Crypto foes have day in court
Both sides of a landmark court battle over the use of encryption make their final arguments before a federal judge.
The case focuses on Daniel Bernstein, a University of Illinois math professor who sued the government two years ago as a graduate student when he was not allowed to publish his Snuffle encryption program on the Internet without an export license. But the case extends to the all Internet users, who are coming to rely more on privacy and security for electronic correspondence and transactions. Strong encryption is considered necessary to provide that security.
On the other hand, law enforcement officials are worried that the unchecked spread of strong encryption will make communications by criminals impossible to track and decode.
U.S. District Court Judge Marilyn Patel has already proven sympathetic to Bernstein's case. In April 1996, she ruled that software code is free speech and therefore protected under the First Amendment. From that, she said in December that the government's regulations created unconstitutional "prior restraint" of free expression, meaning the creation of an atmosphere that made the free exchange of protected ideas difficult, if not impossible.
Patel can now take as much time as she wants to hand down her decision. She must decide if the government regulations violate constitutional or statutory standards. The judge must also decide what type of relief to grant Bernstein and if that relief--in the form of unimpeded export of encryption software--should extend to everyone.
Since her December ruling, the federal export rules have been switched from the auspices of the State Department to the Commerce Department's Bureau of Export Administration. Patel called the lead attorneys for Bernstein and for the government together today to determine if she should reconsider her December ruling in light of the shift.
"We think [the issues] are fundamentally the same," Cindy Cohn, lead attorney for Professor Bernstein, told the judge. "All the things you found wrong before are still up in the air."
Government attorney Anthony Coppolino essentially agreed, although he claimed the new rules, which were mandated by a presidential executive order, cleared up some of the confusion caused by the State Department rules. "The president's order of transfer made clearer that we want to control the encryption function, not the ideas," he said.
Despite Judge Patel's differing perspective, Coppolino maintained that the government's rules, which require publishers of strong encryption software to apply for a government license, were aimed at controlling the unimpeded spread of "easy-to-access, easy-to-use" encryption but not the spread of intellectual expression.
Coppolino nonetheless seemed resigned to yet another "adversarial" decision, as he called Patel's previous rulings, and argued that if the judge rules in favor of Bernstein--which seems likely given her remarks today--her interpretation should be as narrow as possible. Coppolino said that a national injunction on the regulations would be overkill.
"You can clearly fashion relief [for Bernstein] without throwing it open on a nationwide basis," Coppolino contended.
Cohn, who has argued the case pro bono with the help of the Electronic Frontier Foundation, countered that Bernstein's job requires not just his own free expression but free communication in general.
"We think that everyone else should be protected," she argued to Patel. "There's no way that Bernstein can speak freely if no one else can speak back."
The encryption battle is also being fought in Congress, where several bills aim to strike down the same federal export rules that Bernstein is challenging, while one bill, sponsored by Senators John McCain (R-Arizona) and Bob Kerrey (D-Nebraska), seeks to impose domestic controls for the first time.
Introduced yesterday in the Senate, McCain-Kerrey seeks to mandate the use of key recovery--a system that allows law enforcement officials to intercept and decode encrypted electronic communications--for all government products and government-funded networks. It also aims to tie the domestic use of digital certificates--a type of electronic ID card that verifies the legitimacy of an electronic transmission--to key recovery.
Under the plan, users will not be able to obtain a digital certificate from a government-licensed "certificate authority" unless they make their private encryption keys available to law enforcement when necessary.