Crypto case, issues move forward
Five months after a federal court ruled that computer source code is speech protected under the First Amendment, the U.S. government and opponents of its encryption export policy appeared in court again to argue how far the government can go in restricting free speech in the interest of national security.
The April ruling of U.S. District Court Judge Marilyn Patel was the first part of a trial that could open the gates to unrestricted export of U.S.-made software encryption.
Mathematics professor Daniel Bernstein filed the case against the State Department two years ago when the government prevented him from publishing Snuffle, an encryption program he wrote as a graduate student at the University of California at Berkeley. Encryption export is regulated under a law that counts the technology as a form of munitions.
Bernstein was also prevented from distributing academic papers about the program, either on the Internet or in print, although the government later relented and granted Bernstein permission to publish his paper. The professor nonetheless decided to press the matter further in court, with the help of the Electronic Frontier Foundation and pro-bono legal representation.
Back in Judge Patel's San Francisco courtroom today, Bernstein's counsel Cindy Cohn argued that the current set of export restrictions, known familiarly as International Traffic in Arms Regulations, are ill-defined and often contradictory. As a result, they stifle the creation and use of cryptography as well as private encrypted correspondence. Cohn said the regulations produce a "chilling effect" that prevents open communication in an area where freedom of speech protection has been established.
"Part of the ability to speak freely is creating a bubble around the speech that allows planning and the ability to associate freely," said Cohn.
Cohn's counterpart, State Department attorney Anthony Coppolino, insisted that the restrictions on encryption control the dissemination of a potentially dangerous technical capability, not an attempt to stifle ideas and expression.
"Regulation of functionality is not a content-based concept," said Coppolino. "Our objective is to control what encryption can do, and to have some control over who is going to get it and use it against the United States."
Coppolino also explained that most software is classified as "technical data"--constitutionally protected ideas, instructions or theories--but that encryption software specifically is a "defense article," a commodity that served a function potentially harmful to the United States.
Even though Judge Patel has already ruled that all source code, including that of encryption programs, constitutes protected speech, she has yet to rule if the government should be able to classify software encryption as an exportable and controllable commodity.
She also must decide if the ITAR framework sets out rules that are too vague and lead to unfair prosecution of those who break the rules. She must also decide if the government is creating an atmosphere of "prior restraint" on not only cryptographic technology, but also the content of encrypted messages.
Judge Patel is expected to deliver a ruling in the next couple of months. She has told both sides she will automatically refer the case up to a court of appeals regardless of how she rules, guaranteeing a long haul before a final answer. If she rules broadly in favor of Bernstein, however, encryption export could become unrestricted.
A favorable ruling by Patel could also have a strong influence on a bill that would cripple the Clinton administration's proposed encryption key management system.
In the meantime, Bernstein's attorneys intend to file a preliminary injunction to let him teach a cryptography course this spring at the University of Illinois. Bernstein's case, a similar case involving a professor at Case Western Reserve University in Cleveland, and another case in Washington, D.C., could conceivably be consolidated and appealed to the Supreme Court, said Cohn.