17 March 1998: Add Cohn testimony
16 March 1998: Add Gilmore message

13 March 1998
See related notice: http://jya.com/bernstein12.htm

Date: Mon, 16 Mar 1998 20:20:52 -0800
To: bernstein-announce@toad.com
From: Cindy Cohn <Cindy@mcglashan.com>
Subject: Cohn Testimony

Here is the text of my testimony before the Senate Judiciary Committee's
Subcommittee on Constitution, Federalism and Property Rights on Tuesday
March 17.


	I want to thank the Sub-Committee for inviting me here today.  Although
there have been very many hearings and much discussion about cryptography
here in Washington, this is the first, I believe, to seek testimony from one
of the attorneys directly involved in the legal challenges to the
cryptography regulations.

	I've been asked here because I am lead counsel in the case of Bernstein v.
Department of Justice, et al.  With the help of the Electronic Frontier
Foundation, Professor Daniel J. Bernstein has been trying for over six years
to publish on the Internet a simple cryptographic computer program which he
wrote.  He has been told that if he does, he will be prosecuted.  

	We argued that American scientists, be they academics, in industry or
hobbyists, should not have to submit their own work prior to publication to
faceless government bureaucrats.  This is especially so when those same
bureaucrats have unchecked discretion to bar them from publishing his work.
That is what the current scheme allows.  In fact, before we brought suit
those same agency bureaucrats told Professor Bernstein that publishing an
academic paper about his software would be illegal and that putting his
software into a public library would be illegal.  The Federal District Court
for the Northern District of California has agreed with us that the
regulations are in violation of the First Amendment on their face, meaning
that they violate the First Amendment rights of all Americans, not just
Professor Bernstein.  


	Two other similar cases are also pending.  The first, Karn v. U.S.
Department of State, is here in D.C. District Court.  The Karn case is the
clearest example of the quip often made about the Administration's
cryptography policy--that it is based upon the belief that terrorists can't
type.  Mr. Karn was told that, although a book containing computer source
code could be freely sent abroad, a floppy disk containing the exact same
information could not.  The second case, Junger v. Christopher, is in
Cleveland, Ohio, and is based upon the government's position that Professor
Junger, a law professor at Case Western University could be prosecuted for
teaching a Computers and the Law course in his usual way.


	In the Bernstein case we have received three rulings from the District
Court so far, all in our favor:
		1)	April 1996:  Computer program source code is speech;
		2)	December 1996: ITAR was unconstitutional;
		3)	August 1997: New Commerce Department cryptography regulations 			issued
in December, 1996 are unconstitutional.

	In short, the Federal District Court has declared that every single one of
the current (and previous)  regulations of encryption software are

	The final ruling in our favor was appealed by the Administration, argued in
December, 1997 before the Ninth Circuit Court of Appeals, and is now
awaiting decision.  I have attached a copy of the third District Court
opinion to my written statement for your review.  I hope you have your staff
take the time to review it--it gives a clear and concise statement of some
of the key constitutional requirements that any legislation on cryptographic
software must meet and a better explanation than I could ever give you about
why the current regulations are unconstitutional.

	As I mentioned before, the Bernstein case challenges the current government
restrictions on cryptographic software on the grounds that they are in
violation of the First Amendment.  Although our case focuses, as it must, on
the current regulations, the analysis would apply as well to proposed
domestic restrictions which would restrict or license the creation,
distribution or receipt of cryptographic software.  Indeed, the
constitutional problems which would arise if domestic controls were imposed
are even more severe than those of the current scheme.   

	The first doctrine of First Amendment law which the cryptography
regulations violate is prior restraint of speech.  The Bernstein case
focuses on the  easiest flaws to see in the current scheme--the lack of
procedural protections.  The Supreme Court has long held that if the
government wants to institute a prepublication licensing scheme, it must
		1)	Prompt decision - no more than 2 weeks;
		2)	Only a court can stop publication; the government must bring a court
case rather than act administratively; 
		3)	Government bears burden of proof in Court.
This comes from a seminal Supreme Court case called Freedman v. Maryland. 

	I should point out that as much as I would like to take credit for our
legal analysis, we were not the first to see this problem.  In fact, the
first people to point out this problem in the regulations were in the
Justice Department's Office of Legal Counsel in 1978.  You see, the agencies
have known for 20 years that this scheme is unconstitutional.  Their own
lawyers told them so.  That is why you never hear them mention the First
Amendment in their presentations to you.


	The key point in our case, and in your consideration of any proposed
legislation, is that source code is protected expression for purposes of the
First Amendment.  On this point, the administration largely agrees.  Let me
repeat that--the Administration has not denied that in regulating computer
software it is also regulating the "expressive activities" of Americans.
This conclusion, which is obvious to anyone who has ever written or read a
computer program, is also consistent with what Congress has repeatedly
acknowledged.  Software is treated as identical to other forms of protected
expression in both the Copyright Act and the Freedom of Information Act.  

	From a legal standpoint, the Bernstein case is not complex, nor does it
break any dramatic new ground.  It simply asks the courts to recognize that
the First Amendment extends to science on the Internet, just as it does to
science on paper and in the classroom.  For it is this scientific freedom
which has allowed us to even have an Internet, as well as the many other
technologies which we enjoy today.	   


	Up to this point everything I've said isn't just my opinion.  It's been
decided by the Federal District Court.  My legal team and I believe that
there are other strong Constitutional reasons which prevent the regulation
of cryptographic software. The District Court did not need to address these
additional reasons, since it agreed with us that the first alone was
sufficient to invalidate the regulations. 

	In addition to procedural protections, the Constitution requires that any
regulation which institutes a licensing scheme, or any other form of prior
restraint, pass the strictest of tests.  Even a claim of national security
or public safety must be carefully weighed against our fundamental rights,
and must be supported with hard evidence of direct, immediate and
irreparable harm, not just conjecture and a few frightening scenarios.  

	Further, aside from prior restraint, a scheme which targets speech on the
subject of cryptography and treats that speech differently from speech on
other topics must pass the tests of strict scrutiny--that the regulation
address a compelling government interest and be narrowly tailored to reach
only that interest and no further.  That is, the government's concern about
national security cannot reach so broadly as to prevent law-abiding citizens
from having access to software which they can use for completely lawful
purposes.  Put into another context, it means that the government cannot
require all of us to deposit our house keys with them on the off chance that
one of us is a criminal.

	Further, the government must prove that their restrictions on speech
actually meet their goals.  Here, such proof would be difficult since
terrorists, pedophiles and drug dealers can simply purchase or download
strong German, Swiss or Japanese encryption software that is freely
available all over the U.S. and the world--over 500 at last count.  If
necessary, criminals could even type in or scan one of the computer programs
printed in the many books published on the subject.  


	Neither the current scheme nor any administration-supported, so-called
"compromise" schemes proposed so far addresses these First Amendment
problems.  And even the SAFE bill, which is well-intentioned, fails to
contain an assurance of judicial review of any agency decision to prevent
publication due to alleged national security concerns, a key element
required by the Constitution.  SAFE also does not clearly protect scientists
such as Professor Bernstein, but only protects those who seek to distribute
mass market software already available abroad.  This means that American
scientists can no longer participate in the ongoing international
development of this vital and important area of science.  


	In addition, we believe that regulation of encryption software and
technology violates the First Amendment because of what encryption does.
Encryption allows people to use electronic envelopes to protect their
speech.  The Supreme Court has noted that a state could not regulate ink or
paper without raising constitutional concerns.  We believe that similarly
the government cannot prevent Americans from using electronic envelopes or
require them to use key-escrowed envelopes without violating their First
Amendment rights.  This is because such rules compel them to speak to the
Government anytime they wish to speak to anyone else.  Encrypted speech is
still speech.  The elimination of privacy creates a chilling effect on that
speech which implicates the First Amendment.  


	In fact, in our research for this case we have discovered that the Founding
Fathers used cryptography on a regular basis.  Even the Constitution and the
Bill of Rights themselves were often encoded, as Thomas Jefferson and James
Madison exchanged drafts of those seminal documents.   Cryptography was used
by a virtual Who's Who of the American Founding Fathers--not only Jefferson
and Madison but Benjamin Franklin, Alexander Hamilton, John and Abigail
Adams, Aaron Burr, and many others.  In sharp contrast to the
Administration's arguments today, they viewed cryptography as an  essential
instrument for protecting information, both political and personal.  Our
research indicates that when the First and  Fourth Amendments were enacted
in the late 1700s, any suggestion that the Government should have the
ability to prevent individuals from encrypting their messages, or that the
Government should have a back-door key to all encrypted messages, would have
struck the Constitution's framers as ridiculous.  


	In sum, our legal challenge to the current restrictions on encryption
software is succeeding.  It is succeeding because the First Amendment is
clearly violated when the government institutes a prepublication licensing
scheme which allows agency bureaucrats unfettered discretion to prevent
American scientists from publishing their own ideas.  It is succeeding
because the Courts have recognized the importance of keeping the First
Amendment intact as we move into the information age.  As you consider the
many legislative proposals about cryptography, we hope you will do the same.  

Cindy A. Cohn, Cindy@McGlashan.com
McGlashan & Sarrail, P.C.
177 Bovet Road, 6th Floor
San Mateo, CA 94402
(650) 341-2585 (tel)
(650) 341-1395 (fax)

To: bernstein-announce@toad.com Subject: Bernstein's top lawyer, Cindy Cohn, testifies to Congress Tuesday Date: Mon, 16 Mar 1998 20:00:37 -0800 From: John Gilmore <gnu@toad.com> The lead attorney in Dan Bernstein's challenge to the US export controls on cryptography is Cindy Cohn, a partner at McGlashan & Sarrail of San Mateo, CA. She will testify on the constitutionality of export controls (and proposed domestic controls) on cryptography, before the Senate Judiciary Committee's subcommittee on the Constitution, Federalism, and Property Rights. The hearing will begin at 10AM (Washington, DC time) on Tuesday, March 17. The hearing will be cybercast in real-time, and will also be archived, at: http://www.computerprivacy.org (Scroll down to the "Encryption hearing to be cybercast" link.) Copies of Cindy's written testimony will be available on Tuesday from the EFF Web site; see http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/ I hope you can attend. The Ninth Circuit Court of Appeals has not yet ruled on the government's appeal in our case. They hope to overturn our Federal District Court case, in which all current export controls on cryptographic source code were declared unconstitutional. We expect a ruling within the next several months. John Gilmore Electronic Frontier Foundation Here are further details, courtesy of Alan Davidson of CDT, <abd@cdt.org>: (1) Senate Committee To Hold Encryption Hearing March 17 Constitutional law experts, industry representatives, and the attorney in a case challenging U.S. encryption regulations will testify on encryption policy before the Senate Judiciary Committee's Constitution, Federalism, and Property Rights Subcommittee on Tuesday, March 17. The hearing, "to examine privacy in the digital age, focusing on encryption and mandatory access issues", is scheduled for 10:00 am in the Senate's Dirksen Office Bldg., Rm. 226. Among the hearing highlights: Two well-respected legal scholars, Professor Kathleen Sullivan of Stanford Law School and Professor Richard Epstein of the University of Chicago, will outline the major constitutional concerns raised by domestic encryption controls and other policies to regulate encryption. Expected witnesses include: Panel 1: Rep. Robert Goodlatte (R-VA) Panel 2: Robert Litt, Department of Justice Panel 3: Tom Parenty, Sybase Bill Wiedemann, RedCreek Communications Representative of Law Enforcement Association of America Panel 4: Kathleen Sullivan, Stanford Law School Richard Epstein, U. of Chicago Law School Cindy Cohn, McGlashan & Sarrail Tim Casey, MCI
Date: Thu, 12 Mar 1998 19:34:28 -0800 To: bernstein-announce@toad.com From: Cindy Cohn <Cindy@mcglashan.com> Subject: Senate Cmte to hear Testimony About Bernstein Case The Senate Judiciary Committee's Subcommittee on the Constitution, Federalism, and Property Rights will hear testimony from Cindy Cohn, lead counsel in the Bernstein case on March 17, 1997. The hearing, entitled "Privacy in the Digital Age: Encryption and Mandatory Access," will begin at 10:00 a.m. in Room 226 of the Dirksen Senate Office Building. The Subcommittee is chaired by Senator John Ashcroft of Missouri. Ms. Cohn will discuss the Bernstein case as well as the inherent constitutional problems raised by the proposals for domestic cryptography controls. This will be the first time that the Congressional committees considering proposed cryptography legislation have heard testimony from those directly involved in the legal challenges the current regulations. The government's appeal of the Bernstein case, which was argued on December 8, 1997, is still pending with the 9th Circuit. A decision is expected in the next few months. ****************************** Cindy A. Cohn, Cindy@McGlashan.com McGlashan & Sarrail, P.C. 177 Bovet Road, 6th Floor San Mateo, CA 94402 (650) 341-2585 (tel) (650) 341-1395 (fax)
Date: Fri, 13 Mar 1998 14:27:10 -0800 To: bernstein-announce@toad.com From: Cindy Cohn <Cindy@mcglashan.com> Subject: Correction re Senate testimony My earlier post was slightly overstated. Phil Karn has testified before Congress numerous times about his legal challenge and has consistently pushed these issues in the legislature. My testimony will be the first time any of the attorneys involved have been asked to discuss the constitutional problems with the cryptography restrictions. My apologies to Phil. Cindy ****************************** Cindy A. Cohn, Cindy@McGlashan.com McGlashan & Sarrail, P.C. 177 Bovet Road, 6th Floor San Mateo, CA 94402 (650) 341-2585 (tel) (650) 341-1395 (fax)
[Congressional Record: March 11, 1998 (Extensions)] [Page E357-E359] From the Congressional Record Online via GPO Access [wais.access.gpo.gov] [DOCID:cr11mr98-35] SENATE COMMITTEE MEETINGS MEETINGS SCHEDULED MARCH 17 10:00 a.m. Judiciary Constitution, Federalism, and Property Rights Subcommittee To hold hearings to examine privacy in the digital age, focusing on encryption and mandatory access issues. SD-226 2:30 p.m. Technology, Terrorism, and Government Information Subcommittee, to hold hearings to review policy directives for protecting America's critical infrastructures. SD-226
For Senator Ashcroft's views on encryption see: http://jya.com/ash-cryfto.htm