Date: Mon, 16 Mar 1998 20:20:52 -0800
From: Cindy Cohn 
Subject: Cohn Testimony

Here is the text of my testimony before the Senate Judiciary Committee's
Subcommittee on Constitution, Federalism and Property Rights on Tuesday
March 17.


I want to thank the Sub-Committee for inviting me here today.  Although
there have been very many hearings and much discussion about cryptography
here in Washington, this is the first, I believe, to seek testimony from one
of the attorneys directly involved in the legal challenges to the
cryptography regulations.

I've been asked here because I am lead counsel in the case of Bernstein v.
Department of Justice, et al.  With the help of the Electronic Frontier
Foundation, Professor Daniel J. Bernstein has been trying for over six years
to publish on the Internet a simple cryptographic computer program which he
wrote.  He has been told that if he does, he will be prosecuted.

We argued that American scientists, be they academics, in industry or
hobbyists, should not have to submit their own work prior to publication to
faceless government bureaucrats.  This is especially so when those same
bureaucrats have unchecked discretion to bar them from publishing his work.
That is what the current scheme allows.  In fact, before we brought suit
those same agency bureaucrats told Professor Bernstein that publishing an
academic paper about his software would be illegal and that putting his
software into a public library would be illegal.  The Federal District Court
for the Northern District of California has agreed with us that the
regulations are in violation of the First Amendment on their face, meaning
that they violate the First Amendment rights of all Americans, not just
Professor Bernstein.


Two other similar cases are also pending.  The first, Karn v. U.S.
Department of State, is here in D.C. District Court.  The Karn case is the
clearest example of the quip often made about the Administration's
cryptography policy--that it is based upon the belief that terrorists can't
type.  Mr. Karn was told that, although a book containing computer source
code could be freely sent abroad, a floppy disk containing the exact same
information could not.  The second case, Junger v. Christopher, is in
Cleveland, Ohio, and is based upon the government's position that Professor
Junger, a law professor at Case Western University could be prosecuted for
teaching a Computers and the Law course in his usual way.


In the Bernstein case we have received three rulings from the District
Court so far, all in our favor:
	1)	April 1996: Computer program source code is speech;
	2)	December 1996: ITAR was unconstitutional;
	3)	August 1997: New Commerce Department cryptography regulations
		issued in December, 1996 are unconstitutional.

In short, the Federal District Court has declared that every single one of
the current (and previous) regulations of encryption software are

The final ruling in our favor was appealed by the Administration, argued in
December, 1997 before the Ninth Circuit Court of Appeals, and is now
awaiting decision.  I have attached a copy of the third District Court
opinion to my written statement for your review.  I hope you have your staff
take the time to review it--it gives a clear and concise statement of some
of the key constitutional requirements that any legislation on cryptographic
software must meet and a better explanation than I could ever give you about
why the current regulations are unconstitutional.

As I mentioned before, the Bernstein case challenges the current government
restrictions on cryptographic software on the grounds that they are in
violation of the First Amendment.  Although our case focuses, as it must, on
the current regulations, the analysis would apply as well to proposed
domestic restrictions which would restrict or license the creation,
distribution or receipt of cryptographic software.  Indeed, the
constitutional problems which would arise if domestic controls were imposed
are even more severe than those of the current scheme.

The first doctrine of First Amendment law which the cryptography
regulations violate is prior restraint of speech.  The Bernstein case
focuses on the easiest flaws to see in the current scheme--the lack of
procedural protections.  The Supreme Court has long held that if the
government wants to institute a prepublication licensing scheme, it must
	1)	Prompt decision - no more than 2 weeks;
	2)	Only a court can stop publication; the government must bring
		a court case rather than act administratively;
	3)	Government bears burden of proof in Court.
This comes from a seminal Supreme Court case called Freedman v. Maryland.

I should point out that as much as I would like to take credit for our
legal analysis, we were not the first to see this problem.  In fact, the
first people to point out this problem in the regulations were in the
Justice Department's Office of Legal Counsel in 1978.  You see, the agencies
have known for 20 years that this scheme is unconstitutional.  Their own
lawyers told them so.  That is why you never hear them mention the First
Amendment in their presentations to you.


The key point in our case, and in your consideration of any proposed
legislation, is that source code is protected expression for purposes of the
First Amendment.  On this point, the administration largely agrees.  Let me
repeat that--the Administration has not denied that in regulating computer
software it is also regulating the "expressive activities" of Americans.
This conclusion, which is obvious to anyone who has ever written or read a
computer program, is also consistent with what Congress has repeatedly
acknowledged.  Software is treated as identical to other forms of protected
expression in both the Copyright Act and the Freedom of Information Act.

From a legal standpoint, the Bernstein case is not complex, nor does it
break any dramatic new ground.  It simply asks the courts to recognize that
the First Amendment extends to science on the Internet, just as it does to
science on paper and in the classroom.  For it is this scientific freedom
which has allowed us to even have an Internet, as well as the many other
technologies which we enjoy today.	


Up to this point everything I've said isn't just my opinion.  It's been
decided by the Federal District Court.  My legal team and I believe that
there are other strong Constitutional reasons which prevent the regulation
of cryptographic software. The District Court did not need to address these
additional reasons, since it agreed with us that the first alone was
sufficient to invalidate the regulations.

In addition to procedural protections, the Constitution requires that any
regulation which institutes a licensing scheme, or any other form of prior
restraint, pass the strictest of tests.  Even a claim of national security
or public safety must be carefully weighed against our fundamental rights,
and must be supported with hard evidence of direct, immediate and
irreparable harm, not just conjecture and a few frightening scenarios.

Further, aside from prior restraint, a scheme which targets speech on the
subject of cryptography and treats that speech differently from speech on
other topics must pass the tests of strict scrutiny--that the regulation
address a compelling government interest and be narrowly tailored to reach
only that interest and no further.  That is, the government's concern about
national security cannot reach so broadly as to prevent law-abiding citizens
from having access to software which they can use for completely lawful
purposes.  Put into another context, it means that the government cannot
require all of us to deposit our house keys with them on the off chance that
one of us is a criminal.

Further, the government must prove that their restrictions on speech
actually meet their goals.  Here, such proof would be difficult since
terrorists, pedophiles and drug dealers can simply purchase or download
strong German, Swiss or Japanese encryption software that is freely
available all over the U.S. and the world--over 500 at last count.  If
necessary, criminals could even type in or scan one of the computer programs
printed in the many books published on the subject.


Neither the current scheme nor any administration-supported, so-called
"compromise" schemes proposed so far addresses these First Amendment
problems.  And even the SAFE bill, which is well-intentioned, fails to
contain an assurance of judicial review of any agency decision to prevent
publication due to alleged national security concerns, a key element
required by the Constitution.  SAFE also does not clearly protect scientists
such as Professor Bernstein, but only protects those who seek to distribute
mass market software already available abroad.  This means that American
scientists can no longer participate in the ongoing international
development of this vital and important area of science.


In addition, we believe that regulation of encryption software and
technology violates the First Amendment because of what encryption does.
Encryption allows people to use electronic envelopes to protect their
speech.  The Supreme Court has noted that a state could not regulate ink or
paper without raising constitutional concerns.  We believe that similarly
the government cannot prevent Americans from using electronic envelopes or
require them to use key-escrowed envelopes without violating their First
Amendment rights.  This is because such rules compel them to speak to the
Government anytime they wish to speak to anyone else.  Encrypted speech is
still speech.  The elimination of privacy creates a chilling effect on that
speech which implicates the First Amendment.


In fact, in our research for this case we have discovered that the Founding
Fathers used cryptography on a regular basis.  Even the Constitution and the
Bill of Rights themselves were often encoded, as Thomas Jefferson and James
Madison exchanged drafts of those seminal documents.  Cryptography was used
by a virtual Who's Who of the American Founding Fathers--not only Jefferson
and Madison but Benjamin Franklin, Alexander Hamilton, John and Abigail
Adams, Aaron Burr, and many others.  In sharp contrast to the
Administration's arguments today, they viewed cryptography as an essential
instrument for protecting information, both political and personal.  Our
research indicates that when the First and Fourth Amendments were enacted
in the late 1700s, any suggestion that the Government should have the
ability to prevent individuals from encrypting their messages, or that the
Government should have a back-door key to all encrypted messages, would have
struck the Constitution's framers as ridiculous.


In sum, our legal challenge to the current restrictions on encryption
software is succeeding.  It is succeeding because the First Amendment is
clearly violated when the government institutes a prepublication licensing
scheme which allows agency bureaucrats unfettered discretion to prevent
American scientists from publishing their own ideas.  It is succeeding
because the Courts have recognized the importance of keeping the First
Amendment intact as we move into the information age.  As you consider the
many legislative proposals about cryptography, we hope you will do the same.

Cindy A. Cohn,
McGlashan & Sarrail, P.C.
177 Bovet Road, 6th Floor
San Mateo, CA 94402
(650) 341-2585 (tel)
(650) 341-1395 (fax)