CNET también está disponible en español.

Ir a español

Don't show this again

Internet

New crypto rules deemed unconstitutional

A federal judge rules that recently revised regulations limiting the export of encryption are unconstitutional.

    Dealing the U.S. government yet another sharp rebuke, a federal judge in San Francisco has ruled that recently revised regulations limiting the exporting of encryption are unconstitutional.

    U.S. District Court Judge Marilyn Hall Patel's ruling means that plaintiff Daniel Bernstein, a mathematics professor at the University of Illinois, is free to post his encryption software on the Internet and to write and lecture about the code. It also permits students and other Related analysis: Crypto ruling won't rock the boat academics to publicly exchange ideas about the program, which Bernstein calls "Snuffle," without fear of running afoul of the law.

    "By the very terms of the encryption regulations, the most common expressive activities of scholars--teaching a class, publishing their ideas, speaking at conferences, or writing to colleagues over the Internet--are subject to a prior restraint by the export controls," Patel wrote in her ruling, issued late yesterday. "Defendants are enjoined from enforcing the regulations against plaintiff or against anyone who seeks to use, discuss, or publish plaintiff's encryption program."

    For years, the government's tight controls on the export of encryption have been the source of major controversy. Law enforcement and national security agencies say the restrictions are necessary to help them in their efforts to catch criminals, rogue nations, and terrorists.

    Free speech advocates, on the other hand, have argued that the laws are unconstitutional, and U.S. software and hardware companies say the restrictions prevent them from competing with their foreign competition, which is untouched by U.S. law.

    Bernstein brought his suit against the government two years ago, arguing that the controls on encryption--which scramble email messages, computer files, and phone conversations so they are unintelligible to eavesdroppers--violate his First Amendment rights to free speech. In June, both sides argued their case before Patel, who already had proven sympathetic to Bernstein's case. (See related story)

    Stanton McCandlish, a spokesman at the Electronic Frontier Foundation in San Francisco, said attorneys there were still analyzing the ruling, but that on first reading it appeared to be victory for those fighting export restrictions.

    "It's going to have a significant reach [because of] its general finding that export restrictions are unconstitutional," he told CNET's NEWS.COM.

    U.S. attorneys involved in the case were unavailable for comment.

    The decision is the third time Patel has come out against governmental controls on encryption. In April 1996, Patel ruled that software was speech for purposes of the First Amendment, the first ruling of its kind. The decision set the stage for another decision last December in which Patel ruled that the government's export scheme--dubbed the International Traffic in Arms Regulations-- were an unconstitutional prior restraint on Bernstein's right to free speech.

    Within weeks, the government overhauled its laws concerning encryption. The new scheme, called the Export Administration Regulations, loosened export controls in some respects. Among other things, the new laws transferred oversight of the restrictions from the State Department to the Commerce Department.

    Patel's most recent ruling essentially extends her December ruling to cover the new laws. It also suggests that the new laws may in fact be more vulnerable to constitutional attack than older ones because they single out encryption software of other types of computer programs.

    "I'm very pleased," said Cindy Cohn, the lead attorney representing Bernstein. "[Patel] gave us 99.99 percent of what we asked for."

    While Patel's ruling is a victory for opponents of the restrictions, it leaves plenty of room for the government to regulate encryption, provided it follows certain guidelines.

    "This court's rather narrow determination that source code is speech protected by the First Amendment does not serve to remove encryption technology from all government regulation," Patel wrote.

    She went on to chide both sides for exaggerating their positions. "Plaintiff does so by aggrandizing the First Amendment, by assuming that once one is dealing with speech that it is immaterial what the consequences of that speech may be. Defendants do so by minimizing speech, by constantly referring to 'mere speech' or 'mere ideas' in their briefs and assuming that the functionality of speech can somehow be divorced from the speech itself."