Judge Patel to Decide if Government Restrictions on Cryptography Violate the First Amendment
Electronic Frontier Foundation Contacts:
Shari Steele, Staff Counsel
John Gilmore, Founding Board Member
Cindy Cohn, McGlashan & Sarrail
San Francisco, CA -- On Friday, September 20, 1996, Judge Marilyn Hall
Patel will hold hearings in a case with far-reaching implications for
personal privacy, U.S. competitiveness, and national security. Mathematician
Daniel J. Bernstein, a Research Assistant Professor in the Department of
Mathematics, Statistics and Computer Science at the University of Illinois at
Chicago, has sued several Federal agencies on the grounds that the
agencies' requirement that he obtain a license prior to publishing his
ideas about cryptography violates his First Amendment right to freedom
Cryptography is the science of secret writing. It is the technology
to use for providing privacy or proving authenticity over distances.
All kinds of communications, from cellular phones to corporate or
government databases, depend on cryptography for protection. The
security of computers against intruders, the privacy and integrity of
the Internet, ATM machines, satellite and cable TV, and the world
financial networks all depend on cryptographic protection. In fact,
the very future of the global Internet, especially as a tool for
commerce, political organizing and scientific development of new ideas,
depends upon the availability of strong encryption.
The U.S. government has restricted cryptography since it was useful in
winning World War II. However, cellular telephones, satellites, ATM
machines, and the Internet did not exist in 1945; advances in
communication and cheap computation have made cryptography useful in
many new applications. In addition, strong encryption is already
available abroad, making laws restricting their export obsolete and
damaging the ability of U.S. businesses to compete in overseas markets.
In fact, Congress is currently considering three pieces
of legislation that would all update the export control laws and remove
encryption from its current place on the U.S. Munitions List.
While Washington toils with Pro-CODE and the other introduced bills, this
hearing will examine the various legal tests that will determine
whether the export laws and regulations (the "ITAR") are
constitutional. Professor Bernstein argues that they violate
the First Amendment in several different ways:
* Any legal framework that allows a government bureaucrat to
censor speech before it happens is an unconstitutional prior restraint.
The government is not allowed to set up such a drastic scheme
unless they can prove that publication of such information will
"surely result in direct, immediate, and irreparable damage to our
Nation or its people" and that the regulation at issue is necessary
to prevent this damage. The government must also tightly restrain
the discretion given to the bureaucrats to ensure that they don't
misuse this power. The government has not met this burden
regarding the ITAR legal framework.
* Because restrictions on speech about cryptography are based on the
content of what is being said, the court must apply a strict scrutiny test
to determine whether individuals can be punished for engaging in this
speech. This requires that the regulation be necessary to serve a
compelling state interest and that it is narrowly drawn to achieve that
end. The ITAR regulatory scheme has adopted a too- restrictive approach,
by prohibiting many forms of speech in the area of cryptography.
* The ITAR regulatory framework lacks the necessary procedural
safeguards. Grants of administrative discretion must be limited by clear
standards, and judicial review must be available. "Quite simply, the ITAR
Scheme allows its administrative agencies to make inconsistent, incorrect
and sometimes incomprehensible decisions censoring speech, all without the
protections of judicial review or oversight."
* The ITAR framework is unconstitutionally vague. The government
doesn't even seem to know what its regulations include and exclude! Here,
they told Professor Bernstein that he could not publish his academic paper
for over three years, only changing their collective mind and withdrawing
that decision after being sued. The lack of standards has allowed the
government to misuse a statute aimed at commercial, military arms sales
to limit academic and scientific publication.
* The ITAR regulatory scheme is overbroad. In an internal memo
written almost 20 years ago, the government's own Office of Legal Counsel
concluded that the ITAR's licensing standards "are not sufficiently
precise to guard against arbitrary and inconsistent administrative
action." The OLC specifically warned that the coverage was so broad it
could apply to "communication of unclassified information by a technical
lecturer at a university or to the conversation of a United States
engineer who meets with foreign friends at home to discuss matters of
theoretical interest." This is exactly what is happening here, and it is
Judge Patel will hear arguments from attorneys for Bernstein and the
government concerning their respective motions for summary judgment. The
hearing on Friday is scheduled for 12:00 noon at the United States
District Court for the Northern District of California, San Francisco
Headquarters, at 450 Golden Gate Avenue. The hearing is open to the press
and to the public.
Bernstein completed the development of an "encryption algorithm" (a recipe
or set of instructions) he calls "Snuffle." In order to contribute Snuffle
to the marketplace of scientific ideas, and to allow other scientists to
evaluate and test his ideas, Bernstein wishes to publish (a) a paper in
English describing and explaining the algorithm, (b) the "source code" for
a computer program that uses the algorithm (this source code more
precisely describes and implements the idea), and (c) instructions for how
a person could use the source code and a computer to encrypt communications.
He wishes to publish them in print journals as well as on the Internet.
Bernstein also wishes to discuss these items at mathematical conferences, in
college classrooms, on the Internet, and in other open, public meetings. In
fact, he would like to use Snuffle as part of his course material for a
cryptography class he will be teaching next spring.
The Arms Export Control Act and the International Traffic in Arms
Regulations (the ITAR regulatory scheme) required Bernstein to submit
his ideas about cryptography to the government for review, to register
as an arms dealer, and to apply for and obtain from the government a
license to publish his ideas. Failure to do so would result in severe
civil and criminal penalties. Bernstein believes this is a violation
of his First Amendment rights and has sued the government.
In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment. On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.
Because of its far-reaching implications, the Bernstein case is being
watched closely by privacy advocates, the computer industry, the export
and cryptography communities, and First Amendment activists. In fact,
several members of these communities provided declarations that were
submitted in support of Bernstein's motion.