasts. These and similar
incidents have caused Professor Junger to limit his discussions of
cryptographic material with foreign colleagues, for fear of violating
the ITAR. Penalties for unlicenced disclosure of cryptographic
information are severe: federal law provides ten year prison terms and
One Million Dollar fines for those convicted of violating the Arms
Export Control Act, the legislation under which the ITAR was
promulgated.

Professor Junger, whose class at Case Western Reserve focuses on the
legal aspects of computer use and software development, plans to turn
away any foreign students who register for the course this fall,
largely because the law is uncertain as to what he may teach, and to
whom.

The restrictions at issue are administered by the Department of State,
in cooperation with the ultra-secret National Security Agency, the
organization charged with eavesdropping on foreign governments. Under
the ITAR, Junger may not teach foreign students about even simple
software capable of encoding messages. Such software is vital to
maintaining the privacy of communications and financial transactions
on the Internet, and Junger believes that lawyers need to understand
how it works in order to prepare to practice in an increasingly
technological world.

The information that Junger wishes to disclose is widely available on
the Internet and elsewhere. "It's not as though we are talking about
classified information," explained Gino Scarselli, one of three
lawyers representing Junger in the case. "The material at issue in
this case can be found in any university library, but the regulations
make no exceptions for even the most basic software," Scarselli noted.
The lawsuit does not challenge the government's right to restrict
access to classified information.

Junger is also represented by Raymond Vasvari and Kevin Francis
O'Neill, two Cleveland attorneys with considerable experience in First
Amendment issues. As Vasvari explained, the suit presents important
First Amendment questions about the government's ability to regulate
academic life. "These regulations allow the government to dictate what
a professor may and may not teach, even though the material involved
poses no threat to national security," Vasvari explained.

The suit charges that by requiring Junger to apply for a federal
license to discuss cryptography with foreigners, the government is
violating a well-established First Amendment rule which prohibits the
government from imposing prior restraints on expression without clear,
narrowly drawn standards distinguishing prohibited expression from
permissible speech. The United States Supreme Court has consistently
held that such prior restraints face a heavy burden in court, and that
standardless licencing schemes allowing officials broad discretion in
restriction speech are unconstitutional.

Because computer cryptography is expected to play an important role in
the economic development of the Internet, the case is being closely
watched. Scarselli has worked closely with attorneys affiliated with
the San Francisco based Electronic Frontier Foundation in preparing
the suit, and Junger and his lawyers have been in frequent contact
with John Gilmore, formerly of Sun Microsystems, who has offered his
assistance as a technical advisor in the case.

At issue is not only Junger's right to discuss cryptography with
foreigners, but also his and other's right to publish and distribute
such information both in traditional forms and on the internet.

Professor Junger's suit seeks declaratory and injunctive relief,
prohibiting the government from interfering with his, or any other
person's, discussing non-classified cryptographic information with
foreign persons or from publishing that information. Lawyers for
Junger have moved the court for a preliminary injunction. Junger's
course begins in the fall semester, later this month.

July 26, 1996

July 26, 1996 Electronic Frontier Foundation

Contacts:
Shari Steele, Staff Counsel
301/375-8856, ssteele@eff.org

Mike Godwin, Staff Counsel
510/548-3290, mnemonic@eff.org

Lori Fena, Executive Director
415/436-9333, lori@eff.org

San Francisco, CA -- A University of Illinois at Chicago faculty member
who is suing the U.S. Department of State will file a motion Friday that
could strengthen his claim that government restrictions on information
about cryptography violate the First Amendment's protections for freedom
of speech. The full text of the motion for partial summary judgment is
also available.

Relying on Judge Marilyn Hall Patel's prior ruling that computer source
code is speech protected by the First Amendment, mathematician Daniel J.
Bernstein will file a motion for partial summary judgment in his suit
against the State Department.

In his 45-page memorandum in support of his motion, Bernstein sets forth
several First Amendment arguments:

LEGAL ARGUMENTS

* Any legal framework that requires a license for First Amendment
protected speech, which may be granted or withheld at the discretion of a
government official, is a prior restraint on speech. In order for this
framework to be acceptable, the government has the burden of showing that
publication will "surely result in direct, immediate, and irreparable
damage to our Nation or its people" and that the regulation at issue is
necessary to prevent this damage. The government has not met this burden
regarding the ITAR legal framework.

* Because restrictions on speech about cryptography are
content-based, the court must apply a strict scrutiny test in determining
whether individuals can be punished for engaging in this speech. A strict
scrutiny test requires that a regulation be necessary to serve a
compelling state interest and that it is narrowly drawn to achieve that
end. The ITAR regulatory scheme has adopted the *most* restrictive
approach by prohibiting all speech in the area of cryptography.

* The ITAR regulatory framework lacks the necessary procedural
safeguards. Grants of administrative discretion must be limited by clear
standards, and judicial review must be available. "Quite simply, the ITAR
Scheme allows its administrative agencies to make inconsistent, incorrect
and sometimes incomprehensible decisions censoring speech, all without the
protections of judicial review or oversight."

* The ITAR framework is unconstitutionally vague. The government
doesn't even seem to know what its regulations include and exclude! Here,
the lack of standards has allowed the government to misuse a statute aimed
at commercial, military arms sales to limit academic and scientific
publication.

* The ITAR regulatory scheme is overbroad. In an internal memo
written almost 20 years ago, the government's own Office of Legal Counsel
concluded that the ITAR s licensing standards "are not sufficiently
precise to guard against arbitrary and inconsistent administrative
action." The OLC specifically warned that the coverage was so broad it
could apply to "communication of unclassified information by a technical
lecturer at a university or to the conversation of a United States
engineer who meets with foreign friends at home to discuss matters of
theoretical interest." This is exactly what is happening here, and it is
unconstitutional.

CASE BACKGROUND

While a graduate student at the University of California at Berkeley,
Bernstein completed the development of an encryption equation (an
"algorithm") he calls "Snuffle." Bernstein wishes to publish a) the
algorithm, (b) a mathematical paper describing and explaining the
algorithm, and (c) the "source code" for a computer program that
incorporates the algorithm. Bernstein also wishes to discuss these items
at mathematical conferences, college classrooms and other open, public
meetings. The Arms Export Control Act and the International Traffic in
Arms Regulations (the ITAR regulatory scheme) required Bernstein to submit
his ideas about cryptography to the government for review, to register as
an arms dealer, and to apply for and obtain from the government a license
to publish his ideas. Failure to do so would result in severe civil and
criminal penalties. Bernstein believes this is a violation of his First
Amendment rights and has sued the government.

In the first phase of this litigation, the government argued that since
Bernstein's ideas were expressed, in part, in source code, they were not
protected by the First Amendment. On April 15, 1996, Judge Marilyn Hall
Patel in the Northern District of California rejected that argument and
held for the first time that computer source code is protected speech for
purposes of the First Amendment.

Because of its far-reaching implications, the Bernstein case is being
watched closely by privacy advocates, the computer industry, the export
and cryptography communities, and First Amendment activists. In fact,
several members of these communities provided declarations that were
submitted in support of Bernstein's motion.

April 17, 1996

April 17, 1996
Electronic Frontier Foundation Contacts:
Shari Steele, Staff Counsel
301/375-8856, ssteele@eff.org
Lori Fena, Executive Director
415/436-9333, lori@eff.org

Denying the government's motion for dismissal in mathematician Daniel Bernstein's suit against the State Department, Judge Marilyn Hall Patel in the Northern District of California ruled Monday that source code in Bernstein's cryptographic algorithm, "Snuffle," is speech that is protected from prior restraint by the First Amendment.

LANDMARK RULING
This is the first time a U.S. court has ruled that source code is speech under First Amendment analysis. Previously, courts have held that software is speech for copyright law only.

The decision states in part: "This court can find no meaningful difference between computer language, particularly high-level languages as defined above, and German or French....Like music and mathematical equations, computer language is just that, language, and it communicates information either to a computer or to those who can read it....Thus, even if Snuffle source code, which is easily compiled into object code for the computer to read and easily used for encryption, is essentially functional, that does not remove it from the realm of speech....For the purposes of First Amendment analysis, this court finds that source code is speech."

(The full text of the decision can be found at http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS/Legal/Decision_041596/)

Judge Patel's acknowledgment that source code enjoys Constitutional protection has implications that reach far beyond cases involving the export of cryptography. The decision holds importance to the future of secure electronic commerce and lays the groundwork needed to expand First Amendment protection to electronic communication.

Because of its far-reaching implications, the Bernstein case is being watched closely not only by privacy advocates, but by the entire computer industry, the export and cryptography communities and First Amendment advocates.

CASE WILL PROCEED
The decision allows Bernstein to continue with his lawsuit that the International Traffic in Arms Regulation (ITAR) acts as a prior restraint on speech and that the ITAR is overbroad and vague.

EFF is very pleased with Judge Patel's ruling and believes that it bodes well for Bernstein's ultimate success in trial, which is now scheduled to proceed with the normal pre-trial and trial sequence of events.

The court drew an important distinction between the Bernstein case and other cases involving export controls on cryptography. The government has cited several cases involving the Export Administration Act as reasons why the Bernstein case should be dismissed. Judge Patel recognized that the Constitutional questions being raised by Bernstein differ significantly from the policy questions raised in the cases introduced by the government.

Judge Patel also ruled that Bernstein could bring his case even though the Arms Export Control Act specifically precludes judicial review, because what Bernstein is asking the court to review (i.e., the constitutionality of the statute and its regulations) was not what had been precluded (i.e., the government's determination in a particular instance whether or not something was exportable). "With respect to constitutional questions, the judicial branch not only possesses the requisite expertise to adjudicate these issues, it is also the best and final interpreter of them."

CASE BACKGROUND
As part of her decision, Judge Patel determined that only the source code was at issue in the case, not Bernstein's academic paper describing the source code. Bernstein tried to get the government to rule separately on the paper and the code back in 1993 by filing separate commodity jurisdiction requests. The State Department merged the requests and rejected them all. On June 29, 1995, after Bernstein and EFF filed suit, the government sent Bernstein a letter saying that the paper could be published and never had been forbidden. While Judge Patel claimed that the issue of the paper now appeared to be moot, she commented, "It is disquieting than an item defendants now contend could not be subject to regulation was apparently categorized as a defense article and subject to licensing for nearly two years, and was only reclassified after plaintiff initiated this action."

April 16, 1996

On October 20th in San Francisco, we'll have the first public hearing
in the EFF/Bernstein lawsuit, which seeks to have the export laws on
cryptography declared unconstitutional. You are invited!

Meet at the Federal Building in San Francisco, 450 Golden Gate Avenue.
The first "oral arguments" in the Bernstein crypto export case will
happen there, starting at 10:30am PST, in Judge Marilyn Hall Patel's
courtroom, upstairs. We've been FedExing legalese back and forth for
months; now we get to explain the case in person. You can meet our
intrepid lawyers, who are slaving away without pay, _in_durance_vile_,
to protect our rights! Shake hands with an NSA lawyer specially flown
in for the occasion! Meet some local journalists! And watch the
wheels of justice grind as the judge first explores our case.

In this case, Dan Bernstein, ex-grad-student from UC Berkeley, is
suing the State Department, NSA, and other agencies, with help from
EFF. Our main argument is that the export controls on crypto software
are a "prior restraint on publication" which is unconstitutional under
the First Amendment unless handled very delicately by a court (not just
by an agency acting on its own). These agencies restrained Dan's ability
to publish a paper, as well as source code, for the crypto algorithm that
he invented. There are additional arguments along the lines that the
State Department and NSA take a lot more liberties during the export
process than their own regulations and laws really permit.

Like Phil Karn's case, this lawsuit really has the potential to outlaw
the whole NSA crypto export scam. We could make your right to publish
and export crypto software as well-protected by the courts as your
right to publish and export books. Of course, the government would
appeal any such decision, and it will take years and probably an
eventual Supreme Court decision to make it stick. But you can be
there at the very beginning.

Please make a positive impression on the judge. Show her -- by
showing up -- that this case matters to more people than just the
plaintiff and defendant. That how it gets decided will make a
difference to society. That the public and the press are watching,
and really do care that it gets handled well. We'll have to be quiet
and orderly while we're in the courthouse. There will be no questions
from the audience (that's us), but the session will be tape-recorded,
and you can take notes if you like. Banners and inflamatory t-shirts are
probably not a good idea. Consider this a dress-up day.

The particular issue in front of Judge Patel on the 20th is whether the
case should be thrown out. The government is arguing that it should.
It's a mess of legal details about whether the Judicial Branch has the
right to decide questions like this, and over whether we have really
properly claimed a Constitutional rights violation. It will teach
most observers something about how the courts work, and how the NSA and
State Dept use bureaucratic tricks to avoid facing the real issues.
We have managed to drag in some of these issues, like whether there is
sufficient "expression" in software that the First Amendment should
protect publishers of software. It's possible, but unlikely, that the
judge will decide then-and-there. We will get some clues to how
she is leaning, based on her questions and comments. Her written
decision will come out some days or weeks later.

Don't bring any interesting devices unless you're willing to check
them with the lobby guards for the duration. They seem to want to
hold onto guns, "munitions", and even small pocketknives, before
they'll let you go upstairs to the courtrooms.

February 21, 1995

First Amendment Protects Information about Privacy Technologies

In a move aimed at expanding the growth and spread of privacy and security technologies, the Electronic Frontier Foundation is sponsoring a federal lawsuit filed today seeking to bar the government from restricting publication of cryptographic documents and software. EFF argues that the export-control laws, both on their face and as applied to users of cryptographic materials, are unconstitutional.

Cryptography, defined as "the science and study of secret writing," concerns the ways in which communications and data can be encoded to prevent disclosure of their contents through eavesdropping or message interception. Although the science of cryptography is very old, the desktop-computer revolution has made it possible for cryptographic techniques to become widely used and accessible to nonexperts.

EFF believes that cryptography is central to the preservation of privacy and security in an increasingly computerized and networked world. Many of the privacy and security violations alleged in the Kevin Mitnick case, such as the theft of credit card numbers, the reading of other people's electronic mail, and the hijacking of other people's computer accounts, could have been prevented by widespread deployment of this technology. The U.S. government has opposed such deployment, fearing that its citizens will be private and secure from the government as well as from other vandals.

The plaintiff in the suit is a graduate student in the Department of Mathematics at the University of California at Berkeley named Daniel J. Bernstein. Bernstein developed an encryption equation, or algorithm, and wishes to publish the algorithm, a mathematical paper that describes and explains the algorithm, and a computer program that runs the algorithm. Bernstein also wishes to discuss these items at mathematical conferences and other open, public meetings.

The problem is that the government currently treats cryptographic software as if it were a physical weapon and highly regulates its dissemination. Any individual or company who wants to export such software -- or to publish on the Internet any "technical data" such as papers describing encryption software or algorithms -- must first obtain a license from the State Department. Under the terms of this license, each recipient of the licensed software or information must be tracked and reported to the government. Penalties can be pretty stiff -- ten years in jail, a million dollarcriminal fine, plus civil fines. This legal scheme effectively prevents individuals from engaging in otherwise legal communications about encryption.

The lawsuit challenges the export-control scheme as an ``impermissible prior restraint on speech, in violation of the First Amendment.'' Software and its associated documentation, the plaintiff contends, are published, not manufactured; they are Constitutionally protected works of human-to-human communication, like a movie, a book, or a telephone conversation. These communications cannot be suppressed by the government except under very narrow conditions -- conditions that are not met by the vague and overbroad export-control laws. In denying people the right to publish such information freely, these laws, regulations, and procedures unconstitutionally abridge the right to speak, to publish, to associate with others, and to engage in academic inquiry and study. They also have the effect of restricting the availability of a means for individuals to protect their privacy, which is also a Constitutionally protected interest.

More specifically, the current export control process:

* allows bureaucrats to restrict publication without ever going to court;

* provides too few procedural safeguards for First Amendment rights;

* requires publishers to register with the government, creating in effect a "licensed press";

* disallows general publication by requiring recipients to be individually identified;

* is sufficiently vague that ordinary people cannot know what conduct is allowed and what conduct is prohibited;

* is overbroad because it prohibits conduct that is clearly protected (such as speaking to foreigners within the United States);

* is applied overbroadly, by prohibiting export of software that contains no cryptography, on the theory that cryptography could be added to it later;

* egregiously violates the First Amendment by prohibiting private speech on cryptography because the government wishes its own opinions on cryptography to guide the public instead; and

* exceeds the authority granted by Congress in the export control laws in many ways, as well as exceeding the authority granted by the Constitution.

If this suit is successful in its challenge of the export-control laws, it will clear the way for cryptographic software to be treated like any other kind of software. This will allow companies such as Microsoft, Apple, IBM, and Sun to build high-quality security and privacy protection into their operating systems. It will also allow computer and network users, including those who use the Internet, much more freedom to build and exchange their own solutions to these problems, such as the freely available PGP encryption program. And it will enable the next generation of Internet protocols to come with built-in cryptographic security and privacy, replacing a sagging part of today's Internet infrastructure.

Lead attorney on the case is Cindy Cohn, of McGlashan and Sarrail in San Mateo, CA, who is offering her services pro-bono. Major assistance has been provided by Shari Steele, EFF staff; John Gilmore, EFF Board; and Lee Tien, counsel to John Gilmore. EFF is organizing and supporting the case and paying the expenses.

Civil Action No. C95-0582-MHP was filed today in Federal District Court for the Northern District of California. EFF anticipates that the case will take several years to win. If the past is any guide, the government will use every trick and every procedural delaying tactic available to avoid having a court look at the real issues. Nevertheless, EFF remains firmly committed to this long term project. We are confident that, once a court examines the issues on the merits, the government will be shown to be violating the Constitution, and that its attempts to restrict both freedom of speech and privacy will be shown to have no place in an open society.

Full text of the lawsuit and other paperwork filed in the case is available from the EFF's online archives. The exhibits which contain cryptographic information are not available online, because making them publicly available on the Internet could be considered an illegal export until the law is struck down. The non-cryptographic exhibits and other documents including the complaint, as well as a series of letters between Bernstein and various government people regarding crypto export are available at:

http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export/Bernstein_case

Press contact: Shari Steele, EFF: ssteele@eff.org, +1 202 861 7700.

For further reading, we suggest:

The Government's Classification of Private Ideas: Hearings Before a
Subcomm. of the House Comm. on Government Operations, 96th Cong., 2d
Sess. (1980)

John Harmon, Assistant Attorney General, Office of Legal Counsel,
Department of Justice, Memorandum to Dr. Frank Press, Science Advisor to
the President, Re: Constitutionality Under the First Amendment of ITAR
Restrictions on Public Cryptography (May 11, 1978). [Included in the
above Hearings; also online as http://www.eff.org/pub/EFF/Policy/Crypto/
ITAR_export/ITAR_FOIA/itar_hr_govop_hearing.transcript].

Alexander, Preserving High-Tech Secrets: National Security Controls on
University Research and Teaching, 15 Law & Policy in Int'l Business 173
(1983)

Cheh, Government Control of Private Ideas-Striking a Balance Between
Scientific Freedom and National Security, 23 Jurimetrics J. 1 (1982)

Funk, National Security Controls on the Dissemination of Privately
Generated Scientific Information, 30 U.C.L.A. L. Rev. 405 (1982)

Pierce, Public Cryptography, Arms Export Controls, and the First
Amendment: A Need for Legislation, 17 Cornell Int'l L. J. 197 (1984)

Rindskopf and Brown, Jr., Scientific and Technological Information and
the Exigencies of Our Period, 26 Wm. & Mary L. Rev. 909 (1985)

Ramirez, The Balance of Interests Between National Security Controls and
First Amendment Interests in Academic Freedom, 13 J. Coll. & U. Law 179
(1986)

Shinn, The First Amendment and the Export Laws: Free Speech on
Scientific and Technical Matters, 58 Geo. W. L. Rev. 368 (1990)

Neuborne and Shapiro, The Nylon Curtain: America's National Border and
the Free Flow of Ideas, 26 Wm. & Mary L. Rev. 719 (1985)

Greenstein, National Security Controls on Scientific Information, 23
Jurimetrics J. 50 (1982)

Sullivan and Bader, The Application of Export Control Laws to Scientific
Research at Universities, 9 J. Coll. & U. Law 451 (1982)

Wilson, National Security Control of Technological Information, 25
Jurimetrics J. 109 (1985)

Kahn, The Codebreakers: The Story of Secret Writing. New York:
Macmillan (1967) [Great background on cryptography
and its history.]

Relyea, Silencing Science: national security controls and scientific
communication, Congressional Research Service. Norwood, NJ:
Ablex Publishing Corp. (1994)

John Gilmore, Crypto Export Control Archives, online at
http://www.cygnus.com/~gnu/export.html

February 21, 1995

60 Minutes
CBS News
555 West 57th Street
New York, NY 10019

Dear 60 Minutes,

Your February 26 story on computer security missed the most important point
-- the United States Government requires network providers to keep their
systems easily exploited. Encryption would enable companies to thwart
unwanted intrusion by disguising the content of messages, making the
messages virtually unreadable to anyone who does not possess the decryption
key. Computer intruders would not be able to steal passwords or credit
card information because they would not be able to read the data.
Furthermore, encryption helps authenticate users by making it difficult to
forge information used to identify messages.

But network security poses an interesting threat to U.S. law enforcement.
If the system is secure, how can the National Security Agency intercept the
messages of evil terrorists? Rather than "ramp up" their own law
enforcement techniques, the NSA and others have made a requirement that the
networks "dumb down" to their level. Such antiquated Cold War thinking has
resulted in the State Department refusing to remove encryption from the
U.S. Munitions List, -- where it currently sits right alongside
flamethrowers and B-1 bombers -- severely restricting its legal use on
international networks like the Internet.

The Electronic Frontier Foundation has just filed a lawsuit challenging the
the current Arms Export Control Law on First Amendment grounds. (The press
release is included.) Hopefully, this will open the door for technological
solutions to protecting security that are currently available but remain
illegal.

Sincerely,

Shari Steele
Director of Legal Services

March 2, 1993

By Rory J. O'Connor
Mercury News Staff Writer

A Berkeley mathematician sued the State Department
Tuesday, in a case designed to challenge the government's
designation of encryption software as a ``munition'' subject
to extensive export controls.

The policy has prevented even the publication of some
schemes for individuals to protect their computer data or
electronic mail from eavesdropping. Distributing information
about many encryption schemes without government approval
could be a criminal act punishable by 10 years in prison and
fines of $1 million or more.

Daniel Bernstein, a Ph.D. candidate at the University of
California, decided to sue after the government told him 18
months ago he would have to register as an arms dealer under
the International Traffic in Arms Regulation if he wanted to
publicize an encryption program he had developed, according to
his attorney, Cindy Cohn of McGlashan and Sarrail in San
Mateo.

After reading electronic postings from other
cryptographers, Bernstein applied for permission to publish
the program and a paper describing how it works.

The government favors a strict policy because
computerized methods for sending coded messages have made the
job of intelligence gathering far more difficult.
Intelligence agencies have expressed concern that terrorists,
drug traffickers and hostile foreign governments could obtain
such string [sic] encryption software and communicate via
undecipherable coded messages.

Some of the exhibits filed with the lawsuit that outline
Bernstein's scheme had to be sealed from public view, Cohn
said. Attorneys were barred from discussing them because
making them public could be construed as a criminal act.

Civil liberties groups with computer connections have
long opposed the government's practice, saying it stifles
freedom of expression.

Pages

Subscribe to EFF Press Releases
JavaScript license information