Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
United States

US Crypto Export Laws Ruled Unconsitutional 189

An anonymous reader sent us a story over at that proclaims some joyous news: The a US appeals court has ruled Export Laws Unconstitutional. Excellent.
This discussion has been archived. No new comments can be posted.

US Crypto Export Laws Ruled Unconsitutional

Comments Filter:
  • by Anonymous Coward
    Might this have any effect on stuff like patenting algorithms?
  • by Anonymous Coward
    Apparently binaries are legal to export also because the regulations do not differentiate between source code, encryption commodities (programs).

    Below the judge is saying that the regs are unconstitutional in their entirety and that they refuse to sever the meaning of source code, commodities etc.

    But while the district court may have erred in treating software and commodities as the same item, the integrated structure of the regulations does not permit us to sever the various provisions in the manner requested by the government. To sever the unconstitutional portion of the regulations, we would have to line edit individual sections, deleting or modifying the definition of "software" while retaining "commodities" and "technology." We would then have to redefine general terms such as "items" which refer collectively to commodities, software, and technology. We have neither the power nor the capacity to engage in line by line revisions of the challenged regulations or to redefine terms within the regulations. ... To do so would be to improperly invade the province reserved to the Executive. Accordingly, we affirm the district court's grant of declaratory relief.

    Of course, I'm not a lawyer, but I think thats what they are saying. Its also possible that a rewrite of the regs would make binaries illegal to export, but source code legal. It doesn't really matter. All you have to do is export the source code and then compile it. You don't even have to export it to everyone, just some other scientist.

    jim burnes

  • Don't make the dangerous mistake of thinking the government is "stupid" in maintaining export controls on encryption. They simply do not believe, as we do, that individuals have any right to privacy. And they will use every tactic available to them to maintain their ability to snoop. This includes massive black funding for the FBI, NSA and other government spy agencies, ignoring existing wiretap laws whenever they get in the way, lying to Congress to get laws mandating that networks be made wiretap-ready, intimidating manufacturers and authors of encryption hardware and software, and employing massive doses of FUD in the legal system to slow the growth of encryption, our only defense.

    Portraying the government as inept on encryption is no more accurate than Hogan's Heroes depiction of Nazis as bumbling fools. Evil, yes, but not stupid!

  • the export policy has also had a chilling effect on the availability of encryption products for _domestic_ use. you may be willing to believe that is merely a coincidence. _i_ am not.

    remember when the government was going to mandate use of Clipper? or mandatory key escrow? (yes, this was domestic.) it's no secret that (certain parts of) the government want to limit the use of encryption by u.s. citizens.
  • by Anonymous Coward
    Everyone should read the PGP manifesto in the man file for pgp.

    If encryption is limited and regulated, then it will end up on the black market and only criminals will benefit from it.

    The gov't doesn't want open source encryption because it is very hard to regulate. With a proprietary binary-distributed encryption algorithm, the government can bribe private companies to include "back doors", etc.

    The only way for encryption to remain legal is for everyone to use it, always.

    The government is worried about industrial espionage, but due to export restrictions, it is in fact American companies abroad that are penalized.
  • by Anonymous Coward
    The article on CNet [] specifically says that this "opinion doesn't apply to off-the-shelf products". What I would like to know is why that is. Every executable program is composed of machine language instructions (binary codes), which can be considered a programming language by itself. HOWEVER, even if it's not a programming language, it has a 1-1 translation to Assembly language, which is DEFINITELY a programming language and therefore should be protected by the First Amendment, according to this decision. So why aren't the off-the-shelf products protected by this court ruling as well?
  • by Anonymous Coward
    Look at that list of defendants versus just one mere human. My God, it looks an X-Files'esque who's-who of the illuminati.

    From the court's ruling:



    MADELINE E. ALBRIGHT, United States Secretary of State;
    WILLIAM M. DALEY, United States Secretary of Commerce;
    WILLIAM COHEN, United States Secretary of Defense; KENNETH A. MINIHAN, Director, United States National Security Agency;
    JOHN B. HOLUM, Director, United States Arms Control and Disarmanent Agency;
  • by Anonymous Coward
    This case has been going on since 1995, and the government has lost three (now four) decisions in a row in it. Even before the case, they had an opinion from their own Dept. of Justice that said this law was unconstitutional. They went ahead and did it anyway. And have worked very hard to foist the same rotten rules on you folks in foreign countries. All the time, knowing that they are violating the US Constitution, and basic human rights, in doing so.

    Australia has unfortunately been second only to the UK in pushing bad crypto proposals that the US government thought up but was unable to get passed in the USA. Their theory seems to be that once a few more countries subjugate their citizens' privacy, it will be much easier to make the case that we should do the same in the US.

    It appears that the Wassenaar Arrangement is largely a paper tiger: it provides cover for those governments that WANT to restrict crypto, such as Australia's, but doesn't actually require freedom-loving governments such as Germany's (I know, it sounds funny!) or Ireland's to impose any controls.

    Watch out for the next Wassenaar meeting, in which the nasties will try to impose controls on "intangible" goods (translation: The Internet). Today in all countries but the US, intangibles are not controlled by the export laws.

    We in the US who have fought this battle for our own rights can't win it for you too. You will have to organize and convince, or sue, or elect, a government in your own country that will do the right thing with respect to crypto. The longer you wait, the more damage the authoritarians will do.

    For today let's do a bit of dancing on the Berlin Wall of crypto. Tomorrow it's back to the barricades to push the bastards back further.

  • That sucks, I really did like telling my friends that they souldn't be hanging out with me
    because I'm a known arms trafficker.
  • I don't really think you should need to do such a thing. I mean, writing an english-like language. Just invent a hypothetical programming language, and write encryption code in it, claiming it is an example of how encryption works, and that since there is no compiler or interpreter, it is not a functional device. Then, after the code has been disseminated, write a compiler for the language.

    For that matter, write literate encryption code in Knuth's MIX language.


  • by Octal ( 310 )
    Hehe... I never thought of source code as a form of speach before, but, I will now, as long as it helps for exporting Crypto.

    I wonder how this will affect that treaty we made everyone sign saying they won't export crypto.
  • Right now, this ruling applies only to the area covered by the 9th Circuit. I hope you're in that location.

  • They can use TEMPEST vans to read a suspect's outgoing e-mail before encryption and incoming e-mail after decryption.

    Uh, that's called "Van Eck". "Tempest" is the gvmnt name of the technology to prevent Van Eck monitoring from working.

  • by phil reed ( 626 ) on Thursday May 06, 1999 @06:28PM (#1901447) Homepage
    The public reason was that, supposedly, American-developed crypto was the best in the world, and letting it get into the hands of the "enemy" (which changed, depending on when and who you were talking to), was a Bad Thing. Since crypto developed outside the U.S. has gotten to be as good, that explanation has gotten incredibly weak. Many people put it up to inertia that the rules haven't changed. There's probably also an element of "We know what's best for you" from the government, and hiding things from the government is perceived to be bad (by the government, anyway).

    I have also heard, with little support, that the gvmnt is worried that strong crypto will be used to enhance the underground economy, making it harder for the gvmnt to track (and presumably tax) money flows.

  • Note that the Constititution allows suspension of habeas corpus (i.e., things like the internment of Japanese-Americans) only when a state of war has been declared by the Congress of the United States of America. When we are official "at peace", such as today, those rights cannot be suspended on spurious "national security" grounds.

  • Posted by kenmcneil:

    If the Justice Departement appeals to the Supreme Court things could get interesting. There have been cases in the past where the Court made a ruling that violated the Constititution but were in the interest of national security (Japenese internment during WWII for example). And with the moderate to conservative court that exists today, something along these lines could very well come about.

    The article was lacking in detail so it is diffecult to say if this case would be heard by the Court. If for one reason or another five of the justices did not feel that this was a case that properly layed out the _Consititutional_ issues they could very well ignore it and wait for a better opertunity. This would not mean that they will not eventually take this up but mearly that this case was not a good platform to make a ruling on.

    Well that is enough speculation, I will just wait for some more information before I form a real oppinion.
  • Posted by kenmcneil:

    If the Justice Departement appeals to the Supreme Court things could get interesting. There have been cases in the past where the Court made a ruling that violated the Constititution but was in the interest of national security (Japenese internment during WWII for example). And with the moderate to conservative court that exists today, something along these lines could vary well come about.

    The article was lacking in detail so it is diffecult to say if this case would be heard by the Court. If for one reason or another five of the justices did not feel that this was a case that properly layed out the

    • Consititutional
    issues they could very well ignore it and wait for a better opertunity. This would not mean that they will not eventually take this up but mearly that this case was not a good platform to make a ruling on.

    Well that is enough speculation, I will just wait for some more information before I create a real oppinion.

  • Posted by AnnoyingMouseCoward:

    You asked for opinions - hears mine.

    I agree that their are some aspects to strong crypto availability that are extremly vexing - use by criminals, etc, etc.

    The problem with these arguments is that the successful criminals can afford the latest and greatest in computer security while private citizens often can't.

    In addition to that, there are circumstances where a private citizen does have perfectly legitamite reasons for useing encryption, such as protecting buisness e-mail correspondances from being snooped by rival corporations.

    Down under in Australia, we were recently treated to a leaked report from ASIO ( our equivelent of the FBI ) that flatly stated that there was no point in passing laws to prevent criminals from using encryption technology, since being criminals, they don't obey the law anyway.

    In this respect, the only solution to the problem seems to be to level the playing field by making strong encryption available to everyone.

    Still, politicians arn't known for their grasp of basic science or technology. The report was essentially ignored ( which is why it was probably leaked to the public ) and the Australian government is still going gung-ho to prove we can be just as stupid as everyone else.

    But it's nice to think that there may finally be a light at the end of the tunnel.
  • Posted by AnnoyingMouseCoward:

    Ok, I'll admit that was a handwave. I just wanted people in the USA to know that their government isn't the only one doing stupid things.

    As for "..this argument could be used against any law whatsoever..", well yes and no. Laws are essentially a social contract between the members of a society as to what forms of behaviour are and arn't acceptable. When the ruling body passes laws that are ignored by a substantial section of the general population, the result is simply a weakening of this social contract and the undermining of the acceptance of the law by the population as a whole.

    As the availablility of strong encryption, while I'm not seriously into cryptography and general purpose algorithms, I suspect that it's probably possible for certain groups ( criminals, terrorists, etc ) to come up with fairly secure encryption simply by using the old 19th centuary "Book Codes". With this kind of scheme, you are going to have a hard time de-crypting any message without knowing the book which is used as the key.So "strong" cryptography is available, it's just not available as a general purpose package with a "point and drool" interface.

    As for useing cryto to anonymously publish things like biological warefare procedures, drug manufacturing procedures, etc, etc, this is one of those things that I personally feel is greatly over-rated.

    As a point in case, an old friend of mine back in high school ( about 20 years ago ) was culturing all kinds of bugs on agar plates. The knowledge base to do this is available in print in any university library. At the time, he blythely pointed to one dish and mentioned that it contained bubonic plague. He took the trouble at this point to reassure me that while it was easy to cultivate, it was a pain in the neck to find a viable vector ( ie, fleas with rats ) so there was nothing to worry about [ and no, I'm not joking ].

    Likewise, as someone who majored in chemistry at university, I know for a fact that you can look up recipies for all kinds of explosives and drugs in the organic chemistry section of any university anywhere in the world. Of course, the media has a certain difficulty in getting anyone to pay attention to a headline like "Juvenile delinquent makes drugs with a book from the library!", so they go for "..with a recipe found on the Internet!". It's just media hype.

    Just my $0.02 worth.
  • What part of RSA does this perl code implement? It can't do key generation, can it?


  • Nearly as cool as the decision-- it contains Lisp code. That's got to be a first.
  • You mean like the C to English converter [] or Bruce Schneier's Blowfish cipher in English []?
  • Especially the Open-source Candidate, Al Gore. :)
  • Besides which, maybe exporting strong crypto isn't that great of an idea in the first place.

    Locks are good, they help law abiding citizens avoid being the targets of crime. Not allowing crypto to be exported has the affect of making it inconvenient for US citizens and businesses to get good locks. Thats bad--- it not only costs time and money, it often means we don't have the locks we should.

  • From the times article: Not everyone buys the Junger team's reasoning. Stewart A. Baker, a Washington-based lawyer and former general counsel at the National Security Agency, said that although he finds the Junger argument "plausible," he believes the government has a good response. Source code exists largely to allow for communication between people and computers, but the First Amendment exists to protect communication among people, he said.

    Mr Baker is right--- even if this case is won its not the real issue. The real issue is protecting communication among people. All we want is to protect our communications, domestic or international.

  • I wish I had a nickel for everything this government does (especially the EXECUTIVE BRANCH) that was unconstitutional - hell, I could afford to pay the IRS!
  • RSA is VERY simple -- a key is just a bunch of bits, it's not anything magic which has to be "generated". Just pick a random number or two.

    And this particular Perl isn't Perl, either; it's actually a bunch of calls to 'bc'. Pathetic, if you ask me.

    I searched for about an hour before I found a _real_ Perl implementation of this. About five minutes into the search, I found a four-line Python implementation (in ESR's .sig file); when I finally found the Perl implementation, I was shocked and pleased to discover that it was longer than the Python one.

    Okay, low blow. It just always amazes me to see how many people confuse "cryptic" (Perl) with "terse" (APL and J). Python unly tries to be non-cryptic, but winds up being somewhat terse as well.

  • I fully support this ruling, and hope that it leads to the loostening or abolishing of export restrictions on crypto, but I don't think it's going to happen.

    I betcha the executive branch will come out and put its foot down and play the "matter of national security" card to prevent it. As dumb as it is, I don't see them giving up their position that easily.

  • Yes, doesn't that rule? It's like an obligatory source license for cryptography! Why anyone would want to use a piece of cryptographic software whose source they couldn't see, anyway, I wouldn't know. It's almost guaranteed to be insecure. But this way it's impossible, as long as that product is from the U.S.

    Happy day, crytographic day. :)
    Beer recipe: free! #Source
    Cold pints: $2 #Product

  • Hmmn . . . that's fairly foolish, since the international version has more functionality. It's not inhibited by the MIT legal kludge.
    Beer recipe: free! #Source
    Cold pints: $2 #Product
  • Going on an idea for a computer language similar to english, what if someone converted a computer language to english and back again. It could be close enough to english to pass as free speach, but structured enough to be converted back to c or some other computer language. Then, post your "free speach" and the simple translator, instant crypto export. I'm not a lawyer, so I can't say it would be legal, but it would be interesting if someone pulled such a stunt.
  • by Millennium ( 2451 ) on Thursday May 06, 1999 @08:03PM (#1901465)
    Not all patents are in language. In fact, except for software, no patents are in "language." Example: a book. It's certainly in a language. But you can't patent a book. Now, let's try some new chip. Is it in a language? No. The plans for it and the documentation are both in a language, but those can't be patented (copyrighted, yes, patented, no).

    Now, here's the interesting thing: you cannot patent source code, anywhere. You can naturally copyright it, in fact you're expected to (even the FSF does it). But it's a representation, a language. So you can't patent it.

    What you can, unfortunately, patent is the concept behind the code. To give you an example, let's take LZW compression (most commonly used in GIF's), the patent for which is held by Unisys. Now, Unisys has source code, of course. That isn't patented. However, the patent on the compression means that you are not allowed to write any code using that algorithm, even is your code is completely different from the code Unisys has. In effect, it's patenting an idea (which, if I'm not mistaken, the Constitution forbids, but the government either hasn't seen that or has been lobbied by the industry not to look). Other patented ideas: the use of XOR to move a mouse pointer across the screen, the RSA encryption algorithm, color-matching technology (if you believe Imatec's latest claim, which I don't), and so on. There is no patented code for any of these; in fact the RSA encryption algorithm can be found in any discrete mathematics textbook (it's a popular example exercise). But, no one else can use these, even though they're doing their own work, not stealing that of the patent owners.

    This is my major gripe with the patent system. The software industry has twisted it to a use for which it was never intended.
  • So wait...Does this mean that I can't post that I'm an international arms trafficker at the bottom of my emails anymore?
  • Besides which, maybe exporting strong crypto isn't that great of an idea in the first place. Anybody care to comment?

    I am greatly in favour of the US Crypto Export Restrictions. I am studying cryptography (they like to call it cryptology) in Denmark and have written a java crypto library called logi.crypto [] which is available either GPL'd or with a commercial license.

    I can only hope that the export restrictions will never be lifted, since they mean that I effectively don't need to compete with anyone in the US.

    In fact, before this I worked for an Icelandic software company which was hired as a sub-sub-contractor by a US software company to design and implement the cryptographic portions of a large communications application. They could not hire a US company, which they would probably have done otherwise.

    It is also completely silly to suggest that not exporting strong crypto products is going to help "protect the world from terrorists and criminals". I mean, go buy your cryptography stuff in Ireland. There is no reason to think it will be any less capable. Or, if you are a "well funded" organization, hire a few cryptographers of your own. They don't quite grow on trees, but they aren't that hard to find either. I'm sure our friend Shamir is training a few down in Israel.

    Really, as people keep hammering on, the only people who are going to stop using cryptography because it is illegal, is the people who are relatively honest anyway. The whole thing does not make any sense, however you look at it.

  • This sounds nice, but let's get some details please!

    It would be nice if we really had knocked over this one and could go on to software patents.



  • #include "stdio.h"

    printf("The way I see it, source code isn't just for the computer to follow... It's for other people to follow as well...\n
    My reasoning: If it was just for the computer to understand, why can it have comments in it, that are for the people to read, and the computer ignores?\n");

    /* (yes, I know the "'s should be less/greater signs, but HTML likes to eat those.) */
  • The real issue is protecting communication among people. All we want is to protect our communications, domestic or international.
    I dispute that there is a single real issue. But what you bring up is certainly a valid issue. And the Ninth Circuit Court of Appeals actually observed that; they stated:
    the government's efforts to retard progress in cryptography may implicate the Fourth Amendment, as well as the right to speak anonymously
    The court does not take these issues lightly, and has demonstrated that they (unlike Congress) are willing to study the issues in depth rather then making knee-jerk responses.
  • I can just imagine the day when OCR becomes reliable enough to read books of code... then books will be software!
    It already is reliable enough, especially when the book is printed with that specific objective in mind, as was the case with the EFF's book Cracking DES [].

    The print is in an OCR-friendly font, with special provisions for whitespace, and with checksums. But it's still entirely human-readable and expressive.

    The tools for both printing code in that format and decoding it once it's been OCR'd are available for FTP from the directory []

  • What's the bet that the US government knew that the export laws could be appealed on constitutional grounds, but went ahead and got all these countries (including my own, Australia) to sign the Wassenar agreement.
    If the Wassenar Agreement is a Treaty (is it?) that the US signs and ratifies, it will have the force of constitutional law here. This makes it completely unclear as to how it would fare in a showdown with the First Amendment.
    So... now the US can quite legimately claim that it can't honour the agreement because of the constitutional appeal, giving US software companies an advantage over all the poor countries that were duped into signing over their rights
    I think a much more credible theory would be that they wanted to get Wassenar signed before the export regs were once again found unconstitutional, so that they could cite a new source of authority in an appeal.

    Your suggestion that the US Administration cares about the well-being of US software companies is dubious. They care about it only in so far as it doesn't interfere with their intelligence-gathering capabilities.

  • by Teflik ( 4823 )
    Public key encryption allows for the transfer of cash. Transferring large amounts of cash by way of dollar bills is difficult, time-consuming and inherently risky, so that's not too much of a problem. Transferring large amounts of cash digitally is easy and (can be) safe.

    Digital cash means that large sums of money can be transferred un-taxed.

    Mark Fassler
    fassler at frii dot com
  • But by defining it a language in an
    expressive manner - this brings the full
    force of the first amendment into the
    picture - it makes it a constitional

    Another interesting situation is the
    suit Phil Karn brought to try an export
    a floppy containing source code that was
    already printed in a book on cryptography
    that is exportable. They turned that down,
    though they approved the books international
    export? Doh!

  • ROAR!!!!!!!
    Just had to let loose a bit..

    This will probably wind up being the most important development in the US software industry ever, simply because people everywhere will now have easy, legal access to the same strong cryptography implementations. This is BIG.
    Kyle R. Rose, MIT LCS
  • Well, with lawyers commenting that this allows people who make crypto source code to release it to the world, I have done just that [].

    - Sam

  • Yep. Both me and the server that the source in question is on are in the San Francisco Bay Area.

    - Sam

  • My source is expressive, since it is a new application of cryptography (encrypted email addresses, using a 32-bit varient of the Blowfish block cipher) that I developed myself.

    To quote a lawyer from the Wired article:

    "Assuming it's not stayed and you live in California, Washington, or Oregon, you can post source code on the Internet without fear," said Michael Froomkin, a law professor at the University of Miami School of Law.
    - Sam

  • If you're going to nitpick about the greater than less than signs,, you also forgot your



    Something like what you have wouldn't compile :)
  • Before I flame, do tell: why do you think crypto export is a bad thing?
  • IMO it'd actually be better if "binaries" were ruled as not being protected speech but source code was. Imagine only being able to export open-source crypto products :)

    The big companies and their closed systems could either get the license, export weak crypto, or release the source.
  • Oceania has always been at war with East Asia.
  • From the decision,

    We express no opinion regarding whether object code manifests a "close enough nexus to expression" to warrant application of the prior restraint doctrine. Bernstein's Snuffle did not involve object code, nor does the record contain any information regarding expressive uses of object code in the field of cryptography.

    They're very clear when they say that this decision affects source code only.

    Ian Peters
  • As noted in my post above, the decision doesn't make any decision regarding binaries. Rather, they note that the decision doesn't affect machine code, but they don't deal with the legality at all. As it stands now, the previous regulations still stand, but I find it hard to believe that the government won't overhaul crypto law in light of this decision.

    Regarding obfuscated code, well, I'd like to see you make a good legal argument about what distinguishes obfuscated code. There are certainly people who would be able to read obfuscated code, which makes it expressive ... just a thought.

    Ian Peters
  • IMHO the reason is to prevent the creation and general acceptence of secure crypto standards and the mass deployment and general use of crypto for communication. While this doesn't stop any terrorist or other criminal from communicating securely, it will prevent crypto enabled standard software (read: integration into Windows) and make large scale electronic surveillance possible.

    Considering the priority shift of the US agencies form the cold war to economic espionage and warfare, the ECHELON project, whose primary target are the states of the European Union, and the explicite exception from the crypto restriction for US companies' department in foreign countries, it is obvious that besides the usual govermental desire for total power and control, there are also big economical interests.
  • This is very narrow ruling. Essentially, the majority stated that software is clear text that can be read and understood by others (humans). Furthermore, cryptographers use software as a means of conveying their ideas to one another. Hence, restrictions on encryption software restricts the ability of cryptographers to communicate with each other. Software does not have to be compiled to be useful.

    There was a dissention. He stated that software is a tool that a person uses in order to get the computer to eventually do something. There is little distinction between the source code and the compiled object code in turns of functionality.

    Note: this ruling may "only" apply to cryptographers since they transmit their idea using code.

    From now on, I propose that we all "talk" to each other in source code.

    If I write a virus program and post the code on the web, is this the same as shouting fire in a crowded room? Or is this just the language of virus writers?
  • What about those people who went out and got
    the RSA-in-3-lines-of-Perl program tattooed on
    their arm? (Suddenly, that 'This human is
    classified as a munition' tattoo that I wanted to
    get across my chest doesn't look so neat. ;-)

  • Well, here's two old links I had lying around...

    Tattoo 1 []
    Tattoo 2 (My favorite) []

  • by JungleBoy ( 7578 ) on Thursday May 06, 1999 @05:56PM (#1901492)
    This is a wonderful result. Source code is a method of communication - of expression - and thus protected by the 1st ammendment. The compiled binary is a tool, serving simply a funtional purpose. My reading is that the source code can now be exported but binaries can't. If this holds, any company wanting to export strong crypto must do so in source form. And the source form must be readable and understandable by other people, in other words, it can't be obfuscated code. This is not only a big win for cryto and free speech, but also for OSS.

  • Well, I guess this means I can wear my "This Shirt is a Munition" t-shirt (Joel K. Furr original too!), when I go to London next month.

    The crypto restrictions were always pretty dim, particularly since you could export books which explained the theory of the algorithms, or even, as somebody noted, the source-code itself.

    Definately headed for the Supreme's, particularly since there have been conflicting concepts of software as speach. Given that, the court will probably choose to hear the case. They could always let the deicision stand without comment, though. We shall see.

  • Did anybody REALLY get the tattoo? Or is it
    an urban legend.
  • I would really like to see this stick but the article finishes with an appeal. This means that, though its a start it really isn't much to go on.

    It seems flimsy though to say that programming is simply a language and therefore violates his right to free speech. It just doesn't seem like much to go on when the government believes that it is a national security issue. I'm still doubtful this means much.
    Resume []
  • Many people miss the point of crypto export restriction and point to the facts that strong crypto is wide available outside the US, that the restrictions are not consistent, hard to enforce, etc. Irrelevant.

    The restrictions are actually working very well.

    Anyone who really wants crypto anywhere in the world will get it. Terrorists and drug cartels are using crypto for decades. What the export restrictions are really doing is prevent the creation and widespread adoption of interoperable international standards for ubiquitous encryption. That's what they really want. They want no obstacles to their dragnet-style eavesdropping on everyone - on you.
  • Of course they would know. They know everything. If they didn't know everthing then I wouldn't be safe in my average house with my average car, which they also know everything about. Who is they? Why its... THEM. The people who know everything about everything, esp. the software on your web page.
  • by Splat ( 9175 )
    I guess that means we can't be "International Arms Traffickers" anymore.
  • What the whining liberals call "prejudice and racism" was precisely that. The US went to war with Japan in 1941, after they bombed Pearl Harbor. As a knee-jerk reaction, all people of Japanese descent living on the west coast (where they could concievably help an enemy invasion) were sent into internment. Their property was siezed, some never to be returned, and they were carted off to Arizona and Texas to live out the war in prison camps. The majority of the people sent into internment were Neisei (sp?) or second-generation Japanese living in the US. That means they were US citizens and therefore (supposedly) protected under the constitution. Most were *not* aliens living illegally in the US, but naturalized or born citizens.

    There, a little truth, the product of "most minimal research" I spent all of 10 minutes researching this, and came up with more facts than your hateful rant contained. Stick that in your negationism pipe and smoke it!
  • Accordint to This NY times article [] there are at least two other cases concerning this same question. Let's hope this ruling sticks before both those courts, and is upheld in the (inevitable) appeal to the US supreme court.

    Before anyone gets upset about another login-required NY times article, remember login/password=cypherpunks/cypherpunks.
  • Woah!!! Careful, folks...though it's tempting to draw parallels, this ruling has nothing to do with patents! It's about the government's right to exercise prior restraint on speech, specifically source code. The ruling barred the government from restricting Professor Bernstein from posting crypto code on the Web. That's it. The language connnection is certainly important in this context, the ruling says:
    "...First, it is not at all obvious that the government's view reflects a proper understanding of source code," the ruling stated. "Source code is not meant solely for the computer, but is rather written in a language intended also for human analysis and understanding."
    The ruling went on to say that code is used to convey ideas.
    "Cryptographers use source code to express their scientific ideas in much the same way that mathematicians use equations or economists use graphs," the opinion stated. "We conclude that encryption software, in its source code form and as employed by those in the field of cryptography, must be viewed as expressive for First Amendment purposes, and thus is entitled to the protections of the prior restraint doctrine."
    That's enormously important! (Well, it will be if the Supreme Court doesn't overturn it. *grin*) Cryptographers (and in the larger sense, all programmers) have been limited in that their "language" (source code) was not given the same protections under the Constitiution as other "languages" (math equations, etc.). This ruling is clear and unambiguous in it's ruling regarding this; an excellent case to put before the Supreme Court. I look forward to the case...
  • This is great news! However, be wary: "Justice" has appealed the decision, and the article was very light on details. That means it may go to the Supreme Court, if I've got my US Judicial System hierarchy right... there's still the danger of this decision being overturned.
  • I wrote a Plain English --> Perl translator a couple years ago, to make a point about source code vs. speech. Of course the subset of Plain English it understands is quite limited, but certainly enough to express your average bit-twiddling crypto algorithm.

    it's all here []

  • the part where you turn your algorithm into English can just as well be done by hand... the important point for legal (and, to a lesser extent, practial) purposes is that the resulting English can be turned back into usable source code automatically. I did something like that [] for Perl once, but it has a long way to go to make it really usable... feel free to improve :)
  • The Supreme Court is a lot more likely to take a case where the Circuit Courts are in disagreement. So let's hope that Justice DOES charge someone else in another circuit and wins. Then, in a couple of years, *sigh*, the Supreme Court would decide... the Court is conservative, but generally pro-speech.
  • by Aleatoric ( 10021 ) on Thursday May 06, 1999 @05:33PM (#1901506)
    "Besides which, maybe exporting strong crypto isn't that great of an idea in the first place. Anybody care to comment?"

    I'm not sure that the issue is *solely* one of exporting crypto, per se.

    If strong crypto was truly considered to be a national security issue, it would be illegal to publish the source code in a paper book, as well. It is not so much the that encryption is or is not a national security issue, though, but that the laws regarding the export of strong encryption are oxymoronic and effectively unenforcable. Since nothing prevent someone from printing the source code to an encryption routine and then mailing it overseas, there is, essentially, no real restriction at all. If someone really wants to use that routine, having to type it in by hand is only a minor inconvenience.

    That bit aside, there are at least two reasons offhand why I consider these export restrictions to be a bad idea.

    1. The US does not have any kind of unique position with regards to strong encryption. It is possible (and very easy) to acquire encryption tools at least as strong as any available within the US. If someone wants strong encryption, they will get it somewhere, whether the US likes it or not.

    2. As a result of (1), the US is placed in the position of being unable to effectively compete on an international arena where any strong encryption is concerned.


    I can just imagine the day when OCR becomes reliable enough to read books of code... then books will be software!

    Book banning will be legal again!

  • I was reading one of the "related articles" on that story News/Item/0,4,0-23872,00.html? [], and one Judge Gwin says that software is not language like cooking recipes, instructions, and manuals, because the software is "purely functional" and "actually performs the function".

    HELLO?! Has he ever seen a floppy disk encrypt anything? No! It takes a COMPUTER to do that!

    Software is by definition INSTRUCTIONS for the processor. In fact, the word "instruction" is used throughout computer terminology!

    He should be banning the export of computers for being able to encrypt. (Sadly, that's more than just sarcastic: we already do that to a certain extent with supercomputers.)
  • It's been done. I don't remember the URL but the
    "english" is reallyt funny to read.
    Let's say we have these two apples. The first apple has the value 10. The second apple has the value 12. Now lets say we add these two apples...
    And so on. It's pretty neat :)
  • [wiping away tears of happiness]
    If this holds up I will start to believe in God again.
  • Okay, if source code is protected by Amendment 1, what about this hypothetical situation:

    How does this fit with my classified drawings showing how to build an advanced laser communications system? It's on paper and it belongs to my company. Why can't they publish it to certain customers? They are not selling the actual hardware, but the means to produce the product. So how is a government to regulate the transfer of advanced technology, based on the First Amendment?

    I personally believe cryptography should be more available, especially for worlwide commerce over the Internet, but there are other issues I don't see clarified.

    "Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
  • The implications are greatest for those who write free software. The ruling seems to apply only to source code. It's hard to argue that object code, which is understandable only by machines, qualifies as "speech." So companies that sell binaries may not be affected at all. They will still be enjoined from exporting encryption without a license. However, distributing GPL source code without binaries is not only easy, it's common practice. If this ruling stands, it'll be one more thing that puts the "free" in "free software".
  • I find it interesting that part of the descision [] was

    The fact that computers will soon be able to respond directly to spoken commands, for example, should not confer on the government the unfettered power to impose prior restraints on speech in an effort to control its "functional " aspects.

    With the continuing approach of computers that can understand and act sensibly on speach proceeds, this ruling gets closer and closer. I don't think this is here yet (it will, imho, be overturned) I do think that it's inevitable that this will happen. As computers become able to interperate a wider and wider variety of things, the export laws would have to get more and more restrictive, and are more likely to be overturned.

    The government, moreover, has reserved the right to restrict source code in printed form that may be easily "scanned," thus creating some ambiguity as to whether printed publications are necessarily exempt from licensing. See 61 Fed. Reg. 68,575 (1996).

    Wouldn't this mean that the "RSA in three lines of perl" tatoos are legally exportable on the same basis that a book full of source code is, but that the "bar code form" of the same thing wouldn't be exportable?

    It's interesting to note that the argument on the one hand is that source code is a "machine" (although a virtual one, it is still a machine) and on the other hand source code is intended, by definition, to be primarily human readable, and requires a compile step to be a machine. I wonder where this leaves interpreted languages, where there is no compile?

    There is also a note burried in there to the effect that because the web and computers in general have become so powerful, personal privacy has become more scarce now than at any other time in history. And then notes that the widespread availibility of strong encryption would help to negate this effect and the people would regain some of the lost privacy. This is the ultimate point. Computers make it to easy to keep track of people, and we've been denied access to their equal ability to hide people.

  • That's an interesting point. Hmmm....

    Last time I checked, you couldn't patent a written or spoken idea. You were afforded copyright protection, but you couldn't actually receive a patent. If software is now categorized along with written or spoken ideas ("language" as the 9th circuit called it), then the existing software patents are probably invalid, and should be revoked by the patent office.

    Of course, this ruling would go against many years of established court decisions on software related patent infringement suits. This one little case may not make much of a difference on how courts handle patent cases.
  • by Fizgig ( 16368 )
    No, they can't. This only rules for sourcode. So, could export things as source but could not distribute binaries to people. Free speech doesn't protect executables. This ruling is just about source code.
  • by Fizgig ( 16368 ) on Thursday May 06, 1999 @04:58PM (#1901525)
    Their arguments against the export:

    First, it is not at all obvious that the government's view
    reflects a proper understanding of source code. As noted ear-
    lier, the distinguishing feature of source code is that it is
    meant to be read and understood by humans, and that it
    cannot be used to control directly the functioning of a com-
    puter. While source code, when properly prepared, can be eas-
    ily compiled into object code by a user, ignoring the
    distinction between source and object code obscures the
    important fact that source code is not meant solely for the
    computer, but is rather written in a language intended also for
    human analysis and understanding.

    Second, and more importantly, the government's argu-
    ment, distilled to its essence, suggests that even one drop of
    "direct functionality" overwhelms any constitutional protec-
    tions that expression might otherwise enjoy. This cannot be so.16
    The distinction urged on us by the government would prove
    too much in this era of rapidly evolving computer capabilities.
    The fact that computers will soon be able to respond directly
    to spoken commands, for example, should not confer on the
    government the unfettered power to impose prior restraints on
    speech in an effort to control its "functional " aspects. The
    First Amendment is concerned with expression, and we reject
    the notion that the admixture of functionality necessarily puts
    expression beyond the protections of the Constitution.
  • I knew that there were aspects of this that I did not fully understand, and once again, /. pulls through in flying colors with good responses. Didn't even need the asbestos underwear after all.

    One thought related to the post which mentioned the liberality of the current court. My statement about "conservatism" is strictly in relation to issues related to national security, where the court still tends to move cautiously.

    I really appreciated the poster who provided the analysis of the opinion, the dissenters, etc, BTW. Good job all!!

  • This is a long ways from over, folks.

    First of all, there is the inevitable appeal to the U.S. Supreme Court which (IHMO and IANAL) has generally been sensitive to national security concerns in such a way that a conservative ruling is more likely than the (again, IMHO) liberal ruling of the appellate court.

    Secondarily, following the unsafe assumption that the Supreme Court would uphold the appeals court decision, if Congress could still pass a more specific law as to when crypto software can and cannot be exported , using the previous court judgement to refine the law. If the Free Speech == crypto exports lawsuit is brought up again, it would then need to again go through the whole process of trial and appeals all over again.

    ...(momentary pause -- I'm putting on my asbestos underwear)...

    Besides which, maybe exporting strong crypto isn't that great of an idea in the first place. Anybody care to comment?

  • The Ninth Circuit's decision in the Bernstein case [] is a major victory for the First Amendment in the computer age. It confirms that just because you use specialized tools to speak, like a computer, or a specialized language to communicate, like a programming language, you do not therefore put yourself outside the scope of the First Amendment. These propositions are fundamental to free speech, and to freedom of association, in the computer age. And while it is wonderful that the Court of Appeals ruled as it did, it is a pity that the Justice Department's stonewalling on this issue made such a ruling necessary in the first place.

    Today the Ninth Circuit-the court of appeals with jurisdiction over Silicon Valley-holds that cryptographic source code is protected speech. The court held, correctly, that the US Government's unconstitutionally prevents the export of cryptographic source code with a system of speech licenses. The court held that preventing cryptographers such as Daniel Bernstein from using the Internet to share their work with colleagues around the world is an unconstitutional prior restraint on speech, one hedged with completely inadequate procedural safeguards.

    This decision is especially important because U.S. government representatives openly admit that they have been using the export control laws to retard the domestic use of cryptographic software. This decision, which I hope will be upheld by the Supreme Court, will be the first step towards greatly increased use of cryptography in domestic products, and enhanced personal privacy for all Americans.

    Perhaps the most important aspect of this decision is that the appeals court recognizes the critical connection between the regulation of cryptography and our modern lives:

    "we note that the government's efforts to regulate and control the spread of knowledge relating to encryption may implicate more than the First Amendment rights of cryptographers. In this increasingly electronic age, we are all required in our everyday lives to rely on modern technology to communicate with one another. This reliance on electronic communication, however, has brought with it a dramatic diminution in our ability to communicate privately."
    As the court recognized, the regulation of cryptography concerns us all in our everyday existence [], at a time when the ability of governments and others to observe our everyday activities is at an all-time high. Only the deployment of consumer cryptography offers the ordinary citizen the technical means to attempt to carve out a zone of privacy in an increasingly monitored world. The citizen's right to protect privacy in this manner implicates not just the First amendment but also the Fourth amendment and the right to speak anonymously..

    The court was thus right on target when it noted that the regulation of cryptography "touches on the public interest broadly defined.".

    A second important aspect of this decision is that the court recognized the effect of technical change on the first amendment, and rejected suggestions that just because speech has side effects it somehow loses its protected status:

    "the government's argument, distilled to its essence, suggests that even one drop of "direct functionality" overwhelms any constitutional protections that expression might otherwise enjoy. This cannot be so. The distinction urged on us by the government would prove too much in this era of rapidly evolving computer capabilities. The fact that computers will soon be able to respond directly to spoken commands, for example, should not confer on the government the unfettered power to impose prior restraints on speech in an effort to control its "functional" aspects. The first Amendment is concerned with expression, and we reject the notion that the admixture of functionality necessarily puts expression beyond the protections of the Constitution."

    If the government appeals, the issue is very likely to go to the Supreme Court for resolution given the government's claim that national security might be affected. It is likely that the government will request and receive a stay order if it chooses to appeal. (An appeal to an en banc panel of the 9th Circuit is also possible.)

    Congratulations to Cindy Cohn and the rest of the Bernstein legal team!

    More information on Cryptography and the Constitution []

    More information on government regulation of cryptogragpy []

    More information on the link between cryptography, e-cash, and privacy []
    A. Michael Froomkin [mailto]
    U. Miami School of Law,POB 248087
    Coral Gables, FL 33124,USA

  • by Chmarr ( 18662 ) on Thursday May 06, 1999 @06:00PM (#1901530)
    What's the bet that the US government knew that the export laws could be appealed on constitutional grounds, but went ahead and got all these countries (including my own, Australia) to sign the Wassenar agreement.

    So... now the US can quite legimately claim that it can't honour the agreement because of the constitutional appeal, giving US software companies an advantage over all the poor countries that were duped into signing over their rights (and most of us don't have those sort of clauses in our own constitution).

    Thanks, guys! :P :)
  • While many are celebrating this ruling due to the crypto export implications, I think real victory is for the deeper issue: is source code speech? While the fights not over, I'm very encouraged that the appelate court reaffirmed that source code is expressive and is a form of speech (at least within the narrow context of this case).

    The Junger case [] was similar. It involved a law professor who wanted to post crypto source code for his "Computers and the Law" class. A lower court (going against the ruling of the lower court in this case), sided with the government and dismissed the expressive nature of source code due to its functional aspect. They basically said source code wasn't speech. This was, IMHO, a bad bad ruling. I really find it offensive that the court would assert that a language such as C that I spend a large portion of my time reading and writing (often just for fun), isn't speech. I use computer languages to communicate ideas. That's speech. The judge (Gwinn) in the Junger case just didn't "get it." I've read this ruling, and it's obvious that at least some of the judges (or more likely, their aids) do "get it."

    Let's just hope that if this goes to the Supreme Court, they're as enlightened.

    Randy Weems
  • Presidential candidates ought to be out trumpeting this one as a win for business and free speech.

  • Forgive me if this seems a silly question, but why *do* the US government want to restrict encryption export?

    Do they actually believe that it's a threat to national security? I can't believe even the US government could be quite that stupid...

    Is there maybe another reason? I don't know what... something to do with trade maybe? It's not like it'd be the first time they've tried to gain unfair trade advantages.

    Of course, that's probably not it... but if not, what *is* their motive?
  • Well, this sure makes things interesting.

    If "source code" is speech and you can't restrict that, what about binaries?

    Someone mentioned that netscape would be able to exports their strong crypto version if this was upheld - but it's not distributed as source.

    Methinks this is a big gray area.


  • I started to get the same thing, but in C.
    Unfortunately, after the artist got halfway down my back, I passed out.

    It's a shame too. He still hasn't done the header files yet.
  • by DonkPunch ( 30957 ) on Thursday May 06, 1999 @04:58PM (#1901554) Homepage Journal
    " is considered language, and therefore the export limits violated Bernstein's free speech under the First Amendment."

    If that interpretation is upheld and accepted as precedent, it could have HUGE implications for people who write software in the U.S.

    For example, if your state government passed a law prohibiting the writing of malicious code (i.e. virus, worm, trojan), First Amendment protection could make the law unconstitutional. The act of distributing the virus/worm/trojan could probably be prohibited, though.

    IANAL and this post is all conjecture on my part, but I am VERY interested in seeing how this plays out.
  • Besides which, maybe exporting strong crypto isn't that great of an idea in the first place. Anybody care to comment?

    Restriciting export of crypto is POINTLESS. The laws are left over from the days when the *algorithm itself* was an important secret that needed to be protected. Now days the algorithms are all public (and well known all over the world) and the encryption key is really the important part. Restricting crypto export accomplishes nothing but harm to the American software industry.

    I've been through the process of getting export approval for an encryption capable web server. It was a time consuming pain in the butt, and in the end we still lost sales because we couldn't ship the 128 bit version. The whole things was particularly annoying because we had to get a new license every time we released a new version of the software. Our product did the same SSL encryption everyone else did. It is a waste of taxpayer money when the government takes the time to individually license every single version of every single product that uses the same friggen algorithm! I almost wonder if the only reason we still have these pointless laws is because a bunch of useless buraeucrats are just trying to hang on to their pointless regulatory jobs.


  • I wouldn't be surprised to see another appeal, to the US Supreme Court now. This has been too big an issue for the US Government over the years to let it drop without a real fight.
  • Hmmmm. I thought the only restriction was on the EXPORT of encryption technology. AFAIK, US citizens have been able to use any strength encryption they can lay their hands on. They just aren't allowed to export the technology. So all the US government agencies really want to be able to do is 'snoop' on non-US citizens, who presumably are not protected by that holy-of-holies, the US Constitution.
  • by werdna ( 39029 ) on Thursday May 06, 1999 @04:39PM (#1901564) Journal
    The text of the opinion [] is now available at the 9th Circuit website.

    Agreed this is a remarkable and exciting result. agreed that this is quite likely to go up, given the stakes involved. For now, however, I will withhold further comment until I have had a chance to study the opinion.
  • by werdna ( 39029 ) on Thursday May 06, 1999 @07:44PM (#1901565) Journal
    It is important to note the narrow scope of the holding, despite all the yummy language:

    "We emphasize the narrowness of our First Amendment holding. We do not hold that all software is expressive. Much of it surely is not. Nor need we resolve whether the challenged regulations constitute content-based restrictions, subject to the strictest constitutional scrutiny, or whether they are, instead, content-neutral restrictions meriting less exacting scrutiny. We hold merely that because the prepublication licensing regime challenged here applies directly to scientific expression, vests boundless discretion in government officials, and lacks adequate procedural safeguards, it constitutes an impermissible prior restraint on speech."

    Slip Opinion at 4241.

    The significance of this limiting language should not be overlooked. While the court did, in dicta (non-precedential commentary) reach out into the nether areas of whether government may try to slow the use of encryption, that was not the limited holding which is the crux (and legally binding effect) of the opinion.

    Indeed, there is some risk that the opinion might be understood as a roadmap for drafting revised regulations or legislation that would permit the particular conduct encouraged by Bernstein (scientific inquiry) as a sort of "fair use," but preclude any other uses of encryption, which is among the Government's principal goals. [Replacing the prior restraint licensing, for example, with severe penalties for improper disclosure after the fact, with narrow exceptions for "academic and scientific" expression. Indeed, limiting regulation to use and transmission of object code and non-expressive transmission of source code might go a long way to slamming down much of what the government wants to slam while passing muster, perhaps, even with this court.]

    Many roads before this will be over with: possible en banc review before the entire 9th Circuit, possible appeal to the Supreme Court. Possible dumping of the statute for more technically acceptable, yet equally egregious legislation.

    But it is nice to see that we are no longer spitting into the wind, legally speaking. Dicta or no dicta, this opinion gives counsel for prospective cypherpunks a lot with which to go to bat. I am also encouraged with the hints that the Fourth Amendment is also implicated by crypto regulation!

    By the way, some people commented earlier that the court's "liberal" opinion would be disregarded by the Supreme Court. I think not, at least not by lockstep ideology (although they might reverse). Arguably the most conservative voice on the bench, Justice Antonin Scalia is a powerfully strong First Amendment advocate, almost to the point of being absolutist. Don't forget that this is the same conservative court that twice shut down Flag Burning statutes.
  • That law considered that encryption as a weapon and so that kind of technology was (is?) not to be exported out of the US. IMHO, it was kind of a stupid thing: if I was a Dictator of some republic full of atomic bombs and needed strong encryption it wasn't the hardest thing to get. Well, if *I* wanted strong encryption, I could download it of the net!
    So, the abolition of that law, is more simbolic than practical (for the average citizen the encryption available out of the US was as good as 148 bit!)
  • It is yet to be seen whether it gets appealed again (don't they have to show that there was some flaw in the process so far to make a higher appeal?).

    However, I wonder how broadly this can be applied. The rulings of the 9'th Circuit court are not binding for other circuits (AKAIK, IANAL) but rather can be used in other circuits as being suggestive only.

    Perhaps the FUD'iest thing they could do would be to NOT appeal, but to charge someone else in a different jurisdiction.
  • by roca ( 43122 ) on Thursday May 06, 1999 @07:14PM (#1901571) Homepage
    > Down under in Australia, we were recently
    > treated to a leaked report from ASIO ( our
    > equivelent of the FBI ) that flatly stated that
    > there was no point in passing laws to prevent
    > criminals from using encryption technology,
    > since being criminals, they don't obey the law
    > anyway.

    I read the report, but unfortunately I don't remember exactly what it said. However, the situation is not QUITE as simple as this. On the face of it, this argument could be used against any law whatsoever.

    The idea of these laws is not to simply say "thou shalt not use crypto", but actually make it harder to get access to good crypto. In the age of the Internet, however, this is not effective. (This is where the situation starts to diverge from the analogous situation of gun control laws.)

    Clearly the NSA knows this. I think (and I'm not alone) that the real purpose of the export laws is to simply slow down the adoption of cryptography everywhere (including domestically), so that for as long as possible the NSA will be able to monitor the general populace. Obviously serious terrorists, foreign governments etc have already secured themselves.

    As for whether exporting crypto is good ... first of all, the issue is not whether crypto should be exported; the issue is whether we should have it at all. The export thing is just a dodge; the FBI/NSA would love to restrict domestic crypto, it's just politically infeasible. We can easily see that there are plenty of threats within the US. Also, there can be no hedging over key length or cipher type; allowing "weak" crypto is equivalent to not allowing it at all. Computers, algorithms and money all change over time; we have to assume that if someone can break a code, others can too.

    Given that, the prospect of people using crypto to, e.g., anonymously publish designs for cheapo biological, chemical and nuclear weapons terrifies me. However, without crypto, "information warfare" attacks on computers and infrastructure also terrify me, and so does the potential for the Internet as the ultimate surveillance tool. Pick your poison. Personally, I think that if we get to the point where readily available technology poses a threat to the future of the human race, then we can transition to a total police state. There is no point in getting there ahead of time.

    BTW, I spent quite a bit of time in Australia working on TTSSH. Good thing their export regime leaks like a sieve.

May all your PUSHes be POPped.