Date: Sun, 26 Feb 95 09:18:24 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#021
Computer Privacy Digest Sun, 26 Feb 95 Volume 6 : Issue: 021
Today's Topics: Moderator: Leonard P. Levine
EFF Sues to Overturn Cryptography Restrictions
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: Aki Namioka <anamioka@grace.rt.cs.boeing.com>
Date: Wed, 22 Feb 95 08:26:30 PST
Subject: EFF Sues to Overturn Cryptography Restrictions
----- Begin Included Message -----
From robg@prognet.com Tue Feb 21 23:03:52 1995
Subject: EFF SUES TO OVERTURN CRYPTOGRAPHY RESTRICTIONS
For a variety of reasons we've had to keep quite quiet about this case,
which has been developing for some time. We think it's an ideal test
case that will kick up a lot of dust and might even end the ridiculous
export control morass.
Any questions should be address to Shari Steele at EFF
(ssteele@eff.org).
Rob
From: farber@central.cis.upenn.edu (David Farber)
Date: Tue, 21 Feb 1995 23:18:30 -0500
Subject: EFF SUES TO OVERTURN CRYPTOGRAPHY RESTRICTIONS
EFF SUES TO OVERTURN CRYPTOGRAPHY RESTRICTIONS
First Amendment Protects Information about Privacy Technologies
February 21, 1995
San Mateo, California
In a move aimed at expanding the growth and spread of privacy and
security technologies, the Electronic Frontier Foundation is sponsoring
a federal lawsuit filed today seeking to bar the government from
restricting publication of cryptographic documents and software. EFF
argues that the export-control laws, both on their face and as applied
to users of cryptographic materials, are unconstitutional.
Cryptography, defined as "the science and study of secret writing,"
concerns the ways in which communications and data can be encoded to
prevent disclosure of their contents through eavesdropping or message
interception. Although the science of cryptography is very old, the
desktop-computer revolution has made it possible for cryptographic
techniques to become widely used and accessible to nonexperts. EFF
believes that this technology is central to the preservation of privacy
and security in an increasingly computerized and networked world.
The plaintiff in the suit is a graduate student in Mathematics at the
University of California at Berkeley named Dan Bernstein. Bernstein
developed an encryption equation, or algorithm, and wishes to publish
the algorithm, a mathematical paper that describes and explains the
algorithm, and a computer program that implements the algorithm.
Bernstein also wishes to discuss these items at mathematical
conferences and other open, public meetings.
The problem is that the government currently treats cryptographic
software as if it were a physical weapon and highly regulates its
dissemination. Any individual or company who wants to export such
software -- or to publish on the Internet any "technical data" such as
papers describing encryption software or algorithms -- must first
obtain a license from the State Department. Under the terms of this
license, each recipient of the licensed software or information must be
tracked and reported to the government. Penalties can be pretty stiff
-- ten years in jail, a million dollar criminal fine, plus civil
fines. This legal scheme effectively prevents individuals from
engaging in otherwise legal communications about encryption.
The lawsuit challenges the export-control scheme as an ``impermissible
prior restraint on speech, in violation of the First Amendment.''
Software and its associated documentation, the plaintiff contends, are
published, not manufactured; they are Constitutionally protected works
of human-to-human communication, like a movie, a book, or a telephone
conversation. These communications cannot be suppressed by the
government except under very narrow conditions -- conditions that are
not met by the vague and overbroad export-control laws. In denying
people the right to publish such information freely, these laws,
regulations, and procedures unconstitutionally abridge the right to
speak, to publish, to associate with others, and to engage in academic
inquiry and study. They also have the effect of restricting the
availability of a means for individuals to protect their privacy, which
is also a Constitutionally protected interest.
More specifically, the current export control process:
* provides too few procedural safeguards for First Amendment rights;
* requires publishers to register with the government, creating in
effect a "licensed press";
* disallows general publication by requiring recipients to be
individually identified;
* is sufficiently vague that ordinary people cannot know what conduct
is allowed and what conduct is prohibited;
* is overbroad because it prohibits conduct that is clearly protected
(such as speaking to foreigners within the United States);
* is applied overbroadly, by prohibiting export of software that
contains no cryptography, on the theory that cryptography could be
added to it later;
* egregiously violates the First Amendment by prohibiting private
speech on cryptography because the government wishes its own opinions
on cryptography to guide the public instead; and
* exceeds the authority granted by Congress in the export control
laws in many ways, as well as exceeding the authority granted by the
Constitution.
If this suit is successful in its challenge of the export-control laws,
it will clear the way for cryptographic software to be treated like any
other kind of software. This will allow companies such as Microsoft,
Apple, IBM, and Sun to build high-quality security and privacy
protection into their operating systems. It will also allow computer
and network users, including those who use the Internet, much more
freedom to build and exchange their own solutions to these problems,
such as the freely available PGP encryption program. And it will
enable the next generation of Internet protocols to come with built-in
cryptographic security and privacy, replacing a sagging part of today's
Internet infrastructure.
Lead attorney on the case is Cindy Cohn, of McGlashan and Sarrail in
San Mateo, CA, who is offering her services pro-bono. Major assistance
has been provided by Shari Steele, EFF staff; John Gilmore, EFF Board;
and Lee Tien, counsel to John Gilmore. EFF is organizing and
supporting the case and paying the expenses.
The suit was filed in Federal District Court for the Northern District
of California. EFF anticipates that the case will take several years
to win. If the past is any guide, the government will use every trick
and every procedural delaying tactic available to avoid having a court
look at the real issues. Nevertheless, EFF remains firmly committed to
this long term project. We are confident that, once a court examines
the issues on the merits, the government will be shown to be violating
the Constitution, and that its attempts to restrict both freedom of
speech and privacy will be shown to have no place in an open society.
Full text of the lawsuit and other paperwork filed in the case is
available from the EFF's online archives. The exhibits which contain
cryptographic information are not available online, because making them
publicly available on the Internet could be considered an illegal
export until the law is struck down. See:
[NOTE: Currently only the Exhibits documents are available; the complaint
and other docs will appear shortly]
ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export/Bernstein_case
http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
Press contact: Shari Steele, EFF: ssteele@eff.org, +1 202 861 7700.
For further reading, we suggest:
The Government's Classification of Private Ideas: Hearings Before a
Subcomm. of the House Comm. on Government Operations, 96th Cong., 2d
Sess. (1980)
John Harmon, Assistant Attorney General, Office of Legal Counsel,
Department of Justice, Memorandum to Dr. Frank Press, Science Advisor to
the President, Re: Constitutionality Under the First Amendment of ITAR
Restrictions on Public Cryptography (May 11, 1978). [Included in the
above Hearings; also online as http://www.eff.org/pub/EFF/Policy/Crypto/
ITAR_export/ITAR_FOIA/itar_hr_govop_hearing.transcript].
Alexander, Preserving High-Tech Secrets: National Security Controls on
University Research and Teaching, 15 Law & Policy in Int'l Business 173
(1983)
Cheh, Government Control of Private Ideas-Striking a Balance Between
Scientific Freedom and National Security, 23 Jurimetrics J. 1 (1982)
Funk, National Security Controls on the Dissemination of Privately
Generated Scientific Information, 30 U.C.L.A. L. Rev. 405 (1982)
Pierce, Public Cryptography, Arms Export Controls, and the First
Amendment: A Need for Legislation, 17 Cornell Int'l L. J. 197 (1984)
Rindskopf and Brown, Jr., Scientific and Technological Information and
the Exigencies of Our Period, 26 Wm. & Mary L. Rev. 909 (1985)
Ramirez, The Balance of Interests Between National Security Controls
and First Amendment Interests in Academic Freedom, 13 J. Coll. & U. Law
179 (1986)
Shinn, The First Amendment and the Export Laws: Free Speech on
Scientific and Technical Matters, 58 Geo. W. L. Rev. 368 (1990)
Neuborne and Shapiro, The Nylon Curtain: America's National Border and
the Free Flow of Ideas, 26 Wm. & Mary L. Rev. 719 (1985)
Greenstein, National Security Controls on Scientific Information, 23
Jurimetrics J. 50 (1982)
Sullivan and Bader, The Application of Export Control Laws to
Scientific Research at Universities, 9 J. Coll. & U. Law 451 (1982)
Wilson, National Security Control of Technological Information, 25
Jurimetrics J. 109 (1985)
Kahn, The Codebreakers: The Story of Secret Writing. New York:
Macmillan (1967) [Great background on cryptography and its history.]
Relyea, Silencing Science: national security controls and scientific
communication, Congressional Research Service. Norwood, NJ: Ablex
Publishing Corp. (1994)
John Gilmore, Crypto Export Control Archives, online at
http://www.cygnus.com/~gnu/export.html
EFF Crypto Export Control Archives, online at
ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/
gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export
http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Thu, 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours
of submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #021
******************************
.