Slashdot Mirror
US Crypto Export Laws Ruled Unconsitutional
An anonymous reader sent us a story over at news.com
that proclaims some joyous news: The a US appeals court has ruled
Export Laws Unconstitutional.
Excellent.
← Back to Stories (view on slashdot.org)
Before it was illegal for me to go out of the country since I had RSA tattooed in bar code (IE: Machine Readable) format on my ass. Now I guess I have to if an employer asks me to. Damn.
Yup. The decision specifically invites the Supreme
Court to review the decision.
focused on the First Amendment issue, and it
could still get overturned by the Supreme Court.
But it's very encouraging.
Phil Karn
For one thing, this would mean that, for example, Netscape could make the browser with strong encryption totally available, instead of making people fill out special forms to get it.
mjt
I would doubt it. If so all patents would go as they are all in "language" (blue-prints, design specs, etc.). The ruling seems to be (from the limited info) that banning the representation of something (in this case crypto) is against the 1st Amendment. You can still however own the rights to the representation of something.
AC the Terrible
What are you talking about ? I've been running setiathome for like a month now.
yes, people really have gotten Crypto tattoo's.. ..
a while back an issue of 'Wired' had photo's of some people's crypto tattoo's
Currently I can export the printed code and let people scan it in using OCR but I can't export it in digital form. The government is currently exploiting the lack of clairvoyance of those who drafted the constitution and it needs to stop. Digital formats are a new medium but it shouldn't mean your rights to communicate in it are different.
You can't sell this stuff to a foreign national in the US, but you can to a US citizen, as a result books on cryptography in the US can't publish with a CDROM disk, even though they have printed source code in them.
The biggest fiasco is that the law assumes that all cryptography is invented in the US, in fact Great Britain with Allan Turing et.al. are the original masters of cryptanalysis and there are products which compete with the US already out there.
SUN licensed cryptigraphy from Russia to circumvent these ridiculous laws, how crazy is that?
My question is, how is encryption a potential weapon, like the gov't says it is? Explain how encryption can be directly used to harm another person or computer, and I'll be very surprised. The whole point is that encryption will PROTECT data, not damage it. Thus, by definition, it is not a weapon.
Also, they really can't enforce it very well. If I were to post a strong encryption program on my web site, odds are they would never even know it, much less take action against me.
Jimmy_B
ICQ #18471744
Words and speech were and are ownable. This is what copyright is all about. I can't freely post transcripts of George Carlin's albums, but I can freely post transcripts of Ken Starr's report. Both are 'speech'. Only the gov't cannot restrict speech. The NY Times, however, can refuse to post your articles if even they think you just you look funny. Now, can I freely post the Supreme Court's ruling which contains a large snippet of George Carlin's 'seven dirty words' skit? That's a gray area, but probably yes, since it's in official public records. :)
Almost. The ruling says the current regulations
are illegal prior restraint on free speach, becuase they apply to source code. But they
through out all of the current regulations,
because they couldn't seperate source & binaries
without doing a line-by-line edit. So it sounds to me--but I'm not a lawyer--like we (at least those of us in the 9th circuit, i.e. on the west coast) can export all the crypto we want.
Jeff
...was not done in the interests of national security. If that was the case all Germans would have had to be interned too..
It was a matter of concerns about national security and the fact that the Japanese visibly looked different. It was like the Jews in Germany--Americans were worried that the "Japs" would be the third column undermining them from within. It wasn't about national security, it was about prejudice and racism.
The export restrictions that were actually struck down were under the commerce department's authority rather than the old ITAR rules. You haven't been an arms trafficker for a year or two.
Jeff
They're very clear when they say that this decision affects source code only.
while (1) {
print ("So what about scripting languages like perl?\n");
}
The previous link didn't work for me... search for the following text.
05/06/99 97-16686 BERNSTEIN V USDOJ
I see nothing preventing one from uuencoding a C program, substituting english words for each base64 cipher, and claiming the result is free speech.
Food for thought.
this is all for companies who want to sell.
you guys in the usa shouldnt care less, since you can use it ok. We outside usa, well, we can make our own thanks, its not like real hard or anything, geee
#define ENCODE_LENGTH 256
Slightly off topic....
I believe the threshold placed on a computer's MIPS if it's going to be exported is being challenged if not exceeded by Merced / Coppermine.
It's going to be impressive to see what comes of that.
Let's see how much money (Intel will loby and spred some $$ I'm sure..) can do for us.
Yes. This is the decission of the US 9th circuit court of APPEALS, overturning the decission you refer to.
The next round will be in the US Supreme court.
COBOL was part of one of DJB's arguments, IIRC.
I don't recall where I saw it at the moment, but there are many sites that will show you exactly how to build a nuclear bomb. The trick is to find the plutonium and uranium in the right condition and quantities....
I really doubt that MS is going to release NT Service Pack 5 in source form to get past the export restrictions on binaries.
This ruling is more important for professors and independent (read: free) software authors in the US because if it is upheld nationwide then posting crypto code on your web site will no longer be a risk that might put you in jail. Especially when it's notes for a course you're teaching.
Of course people in other countries can write crypto-based programs and develop new algorithms--look at IDEA. It's still a problem for us when someone in the US writes a new program, let's say it's a secure chat program, and they include an implementation of IDEA that they got from a web site in Finland, and they get arrested for exporting munitions back to the rest of the world.
If you bought an arsenal of weapons from some terrorists and then sold it back to them you would be selling arms to terrorists, no?
Think of the implications the other way. What if it is overturned and software is ruled as not being speech? Would that mean software is no longer covered by copyright law?
The thing is I don't think the export restriction is against these text versions, so nothing really changed for the tattoo-ees. I remember someone put the same PERL script as his quote in a yearbook, and then found out that that didn't make it unexportable. If however, something like a barcode were used, it would be a different story.
AltiVec-enhanced G4's exceed the prescribed MIPS, IIRC. Hehe
it is _not_ overturning the decision (in the Junger case) that found source code was not protected speech.
there are two different cases on this subject.
this story is about Prof. Bernstein's case. the decision in that case was that source code _was_ protected. the government appealed the decision. the appeals court _affirmed_ the lower court's decision.
Prof. Junger (I believe he's at CWRU) has a case presenting (I believe) a similar argument. The decision in that case was that source code was _not_ protected. i believe it is being heard by the appeals court (probably a different circuit than the Bernstein case) right now.
looks like the slashdot scripts are mangling the link. it's inserting a space between feb and d, so
"febd245" becomes "feb d245"
Prof. Junger has a case in the 6th circuit. The district court found that cryptographic source was not protected. I believe it is on appeal right now. So this could be the disagreement you are looking for.
I know that RedHat and other free Unixes have not
included strong crypto tools in their distribs,
(ssh1 comes to mind) because of the stupid export
control restrictions.
Would this help the situation. With all the
trouble people are having compiling ssh on the
new Redhat, this would make life easier for alot
of people.
Buggy code is slander.
Good well written documented and bugless code is truth and protected speech
...for the brilliant satire of an extremely xenophobic ultra-conservative.
right. but he's using source code to communicate.
(the fact that it doesn't compile doesn't mean it's not code.)
I believe this is the real reason. They don't want secure communication to become commonplace. Lots of criminals/terrorists/whatever are caught because the got careless and used unsecure communications. If every phone/computer in the world has IPsec (or equivalent) with large keys, then they lose the opportunity to catch the careless.
The really smart criminals/terrorists/whatever already have access to strong crypto and know to always *always* use it. Even the government types know this. They just want to be able to catch the dumb ones.
Already been done. (Apple script)
--opens "http://slashdot.org/" in the top window
tell application "Netscape Navigator" to GetURL "http://slashdot.org/"
-- makes a 1 item list, sets it to "Slashdot.org" and prints it.
set List_of_cool_things to {""}
set item 1 of List_of_cool_things to "Slashdot.org"
display dialog item 1 of List_of_cool_things
Well, it's great if it goes to the Supreme Court. If they uphold this decision, that would mean that the laws are unconstitutional throughout the U.S., not just in the Ninth District.
Of course, there is the danger of them deciding against, but I don't think that's going to happen...
The neat part of CS classes is that you see that computer code is simultaneously functional and expressive. It seems to be difficult for the courts to understand that: they want it to be one or the other.
In fact, one could successful argue that assembly language is "source code" therefore, you need only ship a dissasembler with your binary product, as binary is a "compressed" form of assembly language.
Hello?! Assembly language IS A PROGRAMMING LANGUAGE. There is no argument about that!!! What one COULD argue however is that MACHINE language (the binary codes for instructions) is a programming language and is therefore protected. But even if it's not, as you've said, it can be easily translated into assembly source code (messy and without comments, but still source code and, therefore, protected by this court ruling) So, I agree, binaries should be protected by this decision as well!
I guess it's because I'm surfing from Sweden
IANAL, but the idea that treaties can take precedence over the constitution strikes me as absurd.
Suppose that the U.S. were to sign a treaty with another country that said that neither nation would permit speech that criticized the others' government. Would the 1st amendment go out the window? I certainly hope not.
It seems to me that if treaties were equal to constitutional ammendments, they'd have to be ratified by the states.
doubleplusgood
Nobody ever called me a "negationist" before! I don't even know what that means, for God's sake, and I always had a John-O'Hara-like mentality about dictionaries . . . Explain, please! This is cool. It sounds like such a great word. I hope it means something such that I can use it a lot: "You babbling, incoherent negationist!" Heh heh.
Joseph Wang (joe@mit.edu)
When something is protected by the Amendment 1,
it doesn't means that there are absolutely no
restrictions placed on it. It means that any
restrictions have to meet certain conditions.
In the case you mentioned, the government can,
AFTER you publish something, arrest you, charge
you and put you in jail for a long time. What
the government can't do is to look at all your
drawings and try to restrict you BEFORE you
publish.
Also, in putting together regulations that involve
the first amendment, the government has to
convince the courts that those regulations are
necessary and there a number of tests that the
courts will use to see if a law is constitutional.
the government cannot do is to look at
Software IS patentable worldwide (Canada, Australia, Europe, Japan, etc.). Tens of thousands of software patents issue around the world every year.
Might this have any effect on stuff like patenting algorithms?
Below the judge is saying that the regs are unconstitutional in their entirety and that they refuse to sever the meaning of source code, commodities etc.
Of course, I'm not a lawyer, but I think thats what they are saying. Its also possible that a rewrite of the regs would make binaries illegal to export, but source code legal. It doesn't really matter. All you have to do is export the source code and then compile it. You don't even have to export it to everyone, just some other scientist.
jim burnes
jburnes@iss.net
Portraying the government as inept on encryption is no more accurate than Hogan's Heroes depiction of Nazis as bumbling fools. Evil, yes, but not stupid!
the export policy has also had a chilling effect on the availability of encryption products for _domestic_ use. you may be willing to believe that is merely a coincidence. _i_ am not.
remember when the government was going to mandate use of Clipper? or mandatory key escrow? (yes, this was domestic.) it's no secret that (certain parts of) the government want to limit the use of encryption by u.s. citizens.
Everyone should read the PGP manifesto in the man file for pgp.
If encryption is limited and regulated, then it will end up on the black market and only criminals will benefit from it.
The gov't doesn't want open source encryption because it is very hard to regulate. With a proprietary binary-distributed encryption algorithm, the government can bribe private companies to include "back doors", etc.
The only way for encryption to remain legal is for everyone to use it, always.
The government is worried about industrial espionage, but due to export restrictions, it is in fact American companies abroad that are penalized.
The article on CNet specifically says that this "opinion doesn't apply to off-the-shelf products". What I would like to know is why that is. Every executable program is composed of machine language instructions (binary codes), which can be considered a programming language by itself. HOWEVER, even if it's not a programming language, it has a 1-1 translation to Assembly language, which is DEFINITELY a programming language and therefore should be protected by the First Amendment, according to this decision. So why aren't the off-the-shelf products protected by this court ruling as well?
Look at that list of defendants versus just one mere human. My God, it looks an X-Files'esque who's-who of the illuminati.
From the court's ruling:
DANIEL J. BERNSTEIN,
Plaintiff-Appellee,
v.
UNITED STATES DEPARTMENT OF JUSTICE;
UNITED STATES DEPARTMENT OF COMMERCE;
DEPARTMENT OF STATE;
UNITED STATES DEPARTMENT OF DEFENSE;
UNITED STATES ARMS CONTROL AND DISARMANENT AGENCY;
NATIONAL SECURITY AGENCY;
UNITED STATES DEPARTMENT OF ENERGY;
CENTRAL INTELLIGENCE AGENCY;
MADELINE E. ALBRIGHT, United States Secretary of State;
WILLIAM M. DALEY, United States Secretary of Commerce;
WILLIAM COHEN, United States Secretary of Defense; KENNETH A. MINIHAN, Director, United States National Security Agency;
JOHN B. HOLUM, Director, United States Arms Control and Disarmanent Agency;
WILLIAM G. ROBINSON;
GARY M. ONCALE;
AMBASSADOR MICHAEL NEWLIN;
CHARLES RAY;
MARK KORO;
GREG STARK;
Defendants-Appellants.
Australia has unfortunately been second only to the UK in pushing bad crypto proposals that the US government thought up but was unable to get passed in the USA. Their theory seems to be that once a few more countries subjugate their citizens' privacy, it will be much easier to make the case that we should do the same in the US.
It appears that the Wassenaar Arrangement is largely a paper tiger: it provides cover for those governments that WANT to restrict crypto, such as Australia's, but doesn't actually require freedom-loving governments such as Germany's (I know, it sounds funny!) or Ireland's to impose any controls.
Watch out for the next Wassenaar meeting, in which the nasties will try to impose controls on "intangible" goods (translation: The Internet). Today in all countries but the US, intangibles are not controlled by the export laws.
We in the US who have fought this battle for our own rights can't win it for you too. You will have to organize and convince, or sue, or elect, a government in your own country that will do the right thing with respect to crypto. The longer you wait, the more damage the authoritarians will do.
For today let's do a bit of dancing on the Berlin Wall of crypto. Tomorrow it's back to the barricades to push the bastards back further.
That sucks, I really did like telling my friends that they souldn't be hanging out with me
because I'm a known arms trafficker.
For that matter, write literate encryption code in Knuth's MIX language.
---
Hehe... I never thought of source code as a form of speach before, but, I will now, as long as it helps for exporting Crypto.
I wonder how this will affect that treaty we made everyone sign saying they won't export crypto.
Right now, this ruling applies only to the area covered by the 9th Circuit. I hope you're in that location.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
They can use TEMPEST vans to read a suspect's outgoing e-mail before encryption and incoming e-mail after decryption.
Uh, that's called "Van Eck". "Tempest" is the gvmnt name of the technology to prevent Van Eck monitoring from working.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
The public reason was that, supposedly, American-developed crypto was the best in the world, and letting it get into the hands of the "enemy" (which changed, depending on when and who you were talking to), was a Bad Thing. Since crypto developed outside the U.S. has gotten to be as good, that explanation has gotten incredibly weak. Many people put it up to inertia that the rules haven't changed. There's probably also an element of "We know what's best for you" from the government, and hiding things from the government is perceived to be bad (by the government, anyway).
I have also heard, with little support, that the gvmnt is worried that strong crypto will be used to enhance the underground economy, making it harder for the gvmnt to track (and presumably tax) money flows.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Note that the Constititution allows suspension of habeas corpus (i.e., things like the internment of Japanese-Americans) only when a state of war has been declared by the Congress of the United States of America. When we are official "at peace", such as today, those rights cannot be suspended on spurious "national security" grounds.
Send mail here if you want to reach me.
Posted by kenmcneil:
If the Justice Departement appeals to the Supreme Court things could get interesting. There have been cases in the past where the Court made a ruling that violated the Constititution but were in the interest of national security (Japenese internment during WWII for example). And with the moderate to conservative court that exists today, something along these lines could very well come about.
The article was lacking in detail so it is diffecult to say if this case would be heard by the Court. If for one reason or another five of the justices did not feel that this was a case that properly layed out the _Consititutional_ issues they could very well ignore it and wait for a better opertunity. This would not mean that they will not eventually take this up but mearly that this case was not a good platform to make a ruling on.
Well that is enough speculation, I will just wait for some more information before I form a real oppinion.
If the Justice Departement appeals to the Supreme Court things could get interesting. There have been cases in the past where the Court made a ruling that violated the Constititution but was in the interest of national security (Japenese internment during WWII for example). And with the moderate to conservative court that exists today, something along these lines could vary well come about.
The article was lacking in detail so it is diffecult to say if this case would be heard by the Court. If for one reason or another five of the justices did not feel that this was a case that properly layed out the
- Consititutional
issues they could very well ignore it and wait for a better opertunity. This would not mean that they will not eventually take this up but mearly that this case was not a good platform to make a ruling on.Well that is enough speculation, I will just wait for some more information before I create a real oppinion.
Posted by AnnoyingMouseCoward:
You asked for opinions - hears mine.
I agree that their are some aspects to strong crypto availability that are extremly vexing - use by criminals, etc, etc.
The problem with these arguments is that the successful criminals can afford the latest and greatest in computer security while private citizens often can't.
In addition to that, there are circumstances where a private citizen does have perfectly legitamite reasons for useing encryption, such as protecting buisness e-mail correspondances from being snooped by rival corporations.
Down under in Australia, we were recently treated to a leaked report from ASIO ( our equivelent of the FBI ) that flatly stated that there was no point in passing laws to prevent criminals from using encryption technology, since being criminals, they don't obey the law anyway.
In this respect, the only solution to the problem seems to be to level the playing field by making strong encryption available to everyone.
Still, politicians arn't known for their grasp of basic science or technology. The report was essentially ignored ( which is why it was probably leaked to the public ) and the Australian government is still going gung-ho to prove we can be just as stupid as everyone else.
But it's nice to think that there may finally be a light at the end of the tunnel.
Posted by AnnoyingMouseCoward:
Ok, I'll admit that was a handwave. I just wanted people in the USA to know that their government isn't the only one doing stupid things.
As for "..this argument could be used against any law whatsoever..", well yes and no. Laws are essentially a social contract between the members of a society as to what forms of behaviour are and arn't acceptable. When the ruling body passes laws that are ignored by a substantial section of the general population, the result is simply a weakening of this social contract and the undermining of the acceptance of the law by the population as a whole.
As the availablility of strong encryption, while I'm not seriously into cryptography and general purpose algorithms, I suspect that it's probably possible for certain groups ( criminals, terrorists, etc ) to come up with fairly secure encryption simply by using the old 19th centuary "Book Codes". With this kind of scheme, you are going to have a hard time de-crypting any message without knowing the book which is used as the key.So "strong" cryptography is available, it's just not available as a general purpose package with a "point and drool" interface.
As for useing cryto to anonymously publish things like biological warefare procedures, drug manufacturing procedures, etc, etc, this is one of those things that I personally feel is greatly over-rated.
As a point in case, an old friend of mine back in high school ( about 20 years ago ) was culturing all kinds of bugs on agar plates. The knowledge base to do this is available in print in any university library. At the time, he blythely pointed to one dish and mentioned that it contained bubonic plague. He took the trouble at this point to reassure me that while it was easy to cultivate, it was a pain in the neck to find a viable vector ( ie, fleas with rats ) so there was nothing to worry about [ and no, I'm not joking ].
Likewise, as someone who majored in chemistry at university, I know for a fact that you can look up recipies for all kinds of explosives and drugs in the organic chemistry section of any university anywhere in the world. Of course, the media has a certain difficulty in getting anyone to pay attention to a headline like "Juvenile delinquent makes drugs with a book from the library!", so they go for "..with a recipe found on the Internet!". It's just media hype.
Just my $0.02 worth.
What part of RSA does this perl code implement? It can't do key generation, can it?
Curious.
-Tim
Let's try not to let fact interfere with our speculation here, OK?
Nearly as cool as the decision-- it contains Lisp code. That's got to be a first.
You mean like the C to English converter or Bruce Schneier's Blowfish cipher in English?
Especially the Open-source Candidate, Al Gore. :)
Locks are good, they help law abiding citizens avoid being the targets of crime. Not allowing crypto to be exported has the affect of making it inconvenient for US citizens and businesses to get good locks. Thats bad--- it not only costs time and money, it often means we don't have the locks we should.
Mr Baker is right--- even if this case is won its not the real issue. The real issue is protecting communication among people. All we want is to protect our communications, domestic or international.
I wish I had a nickel for everything this government does (especially the EXECUTIVE BRANCH) that was unconstitutional - hell, I could afford to pay the IRS!
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I fully support this ruling, and hope that it leads to the loostening or abolishing of export restrictions on crypto, but I don't think it's going to happen.
I betcha the executive branch will come out and put its foot down and play the "matter of national security" card to prevent it. As dumb as it is, I don't see them giving up their position that easily.
Blah.
Happy day, crytographic day. :)
Beer recipe: free! #Source
Cold pints: $2 #Product
Hmmn . . . that's fairly foolish, since the international version has more functionality. It's not inhibited by the MIT legal kludge.
Beer recipe: free! #Source
Cold pints: $2 #Product
Going on an idea for a computer language similar to english, what if someone converted a computer language to english and back again. It could be close enough to english to pass as free speach, but structured enough to be converted back to c or some other computer language. Then, post your "free speach" and the simple translator, instant crypto export. I'm not a lawyer, so I can't say it would be legal, but it would be interesting if someone pulled such a stunt.
Not all patents are in language. In fact, except for software, no patents are in "language." Example: a book. It's certainly in a language. But you can't patent a book. Now, let's try some new chip. Is it in a language? No. The plans for it and the documentation are both in a language, but those can't be patented (copyrighted, yes, patented, no).
Now, here's the interesting thing: you cannot patent source code, anywhere. You can naturally copyright it, in fact you're expected to (even the FSF does it). But it's a representation, a language. So you can't patent it.
What you can, unfortunately, patent is the concept behind the code. To give you an example, let's take LZW compression (most commonly used in GIF's), the patent for which is held by Unisys. Now, Unisys has source code, of course. That isn't patented. However, the patent on the compression means that you are not allowed to write any code using that algorithm, even is your code is completely different from the code Unisys has. In effect, it's patenting an idea (which, if I'm not mistaken, the Constitution forbids, but the government either hasn't seen that or has been lobbied by the industry not to look). Other patented ideas: the use of XOR to move a mouse pointer across the screen, the RSA encryption algorithm, color-matching technology (if you believe Imatec's latest claim, which I don't), and so on. There is no patented code for any of these; in fact the RSA encryption algorithm can be found in any discrete mathematics textbook (it's a popular example exercise). But, no one else can use these, even though they're doing their own work, not stealing that of the patent owners.
This is my major gripe with the patent system. The software industry has twisted it to a use for which it was never intended.
So wait...Does this mean that I can't post that I'm an international arms trafficker at the bottom of my emails anymore?
My Slashdot account is old enough to drink...
I am greatly in favour of the US Crypto Export Restrictions. I am studying cryptography (they like to call it cryptology) in Denmark and have written a java crypto library called logi.crypto which is available either GPL'd or with a commercial license.
I can only hope that the export restrictions will never be lifted, since they mean that I effectively don't need to compete with anyone in the US.
In fact, before this I worked for an Icelandic software company which was hired as a sub-sub-contractor by a US software company to design and implement the cryptographic portions of a large communications application. They could not hire a US company, which they would probably have done otherwise.
It is also completely silly to suggest that not exporting strong crypto products is going to help "protect the world from terrorists and criminals". I mean, go buy your cryptography stuff in Ireland. There is no reason to think it will be any less capable. Or, if you are a "well funded" organization, hire a few cryptographers of your own. They don't quite grow on trees, but they aren't that hard to find either. I'm sure our friend Shamir is training a few down in Israel.
Really, as people keep hammering on, the only people who are going to stop using cryptography because it is illegal, is the people who are relatively honest anyway. The whole thing does not make any sense, however you look at it.
Logi - I can do anything, but not everything.
It would be nice if we really had knocked over this one and could go on to software patents.
Thanks
Bruce
Bruce Perens.
Didn't some other judge rule that source code was indeed NOT "speech"?
--
Fuck the system? Nah, you might catch something.
#include "stdio.h"
printf("The way I see it, source code isn't just for the computer to follow... It's for other people to follow as well...\n
\n
My reasoning: If it was just for the computer to understand, why can it have comments in it, that are for the people to read, and the computer ignores?\n");
/* (yes, I know the "'s should be less/greater signs, but HTML likes to eat those.) */
The print is in an OCR-friendly font, with special provisions for whitespace, and with checksums. But it's still entirely human-readable and expressive.
The tools for both printing code in that format and decoding it once it's been OCR'd are available for FTP from the directory ftp://ftp.pgpi.com/pub/pgp/5.5/books/
Your suggestion that the US Administration cares about the well-being of US software companies is dubious. They care about it only in so far as it doesn't interfere with their intelligence-gathering capabilities.
Public key encryption allows for the transfer of cash. Transferring large amounts of cash by way of dollar bills is difficult, time-consuming and inherently risky, so that's not too much of a problem. Transferring large amounts of cash digitally is easy and (can be) safe.
Digital cash means that large sums of money can be transferred un-taxed.
--
Mark Fassler
fassler at frii dot com
But by defining it a language in an
expressive manner - this brings the full
force of the first amendment into the
picture - it makes it a constitional
arguement!
Another interesting situation is the
suit Phil Karn brought to try an export
a floppy containing source code that was
already printed in a book on cryptography
that is exportable. They turned that down,
though they approved the books international
export? Doh!
Steve
Have you compiled your kernel today??
ROAR!!!!!!!
Just had to let loose a bit..
This will probably wind up being the most important development in the US software industry ever, simply because people everywhere will now have easy, legal access to the same strong cryptography implementations. This is BIG.
--
Kyle R. Rose, MIT LCS
[ home ]
- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
To quote a lawyer from the Wired article:
- SamThe secret to enjoying Slashdot is to realize that it should not be taken too seriously.
If you're going to nitpick about the greater than less than signs,, you also forgot your
main(){
}
function.
Something like what you have wouldn't compile
Before I flame, do tell: why do you think crypto export is a bad thing?
http://www.ce9.uscourts.gov/web/newopinions.ns f/f606ac175e010d64882566eb00658118/febd2452a8a4d79 b8825676900685b71?OpenDocument
IMO it'd actually be better if "binaries" were ruled as not being protected speech but source code was. Imagine only being able to export open-source crypto products :)
The big companies and their closed systems could either get the license, export weak crypto, or release the source.
Nothing worth doing is worth doing today.
Oceania has always been at war with East Asia.
From the decision,
We express no opinion regarding whether object code manifests a "close enough nexus to expression" to warrant application of the prior restraint doctrine. Bernstein's Snuffle did not involve object code, nor does the record contain any information regarding expressive uses of object code in the field of cryptography.
They're very clear when they say that this decision affects source code only.
--
Ian Peters
As noted in my post above, the decision doesn't make any decision regarding binaries. Rather, they note that the decision doesn't affect machine code, but they don't deal with the legality at all. As it stands now, the previous regulations still stand, but I find it hard to believe that the government won't overhaul crypto law in light of this decision.
... just a thought.
Regarding obfuscated code, well, I'd like to see you make a good legal argument about what distinguishes obfuscated code. There are certainly people who would be able to read obfuscated code, which makes it expressive
--
Ian Peters
IMHO the reason is to prevent the creation and general acceptence of secure crypto standards and the mass deployment and general use of crypto for communication. While this doesn't stop any terrorist or other criminal from communicating securely, it will prevent crypto enabled standard software (read: integration into Windows) and make large scale electronic surveillance possible.
Considering the priority shift of the US agencies form the cold war to economic espionage and warfare, the ECHELON project, whose primary target are the states of the European Union, and the explicite exception from the crypto restriction for US companies' department in foreign countries, it is obvious that besides the usual govermental desire for total power and control, there are also big economical interests.
see for yourself...
http://dcs.ex.ac.uk/~aba/rsa/tattoo2.html
This is very narrow ruling. Essentially, the majority stated that software is clear text that can be read and understood by others (humans). Furthermore, cryptographers use software as a means of conveying their ideas to one another. Hence, restrictions on encryption software restricts the ability of cryptographers to communicate with each other. Software does not have to be compiled to be useful.
There was a dissention. He stated that software is a tool that a person uses in order to get the computer to eventually do something. There is little distinction between the source code and the compiled object code in turns of functionality.
Note: this ruling may "only" apply to cryptographers since they transmit their idea using code.
From now on, I propose that we all "talk" to each other in source code.
If I write a virus program and post the code on the web, is this the same as shouting fire in a crowded room? Or is this just the language of virus writers?
What about those people who went out and got ;-)
the RSA-in-3-lines-of-Perl program tattooed on
their arm? (Suddenly, that 'This human is
classified as a munition' tattoo that I wanted to
get across my chest doesn't look so neat.
Doug
Well, here's two old links I had lying around...
Tattoo 1
Tattoo 2 (My favorite)
Doug
This is a wonderful result. Source code is a method of communication - of expression - and thus protected by the 1st ammendment. The compiled binary is a tool, serving simply a funtional purpose. My reading is that the source code can now be exported but binaries can't. If this holds, any company wanting to export strong crypto must do so in source form. And the source form must be readable and understandable by other people, in other words, it can't be obfuscated code. This is not only a big win for cryto and free speech, but also for OSS.
...Linux!
Andrew
--
"You never know when some crazed rodent with cold feet might be running loose in your pants."
-Calvin
The crypto restrictions were always pretty dim, particularly since you could export books which explained the theory of the algorithms, or even, as somebody noted, the source-code itself.
Definately headed for the Supreme's, particularly since there have been conflicting concepts of software as speach. Given that, the court will probably choose to hear the case. They could always let the deicision stand without comment, though. We shall see.
---------
Did anybody REALLY get the tattoo? Or is it
an urban legend.
-fb Everything not expressly forbidden is now mandatory.
I would really like to see this stick but the article finishes with an appeal. This means that, though its a start it really isn't much to go on.
It seems flimsy though to say that programming is simply a language and therefore violates his right to free speech. It just doesn't seem like much to go on when the government believes that it is a national security issue. I'm still doubtful this means much.
-----------
Resume
Football Sports Contest - Win $500 for having an e
Many people miss the point of crypto export restriction and point to the facts that strong crypto is wide available outside the US, that the restrictions are not consistent, hard to enforce, etc. Irrelevant.
The restrictions are actually working very well.
Anyone who really wants crypto anywhere in the world will get it. Terrorists and drug cartels are using crypto for decades. What the export restrictions are really doing is prevent the creation and widespread adoption of interoperable international standards for ubiquitous encryption. That's what they really want. They want no obstacles to their dragnet-style eavesdropping on everyone - on you.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
I guess that means we can't be "International Arms Traffickers" anymore.
What the whining liberals call "prejudice and racism" was precisely that. The US went to war with Japan in 1941, after they bombed Pearl Harbor. As a knee-jerk reaction, all people of Japanese descent living on the west coast (where they could concievably help an enemy invasion) were sent into internment. Their property was siezed, some never to be returned, and they were carted off to Arizona and Texas to live out the war in prison camps. The majority of the people sent into internment were Neisei (sp?) or second-generation Japanese living in the US. That means they were US citizens and therefore (supposedly) protected under the constitution. Most were *not* aliens living illegally in the US, but naturalized or born citizens.
There, a little truth, the product of "most minimal research" I spent all of 10 minutes researching this, and came up with more facts than your hateful rant contained. Stick that in your negationism pipe and smoke it!
0 1 - just my two bits
Accordint to This NY times article there are at least two other cases concerning this same question. Let's hope this ruling sticks before both those courts, and is upheld in the (inevitable) appeal to the US supreme court.
Before anyone gets upset about another login-required NY times article, remember login/password=cypherpunks/cypherpunks.
0 1 - just my two bits
This is great news! However, be wary: "Justice" has appealed the decision, and the article was very light on details. That means it may go to the Supreme Court, if I've got my US Judicial System hierarchy right... there's still the danger of this decision being overturned.
The Supreme Court is a lot more likely to take a case where the Circuit Courts are in disagreement. So let's hope that Justice DOES charge someone else in another circuit and wins. Then, in a couple of years, *sigh*, the Supreme Court would decide... the Court is conservative, but generally pro-speech.
"Besides which, maybe exporting strong crypto isn't that great of an idea in the first place. Anybody care to comment?"
I'm not sure that the issue is *solely* one of exporting crypto, per se.
If strong crypto was truly considered to be a national security issue, it would be illegal to publish the source code in a paper book, as well. It is not so much the that encryption is or is not a national security issue, though, but that the laws regarding the export of strong encryption are oxymoronic and effectively unenforcable. Since nothing prevent someone from printing the source code to an encryption routine and then mailing it overseas, there is, essentially, no real restriction at all. If someone really wants to use that routine, having to type it in by hand is only a minor inconvenience.
That bit aside, there are at least two reasons offhand why I consider these export restrictions to be a bad idea.
1. The US does not have any kind of unique position with regards to strong encryption. It is possible (and very easy) to acquire encryption tools at least as strong as any available within the US. If someone wants strong encryption, they will get it somewhere, whether the US likes it or not.
2. As a result of (1), the US is placed in the position of being unable to effectively compete on an international arena where any strong encryption is concerned.
Nunc Tutus Exitus Computarus.
EXACTLY!
I can just imagine the day when OCR becomes reliable enough to read books of code... then books will be software!
Book banning will be legal again!
I was reading one of the "related articles" on that story http://www.news.com/ News/Item/0,4,0-23872,00.html?st.ne.ni.rel, and one Judge Gwin says that software is not language like cooking recipes, instructions, and manuals, because the software is "purely functional" and "actually performs the function".
HELLO?! Has he ever seen a floppy disk encrypt anything? No! It takes a COMPUTER to do that!
Software is by definition INSTRUCTIONS for the processor. In fact, the word "instruction" is used throughout computer terminology!
He should be banning the export of computers for being able to encrypt. (Sadly, that's more than just sarcastic: we already do that to a certain extent with supercomputers.)
[wiping away tears of happiness]
If this holds up I will start to believe in God again.
Okay, if source code is protected by Amendment 1, what about this hypothetical situation:
How does this fit with my classified drawings showing how to build an advanced laser communications system? It's on paper and it belongs to my company. Why can't they publish it to certain customers? They are not selling the actual hardware, but the means to produce the product. So how is a government to regulate the transfer of advanced technology, based on the First Amendment?
I personally believe cryptography should be more available, especially for worlwide commerce over the Internet, but there are other issues I don't see clarified.
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
Richard von Weizs
This case was heard by a three judge panel of the Ninth Circuit, and one of the judges dissented. Furthermore, any of the other circuits could come to a different conclusion -- the law's far from settled. As a matter of fact, the dissenting judge approvingly quotes Judge Gwin's decision in Junger v. Daley -- that's the decision that said that encryption source code cannot be categorized as pure speech and that the functional aspects of encryption source code cannot be easily ignored or put aside. Junger still remains good law in most of the country...
If and when this case is appealed, remember, the Supreme Court doesn't even have to hear the case. In fact, for most cases appealed to the Supreme Court, cert's denied.
OTOH, the judge who concurred specifically wrote, "The importance of this case suggests that it may be appropriate for review by the United States Supreme Court." That's no guarantee that the Supreme Court will take the case, though.
What nobody seems to be dealing with in the courts is the issue of the US gvmt engaging in unfettered spying on its citizens, in the name of the 'drug war'. The intelligence apparatus of America is operating under the false assumption that since they arrived at a nice 'gentlemens agreement' with Russia during the Cold War, to allow each side to passively spy on each other, that the same methods could acceptably be employed against fellow citizens. The rights of protection against illegal search and seizure directly address this issue.
Never before in the history of mankind has a nation been so able to spy in such minute detail on its citizenry. Roving wiretaps, network sniffing, heartbeat monitors at the borders, radar which can see underground and through buildings, and electronic emmisions snooping are all technologies which enable our gvmt to put selected citizens under a very powerful political microscope. The information gathered on such an unfortunate citizen could easily be used by an unscrupulous and well-funded intelligence organization to squish that citizen like a bug.
Imagine all your preferences, habits, the people you associate with, your sexual desires, political affiliations, and all other aspects of your life being available to CIA, to be used against you if you become the target of a persuasion campaign.
The real issue of encryption is safety against illegal search and seizure.
YES!
"Source Code is Protected Speech"
Does this make my source code less likely to infringe someone's patent? What does this mean for copyrights? Can I slander with source code?
Downer: Isn't the 9th Circuit usually reversed?
It should be noted, however, that the United States (i.e. the Solicitor General's office) has a much higher percentage of its petitions for certiorari granted than any other party. I don't have the numbers handy, but I recall it being a fairly significant edge.
In addition, I suspect the Court would be somewhat reluctant to allow the export regulations to be effectively crippled without a hearing. (How effective could the regs be, if all one needed to do to export crypto source code was to set up shop in the 9th circuit? And would it be legal for a U.S. citizen, say, in the 5th Circuit to transfer code to a U.S. citizen in the 9th Circuit, knowing it would be legal to export it from the 9th?)
Insert all relevant disclaimers: IANAL, nobody can predict the Supreme Court, etc...
The implications are greatest for those who write free software. The ruling seems to apply only to source code. It's hard to argue that object code, which is understandable only by machines, qualifies as "speech." So companies that sell binaries may not be affected at all. They will still be enjoined from exporting encryption without a license. However, distributing GPL source code without binaries is not only easy, it's common practice. If this ruling stands, it'll be one more thing that puts the "free" in "free software".
How about developing a computer langauage that is as close to english as possible, in the sense that its syntax reads like english.
e.g.
x is two plus one
This should make any attempts at control of source code export impossible.
i think it's good..
l ) and-- in some cases-- emulators.
a th/
as to viruses, it would depend on the way the law is worded. i don't think "writing malicious code" would be the language used to outlaw viruses. I wouldn't know though.
Anyway i seem to remember the Mellissa author was charged with "unauthorized entry to computer systems" or something. That wouldn't be covered under free speech.
What this is more likely to do is shift the legal emphasis from the author of the illegal program to the users of the illegal program. This would mean that people who write programs seen by some as "malicious"-- y'know, WinNuke, BackOrifice, AOL4FREE (http://www.wired.com/news/culture/story/3309.htm
The last one is the most important, to me anyway. if code is free speech then can Nintendo censor you?
--mcclure111
http://home.earthlink.net/~mcclure111/hamsterde
INTELLECTUAL PROPERTY IS THEFT
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Not so! In fact, in the documents I read, it stated that if they truely felt it was a matter of immenent and direct threat to the security of the nation they would be able to rescrict the export of books as well. "Classified Document" means a document (writing on paper) that cannot be given to foreigners, right? OTOH, it's perfectly legal even today to export source code if it's printed on paper. This is because they haven't proven that it's a threat to national security. And I don't think that they can, because as has been pointed out elsewhere, encryption is easily obtainable outside the US.
Never attribute to malice that which is adequately explained by stupidity.
I find it interesting that part of the descision was
With the continuing approach of computers that can understand and act sensibly on speach proceeds, this ruling gets closer and closer. I don't think this is here yet (it will, imho, be overturned) I do think that it's inevitable that this will happen. As computers become able to interperate a wider and wider variety of things, the export laws would have to get more and more restrictive, and are more likely to be overturned.
Wouldn't this mean that the "RSA in three lines of perl" tatoos are legally exportable on the same basis that a book full of source code is, but that the "bar code form" of the same thing wouldn't be exportable?
It's interesting to note that the argument on the one hand is that source code is a "machine" (although a virtual one, it is still a machine) and on the other hand source code is intended, by definition, to be primarily human readable, and requires a compile step to be a machine. I wonder where this leaves interpreted languages, where there is no compile?
There is also a note burried in there to the effect that because the web and computers in general have become so powerful, personal privacy has become more scarce now than at any other time in history. And then notes that the widespread availibility of strong encryption would help to negate this effect and the people would regain some of the lost privacy. This is the ultimate point. Computers make it to easy to keep track of people, and we've been denied access to their equal ability to hide people.
Never attribute to malice that which is adequately explained by stupidity.
No, they can't. This only rules for sourcode. So, mozilla.org could export things as source but could not distribute binaries to people. Free speech doesn't protect executables. This ruling is just about source code.
Their arguments against the export:
First, it is not at all obvious that the government's view
reflects a proper understanding of source code. As noted ear-
lier, the distinguishing feature of source code is that it is
meant to be read and understood by humans, and that it
cannot be used to control directly the functioning of a com-
puter. While source code, when properly prepared, can be eas-
ily compiled into object code by a user, ignoring the
distinction between source and object code obscures the
important fact that source code is not meant solely for the
computer, but is rather written in a language intended also for
human analysis and understanding.
Second, and more importantly, the government's argu-
ment, distilled to its essence, suggests that even one drop of
"direct functionality" overwhelms any constitutional protec-
tions that expression might otherwise enjoy. This cannot be so.16
The distinction urged on us by the government would prove
too much in this era of rapidly evolving computer capabilities.
The fact that computers will soon be able to respond directly
to spoken commands, for example, should not confer on the
government the unfettered power to impose prior restraints on
speech in an effort to control its "functional " aspects. The
First Amendment is concerned with expression, and we reject
the notion that the admixture of functionality necessarily puts
expression beyond the protections of the Constitution.
One thought related to the post which mentioned the liberality of the current court. My statement about "conservatism" is strictly in relation to issues related to national security, where the court still tends to move cautiously.
I really appreciated the poster who provided the analysis of the opinion, the dissenters, etc, BTW. Good job all!!
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
First of all, there is the inevitable appeal to the U.S. Supreme Court which (IHMO and IANAL) has generally been sensitive to national security concerns in such a way that a conservative ruling is more likely than the (again, IMHO) liberal ruling of the appellate court.
Secondarily, following the unsafe assumption that the Supreme Court would uphold the appeals court decision, if Congress could still pass a more specific law as to when crypto software can and cannot be exported , using the previous court judgement to refine the law. If the Free Speech == crypto exports lawsuit is brought up again, it would then need to again go through the whole process of trial and appeals all over again.
...(momentary pause -- I'm putting on my asbestos underwear)...
Besides which, maybe exporting strong crypto isn't that great of an idea in the first place. Anybody care to comment?
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
This is an important point to consider - the core contention of this case wasn't so much the encryption issue - it was the fact that the professor wasn't able to publish his findings in a scientific journal - his right to literary expression was abridged.
In fact, the Court specifically defers making a general ruling on the constitutionality of controlling crypto software in general.
So, IANAL, but I wouln't go posting your crypto code for the entire world to see just yet. This is certainly a step in the right direction by the 9th Circuit, but we're not out of the woods yet, folks.
What's the bet that the US government knew that the export laws could be appealed on constitutional grounds, but went ahead and got all these countries (including my own, Australia) to sign the Wassenar agreement.
:P :)
So... now the US can quite legimately claim that it can't honour the agreement because of the constitutional appeal, giving US software companies an advantage over all the poor countries that were duped into signing over their rights (and most of us don't have those sort of clauses in our own constitution).
Thanks, guys!
This is great news indeed, but lawyers and judges and most everybody else have no clue where this leads.
/. readers) would probably refuse to accept this.
If source code is considered a language and is therefore protected under free speech, it is obvious that all information transmission is protected. While this happy news to me, and probably also a GOOD IDEA(TM), 99.999% of the brainwashed masses (and unfortunately many
I expect this to get overruled almost instantaneously. Either that, or they will pile hack upon hack upon hack on top of the legal wording to make sure IP stays intact, as well as the ability to make information "ownable".
Foolish humans.
For anyone that needs to have encryption software developed (dictator or otherwise) this may not be a big deal, but for people in the software development business it is! This would mean that developers of off-the-shelf stuff can include strong encryption in their products and legally sell them overseas. People and corporations here (in Europe) have been asking for strong encryption to be incorporated in the applications they use, but the law has always prevented it. This ruling, if upheld, may change that!
j udowone Look at the section on strong encryption).
If you want to know what I mean, and what the implications of this silly restriction are to non US citizens, take a look at any product that already offers encryption, like Netscape (http://www.netscape.com/download/index.html?cp=d
This is anything but symbolic.
Just attach a working executable to your email, and you'll still be an arms trafficker in the context of this ruling.
I found this map. Maybe it will clear things up on this issue:
circuit court jurisdiction map
Once you pick those random numbers, you have to find the closest primes to them. AFAIK, a simple invocation of bc isn't going to do that...
While many are celebrating this ruling due to the crypto export implications, I think real victory is for the deeper issue: is source code speech? While the fights not over, I'm very encouraged that the appelate court reaffirmed that source code is expressive and is a form of speech (at least within the narrow context of this case).
The Junger case was similar. It involved a law professor who wanted to post crypto source code for his "Computers and the Law" class. A lower court (going against the ruling of the lower court in this case), sided with the government and dismissed the expressive nature of source code due to its functional aspect. They basically said source code wasn't speech. This was, IMHO, a bad bad ruling. I really find it offensive that the court would assert that a language such as C that I spend a large portion of my time reading and writing (often just for fun), isn't speech. I use computer languages to communicate ideas. That's speech. The judge (Gwinn) in the Junger case just didn't "get it." I've read this ruling, and it's obvious that at least some of the judges (or more likely, their aids) do "get it."
Let's just hope that if this goes to the Supreme Court, they're as enlightened.
Randy Weems
rweems@nospam.hotmail.com
It seems that a lot of good things have been happening. I wonder if this will be something one tells the grandkids, like the Berlin Wall coming down. (And getting the same blank stares of non-comprehension :) )
I am still wary of the Government fighting this into submission... but I still hope it holds...
But methinks we're on a good trend here. . .
Those being the guys that filed briefs in support of the plaintiff (Bernstein). Selected bits:
Electronic Privacy Information Center
American Civil Liberties Union
...
Dr. Whitfield Diffie
Dr. Peter Neumann
Dr. Ronald Rivest
D. James Bidzos
...
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Here's an idea -- take a computer language that uses some finite character set. Figure out a one-to-one mapping of the set of strings-comprised-of-that-character-set to the set of natural numbers. This means you can convert any string on that character set into a unique natural number, and vice versa. Then figure out a one-to-one mapping of colors (red, green, blue 3-tuples) to natural numbers. Then you'd have a way to turn any color into a unique natural number, and vice versa. What this gives you is a method for converting any string on this alphabet to its own unique color. And given any color, you'd be able to derive the corresponding string on that alphabet.
What this means, of course, is that you could smuggle code around by encoding it as some very specific shade of pink (or whatever), dyeing a bit of fabric that color, then analyzing it later (assuming you have a sufficiently powerful spectrophotometer). Now that would be cool.
"Whatever happened to fair use?"
-- Duff-Man
trying to download the monster on a crappy (in terms of speed) server... ;-)
So what does this mean for FreeBSD? Can the maintainers finally move the project to the US so as to save money (versus paying Canadian prices for hardware, etc...)?
There are only two products to come out of Berkely: UNIX and LSD. We don't believe this is a coincidence.
Presidential candidates ought to be out trumpeting this one as a win for business and free speech.
This is great news. It reminds me of the big fat book of PGP source code in the book store, printed only to demonstrate the inconsistency of these laws. Now *that* was comedy.
Forgive me if this seems a silly question, but why *do* the US government want to restrict encryption export?
Do they actually believe that it's a threat to national security? I can't believe even the US government could be quite that stupid...
Is there maybe another reason? I don't know what... something to do with trade maybe? It's not like it'd be the first time they've tried to gain unfair trade advantages.
Of course, that's probably not it... but if not, what *is* their motive?
If "source code" is speech and you can't restrict that, what about binaries?
Someone mentioned that netscape would be able to exports their strong crypto version if this was upheld - but it's not distributed as source.
Methinks this is a big gray area.
--
--
Jason Eric Pierce
Yeah! It new that someday this would change, but I never expected it so soon. While the justice ruling is only for "source code" and not binaries, it is trival to export a compiler and source in one package. In fact, one could successful argue that assembly language is "source code" therefore, you need only ship a dissasembler with your binary product, as binary is a "compressed" form of assembly language. Heck, it's almost as easy to read as LISP anyway. :)
(note: this is obviosuly not an informed legal opinion)
-- Virtual Windows Project
The full text of the ruling can be found at:
s tein_case/Legal/19990506_circuit_decision. html
http://www.eff.org/pub/Privacy/ITAR_export/Bern
It's about time.
Anyone who cannot cope with mathematics is not fully human.
Excellent points, however the dissent brings up a good point -- that the source code is functional. From Justice Nelson's wording, I get the impression he'd allow Bernstein's encryption algorithms, but not the actual source code, to be published online in order to express his "scientific methods and ideas". That seems a little stupid to me, but whatever, I'm not a judge.
;-)
Nelson also cites the Junger case -- which comes down against a First Amendment use. (Junger v. Daley, 8 F.Supp.2d 708 (N.D.Ohio 1998)). Now that we have a split in the circuits, I think a Supreme Court review is inevitable. Whether they take Bernstein or wait for another case is a crap shoot. I can't predict the Supreme Court any better than meterologists can predict the weather in the Northeast.
I started to get the same thing, but in C.
Unfortunately, after the artist got halfway down my back, I passed out.
It's a shame too. He still hasn't done the header files yet.
:)
Save the whales. Feed the hungry. Free the mallocs.
"...software is considered language, and therefore the export limits violated Bernstein's free speech under the First Amendment."
If that interpretation is upheld and accepted as precedent, it could have HUGE implications for people who write software in the U.S.
For example, if your state government passed a law prohibiting the writing of malicious code (i.e. virus, worm, trojan), First Amendment protection could make the law unconstitutional. The act of distributing the virus/worm/trojan could probably be prohibited, though.
IANAL and this post is all conjecture on my part, but I am VERY interested in seeing how this plays out.
Save the whales. Feed the hungry. Free the mallocs.
Restriciting export of crypto is POINTLESS. The laws are left over from the days when the *algorithm itself* was an important secret that needed to be protected. Now days the algorithms are all public (and well known all over the world) and the encryption key is really the important part. Restricting crypto export accomplishes nothing but harm to the American software industry.
I've been through the process of getting export approval for an encryption capable web server. It was a time consuming pain in the butt, and in the end we still lost sales because we couldn't ship the 128 bit version. The whole things was particularly annoying because we had to get a new license every time we released a new version of the software. Our product did the same SSL encryption everyone else did. It is a waste of taxpayer money when the government takes the time to individually license every single version of every single product that uses the same friggen algorithm! I almost wonder if the only reason we still have these pointless laws is because a bunch of useless buraeucrats are just trying to hang on to their pointless regulatory jobs.
Thad
The Bolachek Journals
I wouldn't be surprised to see another appeal, to the US Supreme Court now. This has been too big an issue for the US Government over the years to let it drop without a real fight.
You could just use the Bible: Each character
in a C program is substituted by a verse from
the Bible.
Now, would anyone be able to call a subset of
the Bible "machine code"?
I'm sure that this is the right decision... the whole export thing was just ridiculous for those of us outside the US, most people I knew who cared about security just "got hold of" US PGP anyway and lived with breaking the law. Not sure about the justification, though.
Actually, conservatives nowadays are more likely to be against crypto controls. (Bob Dole actually said he'd lift them if elected.) It varies a lot by party in any case-- supposed moderates like Clinton are all for them (but then again, he's for FBI roving wiretaps without warrants, but I digress), as are national security-minded moderates in the Republican party. On the other hand, activists on both the liberal and conservative side tend to be against crypto controls.
Hmmmm. I thought the only restriction was on the EXPORT of encryption technology. AFAIK, US citizens have been able to use any strength encryption they can lay their hands on. They just aren't allowed to export the technology. So all the US government agencies really want to be able to do is 'snoop' on non-US citizens, who presumably are not protected by that holy-of-holies, the US Constitution.
MrCreosote Meow!Thump!Meow!Thump!Meow!Thump! "You're right! There isn't enough room to swing a cat in here!"
Two things to consider before getting all excited about this ruling.
1. Similar to the trademark decision that caused much excitement last week, this decision is from the Ninth Circuit which has the distinction of being overturned MUCH more frequently than any other circuit.
2. This free speech rationale is pretty weak in terms of precedent. This argument if excepted would make it legal to export any writing including, say, instructions on making nukes. The Supremes are not about to buy into it.
As counter productive as current crypto laws are, I think this is a problem that needs to be addressed legislatively, not judicially.
Write your Congressperson. Tell them geeks vote.
The text of the opinion is now available at the 9th Circuit website.
Agreed this is a remarkable and exciting result. agreed that this is quite likely to go up, given the stakes involved. For now, however, I will withhold further comment until I have had a chance to study the opinion.
It is important to note the narrow scope of the holding, despite all the yummy language:
"We emphasize the narrowness of our First Amendment holding. We do not hold that all software is expressive. Much of it surely is not. Nor need we resolve whether the challenged regulations constitute content-based restrictions, subject to the strictest constitutional scrutiny, or whether they are, instead, content-neutral restrictions meriting less exacting scrutiny. We hold merely that because the prepublication licensing regime challenged here applies directly to scientific expression, vests boundless discretion in government officials, and lacks adequate procedural safeguards, it constitutes an impermissible prior restraint on speech."
Slip Opinion at 4241.
The significance of this limiting language should not be overlooked. While the court did, in dicta (non-precedential commentary) reach out into the nether areas of whether government may try to slow the use of encryption, that was not the limited holding which is the crux (and legally binding effect) of the opinion.
Indeed, there is some risk that the opinion might be understood as a roadmap for drafting revised regulations or legislation that would permit the particular conduct encouraged by Bernstein (scientific inquiry) as a sort of "fair use," but preclude any other uses of encryption, which is among the Government's principal goals. [Replacing the prior restraint licensing, for example, with severe penalties for improper disclosure after the fact, with narrow exceptions for "academic and scientific" expression. Indeed, limiting regulation to use and transmission of object code and non-expressive transmission of source code might go a long way to slamming down much of what the government wants to slam while passing muster, perhaps, even with this court.]
Many roads before this will be over with: possible en banc review before the entire 9th Circuit, possible appeal to the Supreme Court. Possible dumping of the statute for more technically acceptable, yet equally egregious legislation.
But it is nice to see that we are no longer spitting into the wind, legally speaking. Dicta or no dicta, this opinion gives counsel for prospective cypherpunks a lot with which to go to bat. I am also encouraged with the hints that the Fourth Amendment is also implicated by crypto regulation!
By the way, some people commented earlier that the court's "liberal" opinion would be disregarded by the Supreme Court. I think not, at least not by lockstep ideology (although they might reverse). Arguably the most conservative voice on the bench, Justice Antonin Scalia is a powerfully strong First Amendment advocate, almost to the point of being absolutist. Don't forget that this is the same conservative court that twice shut down Flag Burning statutes.
That law considered that encryption as a weapon and so that kind of technology was (is?) not to be exported out of the US. IMHO, it was kind of a stupid thing: if I was a Dictator of some republic full of atomic bombs and needed strong encryption it wasn't the hardest thing to get. Well, if *I* wanted strong encryption, I could download it of the net!
So, the abolition of that law, is more simbolic than practical (for the average citizen the encryption available out of the US was as good as 148 bit!)
Joao
It is yet to be seen whether it gets appealed again (don't they have to show that there was some flaw in the process so far to make a higher appeal?).
However, I wonder how broadly this can be applied. The rulings of the 9'th Circuit court are not binding for other circuits (AKAIK, IANAL) but rather can be used in other circuits as being suggestive only.
Perhaps the FUD'iest thing they could do would be to NOT appeal, but to charge someone else in a different jurisdiction.
Certainly, the government's claim that it merely wants to preserve court-authorized wiretaps doesn't hold water. If that's all they want, ubiquitous encryption is a mere inconvenience, not a showstopper. They can use TEMPEST vans to read a suspect's outgoing e-mail before encryption and incoming e-mail after decryption. They can plant Trojan horse chips or programs in a suspect's computer. They can plant a hidden camera to read the suspect's passphrase over his shoulder.
Note that these alternatives don't scale well. They're fine for the few hundred authorized taps each year, but aren't suitable for COINTELPRO-type shenanigans -- it's too much work, with too much risk of being caught.
The government considers that a bug; I call it a feature.
Bottom line: Anybody who insists on crypto limits or backdoors has an agenda that goes far beyond catching the real bad guys.
/. If the government wants us to respect the law, it should set a better example.
How longs before I can stop cracking Rc5 keys and get to work for SETI?
PDG--"I don't like the Prozac, the Prozac likes me"
"Where is my mind?"