Skip to main content

Press Room

July 24, 2001

Seeking Release of Dmitry Sklyarov

By Facsimile and Personal Delivery

Robert S. Mueller, III,

United States Attorney

450 Golden Gate Ave., Box 36055
San Francisco CA, 94102

Fax (415) 436-7234

Re: United States v. Sklyarov

Dear Mr. Mueller:

I am the Executive Director of the Electronic Frontier Foundation (EFF). I write to request a meeting with you to discuss the Sklyarov case. We have been attempting to contact you by telephone since Monday afternoon, but have not yet been successful.

As you may be aware, yesterday Adobe Systems, Incorporated, in a joint press release with the EFF, recommended the release of Mr. Sklyarov from federal custody. We attach a copy of the joint press release for your convenience.

Since the original complainant no longer wishes that this case be prosecuted and since Mr. Sklyarov remains in custody in Las Vegas, NV, far from his home and family, we would like to meet with you to discuss how Mr. Sklyarov can be freed.

We are available to meet at your convenience. Given the broad attention that this matter has garnered, Adobe's change of heart and the fact that Mr. Sklyarov remains in custody, we expect that there soon will be significant protests aimed at your offices calling for his release. While the EFF does not have the ability to control independent protests, if you indicate your willingness to meet with us by the end of the day Wednesday, July 25, we will, as a sign of good faith, refrain from calling for or organizing additional protests before that time.

We were pleased with Adobe's willingness to discuss this matter in a frank and open manner and hope that you will be willing to do the same. You can reach me on my office phone (415) 436-9333 x 103.

Sincerely,

SHARI STEELE

Executive Director

July 21, 2001

of Russian Programmer

Contacts for EFF:

Will Doherty, EFF Online Activist / Media Relations,
wild@eff.org,
+1 415-436-9333 x111

Robin Gross, EFF Staff Attorney - Intellectual Property,
robin@eff.org,
+1 415-436-9333 x112

Contact for Adobe:

Holly Campbell, Senior Corporate Public Relations Manager,
campbell@adobe.com,
+1 408-536-6401

San Jose, Calif. - Adobe Systems Incorporated (Nasdaq: ADBE) and the Electronic Frontier Foundation (EFF) today jointly recommend the release of Russian programmer Dmitry Sklyarov from federal custody.

Adobe is also withdrawing its support for the criminal complaint against Dmitry Sklyarov.

"EFF praises Adobe for doing the right thing," said Shari Steele, EFF Executive Director. "We are pleased to see that Adobe has lived up to the high standard of integrity that has made the company successful. While we don't agree on every detail of the Digital Millennium Copyright Act (DMCA), we look forward to working together with Adobe to secure Dmitry's immediate release."

"We strongly support the DMCA and the enforcement of copyright protection of digital content," said Colleen Pouliot, Senior Vice President and General Counsel for Adobe. "However, the prosecution of this individual in this particular case is not conducive to the best interests of any of the parties involved or the industry. ElcomSoft's Advanced eBook Processor software is no longer available in the United States, and from that perspective the DMCA worked. Adobe will continue to protect its copyright interests and those of its customers."

Sklyarov was arrested July 16 on a criminal complaint filed by the U.S. Attorney for the Northern District of California under the DMCA. ElcomSoft is the Moscow-based company employing Sklyarov.
About Adobe Systems Incorporated

Adobe Systems Incorporated ( http://www.adobe.com ) builds award winning software solutions for Network Publishing, including Web, print, video, wireless and broadband applications. Its graphic design, imaging, dynamic media and authoring tools enable customers to create, manage and deliver visually-rich, reliable content. Headquartered in San Jose, Calif., Adobe is the second largest PC software company in the U.S., with annual revenues exceeding $1.2 billion.

July 20, 2001

to Attorney General John Ashcroft

Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110

The Honorable John Ashcroft
Attorney General
Department of Justice
950 Pennsylvania Avenue N.W.
Washington, D.C. 20530

July 20, 2001

Dear Attorney General Ashcroft:

At the request of Adobe Corporation, Dmitry Sklyarov was arrested by the FBI on July 16th and charged with crimes under the Digital Millennium Copyright Act (DMCA). Mr. Sklyarov is a Russian national who came to the United States to deliver an academic presentation on his technological innovations. His arrest and subsequent detention without bail are shameful and opportunistic actions against an individual who was here simply to share his knowledge and technical expertise with American scientists.

Dmitry Sklyarov is not accused of any copyright infringement of any sort. He is a computer programmer. He stands accused of writing software that enables purchasers of electronic books to exercise their lawful fair use rights when viewing their eBooks. Such software is both legal and required in Russia, where it was written and developed. And while the DMCA does not prohibit its use in the US, providing the technology is banned under the DMCA. Courts have determined time and time again that computer code is creative expression worthy of First Amendment protection. Mr. Sklyarov is currently being held captive for the content of his ideas that demonstrate the flaws in Adobe's software and because he expressed them in the most precise scientific language available to his profession, computer code. Mr. Sklyarov's right to free expression under the U.S. Constitution and international treaty obligations must be respected.

Not only are Dmitry Sklyarov's human and civil rights being abused, the inability of programmers to distribute fair use tools infringes on the free speech rights of all of citizens who legitimately need them. Fair use is an integral part of the bargain of rights struck between the public and authors under U.S. copyright law. The U.S. Supreme Court has held that fair use provides the necessary breathing room to prevent a conflict between copyright and the guarantees of freedom of expression under the First Amendment. Although the Constitution mandates that copyrighted works pass into the public domain, the DMCA has outlawed all tools necessary to gain access to the works, even after those works rightfully belong to the public. Technology permits publishers to restrict access to and control the use of copyrighted works in ways that dangerously exceed the bounds of copyright, encroaching upon the public's rights to use and access knowledge.

While copyright holders are not accountable for the manner in which they release a work, the people must be permitted to take necessary steps in order to exercise their rights under the law. Jailing Dmitry Sklyarov strips people everywhere of that right and chills important research. The DMCA must be reigned in to comport with the limits set by the US Constitution.

When the DMCA was passing through Congress in 1998, the copyright industry promised it was needed as a shield for protection. Now as law, its used as a powerful sword to squelch speech and competition and kill fair use. Congress never intended for the DMCA to destroy fair use, in fact it expressly tried to protect it. As Attorney General, we ask that you honor this intent and your obligation to uphold the Constitution by dropping the charges against Dmitry Sklyarov and allowing him to return home to his wife and two small children.

Sincerely,

Shari Steele
Executive Director
Electronic Frontier Foundation

July 19, 2001

EFF Urges His Immediate Release

The Electronic Frontier Foundation and community activists urge concerned citizens to join in a San Francisco Bay Area protest on Monday, July 23, against software firm Adobe's role in the jailing of programmer Dmitry Sklyarov.

The local protest is part of a multinational effort to secure the release of Sklyarov, who was arrested for distributing electronic book software that expands the capabilities for reading, sharing, printing, and making backups of electronic books.

According to a Justice Department complaint used by the FBI in the Las Vegas arrest of Sklyarov earlier this week, Adobe requested that the Justice Department take action against the programmer, resulting in his arrest shortly after giving a conference presentation on security weaknesses of Adobe's eBook Reader software.

"Adobe, seeking to protect electronic property rights at any cost, has apparently pushed the U.S. Department of Justice into an ill-advised arrest of a Russian programmer under the Digital Millenium Copyright Act," reported EFF Executive Director Shari Steele.

Robin Gross, EFF Staff Attorney, said, "We join the international community in expressing outrage at the selective arrest of programmer Dmitry Sklyarov for allegedly distributing software that we believe is perfectly legal and helpful to electronic book purchasers."

"Our hearts go out to Dmitry's wife, children, and colleagues who are likely distraught by what appears to be a most disgraceful arrest," added Will Doherty, EFF Online Activist. "We protest Adobe's role in perpetrating this grave miscarriage of justice."

The San Francisco Bay Area protest will occur at Adobe Headquarters, from 11:00 am to 1:00 pm this Monday, July 23. Protestors will gather in San Jose at the Quetzalcoatl snake sculpture at the south end of Cesar de Chavez Park, at the corner of South Market St. and West San Carlos St, then march to Adobe Headquarters at 345 Park Avenue in San Jose.

Protest organizers include the Electronic Frontier Foundation, BoycottAdobe.com, and a loose-knit group of activists linked together through the free-sklyarov email list.

The organizers request that attendees bring along U.S. or Russian flags and signs. Free T-shirts from a group called BoycottAdobe.com will be distributed to the first fifty attendees.

Protests are also expected in Moscow, Denver, Boston, Seattle, and other locations.

For the latest information on the Sklyarov case, media releases, legal filings, and the protests, including ridesharing options, see:
http://www.eff.org/Alerts/

July 19, 2001

Publishers Hail Government Action Against Russian Ebook Hacker

Publishers Hail Government Action Against Russian Ebook Hackers

Washington, DC: The nation's largest association of book and journal publishers today hailed the actions of the U.S. Department of Justice in arresting and charging a Russian cryptographer for trafficking in software that was primarily designed to "hack" technological safeguards that prevent unauthorized copying and distribution of ebooks.

The actions at issue were taken in accordance with provisions of the Digital Millennium Copyright Act (DMCA), which was enacted by Congress in 1998 to implement two international copyright treaties that were adopted by the World Intellectual Property Organization (WIPO) and endorsed by the United States and nearly 100 other nations two years earlier. Among other things, the DMCA prohibits the manufacture or distribution of products or services that are primarily designed or produced to circumvent technological protection measures used by copyright owners, thereby meeting the treaties' requirement that signatory countries provide "adequate legal protection and effective legal remedies against circumvention" of such measures.

According to news reports and documents filed by the Justice Department in the case, Dmitry Sklyarov is the alleged author of a program, "Advanced eBook Processor," which was designed to unlock and strip the technological protection measures from the "eBook Reader" produced by Adobe Systems Incorporated. Sklyarov, who was arrested a day after addressing a "hackers convention" in Las Vegas on the subject of this software, is an employee of ElcomSoft, a Russian software company that has allegedly been selling the software through its website.

Pat Schroeder, President and Chief Executive Officer of the Association of American Publishers (AAP), hailed the Justice Department's actions as consistent with the DMCA's "anticircumvention" provisions and the underlying Congressional intent to promote the availability of books and other copyrighted works on the Internet and in other digital formats.

According to Mrs. Schroeder, "It's only common sense to expect that, if the public wants desirable books to be available online and through other digital media like the Adobe Reader, the authors and publishers who have the legal rights to commercially exploit such works in the global digital marketplace must have reasonable assurances that the market value of their works can be protected from the extraordinary risks of illegal reproduction and distribution that are made possible by the capabilities of digital media. Congress understood this when it enacted the DMCA to help promote the online availability of copyrighted works."

"Distribution of the means to strip ebooks of their access and copyright protections is not a public service, any more than it would be a public service to distribute the keys that unlock a bookstore or public library," Mrs. Schroeder said. "It merely facilitates theft, and makes it less likely that ebooks will soon become a popular reading format."

The Association of American Publishers is the national trade organization of the U.S. book publishing industry. AAP's 310 members include most of the major commercial publishing houses, along with many small and medium-sized houses, university presses, and scholarly societies. Among the Association's top priorities is the protection of intellectual property rights in all media.

July 18, 2001

from EFF Executive Director Shari Steele

Once again, the Digital Millineum Copyright Act (DMCA) is proving itself to be as harmful to civil liberties as we predicted it would be. The latest victim is a Russian programmer named Dmitry Sklyarov, who authored a program that permits copying, printing and lending of electronic books by unlocking a proprietary Adobe electronic book format.

Mr. Sklyarov has been brought up on criminal charges under the DMCA for distributing a product designed to circumvent copyright protection measures. This is different than the 2600 and Felten cases, which are civil lawsuits. In a civil lawsuit, one private citizen (or company) sues another for money and/or the cessation of a particular action. In a criminal case, the government brings charges against an individual (or company) and the punishment for conviction can be prison and/or fines.

EFF has been in contact with the Assistant U.S. Attorney (AUSA)'s office trying to track Mr. Sklyarov's whereabouts and speak with him directly. While the arrest took place in Las Vegas, the complaint was executed in San Jose, meaning that Mr. Sklyarov will be sent to California to stand trial. We have spoken with his colleagues, criminal defense attorneys and others to help with his defense. After he arrives in California, our first order of business is to get Mr. Sklyarov out of jail on a bond pending his trial. EFF has begun to pull together a top-notch legal team to help him defend his right to talk about and distribute the Advanced eBook Processor software program, and we'll be ready to step in as soon as it is appropriate.

EFF knew when we took on the 2600 Case over a year ago that fixing the DMCA would require several legal challenges. EFF remains committed to chipping away at this law until it no longer poses a threat to our right to free speech.

Lest anyone be confused, this case is not about copyright infringement. Mr. Sklyarov is not accused of infringing anyone's copyrights. He is accused of building the Advanced eBook Processor, a tool that allows the legitimate purchaser of an e-book to translate it from one digital format into another (from Adobe's eBook format into Adobe's Portable Document Format). Mr. Sklyarov is not being prosecuted for using the tool himself -- in fact, such a prosecution would be impossible, since using such a tool (as distinguished from building or distributing one) breaks no law. Mr. Sklyarov has entered the strange Twilight Zone of the DMCA, where using a tool is legal, but building it is a crime.

We invite your support. If you are not yet an EFF member, please join with us at http://www.eff.org/support. If you already are a member and wish to make a donation, you can use that same link to get to our donation page.

Together we will keep the pressure on anyone who chooses to degrade our basic rights. Thanks for your help.

July 17, 2001

Distributed Tool that Increases Purchaser's Control of eBooks

The FBI arrested Russian citizen Dmitry Sklyarov in Las Vegas, Nevada, yesterday on charges of distributing a product designed to circumvent copyright protection measures. Sklyarov, who was in Las Vegas to deliver a lecture on electronic book security, allegedly authored a program which permits editing, copying, and printing of electronic books by unlocking a proprietary Adobe electronic book format.

Charged in one of the first United States criminal prosecutions under the Digital Millenium Copyright Act (DMCA), Sklyarov is currently in custody in Las Vegas pending transfer to the Northern California US Federal District Court.

The case involves Advanced eBook Processor (AEBPR), software developed by Sklyarov's Russian employer Elcomsoft. According to the company's website, the software permits eBook owners to translate from Adobe's secure eBook format into the more common Portable Document Format (PDF). The company maintains that the software only works on legitimately purchased eBooks.

Adobe's eBook format restricts the manner in which a legitimate eBook buyer may read, print, back up, and store electronic books. The Advanced eBook Processor appears to remove these usage restrictions, permitting an eBook consumer to enjoy the ability to move the electronic book between computers, make backup copies, and print. Many of these personal, non-commercial activities may constitute fair use under U.S. copyright law. Of course, the Advanced eBook Processor software may also make it easier to infringe copyrights, since eBooks, once translated into open formats like PDF, may be distributed in illegitimate ways.

Robin Gross, attorney with the Electronic Frontier Foundation (EFF), explained, "The U.S. government for the first time is prosecuting a programmer for building a tool that may be used for many purposes, including those that legitimate purchasers need in order to exercise their fair use rights."

Jennifer Granick, Clinical Director at the Stanford Law School Center for Internet and Society, commented that "the DMCA says that companies can use technology to take away fair use, but programmers can't use technology to take fair use back. Now the government is spending taxpayer money putting people from other countries in jail to protect multinational corporate profits at the expense of free speech."

Alexander Katalov, President and Owner of Elcomsoft, expressed anger and disappointment over Sklyarov's arrest: "Dimitry is only one of the programmers who worked on this program, so I don't understand why it is his sole responsibility. In Russia, we have no law like the DMCA. In fact, distributing Adobe's eBook software is illegal in Russia, since Russian law requires that the software permit the purchaser to make at least one legal copy."

June 6, 2001

Electronic Frontier Foundation Challenges Record Companies

Trenton, NJ -- The Electronic Frontier Foundation (EFF) today asked a federal court to rule that Princeton University Professor Edward Felten and his research team have a First Amendment right to present their research on digital music access-control technologies at the USENIX Security Conference this August in Washington, DC, despite threats from the recording industry.

When scientists from Princeton University and Rice University tried to publish their findings in April 2001, the recording industry claimed that the 1998 Digital Millennium Copyright Act (DMCA) makes it illegal to discuss or provide technology that might be used to bypass industry controls limiting how consumers can use music they have purchased.

Like most scientists, the researchers want to discuss their findings and publish a scientific paper about the vulnerabilities of several technologies they studied. Open discussion of music customer control technologies has resulted in improved technology and enhanced consumer choice.

"Studying digital access technologies and publishing the research for our colleagues are both fundamental to the progress of science and academic freedom," stated Princeton scientist Edward Felten. "The recording industry's interpretation of the DMCA would make scientific progress on this important topic illegal."

Felten's research team includes Princeton University scientists and plaintiffs Bede Liu, Scott Craver, and Min Wu. Also members of the research team and plaintiffs are Rice University researchers Dan Wallach, Ben Swartzlander, and Adam Stubblefield. Another scientist and plaintiff is Drew Dean, who is employed in the Silicon Valley. The USENIX Assocation has joined the case as a plaintiff.

The prominent scientist and his research team originally planned to publish the paper in April at the 4th International Information Hiding Workshop. However, the scientists withdrew the paper at the last minute because the Recording Industry Association of America (RIAA) and the Secure Digital Music Initiative (SDMI) Foundation threatened litigation against Felten, his research team, and the relevant universities and conference organizers.

SDMI sponsored the "SDMI Public Challenge" in September 2000, asking Netizens to try to break their favored watermark schemes, designed to control consumer access to digital music. When the scientists' paper about their successful defeat of the watermarks, including one developed by a company called Verance, was accepted for publication, Matt Oppenheim, an officer of both RIAA and SDMI, sent the Princeton professor a letter threatening legal liability if the scientist published his results.

EFF filed the legal challenge in New Jersey federal court against RIAA, SDMI, Verance, and the U.S. Justice Department so that the researchers need not fear prosecution under DMCA for publishing their research.

"When scientists are intimidated from publishing their work, there is a clear First Amendment problem," said EFF's Legal Director Cindy Cohn. "We have long argued that unless properly limited, the anti-distribution provisions of the DMCA would interfere with science. Now they plainly have."

"Mathematics and code are not circumvention devices," explained Jim Tyre, an attorney on the legal team, "so why is the recording industry trying to prevent these researchers from publishing?"

USENIX Executive Director Ellie Young commented, "We cannot stand idly by as USENIX members are prevented from discussing and publishing the results of legitimate research."

EFF is challenging the constitutionality of the anti-distribution provisions of the DMCA as part of its ongoing Campaign for Audiovisual Free Expression (CAFE). The CAFE campaign fights over-reaching intellectual property laws and restrictive technologies that threaten free speech in the digital age. "The recording studios want to control how consumers can use the music they buy. Now they want to control scientists and publishers, to prevent consumers from finding out how to bypass the unpopular controls," said EFF Staff Attorney Robin Gross.

Media professionals have been invited to attend a June 6 press conference and simultaneous teleconference on the Felten case featuring the legal team and Professor Felten.

The legal team includes EFF attorneys Lee Tien, Cindy Cohn, and Robin Gross. Outside lead counsel Gino Scarselli, argued the Junger case where the 6th Circuit Court of Appeals ruled unanimously that computer code is creative expression worthy of First Amendment protection. Also members of the legal team are James Tyre, a technology savvy lawyer from Southern California who co-founded the Censorware Project and wrote an amicus brief in Universal v. Reimerdes, and Joe Liu, a Professor of Law at Boston College. Local counsel in New Jersey are First Amendment specialists Frank Corrado of Rossi, Barry, Corrado, Grassi and Radell, and Grayson Barber, chair of the ACLU-NJ privacy committee.

For more background on Professor Felten and his team's legal challenge:
http://www.eff.org/sc/felten/

For EFF's legal filing in the Felten case:
http://www.eff.org/sc/felten/20010606_eff_complaint.html

RIAA/SDMI letter threatening Professor Felten and his team:
http://www.eff.org/sc/felten/20010409_riaa_sdmi_letter.html

Professor Felten's website:
http://www.cs.princeton.edu/sip/sdmi/

Listen to an audio file about EFF's legal challenge to SDMI (MP3):
http://www.eff.org/sc/felten/felten_audio.html

For more information on the August USENIX Security conference:
http://www.usenix.org/events/sec01/

About EFF:

The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most linked-to Web sites in the world: http://www.eff.org/

About USENIX:

The USENIX Association, an organization representing some 10,000 computer research scientists is dedicated to the free exchange of scholarly information through its many conferences and publications. See its website at: http://www.usenix.org/

April 20, 2001

ISP Subpoena for User's Identity Quashed in 2TheMart.com case

For Immediate Release -- Apr. 20, 2001
Contact:

Lauren Gelman, Public Policy Dir.
gelman@eff.org
+1 202 487-0420

Seattle -- In a precedent-setting ruling on free speech in cyberspace, a federal court in Seattle yesterday upheld the right to speak anonymously on the Internet. U.S. District Court Judge Thomas Zilly quashed a subpoena seeking to force an Internet service to disclose the identity of persons who spoke anonymously on an Internet message board. The American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) represented J. Doe, one of the anonymous speakers, in blocking the subpoena.

The subpoena was filed by 2TheMart.com, Inc., which is currently defending itself against a class-action lawsuit alleging the company engaged in securities fraud. The subpoena requested that InfoSpace turn over the identities of 23 speakers who used pseudonyms in participating on the Silicon Investor Web site owned by InfoSpace.

The ruling is the first of its kind nationally in a case involving anonymous speech by a third party. The case differs from many other Internet anonymity cases because J. Doe, who used the pseudonym "NoGuano," is not a party to the case, and no allegations of liability against Doe have been made. While Doe does maintain a Silicon Investor account, Doe never made any statements about 2TheMart, nor has Doe ever posted on Silicon Investor's 2TheMart message board.

"This is an important ruling for free speech on the Internet. The court recognized that you should be able to express opinions online without having to worry your privacy will be invaded because of a lawsuit that has nothing to do with you," said Aaron Caplan, staff attorney for the American Civil Liberties Union, an organization with an 80-year history of defending freedom of speech. "You have the right to speak anonymously on an Internet bulletin board just as you have the right to distribute a leaflet using a pseudonym," added Caplan. Caplan argued the case on behalf of J. Doe before the Court.

"By ruling for Doe, Judge Zilly has sent a clear message that the courts will not tolerate lawsuits designed to chill online speech," said Lauren Gelman, director of public policy for the Electronic Frontier Foundation, a civil liberties organization working to protect rights in the digital world. "We hope that this decision will force companies to think twice before they issue subpoenas, and encourage users to step forward and protect their rights if they receive a subpoena."

The ACLU and EFF argued that the Court should adopt the same test currently used to determine whether to compel identification of anonymous sources of journalists or members of private organizations. Under that test, the Court must first determine whether the person seeking the protected private information (in this case 2TheMart.com) has a genuine need for the information in the context of the case and cannot discover the information any other way. If so, the Court must then balance the harm to the anonymous speakers against the plaintiff's need to discover the identity of the speaker. Anonymity should be preserved unless the identity of the anonymous person is clearly shown to be of central importance to the case. In his ruling, Judge Zilly said that the information sought by the subpoena clearly was not central to the case of 2TheMart.com.

2TheMart.com was a fledgling company that intended to launch an online auction house. After its stock price plunged in 1999, a number of investors sued for securities fraud, alleging that the company had misled them about its prospects. Like many Internet start-ups, 2TheMart.com had a number of people who chatted about the company on investor-related bulletin boards. One of these bulletin boards was operated by Silicon Investor, a Web site now owned by Seattle-based InfoSpace. The postings were made under 23 different user names, including "The Truthseeker," "Edelweiss," and "NoGuano."

J. Doe was represented by ACLU staff attorney Aaron Caplan and Cindy Cohn, legal director for EFF. InfoSpace also submitted a brief supporting the right of its users to speak anonymously, and Brent Snyder of Perkins Coie argued the case before Judge Zilly on behalf of InfoSpace.

The briefs may be found at the EFF website at:
http://www.eff.org/Legal/Cases/2TheMart_case
and may also be available on the ACLU-WA website at: http://www.aclu-wa.org
An opinion will be published in the case and will be posted on the websites when it is available.
About EFF:

The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most linked-to Web sites in the world:
http://www.eff.org

February 26, 2001

EFF & ACLU-WA Defend Pseudonym-Using Message Board User

For Immediate Release
Contact:

Cindy Cohn
Director of Legal Services
Electronic Frontier Foundation
(415)436-9333 x 108

Doug Honig
ACLU
(206)624-2184

Seattle- In a case involving free speech and privacy rights online, the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) today asked a federal court in Washington to quash a subpoena that would force an Internet service to disclose the identity of a person who spoke anonymously on an Internet bulletin board.

The ACLU and EFF are representing J. Doe in seeking to block a subpoena by 2TheMart.com, Inc., which is currently defending itself against a class-action lawsuit alleging the company engaged in securities fraud. The subpoena requests InfoSpace turn over the identities of 23 speakers who used pseudonyms in participating on the Silicon Investor Web site owned by InfoSpace. The motion to quash the subpoena was filed in U.S. District Court in Seattle.

This case differs from many other Internet anonymity cases because J. Doe, who used the pseudonym "NoGuano," is not a party to the case, and no allegations of liability against Doe have been made. While Doe does maintain a Silicon Investor account, Doe never made any statements about 2TheMart, nor has Doe ever posted on Silicon Investor's 2TheMart message board.

"If the courts don't establish a standard for the issuance of subpoenas in cases where the anonymous speaker is not a party, every party in every civil action could start subpoenaing the identities of online speakers in the desperate hope of finding something useful for their case," said Cindy Cohn, Legal Director for the Electronic Frontier Foundation, a civil liberties organization working to protect rights in the digital world. "The courts should not allow subpoenas to be used for 'fishing expeditions' when individuals' First Amendment rights are at stake. The chilling effect on free speech would be catastrophic."

"People commonly use pseudonyms when speaking on the Internet. This promotes a diversity of viewpoints in cyberspace. The right to speak anonymously on an

Internet bulletin board should be upheld just as is the right to distribute a leaflet using a pseudonym," said Aaron Caplan, staff attorney for the American Civil Liberties Union, an organization with an 80-year history of defending freedom of speech.

In their brief filed today, the ACLU and EFF argue that the Court should adopt the same test currently used to determine whether to compel identification of anonymous sources of journalists or members of private organizations. Under that test, the Court must first determine whether the person seeking the protected private information (in this case 2TheMart.com) has a genuine need for the information in the context of the case and cannot discover the information any other way. If so, the Court must then balance the harm to the anonymous speakers against the plaintiff's need to discover the identity of the speaker. Anonymity should be preserved unless the identity of the anonymous person is clearly shown to be of central importance to the case.

2TheMart.com was a fledgling company that intended to launch an online auction house. After its stock price plunged in 1999, a number of investors sued for securities fraud, alleging that the company had misled them about its prospects. Like many Internet start-ups, 2TheMart.com had a number of people who chatted about the company on investor-related bulletin boards. One of these bulletin boards was operated by Silicon Investor, a Web site now owned by Seattle-based InfoSpace. The postings were made under 23 different user names, including "The Truthseeker," "Edelweiss," and "NoGuano."

John Doe is being represented by ACLU staff attorney Aaron Caplan and Cindy Cohn, legal director and senior staff attorney for EFF.

The brief may be found at the EFF Web site at: http://www.eff.org/Legal/Cases/2TheMart_case/

About EFF:

The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most linked-to Web sites in the world:
http://www.eff.org

Related Issues:
May 15, 2000

'Prior Restraint' of Speech Unconstitutional

Contacts:

Katina Bishop - EFF Communications Manager
+1 415 436 9333 x101
katina@eff.org

Robin Gross - EFF Staff Attorney
robin@eff.org

 

San Francisco CA -- The Electronic Frontier Foundation today appealed a January 20 order barring publication of DeCSS software on dozens of Web sites. The appeal to the California Sixth Appellate Court seeks to overturn the preliminary injunction that unfairly valued the DVD- CCA's claim of potential future financial harm above important First Amendment rights.

DeCSS is free software that allows people to play DVDs without technological restrictions, such as region codes, that are preferred by movie studios.

"The trial court simply ignored the defendant's First Amendment right to publish DeCSS on his Website," said David Greene, Executive Director and staff council to the First Amendment Project, and a member of EFF's DVD legal defense team. "The court's injunction is a prior restraint on free expression, one of the most severe civil penalties in our legal system. Even a momentary deprivation of the right to speak or publish causes serious and irreparable harm, far more grave than any monetary loss."

A "prior restraint" is government action that prevents a citizen's speech or publication from reaching its listeners. It can only be imposed for a very brief period, in extreme situations where the act of publishing threatens an interest more fundamental than the First Amendment itself, such as the safety of troops in wartime. In this case, the Preliminary Injunction prohibited publication of DeCSS after only a brief examination of dubious evidence. Furthermore, the order is unclear about exactly what is prohibited.

DVD-CCA claims that the defendants were mis-appropriating its trade secrets by posting DeCSS on their Websites. However, trade secret law only prevents publication by those who entered into contracts to protect the secret.

According to Eben Moglen, law professor at Columbia University, " In this appeal, EFF raises the central Constitutional question concerning the use of sweeping injunctions to control the flow of discussion and information on the Internet on allegations that commercial secrets are involved. I look forward to a decision in the court of appeals that takes Constitutional rights seriously."

EFF's Appeal brief is available at:
  http://www.eff.org/IP/Video/DVDCCA_case/20000515-appeal-brief.html

Background

The movie industry initiated legal attacks against Web publishers in California, New York, Connecticut, and Norway over the DeCSS software code posted on their sites. EFF is defending the DVD cases as part of its Campaign for Audiovisual Free Expression (CAFE). CAFE was launched last year to address complex social and legal issues raised by new technological measures for protecting intellectual property.

For complete information on the MPAA and DVD-CCA cases, see:
http://www.eff.org/IP/Video
http://www.eff.org/IP/Video/DVDCCA_case/20000515-appeal-brief.html

For more information on The First Amendment Project, see:
http://www.thefirstamendment.org

For more information concerning EFF's Campaign for Audiovisual Free Expression, see:
http://www.eff.org/cafe

The Electronic Frontier Foundation (http://www.eff.org) is the leading global nonprofit organization linking technical architectures with legal frameworks to support the rights of individuals in an open society. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most-linked-to Web sites in the world.

The First Amendment Project (http://www.thefirstamendment.org) is a nonprofit, public interest law firm and advocacy organization dedicated to protecting and promoting freedom of information, expression, and petition. FAP provides advice, educational materials, and legal representation to its core constituency of activists, journalists, and artists in service of these fundamental liberties.

April 6, 2000

EFF Gives $50,000 to Finder of Largest Known Prime Number

Contact:
Katina Bishop - Electronic Frontier Foundation
(415) 436-9333 ex. 101

San Francisco, CA -- The Electronic Frontier Foundation (EFF) has announced that it has awarded the first of four Cooperative Computing Awards on April 6th at the Computers, Freedom and Privacy conference in Toronto, Canada. (see http://www.cfp.org). The $50,000 prize will go to Nayan Hajratwala of Plymouth, Michigan, a participant of the Great Internet Mersenne Prime Search (GIMPS), for the discovery of a two million digit prime number found using the collective power of tens of thousands of computers on the Entropia.com network.

"GIMPS represents much of the best spirit of the Internet, and Entropia is proud to be its distributed computing platform," said Kurowski. "Capturing the imaginations of the young and old alike, GIMPS is community oriented, frontier expanding, and foremostly founded on fun and the love of recreational discovery."

"GIMPS leader George Woltman and Entropia wanted the full award amount to go to the individual or team whose computer found the winning prime," stated Scott Kurowski, founder of Entropia.com, Inc., the company that created and operates the network that powers GIMPS and similar computing efforts. "We believed this added excitement for all GIMPS participants - everyone had an equal chance of winning a substantial award."

EFF sponsors the Cooperative Computing Awards to encourage innovative computing that brings together ordinary Internet users to collectively contribute to solving huge scientific problems. EFF hopes to spur the technology of cooperative networking and encourage Internet users worldwide to join together in solving scientific problems involving massive computation. EFF is uniquely situated to sponsor these awards, since part of its mission is to encourage the harmonious integration of Internet innovations into the whole of society. Future prizes for larger primes will be given, up to $250,000. See http://www.eff.org for more details.

"The EFF awards are about cooperation," said John Gilmore,EFF co-founder, Interim Executive Director, and project leader for the awards. "Prime numbers are important in mathematics and encryption, but the real message is that many other problems can be solved by similar methods."

The Cooperative Computing Award will be held on the evening of April 6, 2000 in Toronto's historic St. Lawrence Hall as part of the Ninth Annual EFF Pioneer Award Ceremony. The ceremony and reception are made possible by a contribution from Anonymizer.com.

"It has been an honor to participate in a project that has brought so much publicity to the distributed computing world," stated winner Nayan Hajratwala. "Thanks to George and Scottfor the amazing work they have done on GIMPS. The EFF's CooperativeComputing Awards will no doubt spur more interest and participation in the GIMPS project and bring us bigger and better primes."

For more information on the Cooperative Computing Awards, see:
http://www.eff.org/awards/coop.html

For more information on GIMPS, see:
http://www.mersenne.org/prime.htm

For more information on Entropia.com, Inc., see:
http://entropia.com

The Electronic Frontier Foundation ( http://www.eff.org ) is the leading global nonprofit organization linking technical architectures with legal frameworks to support the rights of individuals in an open society. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most-linked-to Web sites in the world.

[Note to EFF members: Your membership dues do NOT go into the Cooperative Computing Awards fund. The CCA program is funded entirely by a single earmarked individual donation.]

March 3, 2000

in Bernstein v. DoJ

LETTER BRIEF
BY ORDER OF THE COURT

Ms. Cathy Catterson
Clerk, United States Court of Appeals
for the Ninth Circuit
P.O. Box 193939
San Francisco, CA 941119-3939

Re: Bernstein v. Department of Justice
Case No. 97-16686
Please circulate to Justices B. Fletcher, T. Nelson and M. Bright

Dear Ms. Catterson:

We write pursuant to the Order of the Court dated January 31, 2000, modified to extend time for filing on February 7, 2000. The Court has asked us to address the advisability of a remand in light of the issuance of the new interim export regulations relating to encryption software on January 14, 2000. The Court also asked us to address the question of the form of such a remand, if such is ordered.

Having now had the opportunity to review both the new interim regulations and the Advisory Opinion issued by the Defendants on February 17, 2000, Plaintff believes that a remand to the District Court is appropriate. The amendments make a number of significant changes in the export licensing requirements at issue in this case. These changes appear to impace the legal and factual context of this case. See e.g. Hays v. Concannon 921 F.2d 240 (9th Cir. 1990) (remand to District Court appropriate when legislation passed to "address problems created by" previous regulations).

While Plaintiff remains concerned about the Constitutionality and ambiguity of the new interim regulations, and while they do not appear to affect Professor Bernstein's scientific activities, we are continuing to seek clarification from the Defendants and believe that, regardless of the outcome of that process, the questions concerning the new interim regulations should be heard in the District Court in the first instance.

Plaintiff and Defendants have engaaged in discussions concerning the impact of a remand on the injunctive relief granted by the District Court and upheld by this Court. The injunctive relief was granted by the District Court and subsequently stayed in part by the District Court and in part by this Court pending determination of the appeal of this matter. The injunctive relief ordered as follows:

6) defendants are permanently enjoined from doing or causing to be done the following acts:

a) further and future enforcement, operation or execution of the statutes, regulations, rules, policies and practices declared unconstitutional under this order, including criminal or civil prosecutions with respect to plaintiff or anyone who uses, discusses or publishes, or seeks to use, discuss or publish plaintiff's encryption program or related materials described in paragraph 5[1] of this order, and

b) threatening, detaining, prosecuting, discouraging or otherwise interfering with plaintiff or any other person described in paragraph 6) above in the excercise of their federal constitutional rights as declared in this order.

Defendants have requested that the injunctive relief be vacated pending further order of the District Court.

Plaintiff sees no need for this Court to vacate the injunctive relief already granted. First, such action is premature without a briefing on the merits and scope of the relief granted before this Court of the District Court. Second, this request is puzzling, since Defendants have publicly claimed that the regulations no longer restrain Professor Bernstein or others engaged in similar activities. While Plaintiff is seeking further clarifications about this claim, it is difficult to understand why the injunctive relief should be vacated if Defendants no longer intend to enforce their prior regulations against Professor Bernstein and others.

Nonetheless, in order to accomodate Defendants' concerns, Plaintiff has offered to allow the stays of injunctive relief currently in force to remain in force pending further order of the District Court. Defendants have refused this offer and instead have asked the court to affirmatively vacate the previous injunctive relief.

There is no basis to grant Defendants this relief at this time. Defendants have choses to revise their regulations. Nothing about this decision, which was made without consultation with the Court of Plaintiff, justifies the affirmative vacating of the District Court's prior issued relief in this action, which relief was upheld by this Court on appeal.

Accordingly, Plaintiff requests that this case be remanded to the District Court for consideration of the impact on the case of the changes in the export regulations issued on January 14, 2000. To the extent they have any further applicability in light of the new regulations, the says placed by the 9th Circuit and District Court may remain in effect pending this further review by the District Court.

Footnote

[1] Paragraph 5 states: "the court declares that the Export Administration Regulations, 15 C.F.R. Pt. 730 et seq. (1997) and all rules, policies and practices promulgated or pursued thereunder insofar as they apply to or require licensing for encryption and decryption software and related devices and technology are in violatio of the First Amendment on the grounds of prior restraint and are, therefore, unconstitutional as discussed above, and shall not be applied to plaintiff's publishing of such items, including scientific papers, algorithms or computer programs."

Sincerely,

MCGLASHAN & SARRAIL
Professional Corporation

[signature]
CINDY A. COHN
Attorneys for Appellee
DANIEL J. BERNSTEIN

October 1, 1999

On September 30, 1999, the Ninth Circuit Court of Appeals announced that it is granting the government's request to rehear the case Bernstein v. U.S. Department of Justice en banc. The case had been previously decided in Professor Bernstein's favor by a three-judge panel of the court. By granting the government's request, the court has withdrawn the panel's earlier decision and has agreed to having all 21 members of the court rehear the case. No dates have been set yet for this reconsideration.

The Electronic Frontier Foundation (EFF) is disappointed by the court's decision, but we are not surprised. The ramifications of this case are far-reaching, and most legal scholars agree that this matter will eventually end up before the Supreme Court of the United States. We are confident that the full Ninth Circuit court will recognize the unconstitutionality of the export restrictions on encryption and will hold as the three-judge panel did, in our favor.

We do not believe that the Clinton Administration's recent announcement on liberalizing the export controls on encryption has any bearing on this case. The export control laws on encryption are unconstitutional as a prior restraint on speech, because they require people to submit their encryption algorithms to the government for review before those algorithms can be exported. The new regulations, which are not due out until sometime in December, will continue to require source code to be reviewed before it can be exported. While the government's new policy appears to make it easier for companies to export encryption products designed for mass markets, it does little to address the constitutional deficiencies in the regulations. In fact, EFF was disappointed that the government's announcement did not even acknowledge that courts have found the export restrictions on encryption to be unconstitutional.

For more information on the Bernstein case, please visit the EFF web site

We'll be sure to send around another update when we learn the rehearing date from the court.

Shari Steele
Director of Legal Services
Electronic Frontier Foundation
ssteele@eff.org

June 21, 1999

As expected, the U.S. Government today sought further review by the 9th Circuit of a 3 judge panel's recent decision holding that the federal government's regulations of encryption is unconstitutional. The Petition, which seeks both rehearing from the panel and rehearing en banc by an 11 judge panel, asserts two basic arguments, neither of which is new to the case.

The government argues that the 9th Circuit panel incorrectly determined that the export restrictions on source code are facially unconstitutional. This argument is based upon an entirely unsupported assertion that source code is only used expressively "on occasion."

"This should come as a big surprise to the millions of people who study, write, read, and develop their ideas using programming languages," noted lead counsel, Cindy Cohn. "This includes most of the inhabitants of Silicon Valley, as well as the mathematics, physics, computer science and other departments of high schools, universities, and businesses worldwide where such expressions are written, read, and reviewed daily. It is also is directly contradicted by evidence included in the record of this case."

The government also argues that the court should have rewritten the regulations to make them Constitutional rather than strike them down. By this, the government is asking the Court to step into the shoes of the agency and rewrite the regulations.

"Obviously this is not a proper role for a court," stated Ms. Cohn. "Indeed had the Court done so the government would have protested the 'judicial activism' of the Court. Writing regulations that meet the constitutional standards for free speech is certainly within the abilities of the Commerce Department."

"In sum, the Petition for Rehearing is not surprising, nor does it raise any new arguments," Cohn concluded. "It instead indicates the intention of the Government to delay justice for Professor Bernstein and the millions of others who are restricted by the encryption regulations for as long as possible."

Background

The Ninth Circuit Court of Appeals ruled on May 6, 1999 that the federal government's restrictions on encryption are unconstitutional, affirming a lower court's ruling that export control over cryptographic "software and related devices and technology are in violation of the First Amendment on the grounds of prior restraint."

The case has been sponsored by EFF since 1995 because of its importance to society, free expression, electronic commerce, and privacy in the digital world.

Encryption, the process of coding and decoding computerized information, is the most critical technological solution to protecting privacy and keeping computer networks secure. Acknowledging this point, the appeals court said "[t]he availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty."

The EFF Bernstein legal team consists of: Cindy A. Cohn, McGlashan & Sarrail; Lee Tien; James Wheaton & Elizabeth Pritzker, First Amendment Project; Robert Corn-Revere, Hogan & Hartson; M. Edward Ross, Steefel, Levitt & Weiss; and Dean Morehous & Sheri A. Byrne, Thelen, Marin, Johnson & Bridges.

June 21, 1999

As expected, the U.S. Government today sought further review by the 9th Circuit of a 3 judge panel's recent decision holding that the federal government's regulations of encryption is unconstitutional. The Petition, which seeks both rehearing from the panel and rehearing en banc by an 11 judge panel, asserts two basic arguments, neither of which is new to the case.

The government argues that the 9th Circuit panel incorrectly determined that the export restrictions on source code are facially unconstitutional. This argument is based upon an entirely unsupported assertion that source code is only used expressively "on occasion."

"This should come as a big surprise to the millions of people who study, write, read, and develop their ideas using programming languages," noted lead counsel, Cindy Cohn. "This includes most of the inhabitants of Silicon Valley, as well as the mathematics, physics, computer science and other departments of high schools, universities, and businesses worldwide where such expressions are written, read, and reviewed daily. It is also is directly contradicted by evidence included in the record of this case."

The government also argues that the court should have rewritten the regulations to make them Constitutional rather than strike them down. By this, the government is asking the Court to step into the shoes of the agency and rewrite the regulations.

"Obviously this is not a proper role for a court," stated Ms. Cohn. "Indeed had the Court done so the government would have protested the 'judicial activism' of the Court. Writing regulations that meet the constitutional standards for free speech is certainly within the abilities of the Commerce Department."

"In sum, the Petition for Rehearing is not surprising, nor does it raise any new arguments," Cohn concluded. "It instead indicates the intention of the Government to delay justice for Professor Bernstein and the millions of others who are restricted by the encryption regulations for as long as possible."

Background

The Ninth Circuit Court of Appeals ruled on May 6, 1999 that the federal government's restrictions on encryption are unconstitutional, affirming a lower court's ruling that export control over cryptographic "software and related devices and technology are in violation of the First Amendment on the grounds of prior restraint."

The case has been sponsored by EFF since 1995 because of its importance to society, free expression, electronic commerce, and privacy in the digital world.

Encryption, the process of coding and decoding computerized information, is the most critical technological solution to protecting privacy and keeping computer networks secure. Acknowledging this point, the appeals court said "[t]he availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty."

The EFF Bernstein legal team consists of: Cindy A. Cohn, McGlashan & Sarrail; Lee Tien; James Wheaton & Elizabeth Pritzker, First Amendment Project; Robert Corn-Revere, Hogan & Hartson; M. Edward Ross, Steefel, Levitt & Weiss; and Dean Morehous & Sheri A. Byrne, Thelen, Marin, Johnson & Bridges.

Details on the Bernstein case, including information on the lower court's rulings, are available on the Internet at http://www.eff.org/bernstein.

May 7, 1999

EFF-Sponsored Case Scores Big Victory for Free Speech, Privacy, and Security on the Internet

The Ninth Circuit Court of Appeals has ruled that the federal government's restrictions on encryption are unconstitutional, affirming a lower court's ruling that export control over cryptographic "software and related devices and technology are in violation of the First Amendment on the grounds of prior restraint."

"The Court understood the strong First Amendment issues at stake here," noted Cindy Cohn, lead counsel for the Bernstein litigation team. "The decision is thorough and should stand up to further review."

The case has been sponsored by EFF since 1995. "We sponsored Professor Dan Bernstein's case because of its importance to society, free expression, electronic commerce, and privacy in the digital world," said Tara Lemmey, EFF's President and Executive Director.

Encryption, the process of coding and decoding computerized information, is the most critical technological solution to protecting privacy and keeping computer networks secure. Acknowledging this point, the court said "[t]he availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty."

The court recognized the case's impact on society by saying "...it is important to point out that the [Bernstein case] is a suit not merely concerning a small group of scientists laboring in an esoteric field, but also touches on the public interest broadly defined."

"The US government has wielded these export controls to deliberately eliminate privacy for ordinary people," said John Gilmore, co-founder of EFF. "The controls created wireless phones that scanners can hear, e-mail that's easy to intercept, and unsecured national infrastructures that leave us all vulnerable. Misguided national security bureaucracies use these controls everyday, to damage the nation they are sworn to protect, and to undermine the constitution they are sworn to uphold. Today's ruling is a giant step toward a sane policy."

The government, led by Justice Department attorney Scott McIntosh, argued that the export control laws on encryption are necessary to protect U.S. national security. Even if the export control laws are in fact regulated speech, McIntosh argued, if the government's intent was to regulate something other than publication, it only needed to show that the rules were "narrowly tailored" to serve a "substantial government interest." The court disagreed. "[B]ecause the prepublication licensing regime challenged here applies directly to scientific expression, vests boundless discretion in government officials, and lacks adequate procedural safeguards, it constitutes an impermissible prior restraint on speech," wrote the two assenting judges.

Judge Bright indicated that due to the importance of the case "it may be appropriate for review by the US Supreme Court." EFF anticipates that the government will ask for a stay of this ruling pending appeal. If granted, the stay would prohibit encryption exports even within the Ninth Circuit's jurisdiction, including all federal courts in California, Oregon, Washington, Arizona, Montana, Idaho, Nevada, Alaska, Hawaii, Guam and the Northern Mariana Islands, until the matter is finally resolved.

Related Issues:
May 7, 1999

On May 6, a three-judge panel of the United States Court of Appeals for the Ninth Circuit in San Francisco issued a decision in a case involving government controls on encryption exports. The Department of Commerce and the Department of Justice are currently reviewing the Ninth Circuit's decision in Daniel Bernstein v. United States Department of Justice and United States Department of Commerce. We are considering possible avenues for further review, including seeking a rehearing of the appeal en banc in the Ninth Circuit.

The regulations controlling the export of encryption products currently remain in full effect. The Ninth Circuie effect until the court issues its mandate, which will not occur for at least 45 days. If the government asks the Ninth Circuit to rehear the appeal during that time, the mandate will not issue until after the Ninth Circuit has acted on the government's request.

The district court injunction in this case relating to the encryption export regulations has been stayed by orders isued earlier by the district court and the Ninth Circuit, and the stays of the injunction remain in effect until the mandate issues. Accordinaly, all persons who wish to engage in encryption export activity, including the posting or other distribution of encryption software on the Internet, must still comply with the export licensing requirements of the Export Administration Regulations, administered by the U.S. Department of Commerce's Bureau of Export Administration (BXA).

May 6, 1999

"I'm pleased the federal appeals court has affirmed Federal District Court Judge Marilyn Patel's original decision that in the name of national defense, the U.S. government should not restrict the very liberties it is supposed to be defending. This decision demonstrates the judicial branch's understanding of the encryption debate. Now is the time for Congress and the Administration to follow suit. This means passing and signing into law the SAFE ACT, which will promote the ever increasing growth of electronic commerce in a secure environment."

Rep. Eshoo is an original cosponsor of H.R. 850, the Security and Freedom through Encryption (SAFE) Act, which would allow U.S. manufacturers to export encryption software no more powerful than software already available in other countries. As a member of the House Commerce Committee, which has partial jurisdiction over the legislation, she has fought Administration efforts to weaken the SAFE Act and impose harsher encryption export curbs than currently exist. Rep. Eshoo hosted a major conference on encryption reform at Stanford University during the 104th Congress.

March 31, 1999

Netizens Encouraged to Enlist Idle Computers in the Name of Science

SAN FRANCISCO -- The Electronic Frontier Foundation (EFF) is sponsoring cooperative computing awards, with over half a million dollars in prize money, to encourage ordinary Internet users to contribute to solving huge scientific problems.

"We're providing incentives to stretch the computational capabilities of the Internet," said Tara Lemmey, EFF's Executive Director. "We hope to spur the technology of cooperative networking and encourage Internet users worldwide to join together in solving scientific problems involving massive computation. EFF is uniquely situated to sponsor these awards, since part of our mission is to encourage the harmonious integration of Internet innovations into the whole of society," she added.

The prizes will be awarded for finding huge prime numbers, that is, numbers that can only be divided by 1 and themselves. The first million-digit prime found will be worth $50,000; a ten-million-digit prime will claim $100,000; a hundred-million-digit prime garners $150,000; and the finder of the first billion-digit prime will receive $250,000. The largest known prime number, discovered by the Great Internet Mersenne Prime Search (GIMPS), has 909,526 digits.

"The EFF awards are about cooperation," said John Gilmore, EFF co-founder and project leader for the awards. "Prime numbers are important in mathematics and encryption, but the real message is that many other problems can be solved by similar methods."

Finding these prime numbers will be no simple task, given today's computational power. It has taken mathematicians years to uncover and confirm new largest known primes. However, the computer industry produces millions of new computers each year, which sit idle much of the time, running screen savers or waiting for the user to do something. EFF is encouraging people to pool their computing power over the Internet, to work together to share this massive resource. In the process, EFF hopes to inspire experts to apply collaborative computing to large problems, and thereby foster new technologies and opportunities for everyone.

Prizes and cooperative projects to find prime numbers or demonstrate weaknesses in encryption systems have existed for some years, although they have not yet found mass market appeal. "The approach that we're taking with prime numbers could be used for other scientific problems, such as analyzing the human genome, weather prediction, or searching for signs of life in space," said Gilmore.

"In the long run, we hope to move beyond prizes," he said, "catalyzing a market where ordinary people can sell the spare time on their computers to others who need to compute something overnight on thousands or millions of machines. This would reduce the net cost of owning a personal computer, and open new opportunities in animation, product design, economics, cryptanalysis, science, and business."

According to Landon Curt Noll, chair of the award advisory panel and discoverer of many large primes, the prizes are spaced so that winning each successive award would require over 100 times more effort. "While one could wait for computers to get 100 times faster, it would be much smarter to attract 100 times the number of people to cooperate on the problem, or to invent a more efficient prime searching procedure. Both methods offer benefits to society."

"Given current technology, I would estimate that GIMPS could discover a million digit prime within a year," said Simon Cooper, a member of the award advisory panel. "Discovering a ten million digit prime may take several more years." One of the easiest ways for people to join the effort is via the GIMPS project (see http://www.mersenne.org/prime.htm).

A prize claim must provide the date and time of discovery, and fully disclose all hardware and software used. Each claim must be verified by an independent party knowledgeable in the field of computation, and must be published in a refereed academic journal.

July 17, 1998

ELECTRONIC FRONTIER FOUNDATION PROVES THAT DES IS NOT SECURE

SAN FRANCISCO, CA -- The Electronic Frontier Foundation (EFF) today raised the level of honesty in crypto politics by revealing that the Data Encryption Standard (DES) is insecure. The U.S. government has long pressed industry to limit encryption to DES (and even weaker forms), without revealing how easy it is to crack. Continued adherence to this policy would put critical infrastructures at risk; society should choose a different course.

To prove the insecurity of DES, EFF built the first unclassified hardware for cracking messages encoded with it. On Wednesday of this week the EFF DES Cracker, which was built for less than $250,000, easily won RSA Laboratory's "DES Challenge II" contest and a $10,000 cash prize. It took the machine less than 3 days to complete the challenge, shattering the previous record of 39 days set by a massive network of tens of thousands of computers. The research results are fully documented in a book published this week by EFF and O'Reilly and Associates, entitled "Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design."

"Producing a workable policy for encryption has proven a very hard political challenge. We believe that it will only be possible to craft good policies if all the players are honest with one another and the public," said John Gilmore, EFF co-founder and project leader. "When the government won't reveal relevant facts, the private sector must independently conduct the research and publish the results so that we can all see the social trade-offs involved in policy choices."

The nonprofit foundation designed and built the EFF DES Cracker to counter the claim made by U.S. government officials that governments cannot decrypt information when protected by DES, or that it would take multimillion-dollar networks of computers months to decrypt one message. "The government has used that claim to justify policies of weak encryption and 'key recovery,' which erode privacy and security in the digital age," said EFF Executive Director Barry Steinhardt. It is now time for an honest and fully informed debate, which we believe will lead to a reversal of these policies."

"EFF has proved what has been argued by scientists for twenty years, that DES can be cracked quickly and inexpensively," said Gilmore. "Now that the public knows, it will not be fooled into buying products that promise real privacy but only deliver DES. This will prevent manufacturers from buckling under government pressure to 'dumb down' their products, since such products will no longer sell." Steinhardt added, "If a small nonprofit can crack DES, your competitors can too. Five years from now some teenager may well build a DES Cracker as her high school science fair project."

The Data Encryption Standard, adopted as a federal standard in 1977 to protect unclassified communications and data, was designed by IBM and modified by the National Security Agency. It uses 56-bit keys, meaning a user must employ precisely the right combination of 56 1s and 0s to decode information correctly. DES accounted for more than $125 million annually in software and hardware sales, according to a 1993 article in "Federal Computer Week." Trusted Information Systems reported last December that DES can be found in 281 foreign and 466 domestic encryption products, which accounts for between a third and half of the market.

A DES cracker is a machine that can read information encrypted with DES by finding the key that was used to encrypt that data. DES crackers have been researched by scientists and speculated about in the popular literature on cryptography since the 1970s. The design of the EFF DES Cracker consists of an ordinary personal computer connected to a large array of custom chips. It took EFF less than one year to build and cost less than $250,000.

This week marks the first public test of the EFF DES Cracker, which won the latest DES-cracking speed competition sponsored by RSA Laboratories (http://www.rsa.com/rsalabs/). Two previous RSA challenges proved that massive collections of computers coordinated over the Internet could successfully crack DES. Beginning Monday morning, the EFF DES Cracker began searching for the correct answer to this latest challenge, the RSA DES Challenge II-2. In less than 3 days of searching, the EFF DES Cracker found the correct key. "We searched more than 88 billion keys every second, for 56 hours, before we found the right 56-bit key to decrypt the answer to the RSA challenge, which was 'It's time for those 128-, 192-, and 256-bit keys,'" said Gilmore.

Many of the world's top cryptographers agree that the EFF DES Cracker represents a fundamental breakthrough in how we evaluate computer security and the public policies that control its use. "With the advent of the EFF DES Cracker machine, the game changes forever," said Whitfield Diffie, Distinguished Engineer at Sun Microsystems and famed co-inventor of public key cryptography. "Vast Internet collaborations cannot be concealed and so they cannot be used to attack real, secret messages. The EFF DES Cracker shows that it is easy to build search engines that can."

"The news is not that a DES cracker can be built; we've known that for years," said Bruce Schneier, the President of Counterpane Systems. "The news is that it can be built cheaply using off-the-shelf technology and minimal engineering, even though the department of Justice and the FBI have been denying that this was possible." Matt Blaze, a cryptographer at AT&T Labs, agreed: "Today's announcement is significant because it unambiguously demonstrates that DES is vulnerable, even to attackers with relatively modest resources. The existence of the EFF DES Cracker proves that the threat of "brute force" DES key search is a reality. Although the cryptographic community has understood for years that DES keys are much too small, DES-based systems are still being designed and used today. Today's announcement should dissuade anyone from using DES."

EFF and O'Reilly and Associates have published a book about the EFF DES Cracker, "Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design." The book contains the complete design details for the EFF DES Cracker chips, boards, and software. This provides other researchers with the necessary data to fully reproduce, validate, and/or improve on EFF's research, an important step in the scientific method. The book is only available on paper because U.S. export controls on encryption potentially make it a crime to publish such information on the Internet.

EFF has prepared a background document on the EFF DES Cracker, which includes the foreword by Whitfield Diffie to "Cracking DES." (See http://www.eff.org/descracker/). The book can be ordered for worldwide delivery from O'Reilly & Associates via the Web (http://www.ora.com/catalog/crackdes), or phone (1 800 998 9938, or +1 707 829 0515.)

The Electronic Frontier Foundation is one of the leading civil liberties organizations devoted to ensuring that the Internet remains the world's first truly global vehicle for free speech, and that the privacy and security of all on-line communication is preserved. Founded in 1990 as a nonprofit, public interest organization, EFF is based in San Francisco, California. EFF maintains an extensive archive of information on encryption policy, privacy, and free speech at the EFF Web site (http://www.eff.org).

August 29, 1997

Yesterday a federal judge here denied a
government motion to silence mathematician Daniel Bernstein.

On August 25, District Court Judge Marilyn Hall Patel declared the
Commerce Department's cryptography regulations unconstitutional.
Judge Patel also issued an injunction to prohibit prosecution of Prof.
Bernstein and others who publish Prof. Bernstein's work.

In response to an emergency motion from the government on August 28,
Judge Patel ruled that most of the injunction would be put on hold
until the 9th Circuit Court of Appeals has had a chance to review
Prof. Bernstein's case. However, part of the injunction will remain
in effect: after September 8, Prof. Bernstein will be free to publish
his Snuffle 5.0 software on the Internet without fear of prosecution.
Snuffle 5.0 is at the heart of Prof. Bernstein's lawsuit against the
government.

Scanned images of the Government's emergency request for a stay
are available from EFF's online archives at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/
Legal/970827_stay_motion.images

Prof. Bernstein's opposition to the stay is at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/
Legal/970827_stay.opposition

Full text of the lawsuit and other paperwork filed in the case is
available from EFF's online archives at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/

Press Contacts:

Shari Steele, Staff Attorney, Electronic Frontier Foundation
301/375-8856, ssteele@eff.org

John Gilmore, Founding Board Member, EFF
541/354-6541, gnu@toad.com

Cindy Cohn, McGlashan & Sarrail
415/341-2585, cindy@mcglashan.com

August 26, 1997

The Justice Department said today it is considering
what further legal measures it will take following yesterday's ruling by
the U.S. District Court in San Francisco that certain aspects of the
government's regulations on the export of encryption software are
unconstitutional. Another federal court upheld the export controls on
encryption software.

The Administration is committed to promoting the legitimate use of
encryption. Through encryption--or the coding of messages--businesses
can protect trade secrets, hospitals can safeguard medical records, and
individuals can be assured that personal messages on the information
superhighway remain private.

But, as President Clinton stated upon issuing an Executive Order on this
subject on November 15, 1996, the use of encryption products by
unfriendly parties outside the United States can jeopardize the foreign
policy and national security interests of the United States, and public
safety of U.S. citizens.

Judicial proceedings in Bernstein v. Department of State are not yet
concluded, and the decision governs only that case. In March 1996, in
another pending case in Washington, D.C., Karn v. Department of State,
the District Court ruled that export controls on encryption software are
constitutional under the First Amendment and serve important interests
of the United States. That case is still pending to consider export
controls on encryption now administered by the Commerce Department.

Until this issue is resolved, export controls on encryption software
remain in place. Individuals or companies wishing to export encryption
software by any means must continue to adhere to applicable export
licensing controls on such software before exporting it abroad.

August 26, 1997

The Federal District Court here
struck down Commerce Department export restrictions on the privacy
technology called encryption yesterday, concluding that "the
encryption regulations are an unconstitutional prior restraint in
violation of the First Amendment." For the first time, Judge Marilyn
Hall Patel ordered the government not to prosecute or harass the
plaintiff, Professor Daniel Bernstein, and those who use or publish
his encryption software. The decision knocks out a major part of the
Clinton Administration's effort to force companies to design
government surveillance into computers, telephones, and consumer
electronics.

"This is wonderful news," said Prof. Bernstein. "I hope I can get
some of my ideas published before they change the law again."

The decision is a victory for free speech, academic freedom, human
rights, and the prevention of crime. American scientists and
engineers will now be free to collaborate with others in the United
States and in foreign countries. This will enable them to build a new
generation of tools for protecting the privacy and security of our
communications.

"Once again, it took a federal court to sort out technology and the
Constitution," said Lori Fena, Executive Director of the Electronic
Frontier Foundation, which backed the suit. "Let this decision signal
the other two branches of government that when making laws pertaining
to the Internet, they must honor their oaths to uphold the
Constitution."

The decision is strategic because the Clinton Administration has been
using the export restrictions to influence domestic privacy policy.
Companies that agree to build "key recovery" technology into their
products are exempt from most of the restrictions. Key recovery, a
follow-on to the Clipper Chip, is designed to give the government
untraceable access to users' private information.

The Federal District Court of the Northern District of California
last December struck down the ITAR, a set of encryption restrictions
enforced by the State Department. A few weeks later, the Government
created virtually identical restrictions in the Commerce Department's
Bureau of Export Administration (BXA). Yesterday's decision
invalidates the new restrictions, stating, "the encryption regulations
issued by the BXA appear to be even less friendly to speech interests
than the ITAR." She warns that "the government cannot avoid the
constitutional deficiencies of its regulations by rotating oversight
of them from department to department," though concluding that she
"does not believe that such was the intent here."

"Our right to create, use, and deploy encryption come from our basic
civil rights of free speech, freedom of the press, freedom from
arbitrary search, due process of law, and privacy. Judge Patel has
affirmed those roots in the First Amendment," philosophizes John
Gilmore, Electronic Frontier Foundation co-founder. "Our Founding
Fathers used encryption -- and even invented some -- and did not
intend any ``crypto exceptions'' to the Bill of Rights."

DETAILS OF MONDAY'S DECISION

In the heart of the ruling, "The court declares that the Export
Administration Regulations . . . insofar as they apply to or require
licensing for encryption and decryption software and related devices
and technology, are in violation of the First Amendment on the grounds
of prior restraint and are, therefore, unconstitutional as discussed
above, and shall not be applied to plaintiff's publishing of such
items, including scientific papers, algorithms or computer programs."

The Court also held that the government's licensing procedure fails
to provide adequate procedural safeguards. When the Government acts
legally to suppress protected speech, it must reduce the chance of
illegal censorship by the bureacrats involved, for example by making
the government go to a judge to decide the issue. The EAR does not
require this; in fact, it precludes it. "And most important, and most
lacking, are any standards for deciding an application. The EAR
reviews applications for licenses ``on a case-by-case basis'' and
appears to impose no limits on agency discretion."

The Court dissected the export controls' exemption for printed
materials at length, calling it "so irrational and administratively
unreliable that it may well serve to only exacerbate the potential for
self-censorship." The government's "distinction between paper and
electronic publication . . . makes little or no sense and is untenable."

The Court not only declared that these regulations are invalid and
unenforceable, but also prevented the Government from "threatening,
detaining, prosecuting, discouraging, or otherwise interfering with
plaintiff or any other person described . . . above in the exercise of
their federal constitutional rights as declared in this order."

The immediate effect of this decision is that Prof. Bernstein may
publish his encryption software, and that others may read, use,
publish and review it. In addition, others in industry are studying
the court's analysis, and might decide to publish their own software
on the Internet as well.

Pretty Good Privacy, Inc, is one such company, which believes that
future courts will find Judge Patel's reasoning persuasive. "We are
particularly pleased the court has reconfirmed that computer programs,
like other literary works, are accorded full protection under the
First Amendment," said Bob Kohn, vice president and general counsel
for Pretty Good Privacy.

The final form of the judgment will be negotiated between the parties,
and presented to the court within a week. The government could either
seek an emergency appeal of the injunction, or take up to 60 days from
the entry of judgment to appeal.

ABOUT THE ATTORNEYS

Lead counsel on the case is Cindy Cohn of the San Mateo law firm of
McGlashan & Sarrail, who is offering her services pro bono. Major
additional legal assistance is being provided by Shari Steele of the
Electronic Frontier Foundation; Lee Tien of Berkeley; James Wheaton
and Elizabeth Pritzker of the First Amendment Project in Oakland; and
Robert Corn-Revere of the Washington, DC, law firm of Hogan & Hartson.

ABOUT THE ELECTRONIC FRONTIER FOUNDATION

The Electronic Frontier Foundation (EFF) is a nonprofit civil
liberties organization working in the public interest to protect
privacy, free expression, and access to online resources and
information. EFF is a primary sponsor of the Bernstein case. EFF
helped to find Bernstein pro bono counsel, is a member of the
Bernstein legal team, and helped to collect members of the academic
community and computer industry to support this case.

Full text of the lawsuit and other paperwork filed in the case is
available from EFF's online archives at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/

Scanned images of Monday's decision are available at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/
Legal/970825_decision.images/

The full text of Monday's decision will soon be available at:
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/
Legal/970825.decision

Professor Daniel Bernstein will be building his new Constitutionally-
protected cryptography web page at:
http://pobox.com/~djb/crypto.html

Electronic Frontier Foundation Contacts:

Shari Steele, Staff Attorney
301/375-8856, ssteele@eff.org

John Gilmore, Founding Board Member
541/354-6541, gnu@toad.com

Cindy Cohn, McGlashan & Sarrail
415/341-2585, cindy@mcglashan.com

June 17, 1997

WHAT: Press Conference

Immediately following oral arguments in front of Federal Judge
Marilyn Hall Patel, Professor Dan Bernstein, his lawyer and the
Electronic Frontier Foundation will hold a press conference. After
brief statements issued by each, there will be a media question and
answer period.

NOTE: This will be the first time that Dan Bernstein publicly
discusses the issue of encryption and his case specifically.

After Judge Patel declared that government restriction of Professor
Dan Bernstein's freedom to publish and speak on encryption technologies
was a violation of the First Amendment, the federal government moved
encryption oversight from the State Department to the Commerce
Department. With this oversight authority change, the government
claimed that it could still enforce the unconstitutionally-ruled
regulations. Bernstein, the professor who first challenged the
government's regulation, is once again taking steps to insure that First
Amendment rights are not violated.

Judge Patel will be hearing oral arguments to decide if the same
restrictions under different authority are still a violation of the
First Amendment.

WHO: Statements and Q&A sessions will be conducted by:
Professor Dan Bernstein, Plaintiff
Cindy Cohn, Legal Counsel for Plaintiff
John Gilmore, Board Member, Electronic Frontier Foundation

WHERE: Federal Building
450 Golden Gate Avenue, San Francisco
Turk Street entrance

WHEN: Wednesday, June 18th
10:15pm (Oral Arguments)
12:00pm (Press Conference)

CONTACT: Dave Steer
Fleishman-Hillard, Inc.
415.356.1024 or steerd@fleishman.com

December 31, 1996

Electronic Frontier Foundation Contacts:

Shari Steele, Staff Attorney
+1 301 375 8856, ssteele@eff.org

John Gilmore, Founding Board Member
+1 415 221 6524, gnu@toad.com

Cindy Cohn, McGlashan & Sarrail
+1 415 341 2585, cindy@mcglashan.com

San Francisco - Laywers for Professor Dan Bernstein today asked the
Government to delay enforcement of new encryption restrictions until
they can be reviewed by a court for Constitutionality. The new
regulations contain the same features struck down earlier this month
by Judge Marilyn Hall Patel.

"The government apparently decided to ignore Judge Patel's findings.",
said Cindy Cohn, lead attorney in the case. "Instead of listening
to Judge Patel's analysis and attempting to fix the regulations, they
simply issued new ones with the same problems. We are giving them a
a chance to fix this before we bring the issue up in court."

President Clinton ordered on November 15 that the regulations be moved
from the State Department to the Commerce Department. Judge Patel's
decision of December 6 (released December 16th) struck down the State
Department regulations as a "paradigm of standardless discretion" that
required Americans to get licenses from the government to publish
information and software about encryption. Over Christmas, the
Clinton Administration published its new Commerce Department
regulations, containing all the same problems, and put them into
immediate effect today.

The new regulations once again put Professor Bernstein at risk of
prosecution for teaching a class on encryption and publishing his
class materials on the Internet. His class begins on January 13 at
the University of Illinois at Chicago.

Professor Bernstein's letter of today proposes that the Government
agree to delay enforcement of the new regulations while Judge Patel
reviews them for Constitutionality. Failing that, Professor Bernstein
will ask the court for a temporary restraining order to block
their enforcement.

"The government is forcing us to go back to Judge Patel again to have
the new regulations declared facially unconstitutional." said Ms.
Cohn. "This time we believe that a nationwide injunction against
their enforcement is merited."

"The new encryption rules are a pointless shell game," said John
Gilmore, co-founder of the Electronic Frontier Foundation, which
backed the suit. "Industry and Congress had asked that the draconian
State Department regulations be eliminated in favor of existing,
reasonable, Commerce Department regulations. Judge Patel invalidated
the State Department regulations because they were draconian. Rather
than address the concerns of either, President Clinton moved the
draconian regulations into the Commerce Department -- and made them
tougher in the process. It's his political decision whether to ignore
and anger industry leaders, but he can't ignore a federal district
court judge."

Civil libertarians have long argued that encryption should be widely
deployed on the Internet and throughout society to protect privacy,
prove the authenticity of transactions, and improve computer security.
Industry has argued that the restrictions hobble them in building
secure products, both for U.S. and worldwide use, risking America's
current dominant position in computer and communications technology.
Government officials in the FBI and NSA argue that the technology is
too dangerous to permit citizens to use it, because it provides privacy
to criminals as well as ordinary citizens.

Background on the case

The plaintiff in the case, Daniel J. Bernstein, Research Assistant
Professor at the University of Illinois at Chicago, developed an
"encryption algorithm" (a recipe or set of instructions) that he
wanted to publish in printed journals as well as on the Internet.
Bernstein sued the government, claiming that the government's
requirements that he register as an arms dealer and seek government
permission before publication was a violation of his First Amendment
right of free speech. This was required by the Arms Export Control
Act and its implementing regulations, the International Traffic in
Arms Regulations. The new regulations have the same effect, using the
International Emergency Economic Powers Act, the Export Administration
Regulations, and a "state of national emergency" that President
Clinton declared in 1994 and has re-declared annually.

In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment. On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.

On December 6, Judge Patel ruled that the Arms Export Control Act is a
prior restraint on speech, because it requires Bernstein to apply for
and obtain from the government a license to publish his ideas. Using
the Pentagon Papers case as precedent, she ruled that the government's
"interest of national security alone does not justify a prior
restraint."

Judge Patel also held that the government's required licensing
procedure fails to provide adequate procedural safeguards. When the
Government acts legally to suppress protected speech, it must reduce
the chance of illegal censorship by the bureacrats involved -- in this
case, the State Department's Office of Defense Trade Controls (ODTC).
Her decision states, "Because the ITAR licensing scheme fails to
provide for a time limit on the licensing decision, for prompt
judicial review and for a duty on the part of the ODTC to go to court
and defend a denial of a license, the ITAR licensing scheme as applied
to Category XIII(b) acts as an unconstitutional prior restraint in
violation of the First Amendment."

She also ruled that the export controls restrict speech based on the
content of the speech, not for any other reason. "Category XIII(b) is
directed very specifically at applied scientific research and speech
on the topic of encryption." The new regulations continue to insist
that the Government is regulating the speech because of its function,
not its content.

The judge also found that the ITAR is vague, because it does not
adequately define how information that is available to the public
"through fundamental research in science and engineering" is exempt
from the export restrictions. "This subsection ... does not give
people ... a reasonable opportunity to know what is prohibited."
Judge Patel also adopted a narrower definition of the term "defense
article" in order to save it from unconstitutional vagueness.

December 19, 1996

Electronic Frontier Foundation Contacts:

Shari Steele, Staff Attorney
301/375-8856, ssteele@eff.org

John Gilmore, Founding Board Member
415/221-6524, gnu@toad.com

Cindy Cohn, McGlashan & Sarrail
415/341-2585, cindy@mcglashan.com

San Francisco - On Monday, Judge Marilyn Hall Patel struck down Cold War
export restrictions on the privacy technology called cryptography. Her
decision knocks out a major part of the Clinton Administration's
effort to force companies to build "wiretap-ready" computers,
set-top boxes, telephones, and consumer electronics.

The decision is a victory for free speech, academic freedom, and the
prevention of crime. American scientists and engineers will now be
free to collaborate with their peers in the United States and in other
countries. This will enable them to build a new generation of tools
for protecting the privacy and security of communications.

The Clinton Administration has been using the export restrictions to goad
companies into building wiretap-ready "key recovery" technology. In a
November Executive Order, President Clinton offered limited
administrative exemptions from these restrictions to companies which
agree to undermine the privacy of their customers. Federal District
Judge Patel's ruling knocks both the carrot and the stick out of
Clinton's hand, because the restrictions were unconstitutional in the
first place.

The Cold War law and regulations at issue in the case prevented
American researchers and companies from exporting cryptographic
software and hardware. Export is normally thought of as the physical
carrying of an object across a national border. However, the
regulations define "export" to include simple publication in the U.S.,
as well as discussions with foreigners inside the U.S. They also define
"software" to include printed English-language descriptions and
diagrams, as well as the traditional machine-readable object code and
human-readable source code.

The secretive National Security Agency has built up an arcane web of
complex and confusing laws, regulations, standards, and secret
interpretations for years. These are used to force, persuade, or
confuse individuals, companies, and government departments into making
it easy for NSA to wiretap and decode all kinds of communications.
Their tendrils reach deep into the White House, into numerous Federal
agencies, and into the Congressional Intelligence Committees. In
recent years this web is unraveling in the face of increasing
visibility, vocal public disagreement with the spy agency's goals,
commercial and political pressure, and judicial scrutiny.

Civil libertarians have long argued that encryption should be widely
deployed on the Internet and throughout society to protect privacy,
prove the authenticity of transactions, and improve computer security.
Industry has argued that the restrictions hobble them in building
secure products, both for U.S. and worldwide use, risking America's
current dominant position in computer technology. Government
officials in the FBI and NSA argue that the technology is too
dangerous to permit citizens to use it, because it provides privacy to
criminals as well as ordinary citizens.

"We're pleased that Judge Patel understands that our national security
requires protecting our basic rights of free speech and privacy," said
John Gilmore, co-founder of the Electronic Frontier Foundation, which
backed the suit. "There's no sense in `burning the Constitution in
order to save it'. The secretive bureaucrats who have restricted these
rights for decades in the name of national security must come to a
larger understanding of how to support and preserve our democracy."

Reactions to the decision

"This is a positive sign in the crypto wars -- the first rational
statement concerning crypto policy to come out of any part of the
government," said Jim Bidzos, President of RSA Data Security, one of
the companies most affected by crypto policy.

"It's nice to see that the executive branch does not get to decide
whether we have the right of free speech," said Philip Zimmermann,
Chairman of PGP, Inc. "It shows that my own common sense
interpretation of the constitution was correct five years ago when I
thought it was safe to publish my own software, PGP. If only US
Customs had seen it that way." Mr. Zimmermann is a civil libertarian
who was investigated by the government under these laws when he wrote
and gave away a program for protecting the privacy of e-mail. His
"Pretty Good Privacy" program is used by human rights activists
worldwide to protect their workers and informants from torture and
murder by their own countries' secret police.

"Judge Patel's decision furthers our efforts to enable secure electronic
commerce," said Asim Abdullah, executive director of CommerceNet.

Jerry Berman, Executive Director of the Center for Democracy and
Technology, a Washington-based Internet advocacy group, hailed the
victory. "The Bernstein ruling illustrates that the Administration
continues to embrace an encryption policy that is not only unwise, but
also unconstitutional. We congratulate Dan Bernstein, the Electronic
Frontier Foundation, and all of the supporters who made this victory
for free speech and privacy on the Internet possible."

"The ability to publish is required in any vibrant academic discipline,"
This ruling re-affirming our obvious academic right will help American
researchers publish without worrying," said Bruce Schneier, author of
the popular textbook _Applied Cryptography_, and a director of the
International Association for Cryptologic Research, a professional
organization of cryptographers.

Kevin McCurley, President of the International Association for
Cryptologic Research, said, "Basic research to further the
understanding of fundamental notions in information should be welcomed
by our society. The expression of such work is closely related to one
of the fundamental values of our society, namely freedom of speech."

Background on the case

The plaintiff in the case, Daniel J. Bernstein, Research Assistant
Professor at the University of Illinois at Chicago, developed an
"encryption algorithm" (a recipe or set of instructions) that he
wanted to publish in printed journals as well as on the Internet.
Bernstein sued the government, claiming that the government's
requirements that he register as an arms dealer and seek government
permission before publication was a violation of his First Amendment
right of free speech. This is required by the Arms Export Control Act
and its implementing regulations, the International Traffic in Arms
Regulations.

In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment. On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.

Details of Monday's Decision

Judge Patel ruled that the Arms Export Control Act is a prior restraint
on speech, because it requires Bernstein to apply for and obtain from
the government a license to publish his ideas. Using the Pentagon
Papers case as precedent, she ruled that the government's "interest of
national security alone does not justify a prior restraint."

Judge Patel also held that the government's required licensing
procedure fails to provide adequate procedural safeguards. When the
Government acts legally to suppress protected speech, it must reduce
the chance of illegal censorship by the bureacrats involved -- in this
case, the State Department's Office of Defense Trade Controls. Her
decision states, "Because the ITAR licensing scheme fails to provide
for a time limit on the licensing decision, for prompt judicial review
and for a duty on the part of the ODTC to go to court and defend a
denial of a license, the ITAR licensing scheme as applied to Category
XIII(b) acts as an unconstitutional prior restraint in violation of the
First Amendment." Professor Bernstein is now free to publish his ideas
without asking the government's permission first.

She also ruled that the export controls restrict speech based on the
content of the speech, not for any other reason. "Category XIII(b) is
directed very specifically at applied scientific research and speech on
the topic of encryption." The Government had argued that it restricts
the speech because of its function, not its content.

The judge also found that the ITAR is vague, because it does not
adequately define how information that is available to the public
"through fundamental research in science and engineering" is exempt
from the export restrictions. "This subsection ... does not give
people ... a reasonable opportunity to know what is prohibited." The
failure to precisely define what objects and actions are being
regulated creates confusion and a chilling effect. Bernstein has been
unable to publish his encryption algorithm for over four years. Many
other cryptographers and ordinary programmers have also been restrained
from publishing because of the vagueness of the ITAR. Brian
Behlendorf, a maintainer of the popular public domain "Apache" web
server program, stated, "No cryptographic source code was ever
distributed by the Apache project. Despite this, the Apache server
code was deemed by the NSA to violate the ITAR." Judge Patel also
adopted a narrower definition of the term "defense article" in order to
save it from unconstitutional vagueness.

The immediate effect of this decision is that Bernstein now is free to
teach his January 13th cryptography class in his usual way. He can
post his class materials on the Internet, and discuss the upcoming
class's materials with other professors, without being held in
violation of the ITAR. "I'm very pleased," Bernstein said. "Now I
won't have to tell my students to burn their notebooks."

It is unclear exactly where Judge Patel's decision applies -- in the
Northern District of California (containing San Francisco and Silicon
Valley) or throughout the country. Check with your own lawyer if
you contemplate taking action based on the decision.

It is not yet clear from the decision whether the export controls on
object code (the executable form of computer programs which source
code is automatically translated into) have been overturned. It may
be that existing export controls will continue to apply to runnable
software products, such as Netscape's browser, until another court
case challenges that part of the restrictions.

Related Issues:
September 30, 1996

Government Argues That Law Professor Cannot Challenge Regulation
Requiring Him to Get Permission Before Teaching and Publishing
Because He Did Not Apply for That Permission

Oral Argument in Junger v. Christopher Set for Wednesday, November 20

Cleveland, Ohio, Tuesday, October 1, 1996
For Immediate Release

For More Information Contact:

Raymond Vasvari (216) 522-1925
Gino Scarselli (216) 291-8601

Or see URL: http://samsara.law.cwru.edu/comp_law/jvc/

Cleveland, Ohio, Oct. 1 -- Lawyers for Professor Peter D. Junger today
filed a brief and a motion for summary judgment in Junger v.
Christopher, the case challenging the licensing of the communication of
``cryptograhic software'' that is pending before Judge Donald C. Nugent
in the Federal District Court here.

Junger seeks an injunction against the enforcement of provisions of
the International Traffic in Arms Regulations that require him to get
the permission of the State Department's Office of Defense Trade
Controls (the "ODTC") before he can communicate information about
cryptographic software to foreign persons, ``whether in the United
States or abroad.'' The penalty for failing to get such permission
before disclosing the information can be as great as a fine of one
million dollars and imprisonment for ten years. These provisions
effectively prevent Junger from admitting foreign students to the
course that he teaches about Computers and the Law at Case Western
Reserve Law School in Cleveland, Ohio, and keep him from publishing
his course materials and articles containing cryptographic software,
or explaining what it does, how and where to get it, and how to use
it.

The challenged licensing scheme threatens the long-run viability of
the United States software industry and, according to a blue-ribbon
panel of the National Research Council, already costs that industry at
least ``a few hundred million dollars per year ..., and all
indications are that this figure will only grow in the future.'' The
regulations have been extensively criticized by industry and bills to
repeal or limit them are now pending in Congress.

Junger's legal challenge is not based, however, on the economic damage
that the ITAR's cryptographic licensing scheme imposes on the software
industry and the nation's economy, but rather on the unconstitutional
restraints that it imposes on anyone who wants to speak or write
publically about any computer program that has, in the words of the
ITAR, the ``capability of maintaining secrecy or confidentiality of
information or information systems.'' Junger does not challenge the
constitutionality of requiring one to get a license before exporting a
physical cryptographic device: ``It isn't unconstitutional for the
Office of Defense Trade Controls to damage the computer industry and
our economy by requiring export licenses for cryptographic hardware,
but information about cryptographic software is, as the National
Research Council has pointed out, `pure knowledge that can be
transported over national borders inside the heads of people or via
letter.' Requiring the permission of the government before one can
communicate knowledge is unconstitutional. Such a prior restraint is,
in fact, the paradigmatic example of a violation of the First
Amendment.''

THE GOVERNMENT ARGUES THAT PLAINTIFF MUST APPLY FOR PERMISSION
TO SPEAK BEFORE HE CAN CHALLENGE THE REQUIREMENT
THAT HE APPLY FOR SUCH PERMISSION

In motions and briefs submitted August 21st, the government has asked
the court to dismiss the lawsuit, or in the alternative, to grant the
government judgment prior to trial.

The government makes the initial argument that Junger lacks standing
to claim that the provisions of the ITAR requiring him to get a formal
license or other permission from the ODTC before he publically
communicates information about cryptographic software, including the
contents of the software itself, are unconstitutional. And it also
argues that that claim is neither ``ripe'' nor ``colorable'', because
Junger has not applied to the ODTC for such permission.

Junger takes the position that as a law teacher who venerates the
First Amendment it would be as improper for him to request the federal
censors for permission to speak and publish as it would be for him
openly violate the law. As he puts it: ``My duty is to challenge
these unconstitutional regulations, not to give in to them nor to
violate them in an act of civil disobedience.'' His lawyers point out
in their briefs that few propositions of constitutional law are better
established than the rule that a plaintiff does not have to submit to
an unconstitutional restraint on speech and on the press before
challenging it in court.

``Those arguments by the government are rather strange,'' says Gino
J. Scarselli, one of Junger's lawyers, ``they seem to be based on
their argument that cryptographic software is actually hardware
because it is functional.'' And then he adds, ``Of course, that
argument is also rather strange.''

THE GOVERNMENT ARGUES THAT SOME OF THE MATERIAL AT ISSUE
IS EXEMPT UNDER THE ITAR

The government also contends that some of the information at issue may
be exempt from the ITAR's licensing requirements as technical data
that is in the ``public domain'' because it is available to the public
through ``fundamental research in science and engineering'' or through
``sales at newsstands and bookstores.''

``That hardly is a defense,'' says Scarselli, ``since it is quite
clear that the government will not concede that all of the information
that Professor Junger wants to be able publish and discuss is in the
public domain. And to make matters worse, the only way that Professor
Junger can actually find out whether the government will treat
particular information as being exempt from the formal licensing
requirements is to apply to the ODTC for it calls a Commodity
Jurisdiction Determination, which in reality is just another form of
license.''

``It is not as if I am engaged in fundamental research in science and
engineering.'' Junger adds. ``What I want to publish and discuss has
to do with the political and legal issues that are raised by computer
technology, including, of course, cryptography.

``For just one example, since lawyers have a legal and ethical duty to
protect the confidences of their clients, I am convinced that lawyers
who use electronic mail or other computer technologies to communicate
with their clients, or to store information supplied by their clients,
are in some circumstances ethically, and perhaps even legally,
required to use cryptography to maintain the confidentiality of that
information. And yet I cannot publically explain to law students and
lawyers--and lawyers cannot publically explain to their clients--how
to obtain and use effective cryptographic software without first
getting the government's permission to disclose that information.
And, of course, if the cryptographic software really is effective,
then there is little or no chance that the government will permit its
disclosure.''

THE GOVERNMENT ARGUES THAT CRYPTOGRAPHIC SOFTWARE
IS NOT PROTECTED BY THE FIRST AMENDMENT
BECAUSE IT IS FUNCTIONAL

There is no law in the United States that forbids or regulates the use
of cryptography. Yet the government argues that the information in
texts containing cryptographic software, including recipes for
creating such software, can be used in a computer to preserve secrecy
and confidentiality, and concludes that cryptographic software is
``conduct'' and ``functional'' and is thus not a text that is
constitutionally protected as speech.

Junger's lawyers, on the other hand, say that his claims do not relate
to the conduct of running a cryptographic program on a
computer--conduct that is not regulated by the ITAR, after all--and
that he only challenges the restraints that the ITAR impose on the
communication of information about how to carry on such legal conduct.

``Expressive conduct is exactly what is protected by the First
Amendment,'' says Raymond Vasvari, another of Junger's lawyers. ``And
if that expression were not functional, if it were not effective,
there would be no need to protect it. The government's argument turns
two hundred years of First Amendment jurisprudence on its head.''

``The government's arguments about software being conduct and
functional are striking examples of the sort of confusion that
pervades the whole area of Computers and the Law,'' Junger says.
``Trying to clear up such confusion is my major goal in my course in
Computers and the Law. In fact, when I started teaching that course
in 1993, I wrote some cryptographic software to assist my students in
grasping the distinction between software as a text that can be
communicated, and that is protected by copyright law and the First
Amendment, and software as a process that runs in a computer's central
processor that can be protected by patents, but not by copyrights. If
it weren't so frustrating, it would almost be funny that I cannot
publish that software because of the prior restraints imposed by the
defendants' interpretation of the ITAR, even though it is perfectly
legal for me, or for any one else, including `foreign persons,' to
actually run such software on a computer. The government's confusion
is so extensive that an agent of the ODTC has actually told me that
software, cryptographic software, is actually hardware.''

``It is quite clear to me,'' Junger adds, ``that the State Department
and the National Security Agency and other elements in the executive
branch of the government are attempting to restrain the communication
of information about cryptographic software not only abroad, but also
within the United States, because they do not want us actually to be
able to use cryptography to preserve the privacy of our thoughts and
our communications. It is as if the government required one to get a
license before explaining how to make or use an envelope, even though
it did not forbid the use of envelopes themselves. After all, all
that cryptographic software is is a way of making electronic
envelopes.''

ORAL ARGUMENT SCHEDULED

Junger v. Christopher has been placed on a fast track by Judge Nugent.
On September 5 he established a briefing schedule: the plaintiff's
brief was due and was filed today and the government's response is due
on Friday, October 18.

Oral argument is scheduled for Wednesday, November 20.

Judge Nugent's decision is expected before the first of the year.

BACKGROUND ON THE LITIGATION

Litigation is expensive. Professor Junger and his volunteer lawyers
were only able to bring the suit because of a generous gift by an
anonymous donor of $5,000 that was used to create the ITAR Legal
Attack Fund. Additional donations by Professor Junger and others have
increased that fund to more than seven thousand dollars.

Scarselli and Vasvari are lawyers in private practice in Cleveland who
have dedicated much of their professional lives to the protection of
First Amendment freedoms. The third lawyer on the team is Kevin
O'Neill, a law professor at Cleveland State University and the former
legal director of the Ohio Chapter of the American Civil Liberties
Union.

--30--

- --
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu
URL: http://samsara.law.cwru.edu

September 18, 1996

Electronic Frontier Foundation Contacts:

Shari Steele, Staff Counsel
301/375-8856, ssteele@eff.org

John Gilmore, Founding Board Member
415/221-6524, gnu@toad.com

Cindy Cohn, McGlashan & Sarrail
415/341-2585, cindy@mcglashan.com

San Francisco, CA -- On Friday, September 20, 1996, Judge Marilyn Hall
Patel will hold hearings in a case with far-reaching implications for
personal privacy, U.S. competitiveness, and national security. Mathematician
Daniel J. Bernstein, a Research Assistant Professor in the Department of
Mathematics, Statistics and Computer Science at the University of Illinois at
Chicago, has sued several Federal agencies on the grounds that the
agencies' requirement that he obtain a license prior to publishing his
ideas about cryptography violates his First Amendment right to freedom
of speech.

Cryptography is the science of secret writing. It is the technology
to use for providing privacy or proving authenticity over distances.
All kinds of communications, from cellular phones to corporate or
government databases, depend on cryptography for protection. The
security of computers against intruders, the privacy and integrity of
the Internet, ATM machines, satellite and cable TV, and the world
financial networks all depend on cryptographic protection. In fact,
the very future of the global Internet, especially as a tool for
commerce, political organizing and scientific development of new ideas,
depends upon the availability of strong encryption.

The U.S. government has restricted cryptography since it was useful in
winning World War II. However, cellular telephones, satellites, ATM
machines, and the Internet did not exist in 1945; advances in
communication and cheap computation have made cryptography useful in
many new applications. In addition, strong encryption is already
available abroad, making laws restricting their export obsolete and
damaging the ability of U.S. businesses to compete in overseas markets.
In fact, Congress is currently considering three pieces
of legislation that would all update the export control laws and remove
encryption from its current place on the U.S. Munitions List.

While Washington toils with Pro-CODE and the other introduced bills, this
hearing will examine the various legal tests that will determine
whether the export laws and regulations (the "ITAR") are
constitutional. Professor Bernstein argues that they violate
the First Amendment in several different ways:

LEGAL ARGUMENTS

* Any legal framework that allows a government bureaucrat to
censor speech before it happens is an unconstitutional prior restraint.
The government is not allowed to set up such a drastic scheme
unless they can prove that publication of such information will
"surely result in direct, immediate, and irreparable damage to our
Nation or its people" and that the regulation at issue is necessary
to prevent this damage. The government must also tightly restrain
the discretion given to the bureaucrats to ensure that they don't
misuse this power. The government has not met this burden
regarding the ITAR legal framework.

* Because restrictions on speech about cryptography are based on the
content of what is being said, the court must apply a strict scrutiny test
to determine whether individuals can be punished for engaging in this
speech. This requires that the regulation be necessary to serve a
compelling state interest and that it is narrowly drawn to achieve that
end. The ITAR regulatory scheme has adopted a too- restrictive approach,
by prohibiting many forms of speech in the area of cryptography.

* The ITAR regulatory framework lacks the necessary procedural
safeguards. Grants of administrative discretion must be limited by clear
standards, and judicial review must be available. "Quite simply, the ITAR
Scheme allows its administrative agencies to make inconsistent, incorrect
and sometimes incomprehensible decisions censoring speech, all without the
protections of judicial review or oversight."

* The ITAR framework is unconstitutionally vague. The government
doesn't even seem to know what its regulations include and exclude! Here,
they told Professor Bernstein that he could not publish his academic paper
for over three years, only changing their collective mind and withdrawing
that decision after being sued. The lack of standards has allowed the
government to misuse a statute aimed at commercial, military arms sales
to limit academic and scientific publication.

* The ITAR regulatory scheme is overbroad. In an internal memo
written almost 20 years ago, the government's own Office of Legal Counsel
concluded that the ITAR's licensing standards "are not sufficiently
precise to guard against arbitrary and inconsistent administrative
action." The OLC specifically warned that the coverage was so broad it
could apply to "communication of unclassified information by a technical
lecturer at a university or to the conversation of a United States
engineer who meets with foreign friends at home to discuss matters of
theoretical interest." This is exactly what is happening here, and it is
unconstitutional.

Judge Patel will hear arguments from attorneys for Bernstein and the
government concerning their respective motions for summary judgment. The
hearing on Friday is scheduled for 12:00 noon at the United States
District Court for the Northern District of California, San Francisco
Headquarters, at 450 Golden Gate Avenue. The hearing is open to the press
and to the public.

CASE BACKGROUND

Bernstein completed the development of an "encryption algorithm" (a recipe
or set of instructions) he calls "Snuffle." In order to contribute Snuffle
to the marketplace of scientific ideas, and to allow other scientists to
evaluate and test his ideas, Bernstein wishes to publish (a) a paper in
English describing and explaining the algorithm, (b) the "source code" for
a computer program that uses the algorithm (this source code more
precisely describes and implements the idea), and (c) instructions for how
a person could use the source code and a computer to encrypt communications.
He wishes to publish them in print journals as well as on the Internet.
Bernstein also wishes to discuss these items at mathematical conferences, in
college classrooms, on the Internet, and in other open, public meetings. In
fact, he would like to use Snuffle as part of his course material for a
cryptography class he will be teaching next spring.

The Arms Export Control Act and the International Traffic in Arms
Regulations (the ITAR regulatory scheme) required Bernstein to submit
his ideas about cryptography to the government for review, to register
as an arms dealer, and to apply for and obtain from the government a
license to publish his ideas. Failure to do so would result in severe
civil and criminal penalties. Bernstein believes this is a violation
of his First Amendment rights and has sued the government.

In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment. On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.

Because of its far-reaching implications, the Bernstein case is being
watched closely by privacy advocates, the computer industry, the export
and cryptography communities, and First Amendment activists. In fact,
several members of these communities provided declarations that were
submitted in support of Bernstein's motion.

August 17, 1996

Federal Civil Rights Action Seeks Injunction Against State Department And National Security Agency

For Immediate Release
Cleveland, Wednesday, August 7, 1996

For More Information Contact:
Raymond Vasvari (216) 522-1925
Gino Scarselli (216) 291-8601

More Information Will Be Available at:
URL: http://samsara.law.cwru.edu

_________________________________________________________________

A Case Western Reserve University law professor filed suit today in
federal court, challenging government regulations which restrict his
ability to teach a course in computer law. Peter Junger, a twenty-five
year veteran of the law school faculty, will file a federal civil
rights action this afternoon in the United States District Court in
Cleveland. The suit names the Department of State and the secretive
National Security Agency, which administer federal regulations
limiting Professor Junger's ability to teach.

The case involves the International Traffic in Arms Regulations, or
ITAR, federal regulations which restrict the export of military
technology. Under the ITAR, cryptographic computer software, which
encodes text to preserve the privacy of messages on the Internet, is
considered a "munition" and subject to strict export control. The
regulations raise significant First Amendment questions by defining
"export" to include discussing technical information about
non-classified software with foreign nationals, such as students
registered for Professor Junger's course.

In recent months, the State Department has sent a series of letters
threatening possible criminal action to a Florida man who posted a
simple cryptographic algorithm to the "sci.crypt" Usenet Newsgroup, an
Internet site popular with cryptography enthusiasts. These and similar
incidents have caused Professor Junger to limit his discussions of
cryptographic material with foreign colleagues, for fear of violating
the ITAR. Penalties for unlicenced disclosure of cryptographic
information are severe: federal law provides ten year prison terms and
One Million Dollar fines for those convicted of violating the Arms
Export Control Act, the legislation under which the ITAR was
promulgated.

Professor Junger, whose class at Case Western Reserve focuses on the
legal aspects of computer use and software development, plans to turn
away any foreign students who register for the course this fall,
largely because the law is uncertain as to what he may teach, and to
whom.

The restrictions at issue are administered by the Department of State,
in cooperation with the ultra-secret National Security Agency, the
organization charged with eavesdropping on foreign governments. Under
the ITAR, Junger may not teach foreign students about even simple
software capable of encoding messages. Such software is vital to
maintaining the privacy of communications and financial transactions
on the Internet, and Junger believes that lawyers need to understand
how it works in order to prepare to practice in an increasingly
technological world.

The information that Junger wishes to disclose is widely available on
the Internet and elsewhere. "It's not as though we are talking about
classified information," explained Gino Scarselli, one of three
lawyers representing Junger in the case. "The material at issue in
this case can be found in any university library, but the regulations
make no exceptions for even the most basic software," Scarselli noted.
The lawsuit does not challenge the government's right to restrict
access to classified information.

Junger is also represented by Raymond Vasvari and Kevin Francis
O'Neill, two Cleveland attorneys with considerable experience in First
Amendment issues. As Vasvari explained, the suit presents important
First Amendment questions about the government's ability to regulate
academic life. "These regulations allow the government to dictate what
a professor may and may not teach, even though the material involved
poses no threat to national security," Vasvari explained.

The suit charges that by requiring Junger to apply for a federal
license to discuss cryptography with foreigners, the government is
violating a well-established First Amendment rule which prohibits the
government from imposing prior restraints on expression without clear,
narrowly drawn standards distinguishing prohibited expression from
permissible speech. The United States Supreme Court has consistently
held that such prior restraints face a heavy burden in court, and that
standardless licencing schemes allowing officials broad discretion in
restriction speech are unconstitutional.

Because computer cryptography is expected to play an important role in
the economic development of the Internet, the case is being closely
watched. Scarselli has worked closely with attorneys affiliated with
the San Francisco based Electronic Frontier Foundation in preparing
the suit, and Junger and his lawyers have been in frequent contact
with John Gilmore, formerly of Sun Microsystems, who has offered his
assistance as a technical advisor in the case.

At issue is not only Junger's right to discuss cryptography with
foreigners, but also his and other's right to publish and distribute
such information both in traditional forms and on the internet.

Professor Junger's suit seeks declaratory and injunctive relief,
prohibiting the government from interfering with his, or any other
person's, discussing non-classified cryptographic information with
foreign persons or from publishing that information. Lawyers for
Junger have moved the court for a preliminary injunction. Junger's
course begins in the fall semester, later this month.

July 26, 1996

July 26, 1996 Electronic Frontier Foundation

Contacts:
Shari Steele, Staff Counsel
301/375-8856, ssteele@eff.org

Mike Godwin, Staff Counsel
510/548-3290, mnemonic@eff.org

Lori Fena, Executive Director
415/436-9333, lori@eff.org

San Francisco, CA -- A University of Illinois at Chicago faculty member
who is suing the U.S. Department of State will file a motion Friday that
could strengthen his claim that government restrictions on information
about cryptography violate the First Amendment's protections for freedom
of speech. The full text of the motion for partial summary judgment is
also available.

Relying on Judge Marilyn Hall Patel's prior ruling that computer source
code is speech protected by the First Amendment, mathematician Daniel J.
Bernstein will file a motion for partial summary judgment in his suit
against the State Department.

In his 45-page memorandum in support of his motion, Bernstein sets forth
several First Amendment arguments:

LEGAL ARGUMENTS

* Any legal framework that requires a license for First Amendment
protected speech, which may be granted or withheld at the discretion of a
government official, is a prior restraint on speech. In order for this
framework to be acceptable, the government has the burden of showing that
publication will "surely result in direct, immediate, and irreparable
damage to our Nation or its people" and that the regulation at issue is
necessary to prevent this damage. The government has not met this burden
regarding the ITAR legal framework.

* Because restrictions on speech about cryptography are
content-based, the court must apply a strict scrutiny test in determining
whether individuals can be punished for engaging in this speech. A strict
scrutiny test requires that a regulation be necessary to serve a
compelling state interest and that it is narrowly drawn to achieve that
end. The ITAR regulatory scheme has adopted the *most* restrictive
approach by prohibiting all speech in the area of cryptography.

* The ITAR regulatory framework lacks the necessary procedural
safeguards. Grants of administrative discretion must be limited by clear
standards, and judicial review must be available. "Quite simply, the ITAR
Scheme allows its administrative agencies to make inconsistent, incorrect
and sometimes incomprehensible decisions censoring speech, all without the
protections of judicial review or oversight."

* The ITAR framework is unconstitutionally vague. The government
doesn't even seem to know what its regulations include and exclude! Here,
the lack of standards has allowed the government to misuse a statute aimed
at commercial, military arms sales to limit academic and scientific
publication.

* The ITAR regulatory scheme is overbroad. In an internal memo
written almost 20 years ago, the government's own Office of Legal Counsel
concluded that the ITAR s licensing standards "are not sufficiently
precise to guard against arbitrary and inconsistent administrative
action." The OLC specifically warned that the coverage was so broad it
could apply to "communication of unclassified information by a technical
lecturer at a university or to the conversation of a United States
engineer who meets with foreign friends at home to discuss matters of
theoretical interest." This is exactly what is happening here, and it is
unconstitutional.

CASE BACKGROUND

While a graduate student at the University of California at Berkeley,
Bernstein completed the development of an encryption equation (an
"algorithm") he calls "Snuffle." Bernstein wishes to publish a) the
algorithm, (b) a mathematical paper describing and explaining the
algorithm, and (c) the "source code" for a computer program that
incorporates the algorithm. Bernstein also wishes to discuss these items
at mathematical conferences, college classrooms and other open, public
meetings. The Arms Export Control Act and the International Traffic in
Arms Regulations (the ITAR regulatory scheme) required Bernstein to submit
his ideas about cryptography to the government for review, to register as
an arms dealer, and to apply for and obtain from the government a license
to publish his ideas. Failure to do so would result in severe civil and
criminal penalties. Bernstein believes this is a violation of his First
Amendment rights and has sued the government.

In the first phase of this litigation, the government argued that since
Bernstein's ideas were expressed, in part, in source code, they were not
protected by the First Amendment. On April 15, 1996, Judge Marilyn Hall
Patel in the Northern District of California rejected that argument and
held for the first time that computer source code is protected speech for
purposes of the First Amendment.

Because of its far-reaching implications, the Bernstein case is being
watched closely by privacy advocates, the computer industry, the export
and cryptography communities, and First Amendment activists. In fact,
several members of these communities provided declarations that were
submitted in support of Bernstein's motion.

April 17, 1996

April 17, 1996
Electronic Frontier Foundation Contacts:
Shari Steele, Staff Counsel
301/375-8856, ssteele@eff.org
Lori Fena, Executive Director
415/436-9333, lori@eff.org

Denying the government's motion for dismissal in mathematician Daniel Bernstein's suit against the State Department, Judge Marilyn Hall Patel in the Northern District of California ruled Monday that source code in Bernstein's cryptographic algorithm, "Snuffle," is speech that is protected from prior restraint by the First Amendment.

LANDMARK RULING
This is the first time a U.S. court has ruled that source code is speech under First Amendment analysis. Previously, courts have held that software is speech for copyright law only.

The decision states in part: "This court can find no meaningful difference between computer language, particularly high-level languages as defined above, and German or French....Like music and mathematical equations, computer language is just that, language, and it communicates information either to a computer or to those who can read it....Thus, even if Snuffle source code, which is easily compiled into object code for the computer to read and easily used for encryption, is essentially functional, that does not remove it from the realm of speech....For the purposes of First Amendment analysis, this court finds that source code is speech."

(The full text of the decision can be found at http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS/Legal/Decision_041596/)

Judge Patel's acknowledgment that source code enjoys Constitutional protection has implications that reach far beyond cases involving the export of cryptography. The decision holds importance to the future of secure electronic commerce and lays the groundwork needed to expand First Amendment protection to electronic communication.

Because of its far-reaching implications, the Bernstein case is being watched closely not only by privacy advocates, but by the entire computer industry, the export and cryptography communities and First Amendment advocates.

CASE WILL PROCEED
The decision allows Bernstein to continue with his lawsuit that the International Traffic in Arms Regulation (ITAR) acts as a prior restraint on speech and that the ITAR is overbroad and vague.

EFF is very pleased with Judge Patel's ruling and believes that it bodes well for Bernstein's ultimate success in trial, which is now scheduled to proceed with the normal pre-trial and trial sequence of events.

The court drew an important distinction between the Bernstein case and other cases involving export controls on cryptography. The government has cited several cases involving the Export Administration Act as reasons why the Bernstein case should be dismissed. Judge Patel recognized that the Constitutional questions being raised by Bernstein differ significantly from the policy questions raised in the cases introduced by the government.

Judge Patel also ruled that Bernstein could bring his case even though the Arms Export Control Act specifically precludes judicial review, because what Bernstein is asking the court to review (i.e., the constitutionality of the statute and its regulations) was not what had been precluded (i.e., the government's determination in a particular instance whether or not something was exportable). "With respect to constitutional questions, the judicial branch not only possesses the requisite expertise to adjudicate these issues, it is also the best and final interpreter of them."

CASE BACKGROUND
As part of her decision, Judge Patel determined that only the source code was at issue in the case, not Bernstein's academic paper describing the source code. Bernstein tried to get the government to rule separately on the paper and the code back in 1993 by filing separate commodity jurisdiction requests. The State Department merged the requests and rejected them all. On June 29, 1995, after Bernstein and EFF filed suit, the government sent Bernstein a letter saying that the paper could be published and never had been forbidden. While Judge Patel claimed that the issue of the paper now appeared to be moot, she commented, "It is disquieting than an item defendants now contend could not be subject to regulation was apparently categorized as a defense article and subject to licensing for nearly two years, and was only reclassified after plaintiff initiated this action."

April 16, 1996

On October 20th in San Francisco, we'll have the first public hearing
in the EFF/Bernstein lawsuit, which seeks to have the export laws on
cryptography declared unconstitutional. You are invited!

Meet at the Federal Building in San Francisco, 450 Golden Gate Avenue.
The first "oral arguments" in the Bernstein crypto export case will
happen there, starting at 10:30am PST, in Judge Marilyn Hall Patel's
courtroom, upstairs. We've been FedExing legalese back and forth for
months; now we get to explain the case in person. You can meet our
intrepid lawyers, who are slaving away without pay, _in_durance_vile_,
to protect our rights! Shake hands with an NSA lawyer specially flown
in for the occasion! Meet some local journalists! And watch the
wheels of justice grind as the judge first explores our case.

In this case, Dan Bernstein, ex-grad-student from UC Berkeley, is
suing the State Department, NSA, and other agencies, with help from
EFF. Our main argument is that the export controls on crypto software
are a "prior restraint on publication" which is unconstitutional under
the First Amendment unless handled very delicately by a court (not just
by an agency acting on its own). These agencies restrained Dan's ability
to publish a paper, as well as source code, for the crypto algorithm that
he invented. There are additional arguments along the lines that the
State Department and NSA take a lot more liberties during the export
process than their own regulations and laws really permit.

Like Phil Karn's case, this lawsuit really has the potential to outlaw
the whole NSA crypto export scam. We could make your right to publish
and export crypto software as well-protected by the courts as your
right to publish and export books. Of course, the government would
appeal any such decision, and it will take years and probably an
eventual Supreme Court decision to make it stick. But you can be
there at the very beginning.

Please make a positive impression on the judge. Show her -- by
showing up -- that this case matters to more people than just the
plaintiff and defendant. That how it gets decided will make a
difference to society. That the public and the press are watching,
and really do care that it gets handled well. We'll have to be quiet
and orderly while we're in the courthouse. There will be no questions
from the audience (that's us), but the session will be tape-recorded,
and you can take notes if you like. Banners and inflamatory t-shirts are
probably not a good idea. Consider this a dress-up day.

The particular issue in front of Judge Patel on the 20th is whether the
case should be thrown out. The government is arguing that it should.
It's a mess of legal details about whether the Judicial Branch has the
right to decide questions like this, and over whether we have really
properly claimed a Constitutional rights violation. It will teach
most observers something about how the courts work, and how the NSA and
State Dept use bureaucratic tricks to avoid facing the real issues.
We have managed to drag in some of these issues, like whether there is
sufficient "expression" in software that the First Amendment should
protect publishers of software. It's possible, but unlikely, that the
judge will decide then-and-there. We will get some clues to how
she is leaning, based on her questions and comments. Her written
decision will come out some days or weeks later.

Don't bring any interesting devices unless you're willing to check
them with the lobby guards for the duration. They seem to want to
hold onto guns, "munitions", and even small pocketknives, before
they'll let you go upstairs to the courtrooms.

February 21, 1995

First Amendment Protects Information about Privacy Technologies

In a move aimed at expanding the growth and spread of privacy and security technologies, the Electronic Frontier Foundation is sponsoring a federal lawsuit filed today seeking to bar the government from restricting publication of cryptographic documents and software. EFF argues that the export-control laws, both on their face and as applied to users of cryptographic materials, are unconstitutional.

Cryptography, defined as "the science and study of secret writing," concerns the ways in which communications and data can be encoded to prevent disclosure of their contents through eavesdropping or message interception. Although the science of cryptography is very old, the desktop-computer revolution has made it possible for cryptographic techniques to become widely used and accessible to nonexperts.

EFF believes that cryptography is central to the preservation of privacy and security in an increasingly computerized and networked world. Many of the privacy and security violations alleged in the Kevin Mitnick case, such as the theft of credit card numbers, the reading of other people's electronic mail, and the hijacking of other people's computer accounts, could have been prevented by widespread deployment of this technology. The U.S. government has opposed such deployment, fearing that its citizens will be private and secure from the government as well as from other vandals.

The plaintiff in the suit is a graduate student in the Department of Mathematics at the University of California at Berkeley named Daniel J. Bernstein. Bernstein developed an encryption equation, or algorithm, and wishes to publish the algorithm, a mathematical paper that describes and explains the algorithm, and a computer program that runs the algorithm. Bernstein also wishes to discuss these items at mathematical conferences and other open, public meetings.

The problem is that the government currently treats cryptographic software as if it were a physical weapon and highly regulates its dissemination. Any individual or company who wants to export such software -- or to publish on the Internet any "technical data" such as papers describing encryption software or algorithms -- must first obtain a license from the State Department. Under the terms of this license, each recipient of the licensed software or information must be tracked and reported to the government. Penalties can be pretty stiff -- ten years in jail, a million dollarcriminal fine, plus civil fines. This legal scheme effectively prevents individuals from engaging in otherwise legal communications about encryption.

The lawsuit challenges the export-control scheme as an ``impermissible prior restraint on speech, in violation of the First Amendment.'' Software and its associated documentation, the plaintiff contends, are published, not manufactured; they are Constitutionally protected works of human-to-human communication, like a movie, a book, or a telephone conversation. These communications cannot be suppressed by the government except under very narrow conditions -- conditions that are not met by the vague and overbroad export-control laws. In denying people the right to publish such information freely, these laws, regulations, and procedures unconstitutionally abridge the right to speak, to publish, to associate with others, and to engage in academic inquiry and study. They also have the effect of restricting the availability of a means for individuals to protect their privacy, which is also a Constitutionally protected interest.

More specifically, the current export control process:

* allows bureaucrats to restrict publication without ever going to court;

* provides too few procedural safeguards for First Amendment rights;

* requires publishers to register with the government, creating in effect a "licensed press";

* disallows general publication by requiring recipients to be individually identified;

* is sufficiently vague that ordinary people cannot know what conduct is allowed and what conduct is prohibited;

* is overbroad because it prohibits conduct that is clearly protected (such as speaking to foreigners within the United States);

* is applied overbroadly, by prohibiting export of software that contains no cryptography, on the theory that cryptography could be added to it later;

* egregiously violates the First Amendment by prohibiting private speech on cryptography because the government wishes its own opinions on cryptography to guide the public instead; and

* exceeds the authority granted by Congress in the export control laws in many ways, as well as exceeding the authority granted by the Constitution.

If this suit is successful in its challenge of the export-control laws, it will clear the way for cryptographic software to be treated like any other kind of software. This will allow companies such as Microsoft, Apple, IBM, and Sun to build high-quality security and privacy protection into their operating systems. It will also allow computer and network users, including those who use the Internet, much more freedom to build and exchange their own solutions to these problems, such as the freely available PGP encryption program. And it will enable the next generation of Internet protocols to come with built-in cryptographic security and privacy, replacing a sagging part of today's Internet infrastructure.

Lead attorney on the case is Cindy Cohn, of McGlashan and Sarrail in San Mateo, CA, who is offering her services pro-bono. Major assistance has been provided by Shari Steele, EFF staff; John Gilmore, EFF Board; and Lee Tien, counsel to John Gilmore. EFF is organizing and supporting the case and paying the expenses.

Civil Action No. C95-0582-MHP was filed today in Federal District Court for the Northern District of California. EFF anticipates that the case will take several years to win. If the past is any guide, the government will use every trick and every procedural delaying tactic available to avoid having a court look at the real issues. Nevertheless, EFF remains firmly committed to this long term project. We are confident that, once a court examines the issues on the merits, the government will be shown to be violating the Constitution, and that its attempts to restrict both freedom of speech and privacy will be shown to have no place in an open society.

Full text of the lawsuit and other paperwork filed in the case is available from the EFF's online archives. The exhibits which contain cryptographic information are not available online, because making them publicly available on the Internet could be considered an illegal export until the law is struck down. The non-cryptographic exhibits and other documents including the complaint, as well as a series of letters between Bernstein and various government people regarding crypto export are available at:

http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export/Bernstein_case

Press contact: Shari Steele, EFF: ssteele@eff.org, +1 202 861 7700.

For further reading, we suggest:

The Government's Classification of Private Ideas: Hearings Before a
Subcomm. of the House Comm. on Government Operations, 96th Cong., 2d
Sess. (1980)

John Harmon, Assistant Attorney General, Office of Legal Counsel,
Department of Justice, Memorandum to Dr. Frank Press, Science Advisor to
the President, Re: Constitutionality Under the First Amendment of ITAR
Restrictions on Public Cryptography (May 11, 1978). [Included in the
above Hearings; also online as http://www.eff.org/pub/EFF/Policy/Crypto/
ITAR_export/ITAR_FOIA/itar_hr_govop_hearing.transcript].

Alexander, Preserving High-Tech Secrets: National Security Controls on
University Research and Teaching, 15 Law & Policy in Int'l Business 173
(1983)

Cheh, Government Control of Private Ideas-Striking a Balance Between
Scientific Freedom and National Security, 23 Jurimetrics J. 1 (1982)

Funk, National Security Controls on the Dissemination of Privately
Generated Scientific Information, 30 U.C.L.A. L. Rev. 405 (1982)

Pierce, Public Cryptography, Arms Export Controls, and the First
Amendment: A Need for Legislation, 17 Cornell Int'l L. J. 197 (1984)

Rindskopf and Brown, Jr., Scientific and Technological Information and
the Exigencies of Our Period, 26 Wm. & Mary L. Rev. 909 (1985)

Ramirez, The Balance of Interests Between National Security Controls and
First Amendment Interests in Academic Freedom, 13 J. Coll. & U. Law 179
(1986)

Shinn, The First Amendment and the Export Laws: Free Speech on
Scientific and Technical Matters, 58 Geo. W. L. Rev. 368 (1990)

Neuborne and Shapiro, The Nylon Curtain: America's National Border and
the Free Flow of Ideas, 26 Wm. & Mary L. Rev. 719 (1985)

Greenstein, National Security Controls on Scientific Information, 23
Jurimetrics J. 50 (1982)

Sullivan and Bader, The Application of Export Control Laws to Scientific
Research at Universities, 9 J. Coll. & U. Law 451 (1982)

Wilson, National Security Control of Technological Information, 25
Jurimetrics J. 109 (1985)

Kahn, The Codebreakers: The Story of Secret Writing. New York:
Macmillan (1967) [Great background on cryptography
and its history.]

Relyea, Silencing Science: national security controls and scientific
communication, Congressional Research Service. Norwood, NJ:
Ablex Publishing Corp. (1994)

John Gilmore, Crypto Export Control Archives, online at
http://www.cygnus.com/~gnu/export.html

February 21, 1995

60 Minutes
CBS News
555 West 57th Street
New York, NY 10019

Dear 60 Minutes,

Your February 26 story on computer security missed the most important point
-- the United States Government requires network providers to keep their
systems easily exploited. Encryption would enable companies to thwart
unwanted intrusion by disguising the content of messages, making the
messages virtually unreadable to anyone who does not possess the decryption
key. Computer intruders would not be able to steal passwords or credit
card information because they would not be able to read the data.
Furthermore, encryption helps authenticate users by making it difficult to
forge information used to identify messages.

But network security poses an interesting threat to U.S. law enforcement.
If the system is secure, how can the National Security Agency intercept the
messages of evil terrorists? Rather than "ramp up" their own law
enforcement techniques, the NSA and others have made a requirement that the
networks "dumb down" to their level. Such antiquated Cold War thinking has
resulted in the State Department refusing to remove encryption from the
U.S. Munitions List, -- where it currently sits right alongside
flamethrowers and B-1 bombers -- severely restricting its legal use on
international networks like the Internet.

The Electronic Frontier Foundation has just filed a lawsuit challenging the
the current Arms Export Control Law on First Amendment grounds. (The press
release is included.) Hopefully, this will open the door for technological
solutions to protecting security that are currently available but remain
illegal.

Sincerely,

Shari Steele
Director of Legal Services

March 2, 1993

By Rory J. O'Connor
Mercury News Staff Writer

A Berkeley mathematician sued the State Department
Tuesday, in a case designed to challenge the government's
designation of encryption software as a ``munition'' subject
to extensive export controls.

The policy has prevented even the publication of some
schemes for individuals to protect their computer data or
electronic mail from eavesdropping. Distributing information
about many encryption schemes without government approval
could be a criminal act punishable by 10 years in prison and
fines of $1 million or more.

Daniel Bernstein, a Ph.D. candidate at the University of
California, decided to sue after the government told him 18
months ago he would have to register as an arms dealer under
the International Traffic in Arms Regulation if he wanted to
publicize an encryption program he had developed, according to
his attorney, Cindy Cohn of McGlashan and Sarrail in San
Mateo.

After reading electronic postings from other
cryptographers, Bernstein applied for permission to publish
the program and a paper describing how it works.

The government favors a strict policy because
computerized methods for sending coded messages have made the
job of intelligence gathering far more difficult.
Intelligence agencies have expressed concern that terrorists,
drug traffickers and hostile foreign governments could obtain
such string [sic] encryption software and communicate via
undecipherable coded messages.

Some of the exhibits filed with the lawsuit that outline
Bernstein's scheme had to be sealed from public view, Cohn
said. Attorneys were barred from discussing them because
making them public could be construed as a criminal act.

Civil liberties groups with computer connections have
long opposed the government's practice, saying it stifles
freedom of expression.

Pages

Subscribe to EFF Press Releases
JavaScript license information