US Crypto Export Laws Ruled Unconsitutional 189
An anonymous reader sent us a story over at news.com
that proclaims some joyous news: The a US appeals court has ruled
Export Laws Unconstitutional.
Excellent.
This discussion has been archived.
No new comments can be posted.
US Crypto Export Laws Ruled Unconsitutional
Related Links Top of the: day, week, month.
You can not win the game, and you are not allowed to stop playing. -- The Third Law Of Thermodynamics
Software == language? (Score:1)
Binaries Also Legal to Export??? (Score:1)
Below the judge is saying that the regs are unconstitutional in their entirety and that they refuse to sever the meaning of source code, commodities etc.
Of course, I'm not a lawyer, but I think thats what they are saying. Its also possible that a rewrite of the regs would make binaries illegal to export, but source code legal. It doesn't really matter. All you have to do is export the source code and then compile it. You don't even have to export it to everyone, just some other scientist.
jim burnes
jburnes@iss.net
Re:Reason for the policy in the first place? (Score:1)
Portraying the government as inept on encryption is no more accurate than Hogan's Heroes depiction of Nazis as bumbling fools. Evil, yes, but not stupid!
[ab]using 'export' policy for domestic affairs (Score:1)
remember when the government was going to mandate use of Clipper? or mandatory key escrow? (yes, this was domestic.) it's no secret that (certain parts of) the government want to limit the use of encryption by u.s. citizens.
The PGP Manifesto (Score:1)
If encryption is limited and regulated, then it will end up on the black market and only criminals will benefit from it.
The gov't doesn't want open source encryption because it is very hard to regulate. With a proprietary binary-distributed encryption algorithm, the government can bribe private companies to include "back doors", etc.
The only way for encryption to remain legal is for everyone to use it, always.
The government is worried about industrial espionage, but due to export restrictions, it is in fact American companies abroad that are penalized.
Source code != Binaries (Score:1)
Look at that defendant list! (Score:2)
From the court's ruling:
DANIEL J. BERNSTEIN,
Plaintiff-Appellee,
v.
UNITED STATES DEPARTMENT OF JUSTICE;
UNITED STATES DEPARTMENT OF COMMERCE;
DEPARTMENT OF STATE;
UNITED STATES DEPARTMENT OF DEFENSE;
UNITED STATES ARMS CONTROL AND DISARMANENT AGENCY;
NATIONAL SECURITY AGENCY;
UNITED STATES DEPARTMENT OF ENERGY;
CENTRAL INTELLIGENCE AGENCY;
MADELINE E. ALBRIGHT, United States Secretary of State;
WILLIAM M. DALEY, United States Secretary of Commerce;
WILLIAM COHEN, United States Secretary of Defense; KENNETH A. MINIHAN, Director, United States National Security Agency;
JOHN B. HOLUM, Director, United States Arms Control and Disarmanent Agency;
WILLIAM G. ROBINSON;
GARY M. ONCALE;
AMBASSADOR MICHAEL NEWLIN;
CHARLES RAY;
MARK KORO;
GREG STARK;
Defendants-Appellants.
Re:Impact on Wassenaar (Score:2)
Australia has unfortunately been second only to the UK in pushing bad crypto proposals that the US government thought up but was unable to get passed in the USA. Their theory seems to be that once a few more countries subjugate their citizens' privacy, it will be much easier to make the case that we should do the same in the US.
It appears that the Wassenaar Arrangement is largely a paper tiger: it provides cover for those governments that WANT to restrict crypto, such as Australia's, but doesn't actually require freedom-loving governments such as Germany's (I know, it sounds funny!) or Ireland's to impose any controls.
Watch out for the next Wassenaar meeting, in which the nasties will try to impose controls on "intangible" goods (translation: The Internet). Today in all countries but the US, intangibles are not controlled by the export laws.
We in the US who have fought this battle for our own rights can't win it for you too. You will have to organize and convince, or sue, or elect, a government in your own country that will do the right thing with respect to crypto. The longer you wait, the more damage the authoritarians will do.
For today let's do a bit of dancing on the Berlin Wall of crypto. Tomorrow it's back to the barricades to push the bastards back further.
Damn, Good point. (Score:1)
because I'm a known arms trafficker.
Re:English like language (Score:1)
For that matter, write literate encryption code in Knuth's MIX language.
---
Hehehe (Score:1)
I wonder how this will affect that treaty we made everyone sign saying they won't export crypto.
Re:Yay! My crypto soure is now available for anyon (Score:1)
...phil
Re:Mass-Scale Government Surveillance (Score:1)
Uh, that's called "Van Eck". "Tempest" is the gvmnt name of the technology to prevent Van Eck monitoring from working.
...phil
Re:Reason for the policy in the first place? (Score:4)
I have also heard, with little support, that the gvmnt is worried that strong crypto will be used to enhance the underground economy, making it harder for the gvmnt to track (and presumably tax) money flows.
...phil
Constitution & National Security (Score:1)
If they appeal... (Score:1)
If the Justice Departement appeals to the Supreme Court things could get interesting. There have been cases in the past where the Court made a ruling that violated the Constititution but were in the interest of national security (Japenese internment during WWII for example). And with the moderate to conservative court that exists today, something along these lines could very well come about.
The article was lacking in detail so it is diffecult to say if this case would be heard by the Court. If for one reason or another five of the justices did not feel that this was a case that properly layed out the _Consititutional_ issues they could very well ignore it and wait for a better opertunity. This would not mean that they will not eventually take this up but mearly that this case was not a good platform to make a ruling on.
Well that is enough speculation, I will just wait for some more information before I form a real oppinion.
If they appeal... (Score:2)
If the Justice Departement appeals to the Supreme Court things could get interesting. There have been cases in the past where the Court made a ruling that violated the Constititution but was in the interest of national security (Japenese internment during WWII for example). And with the moderate to conservative court that exists today, something along these lines could vary well come about.
The article was lacking in detail so it is diffecult to say if this case would be heard by the Court. If for one reason or another five of the justices did not feel that this was a case that properly layed out the
- Consititutional
issues they could very well ignore it and wait for a better opertunity. This would not mean that they will not eventually take this up but mearly that this case was not a good platform to make a ruling on.Well that is enough speculation, I will just wait for some more information before I create a real oppinion.
exporting strong crypto isn't that great... (Score:2)
You asked for opinions - hears mine.
I agree that their are some aspects to strong crypto availability that are extremly vexing - use by criminals, etc, etc.
The problem with these arguments is that the successful criminals can afford the latest and greatest in computer security while private citizens often can't.
In addition to that, there are circumstances where a private citizen does have perfectly legitamite reasons for useing encryption, such as protecting buisness e-mail correspondances from being snooped by rival corporations.
Down under in Australia, we were recently treated to a leaked report from ASIO ( our equivelent of the FBI ) that flatly stated that there was no point in passing laws to prevent criminals from using encryption technology, since being criminals, they don't obey the law anyway.
In this respect, the only solution to the problem seems to be to level the playing field by making strong encryption available to everyone.
Still, politicians arn't known for their grasp of basic science or technology. The report was essentially ignored ( which is why it was probably leaked to the public ) and the Australian government is still going gung-ho to prove we can be just as stupid as everyone else.
But it's nice to think that there may finally be a light at the end of the tunnel.
The situation is not QUITE this simple... (Score:2)
Ok, I'll admit that was a handwave. I just wanted people in the USA to know that their government isn't the only one doing stupid things.
As for "..this argument could be used against any law whatsoever..", well yes and no. Laws are essentially a social contract between the members of a society as to what forms of behaviour are and arn't acceptable. When the ruling body passes laws that are ignored by a substantial section of the general population, the result is simply a weakening of this social contract and the undermining of the acceptance of the law by the population as a whole.
As the availablility of strong encryption, while I'm not seriously into cryptography and general purpose algorithms, I suspect that it's probably possible for certain groups ( criminals, terrorists, etc ) to come up with fairly secure encryption simply by using the old 19th centuary "Book Codes". With this kind of scheme, you are going to have a hard time de-crypting any message without knowing the book which is used as the key.So "strong" cryptography is available, it's just not available as a general purpose package with a "point and drool" interface.
As for useing cryto to anonymously publish things like biological warefare procedures, drug manufacturing procedures, etc, etc, this is one of those things that I personally feel is greatly over-rated.
As a point in case, an old friend of mine back in high school ( about 20 years ago ) was culturing all kinds of bugs on agar plates. The knowledge base to do this is available in print in any university library. At the time, he blythely pointed to one dish and mentioned that it contained bubonic plague. He took the trouble at this point to reassure me that while it was easy to cultivate, it was a pain in the neck to find a viable vector ( ie, fleas with rats ) so there was nothing to worry about [ and no, I'm not joking ].
Likewise, as someone who majored in chemistry at university, I know for a fact that you can look up recipies for all kinds of explosives and drugs in the organic chemistry section of any university anywhere in the world. Of course, the media has a certain difficulty in getting anyone to pay attention to a headline like "Juvenile delinquent makes drugs with a book from the library!", so they go for "..with a recipe found on the Internet!". It's just media hype.
Just my $0.02 worth.
What part of RSA? (Score:1)
Curious.
-Tim
Re:Text of Opinion Available Online (Score:1)
English Computer Language (Score:1)
Trumpetted by Presidential Candidates (Score:1)
Re:Free Speech != crypto exports, yet (Score:1)
Locks are good, they help law abiding citizens avoid being the targets of crime. Not allowing crypto to be exported has the affect of making it inconvenient for US citizens and businesses to get good locks. Thats bad--- it not only costs time and money, it often means we don't have the locks we should.
Re:Other cases proceeding on the same grounds (Score:1)
Mr Baker is right--- even if this case is won its not the real issue. The real issue is protecting communication among people. All we want is to protect our communications, domestic or international.
If I had a nickel (Score:1)
Re:What part of RSA? (Score:1)
And this particular Perl isn't Perl, either; it's actually a bunch of calls to 'bc'. Pathetic, if you ask me.
I searched for about an hour before I found a _real_ Perl implementation of this. About five minutes into the search, I found a four-line Python implementation (in ESR's
Okay, low blow. It just always amazes me to see how many people confuse "cryptic" (Perl) with "terse" (APL and J). Python unly tries to be non-cryptic, but winds up being somewhat terse as well.
-Billy
Free Encryption Export? Don't count on it. (Score:1)
I betcha the executive branch will come out and put its foot down and play the "matter of national security" card to prevent it. As dumb as it is, I don't see them giving up their position that easily.
Blah.
Re:Nope (Score:1)
Happy day, crytographic day. :)
Beer recipe: free! #Source
Cold pints: $2 #Product
Re:Right decision... not sure about the justificat (Score:1)
Beer recipe: free! #Source
Cold pints: $2 #Product
c2english translator (Score:2)
Not quite... (Score:3)
Now, here's the interesting thing: you cannot patent source code, anywhere. You can naturally copyright it, in fact you're expected to (even the FSF does it). But it's a representation, a language. So you can't patent it.
What you can, unfortunately, patent is the concept behind the code. To give you an example, let's take LZW compression (most commonly used in GIF's), the patent for which is held by Unisys. Now, Unisys has source code, of course. That isn't patented. However, the patent on the compression means that you are not allowed to write any code using that algorithm, even is your code is completely different from the code Unisys has. In effect, it's patenting an idea (which, if I'm not mistaken, the Constitution forbids, but the government either hasn't seen that or has been lobbied by the industry not to look). Other patented ideas: the use of XOR to move a mouse pointer across the screen, the RSA encryption algorithm, color-matching technology (if you believe Imatec's latest claim, which I don't), and so on. There is no patented code for any of these; in fact the RSA encryption algorithm can be found in any discrete mathematics textbook (it's a popular example exercise). But, no one else can use these, even though they're doing their own work, not stealing that of the patent owners.
This is my major gripe with the patent system. The software industry has twisted it to a use for which it was never intended.
arms trafficking (Score:1)
Re:Free Speech != crypto exports, yet (Score:1)
I am greatly in favour of the US Crypto Export Restrictions. I am studying cryptography (they like to call it cryptology) in Denmark and have written a java crypto library called logi.crypto [www.hi.is] which is available either GPL'd or with a commercial license.
I can only hope that the export restrictions will never be lifted, since they mean that I effectively don't need to compete with anyone in the US.
In fact, before this I worked for an Icelandic software company which was hired as a sub-sub-contractor by a US software company to design and implement the cryptographic portions of a large communications application. They could not hire a US company, which they would probably have done otherwise.
It is also completely silly to suggest that not exporting strong crypto products is going to help "protect the world from terrorists and criminals". I mean, go buy your cryptography stuff in Ireland. There is no reason to think it will be any less capable. Or, if you are a "well funded" organization, hire a few cryptographers of your own. They don't quite grow on trees, but they aren't that hard to find either. I'm sure our friend Shamir is training a few down in Israel.
Really, as people keep hammering on, the only people who are going to stop using cryptography because it is illegal, is the people who are relatively honest anyway. The whole thing does not make any sense, however you look at it.
Yes! (Score:1)
It would be nice if we really had knocked over this one and could go on to software patents.
Thanks
Bruce
Re:Very forward looking aspects to this case (Score:1)
printf("The way I see it, source code isn't just for the computer to follow... It's for other people to follow as well...\n
\n
My reasoning: If it was just for the computer to understand, why can it have comments in it, that are for the people to read, and the computer ignores?\n");
/* (yes, I know the "'s should be less/greater signs, but HTML likes to eat those.) */
Re:Other cases proceeding on the same grounds (Score:1)
Re:PGP Source Code Book (Score:1)
The print is in an OCR-friendly font, with special provisions for whitespace, and with checksums. But it's still entirely human-readable and expressive.
The tools for both printing code in that format and decoding it once it's been OCR'd are available for FTP from the directory ftp://ftp.pgpi.com/pub/pgp/5.5/books/ [pgpi.com]
Re:Impact on Wassenar [spel?] (Score:2)
Your suggestion that the US Administration cares about the well-being of US software companies is dubious. They care about it only in so far as it doesn't interfere with their intelligence-gathering capabilities.
Money. (Score:1)
Digital cash means that large sums of money can be transferred un-taxed.
--
Mark Fassler
fassler at frii dot com
Re:It's a start.... (Score:1)
expressive manner - this brings the full
force of the first amendment into the
picture - it makes it a constitional
arguement!
Another interesting situation is the
suit Phil Karn brought to try an export
a floppy containing source code that was
already printed in a book on cryptography
that is exportable. They turned that down,
though they approved the books international
export? Doh!
Steve
ROAR (Score:1)
Just had to let loose a bit..
This will probably wind up being the most important development in the US software industry ever, simply because people everywhere will now have easy, legal access to the same strong cryptography implementations. This is BIG.
--
Kyle R. Rose, MIT LCS
Yay! My crypto soure is now available for anyone. (Score:1)
- Sam
Re:Yay! My crypto soure is now available for anyon (Score:1)
- Sam
Re:Yay! My crypto soure is now available for anyon (Score:1)
To quote a lawyer from the Wired article:
- SamTo nitpick (Score:1)
If you're going to nitpick about the greater than less than signs,, you also forgot your
main(){
}
function.
Something like what you have wouldn't compile
Re:Free Speech != crypto exports, yet (Score:1)
URL correction (Score:2)
http://www.ce9.uscourts.gov/web/newopinions.ns f/f606ac175e010d64882566eb00658118/febd2452a8a4d79 b8825676900685b71?OpenDocument [uscourts.gov]
Re:source code (Score:1)
The big companies and their closed systems could either get the license, export weak crypto, or release the source.
Oceania is at war with East Asia. (Score:1)
Source code only... (Score:1)
We express no opinion regarding whether object code manifests a "close enough nexus to expression" to warrant application of the prior restraint doctrine. Bernstein's Snuffle did not involve object code, nor does the record contain any information regarding expressive uses of object code in the field of cryptography.
They're very clear when they say that this decision affects source code only.
--
Ian Peters
A couple points ... (Score:1)
Regarding obfuscated code, well, I'd like to see you make a good legal argument about what distinguishes obfuscated code. There are certainly people who would be able to read obfuscated code, which makes it expressive
--
Ian Peters
Re:Reason for the policy in the first place? (Score:1)
Considering the priority shift of the US agencies form the cold war to economic espionage and warfare, the ECHELON project, whose primary target are the states of the European Union, and the explicite exception from the crypto restriction for US companies' department in foreign countries, it is obvious that besides the usual govermental desire for total power and control, there are also big economical interests.
Re:Feel sorry for the people with crypto tattoos.. (Score:1)
http://dcs.ex.ac.uk/~aba/rsa/tattoo2.html [ex.ac.uk]
Crypto speak (Score:1)
There was a dissention. He stated that software is a tool that a person uses in order to get the computer to eventually do something. There is little distinction between the source code and the compiled object code in turns of functionality.
Note: this ruling may "only" apply to cryptographers since they transmit their idea using code.
From now on, I propose that we all "talk" to each other in source code.
If I write a virus program and post the code on the web, is this the same as shouting fire in a crowded room? Or is this just the language of virus writers?
Feel sorry for the people with crypto tattoos... (Score:2)
the RSA-in-3-lines-of-Perl program tattooed on
their arm? (Suddenly, that 'This human is
classified as a munition' tattoo that I wanted to
get across my chest doesn't look so neat.
Doug
Re:Feel sorry for the people with crypto tattoos.. (Score:2)
Tattoo 1 [ex.ac.uk]
Tattoo 2 (My favorite) [ex.ac.uk]
Doug
source is speech, binaries are not protected. (Score:4)
Andrew
--
Interesting. Very Interesting. (Score:2)
The crypto restrictions were always pretty dim, particularly since you could export books which explained the theory of the algorithms, or even, as somebody noted, the source-code itself.
Definately headed for the Supreme's, particularly since there have been conflicting concepts of software as speach. Given that, the court will probably choose to hear the case. They could always let the deicision stand without comment, though. We shall see.
---------
Re:Feel sorry for the people with crypto tattoos.. (Score:1)
an urban legend.
It's a start.... (Score:2)
It seems flimsy though to say that programming is simply a language and therefore violates his right to free speech. It just doesn't seem like much to go on when the government believes that it is a national security issue. I'm still doubtful this means much.
-----------
Resume [iren.net]
What export restrictions are really about (Score:2)
The restrictions are actually working very well.
Anyone who really wants crypto anywhere in the world will get it. Terrorists and drug cartels are using crypto for decades. What the export restrictions are really doing is prevent the creation and widespread adoption of interoperable international standards for ubiquitous encryption. That's what they really want. They want no obstacles to their dragnet-style eavesdropping on everyone - on you.
Re:How is encryption a "potential weapon"? (Score:1)
Shucks. (Score:1)
Re:You won't be so liberal . . . (Score:1)
There, a little truth, the product of "most minimal research" I spent all of 10 minutes researching this, and came up with more facts than your hateful rant contained. Stick that in your negationism pipe and smoke it!
Other cases proceeding on the same grounds (Score:3)
Before anyone gets upset about another login-required NY times article, remember login/password=cypherpunks/cypherpunks.
Re:Software == language? (Score:1)
Holy !@% !! (Score:2)
Re:English Computer Language (Score:1)
it's all here [eleves.ens.fr]
Re:c2english translator (Score:1)
Re:how binding is this? (Score:1)
Re:Free Speech != crypto exports, yet (Score:5)
I'm not sure that the issue is *solely* one of exporting crypto, per se.
If strong crypto was truly considered to be a national security issue, it would be illegal to publish the source code in a paper book, as well. It is not so much the that encryption is or is not a national security issue, though, but that the laws regarding the export of strong encryption are oxymoronic and effectively unenforcable. Since nothing prevent someone from printing the source code to an encryption routine and then mailing it overseas, there is, essentially, no real restriction at all. If someone really wants to use that routine, having to type it in by hand is only a minor inconvenience.
That bit aside, there are at least two reasons offhand why I consider these export restrictions to be a bad idea.
1. The US does not have any kind of unique position with regards to strong encryption. It is possible (and very easy) to acquire encryption tools at least as strong as any available within the US. If someone wants strong encryption, they will get it somewhere, whether the US likes it or not.
2. As a result of (1), the US is placed in the position of being unable to effectively compete on an international arena where any strong encryption is concerned.
PGP Source Code Book (Score:1)
I can just imagine the day when OCR becomes reliable enough to read books of code... then books will be software!
Book banning will be legal again!
Software DOES NOT "perform" functions! (Score:2)
HELLO?! Has he ever seen a floppy disk encrypt anything? No! It takes a COMPUTER to do that!
Software is by definition INSTRUCTIONS for the processor. In fact, the word "instruction" is used throughout computer terminology!
He should be banning the export of computers for being able to encrypt. (Sadly, that's more than just sarcastic: we already do that to a certain extent with supercomputers.)
Re:c2english translator (Score:1)
"english" is reallyt funny to read.
Let's say we have these two apples. The first apple has the value 10. The second apple has the value 12. Now lets say we add these two apples...
And so on. It's pretty neat
Tears of happiness... (Score:2)
If this holds up I will start to believe in God again.
Classified info protected by Amendment 1? (Score:1)
How does this fit with my classified drawings showing how to build an advanced laser communications system? It's on paper and it belongs to my company. Why can't they publish it to certain customers? They are not selling the actual hardware, but the means to produce the product. So how is a government to regulate the transfer of advanced technology, based on the First Amendment?
I personally believe cryptography should be more available, especially for worlwide commerce over the Internet, but there are other issues I don't see clarified.
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
Re:Precedent (Score:2)
Very forward looking aspects to this case (Score:2)
I find it interesting that part of the descision [uscourts.gov] was
With the continuing approach of computers that can understand and act sensibly on speach proceeds, this ruling gets closer and closer. I don't think this is here yet (it will, imho, be overturned) I do think that it's inevitable that this will happen. As computers become able to interperate a wider and wider variety of things, the export laws would have to get more and more restrictive, and are more likely to be overturned.
Wouldn't this mean that the "RSA in three lines of perl" tatoos are legally exportable on the same basis that a book full of source code is, but that the "bar code form" of the same thing wouldn't be exportable?
It's interesting to note that the argument on the one hand is that source code is a "machine" (although a virtual one, it is still a machine) and on the other hand source code is intended, by definition, to be primarily human readable, and requires a compile step to be a machine. I wonder where this leaves interpreted languages, where there is no compile?
There is also a note burried in there to the effect that because the web and computers in general have become so powerful, personal privacy has become more scarce now than at any other time in history. And then notes that the widespread availibility of strong encryption would help to negate this effect and the people would regain some of the lost privacy. This is the ultimate point. Computers make it to easy to keep track of people, and we've been denied access to their equal ability to hide people.
Re:Software == language? (Score:2)
Last time I checked, you couldn't patent a written or spoken idea. You were afforded copyright protection, but you couldn't actually receive a patent. If software is now categorized along with written or spoken ideas ("language" as the 9th circuit called it), then the existing software patents are probably invalid, and should be revoked by the patent office.
Of course, this ruling would go against many years of established court decisions on software related patent infringement suits. This one little case may not make much of a difference on how courts handle patent cases.
Nope (Score:2)
Reasons for their decision (Score:5)
First, it is not at all obvious that the government's view
reflects a proper understanding of source code. As noted ear-
lier, the distinguishing feature of source code is that it is
meant to be read and understood by humans, and that it
cannot be used to control directly the functioning of a com-
puter. While source code, when properly prepared, can be eas-
ily compiled into object code by a user, ignoring the
distinction between source and object code obscures the
important fact that source code is not meant solely for the
computer, but is rather written in a language intended also for
human analysis and understanding.
Second, and more importantly, the government's argu-
ment, distilled to its essence, suggests that even one drop of
"direct functionality" overwhelms any constitutional protec-
tions that expression might otherwise enjoy. This cannot be so.16
The distinction urged on us by the government would prove
too much in this era of rapidly evolving computer capabilities.
The fact that computers will soon be able to respond directly
to spoken commands, for example, should not confer on the
government the unfettered power to impose prior restraints on
speech in an effort to control its "functional " aspects. The
First Amendment is concerned with expression, and we reject
the notion that the admixture of functionality necessarily puts
expression beyond the protections of the Constitution.
Exporting Strong Crypto: thanks for the feedback! (Score:2)
One thought related to the post which mentioned the liberality of the current court. My statement about "conservatism" is strictly in relation to issues related to national security, where the court still tends to move cautiously.
I really appreciated the poster who provided the analysis of the opinion, the dissenters, etc, BTW. Good job all!!
Free Speech != crypto exports, yet (Score:5)
First of all, there is the inevitable appeal to the U.S. Supreme Court which (IHMO and IANAL) has generally been sensitive to national security concerns in such a way that a conservative ruling is more likely than the (again, IMHO) liberal ruling of the appellate court.
Secondarily, following the unsafe assumption that the Supreme Court would uphold the appeals court decision, if Congress could still pass a more specific law as to when crypto software can and cannot be exported , using the previous court judgement to refine the law. If the Free Speech == crypto exports lawsuit is brought up again, it would then need to again go through the whole process of trial and appeals all over again.
...(momentary pause -- I'm putting on my asbestos underwear)...
Besides which, maybe exporting strong crypto isn't that great of an idea in the first place. Anybody care to comment?
Re:Reasons for their decision (Score:5)
The Ninth Circuit's decision in the Bernstein case [jya.com] is a major victory for the First Amendment in the computer age. It confirms that just because you use specialized tools to speak, like a computer, or a specialized language to communicate, like a programming language, you do not therefore put yourself outside the scope of the First Amendment. These propositions are fundamental to free speech, and to freedom of association, in the computer age. And while it is wonderful that the Court of Appeals ruled as it did, it is a pity that the Justice Department's stonewalling on this issue made such a ruling necessary in the first place.
Today the Ninth Circuit-the court of appeals with jurisdiction over Silicon Valley-holds that cryptographic source code is protected speech. The court held, correctly, that the US Government's unconstitutionally prevents the export of cryptographic source code with a system of speech licenses. The court held that preventing cryptographers such as Daniel Bernstein from using the Internet to share their work with colleagues around the world is an unconstitutional prior restraint on speech, one hedged with completely inadequate procedural safeguards.
This decision is especially important because U.S. government representatives openly admit that they have been using the export control laws to retard the domestic use of cryptographic software. This decision, which I hope will be upheld by the Supreme Court, will be the first step towards greatly increased use of cryptography in domestic products, and enhanced personal privacy for all Americans.
Perhaps the most important aspect of this decision is that the appeals court recognizes the critical connection between the regulation of cryptography and our modern lives:
As the court recognized, the regulation of cryptography concerns us all in our everyday existence [miami.edu], at a time when the ability of governments and others to observe our everyday activities is at an all-time high. Only the deployment of consumer cryptography offers the ordinary citizen the technical means to attempt to carve out a zone of privacy in an increasingly monitored world. The citizen's right to protect privacy in this manner implicates not just the First amendment but also the Fourth amendment and the right to speak anonymously..The court was thus right on target when it noted that the regulation of cryptography "touches on the public interest broadly defined.".
A second important aspect of this decision is that the court recognized the effect of technical change on the first amendment, and rejected suggestions that just because speech has side effects it somehow loses its protected status:
If the government appeals, the issue is very likely to go to the Supreme Court for resolution given the government's claim that national security might be affected. It is likely that the government will request and receive a stay order if it chooses to appeal. (An appeal to an en banc panel of the 9th Circuit is also possible.)
Congratulations to Cindy Cohn and the rest of the Bernstein legal team!
More information on Cryptography and the Constitution [miami.edu]
More information on government regulation of cryptogragpy [miami.edu]
More information on the link between cryptography, e-cash, and privacy [miami.edu]
A. Michael Froomkin [mailto]
U. Miami School of Law,POB 248087
Coral Gables, FL 33124,USA
Impact on Wassenar [spel?] (Score:4)
So... now the US can quite legimately claim that it can't honour the agreement because of the constitutional appeal, giving US software companies an advantage over all the poor countries that were duped into signing over their rights (and most of us don't have those sort of clauses in our own constitution).
Thanks, guys!
Source Code is Speech (Score:2)
The Junger case [slashdot.org] was similar. It involved a law professor who wanted to post crypto source code for his "Computers and the Law" class. A lower court (going against the ruling of the lower court in this case), sided with the government and dismissed the expressive nature of source code due to its functional aspect. They basically said source code wasn't speech. This was, IMHO, a bad bad ruling. I really find it offensive that the court would assert that a language such as C that I spend a large portion of my time reading and writing (often just for fun), isn't speech. I use computer languages to communicate ideas. That's speech. The judge (Gwinn) in the Junger case just didn't "get it." I've read this ruling, and it's obvious that at least some of the judges (or more likely, their aids) do "get it."
Let's just hope that if this goes to the Supreme Court, they're as enlightened.
Randy Weems
rweems@nospam.hotmail.com
Re:Yet another Appeal? (Score:2)
Reason for the policy in the first place? (Score:2)
Do they actually believe that it's a threat to national security? I can't believe even the US government could be quite that stupid...
Is there maybe another reason? I don't know what... something to do with trade maybe? It's not like it'd be the first time they've tried to gain unfair trade advantages.
Of course, that's probably not it... but if not, what *is* their motive?
source code (Score:2)
If "source code" is speech and you can't restrict that, what about binaries?
Someone mentioned that netscape would be able to exports their strong crypto version if this was upheld - but it's not distributed as source.
Methinks this is a big gray area.
--
My tatoo (Score:2)
Unfortunately, after the artist got halfway down my back, I passed out.
It's a shame too. He still hasn't done the header files yet.
:)
Precedent (Score:4)
If that interpretation is upheld and accepted as precedent, it could have HUGE implications for people who write software in the U.S.
For example, if your state government passed a law prohibiting the writing of malicious code (i.e. virus, worm, trojan), First Amendment protection could make the law unconstitutional. The act of distributing the virus/worm/trojan could probably be prohibited, though.
IANAL and this post is all conjecture on my part, but I am VERY interested in seeing how this plays out.
Crypto Laws a Waste of Taxpayers' Money (Score:2)
Restriciting export of crypto is POINTLESS. The laws are left over from the days when the *algorithm itself* was an important secret that needed to be protected. Now days the algorithms are all public (and well known all over the world) and the encryption key is really the important part. Restricting crypto export accomplishes nothing but harm to the American software industry.
I've been through the process of getting export approval for an encryption capable web server. It was a time consuming pain in the butt, and in the end we still lost sales because we couldn't ship the 128 bit version. The whole things was particularly annoying because we had to get a new license every time we released a new version of the software. Our product did the same SSL encryption everyone else did. It is a waste of taxpayer money when the government takes the time to individually license every single version of every single product that uses the same friggen algorithm! I almost wonder if the only reason we still have these pointless laws is because a bunch of useless buraeucrats are just trying to hang on to their pointless regulatory jobs.
Thad
Yet another Appeal? (Score:2)
Re:Reason for the EXPORT policy .... (Score:2)
Text of Opinion Available Online (Score:4)
Agreed this is a remarkable and exciting result. agreed that this is quite likely to go up, given the stakes involved. For now, however, I will withhold further comment until I have had a chance to study the opinion.
Bottom Line (Score:5)
"We emphasize the narrowness of our First Amendment holding. We do not hold that all software is expressive. Much of it surely is not. Nor need we resolve whether the challenged regulations constitute content-based restrictions, subject to the strictest constitutional scrutiny, or whether they are, instead, content-neutral restrictions meriting less exacting scrutiny. We hold merely that because the prepublication licensing regime challenged here applies directly to scientific expression, vests boundless discretion in government officials, and lacks adequate procedural safeguards, it constitutes an impermissible prior restraint on speech."
Slip Opinion at 4241.
The significance of this limiting language should not be overlooked. While the court did, in dicta (non-precedential commentary) reach out into the nether areas of whether government may try to slow the use of encryption, that was not the limited holding which is the crux (and legally binding effect) of the opinion.
Indeed, there is some risk that the opinion might be understood as a roadmap for drafting revised regulations or legislation that would permit the particular conduct encouraged by Bernstein (scientific inquiry) as a sort of "fair use," but preclude any other uses of encryption, which is among the Government's principal goals. [Replacing the prior restraint licensing, for example, with severe penalties for improper disclosure after the fact, with narrow exceptions for "academic and scientific" expression. Indeed, limiting regulation to use and transmission of object code and non-expressive transmission of source code might go a long way to slamming down much of what the government wants to slam while passing muster, perhaps, even with this court.]
Many roads before this will be over with: possible en banc review before the entire 9th Circuit, possible appeal to the Supreme Court. Possible dumping of the statute for more technically acceptable, yet equally egregious legislation.
But it is nice to see that we are no longer spitting into the wind, legally speaking. Dicta or no dicta, this opinion gives counsel for prospective cypherpunks a lot with which to go to bat. I am also encouraged with the hints that the Fourth Amendment is also implicated by crypto regulation!
By the way, some people commented earlier that the court's "liberal" opinion would be disregarded by the Supreme Court. I think not, at least not by lockstep ideology (although they might reverse). Arguably the most conservative voice on the bench, Justice Antonin Scalia is a powerfully strong First Amendment advocate, almost to the point of being absolutist. Don't forget that this is the same conservative court that twice shut down Flag Burning statutes.
And....? (Score:2)
So, the abolition of that law, is more simbolic than practical (for the average citizen the encryption available out of the US was as good as 148 bit!)
Joao
how binding is this? (Score:2)
However, I wonder how broadly this can be applied. The rulings of the 9'th Circuit court are not binding for other circuits (AKAIK, IANAL) but rather can be used in other circuits as being suggestive only.
Perhaps the FUD'iest thing they could do would be to NOT appeal, but to charge someone else in a different jurisdiction.
Re:exporting strong crypto isn't that great... (Score:5)
> treated to a leaked report from ASIO ( our
> equivelent of the FBI ) that flatly stated that
> there was no point in passing laws to prevent
> criminals from using encryption technology,
> since being criminals, they don't obey the law
> anyway.
I read the report, but unfortunately I don't remember exactly what it said. However, the situation is not QUITE as simple as this. On the face of it, this argument could be used against any law whatsoever.
The idea of these laws is not to simply say "thou shalt not use crypto", but actually make it harder to get access to good crypto. In the age of the Internet, however, this is not effective. (This is where the situation starts to diverge from the analogous situation of gun control laws.)
Clearly the NSA knows this. I think (and I'm not alone) that the real purpose of the export laws is to simply slow down the adoption of cryptography everywhere (including domestically), so that for as long as possible the NSA will be able to monitor the general populace. Obviously serious terrorists, foreign governments etc have already secured themselves.
As for whether exporting crypto is good
Given that, the prospect of people using crypto to, e.g., anonymously publish designs for cheapo biological, chemical and nuclear weapons terrifies me. However, without crypto, "information warfare" attacks on computers and infrastructure also terrify me, and so does the potential for the Internet as the ultimate surveillance tool. Pick your poison. Personally, I think that if we get to the point where readily available technology poses a threat to the future of the human race, then we can transition to a total police state. There is no point in getting there ahead of time.
BTW, I spent quite a bit of time in Australia working on TTSSH. Good thing their export regime leaks like a sieve.