While university professor Daniel Bernstein celebrates his most recent victory in a court battle challenging governmental restrictions on the export of encryption, attorneys and academics were still trying to figure out what yesterday's federal court ruling means for the high-tech industry.
Attorneys specializing in encryption law said the decision won't free commercial encryption from regulations anytime soon.
"The bottom line is that Bernstein wins," said Michael Froomkin, an associate professor specializing in encryption at the University of Miami's School of Law. "But I'm not sure this would apply to a commercial product."
The ruling, handed down by U.S. District Judge Marilyn Hall Patel in San Francisco, held that the Clinton administration's recently revised regulations violate Bernstein's First Amendment rights. It was the third decision in the two-year case to take the regulations to task.
A mathematics professor at the University of Illinois at Chicago, Bernstein is now free to publish scholarly articles, as well as post the software itself, on the Internet without fearing reprisals from the government.
Attorneys watching the case said the government was almost sure to appeal the ruling. Anthony Coppolino, the Justice Department attorney handling the case, declined to comment.
Froomkin explained that Patel's decision is narrowly written to cover only Bernstein's encryption program, called "Snuffle." Even if upheld on appeal, he added, the precedent may apply only in an academic setting.
Ken Bass, a Washington attorney handling a similar challenge to the government's encryption regulations, largely agreed. "It's an important chink, but it is not a total destruction of the encryption regulations," he said. "Since the commercial interest is in exporting object code, it may not have as significant a regulatory effect on the software producers that it does on the technology itself."
One of the commercial companies likely to get the biggest boost from the ruling is encryption maker Pretty Good Privacy. The company openly publishes its source code and then licenses its name to other companies, including those outside the United States.
"[The decision] makes clear that the publication of source code is fully protected under the First Amendment," said Bob Kohn, general counsel at PGP. He called the Bernstein case "a major first step toward the liberalization of publication or electronic distribution of strong encryption worldwide."
Stewart Baker, the former general counsel at the National Security Agency and a partner at the law firm Steptoe & Johnson, concurred that if upheld, the decisions would likely cause the restrictions to crumble. "I would expect lower courts to have great difficulty distinguishing PGP's publication from what Bernstein has done with Snuffle," he said. "The decisions may so weaken the strength of the regulatory program that the program collapses."
Attorney Bass added that Patel's most recent decision furthers the divide between Bernstein's case and that of his client, a cryptographer named Phil Karn. Karn is challenging government regulations that prevent him from exporting encryption source code on a floppy disk when the identical program is already available in book form and on the Internet.
The Washington, D.C., District Court judge in that case dismissed Karn's First Amendment claims, arguing that the restrictions were content-neutral. But Patel's ruling noted the discrepancy in allowing source code to be published in written form but not on a computer disk, writing "the exception for printed materials, while at first glance a concession to the speech interests involved, is so irrational and administratively unreliable that it may well serve to only exacerbate the potential for self-censorship."
The decision could require the government either to allow the electronic dissemination of source code or to remove the exemption for printed materials--a move that legal experts say would certainly be challenged on First Amendment grounds.
Officials from the Commerce Department, which administers the regulations, didn't immediately return phone calls seeking comment. While it is unclear whether the department plans to modify its scheme, formally called the Export Administration Regulations, Commerce officials have been circulating a draft of changes in them that may only add fuel to the fire.
The proposed changes would require companies making encryption software available electronically to first seek an approval opinion from the Commerce Department, creating substantial delay for companies such Netscape Communications, which offer encryption products over the Net.