7 May 1999


Date: Fri, 7 May 1999 07:01:05 -0700
To: privileged-itar@toad.com, eff-all@eff.org, bernstein-announce@toad.com
From: Alex Fowler <afowler@eff.org>
Subject: FINAL: US Crypto Regs. Ruled Unconstitutional

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FOR IMMEDIATE RELEASE
Friday, May 7, 1999

US Export Control Laws on Encryption Ruled Unconstitutional

EFF Sponsored Case Scores Big Victory for Free Speech, Privacy, and
Security on the Internet

CONTACTS:
     Cindy Cohn, McGlashan and Sarrail
     (650) 341-2585; cindy@mcglashan.com
     Tara Lemmey, Electronic Frontier Foundation
     (415) 436-9993; tara@eff.org
     John Gilmore, Electronic Frontier Foundation
     (415) 221-6524; gnu@toad.com


SAN FRANCISCO, CA--The Ninth Circuit Court of Appeals has ruled that the
federal government's restrictions on encryption are unconstitutional,
affirming a lower court's ruling that export control over cryptographic
"software and related devices and technology are in violation of the First
Amendment on the grounds of prior restraint."

"The Court understood the strong First Amendment issues at stake here,"
noted Cindy Cohn, lead counsel for the Bernstein litigation team.  "The
decision is thorough and should stand up to further review."

The case has been sponsored by EFF since 1995.  "We sponsored Professor Dan
Bernstein's case because of its importance to society, free expression,
electronic commerce, and privacy in the digital world," said Tara Lemmey,
EFF's President and Executive Director.

Encryption, the process of coding and decoding computerized information, is
the most critical technological solution to protecting privacy and keeping
computer networks secure.  Acknowledging this point, the court said "[t]he
availability and use of secure encryption may offer an opportunity to
reclaim some portion of the privacy we have lost.  Government efforts to
control encryption thus may well implicate not only the First Amendment
rights of cryptographers intent on pushing the boundaries of their science,
but also the constitutional rights of each of us as potential recipients of
encryption's bounty."

The court recognized the case's impact on society by saying "...it is
important to point out that the [Bernstein case] is a suit not merely
concerning a small group of scientists laboring in an esoteric field, but
also touches on the public interest broadly defined."

"The US government has wielded these export controls to deliberately
eliminate privacy for ordinary people," said John Gilmore, co-founder
of EFF.  "The controls created wireless phones that scanners can hear,
e-mail that's easy to intercept, and unsecured national infrastructures
that leave us all vulnerable.  Misguided national security
bureaucracies use these controls everyday, to damage the nation they
are sworn to protect, and to undermine the constitution they are sworn
to uphold.  Today's ruling is a giant step toward a sane policy."

The government, led by Justice Department attorney Scott McIntosh, argued
that the export control laws on encryption are necessary to protect U.S.
national security.  Even if the export control laws are in fact regulated
speech, McIntosh argued, if the government's intent was to regulate
something other than publication, it only needed to show that the rules
were "narrowly tailored" to serve a "substantial government interest."  The
court disagreed.  "[B]ecause the prepublication licensing regime challenged
here applies directly to scientific expression, vests boundless discretion
in government officials, and lacks adequate procedural safeguards, it
constitutes an impermissible prior restraint on speech," wrote the two
assenting judges.

Judge Bright indicated that due to the importance of the case "it may
be appropriate for review by the US Supreme Court."  EFF anticipates
that the government will ask for a stay of this ruling pending appeal.
If granted, the stay would prohibit encryption exports even within the
Ninth Circuit's jurisdiction, including all federal courts in
California, Oregon, Washington, Arizona, Montana, Idaho, Nevada,
Alaska, Hawaii, Guam and the Northern Mariana Islands, until the
matter is finally resolved.

Details on the Bernstein case, including information on the lower court's
rulings, are available on the Internet at http://www.eff.org/bernstein.

* * * * * * * *

The Electronic Frontier Foundation (http://www.eff.org) is the leading
global organization building the bridge between technical architectures and
legal frameworks to support the rights of individuals in an open society.
Founded in 1990, EFF actively encourages and challenges industry and
government to support free expression, privacy, and access in the
information society.  The Electronic Frontier Foundation maintains the 4th
most-linked-to Web site in the world.


===----------------------------------------------===
  Alexander Fowler
  Director of Public Affairs
  Electronic Frontier Foundation

  E-mail: afowler@eff.org
  Tel: 415 436 9333; Fax 415 436 9993

  You can find EFF on the Web at <http://www.eff.org>

  EFF supports the Global Internet Liberty Campaign
  <http://www.gilc.org>

===----------------------------------------------===


-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5

iQA/AwUBNzLyPuEGwp/6sL1+EQK61ACeI3rmzXqfInig+4t4I2uVQj0kSAIAmwTb
EXcxuw5lwHlUJHgNDs4M1eTJ
=z+v0
-----END PGP SIGNATURE-----


Date: Thu, 06 May 1999 17:29:44 -0800 From: Paul Holman <pablos@fortnocs.com> To: cypherpunks@toad.com Subject: Cracking DES on US Soil -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Shmoo Group is proud to present... for the first time... available legally for download in the United States... from the jurisdiction of the 9th US Circuit Court of Appeals... Cracking DES <http://www.shmoo.com/~pablos/Cracking_DES/> "We conclude that the challenged regulations allow the government to restrain speech indefinitely with no clear criteria for review. As a result, Bernstein and other scientists have been effectively chilled from engaging in valuable scientific expression. Bernstein's experience itself demonstrates the enormous uncertainty that exists over the scope of the regulations and the potential for the chilling of scientific expression."         - United States 9th Circuit Court of Appeals Here's to Scientific Expression The Shmoo Group -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBNzJB8IjmsgE/WrVpEQKYGgCggGZ8O2bvRJc2BT9FnaaLmzWCWW4AoJ9T 66odXGykBp8UoZl9DVM7EY/Y =Kxu7 -----END PGP SIGNATURE-----
Date: Thu, 06 May 1999 21:46:34 -0400 To: hugh@road.toad.com From: John Young <jya@pipeline.com> Subject: 1,000 Free Crypto Sites Cc: cypherpunks@cyberpass.net, gnu@toad.com, cryptography@c2.net Heeding Hugh Daniels' call today to set up 1,000 US crypto sites free of unconstituional export restrictions as provided by the Bernstein opinion, we invite contributions of unlimited-strengh encryption programs and/or links to such programs for a new US section for unrestricted cryptography at the International Cryptography Freedom site:    http://jya.com/crypto-free.htm
To: John Young <jya@pipeline.com> cc: hugh@toad.com, cypherpunks@toad.com, gnu@toad.com, cryptography@c2.net Subject: Exporting crypto from the US? Think first... Date: Thu, 06 May 1999 19:39:01 -0700 From: John Gilmore <gnu@toad.com> > Heeding Hugh Daniels' call today to set up 1,000 US crypto sites > free of unconstituional export restrictions as provided by the > Bernstein opinion, we invite contributions of unlimited-strength ... Hugh actually said, "May 1000 crypto web and ftp sites bloom in the sunlight of this decision...".  The catch is, when does the decision take effect? The gov't can ask for "en banc" review of the decision by 11 (instead of 3) judges of the Ninth Circuit, and then (whether or not they get en banc review), also ask the Supreme Court to look at the case. Only after they exhaust all these possible delaying tactics will the opinion become final and unchangeable. There are difference of opinion among the lawyers I've discussed this with.  I'm no lawyer, so don't believe *my* opinion.  Ask your own lawyer.  I'M SERIOUS.  Some say the precedent has been set and can be relied upon.  Others say that it has no legal force yet, and may not have any legal force until after a potential Supreme Court appeal.  In that case, if the government prosecuted you, this decision would be examined by any lower court judge in the 9th Circuit, but they would not be legally bound to follow it, though they probably would.  Still, if the government decided you were worth coming after, they might appeal a lower court loss, and let the case stack up in appeal, waiting for Bernstein to be finally decided.  On the other side, as in the Berlin Wall, if enough people decide to break a law, it's quite hard for a bureacracy to arrest or successfully prosecute them all. On the other other side, a lot of people got smashed by the state during Mahatma Gandhi's civil disobediences, though the eventual result was freedom for 800 million people.  A final uncertainty is that tricky gov't prosecutors have been known to try to prosecute people in other Circuits for things they've done in this Circuit, if they can come up with some half-plausible reason (like "his packets may have been routed through this state"); sometimes this succeeds, and there are people in jail today as a result.  In short, as the gov't attorney in the Bernstein case is reported to have said today, "It's not over til it's over". The upshot is that posting crypto source code, even from the 9th Circuit of the United States, still involves significant risk.  The risk is lower than it was yesterday, but it's still there. My standing opinion about lawyers is that you should ask them where the dangers are, and then make your own decision about whether or not to assume the risks.  Everything in life entails some risk, and each of us must decide what things are worth risking our lives, our fortunes, and our sacred honor for.  I can't tell you what the best thing to do is -- you must make that decision yourself. John
Date: Thu, 6 May 1999 21:33:38 -0400 From: Robert Hettinga <rah@SHIPWRIGHT.COM> Subject: In light of the Bernstein Ruling... To: CYBERIA-L@LISTSERV.AOL.COM Is it now officially okay to start up an unrestricted-access cryptographic archive on US soil? Cheers, Robert Hettinga ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Date: Thu, 6 May 1999 22:10:41 -0700 From: Cindy Cohn <Cindy@MCGLASHAN.COM> Subject: Re: In light of the Bernstein Ruling... To: CYBERIA-L@LISTSERV.AOL.COM At 09:33 PM 5/6/99 -0400, you wrote: >Is it now officially okay to start up an unrestricted-access cryptographic >archive on US soil? NO.  Not yet and probably not for a while. First, the decision is not final for at least 52 days (45 for the govt to seek rehearing/7 more for mandate to issue), even if the government doesn't seek cert or rehearing.  It could probably be cited as a slip opinion in the meantime, but is not binding precedent yet. Second, once it is final, it will only be binding precedent within the 9th Circuit. Third, the status pending further review will probably be determined by a motion for stay within the rehearing period.  If such a stay is granted, as it was below, folks will probably have to wait until it's all over before they can publish without fear of prosecution.  We will oppose any request for a stay, of course. This is a long road.  We took a big step forward today, but we are not at the end yet unless the government decides not to seek further rehearing or cert. Thanks for the kudos and support everyone.  Lots of folks on this list have been involved with the case and of course I'll be hitting all of you for help us again in the next round :-). Cindy *************************************** Cindy A. Cohn, Cindy@McGlashan.com McGlashan & Sarrail, P.C. 177 Bovet Road, 6th Floor San Mateo, CA 94402 (650) 341-2585 (tel) (650) 341-1395 (fax)
From: Chris Savage <csavage@CRBLAW.COM> Organization: Cole, Raywid & Braverman Subject: In light of the Bernstein Ruling... To: CYBERIA-L@LISTSERV.AOL.COM >Is it now officially okay to start up an unrestricted-access cryptographic >archive on US soil? I'd guess not.  IIRC the District Court injunction was stayed pending appeal.  Although the decision of the 9th Circuit has issued, I think you technically have to wait for the "mandate" to issue for the decision to become law.  And one would assume that in due course (today, if they are on the ball) DOJ will seek to continue the existing stay of the injunction pending seeking cert. Chris S.
Date: Thu, 6 May 1999 20:24:36 -0700 (PDT) From: Max Inux <maxinux@openpgp.net> To: cypherpunks@algebra.com Subject: The 9th Circuit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just so you know, the 9th circuit.. Largest of the 13 federal districts Includes: California, Oregon, Washington, Arizona, Montana, Idaho, Nevada, Alaska, Hawaii, Guam and the Northern Mariana Islands Anyone in those regions can.. for now.. export crypto of any strength (thinking of uploading the source to twofish everywhere I can.. 256 bit.. hmmm 200 bits over 'legal' max.) legally. Anyone in those regions i mentioned earlier need a copy of the twofish source code?  I have it here, actually anyone in the world need a copy of Twofish? ;) Max Max <maxinux@openpgp.net> New PGP Keys Available        If crypto is outlawed only outlaws will have crypto. 1960 Ford Falcon Tudor Daily Driver, Dont you just wish you had one? -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNzJc+JHmVv7MmZLjEQJJEwCfbIN2tL5FGJHlyHxc6E5xRmXih7QAoPjR 91/O1V8joal7Si8MSly58Q9O =+6xK -----END PGP SIGNATURE-----
From: http://www.wired.com/news/news/politics/story/19553.html Unless the Justice Department successfully asks the court to hold off on its ruling, individuals -- and perhaps companies -- in the 9th Circuit can now export source code. "Assuming it's not stayed and you live in California, Washington, or Oregon, you can post source code on the Internet without fear," said Michael Froomkin, a law professor at the University of Miami School of Law. "If this is upheld, we're going to see a lot more cryptographic use domestically. People are going to start building it into products," Froomkin said.