Civil Liberties Groups Say New Encryption Export Regulations Still Have Serious Constitutional Deficiencies
FOR IMMEDIATE RELEASE
WASHINGTON — Leading Internet civil liberties groups said today that new encryption export regulations released by the U.S. Commerce Department fall short of the Clinton Administration’s promise to deregulate the privacy-enhancing technology.
The American Civil Liberties Union, Electronic Frontier Foundation and Electronic Privacy Information Center said they will continue to press their Constitutional cases. These court cases seek to eliminate U.S. government regulations that make Internet encryption software and technology more cumbersome to publish or send than the same items when published in other media.
While the Administration has taken a step in the right direction with its latest revisions, the fundamental constitutional defects of the encryption export regime have not been remedied. Specifically:
- The new regulations, like the old ones, impose special requirements on Internet speech, contrary to the Supreme Court’s 1997 ruling in Reno v. ACLU. The regulations require that the government be notified of any electronic “export” of publicly available encryption source code, and prohibit electronic “export” to certain countries. Yet people may freely send the same information anywhere on paper.
- The export regulations are still a completely discretionary licensing scheme. They continue to require licenses for a large amount of communication protected by the First Amendment, including transmitting source code that is not “publicly available,” source code that is “restricted,” source code forming an “open cryptographic interface,” and various forms of object code.
- While the new regulations appear to permit free posting of encryption source code to Internet discussion lists, such posting may be illegal if the poster has ‘reason to know’ that it will be read by a person in one of the seven regulated countries (such as Cuba).
- The new regulations still ban providing information on how to create or use some encryption technology as prohibited “technical assistance.” Software publishers can be fined or imprisoned for helping people to use their code. These same limitations do not apply to non-encryption source code.
The U.S. export control laws on encryption have been the source of much legal wrangling for the past several years. Encryption is a method for scrambling data in order to make electronic communications more secure.
As more computer users employ encryption to protect the privacy of their e-messages and documents, the U.S. government has until now demanded guaranteed easy access to the content of Internet communications.
In a well-publicized court case, mathematician Daniel J. Bernstein has challenged the export control laws on encryption on First Amendment grounds. Professor Bernstein claims that his right to publish his own encryption software and share his research results with others over the Internet is being unconstitutionally restricted by the government’s controls.
Bernstein won his case at the trial level, and won an appeal in the Ninth Circuit Court of Appeals. The government asked that the appeal be reconsidered in light of the new regulations, and a larger “en banc” panel of Ninth Circuit judges will reconsider the case this spring.
A similar case challenging the constitutionality of the export rules was brought by the ACLU of Ohio on behalf of Ohio law professor Peter Junger, who wished to publish an electronic version of an encryption program he wrote. The case is pending in the Sixth Circuit Federal Court of Appeals.
“The rules are a step forward, but they are still too complex and leave too many questions unanswered,” said Barry Steinhardt, Associate Director of the ACLU. “Now that the Administration has tacitly admitted that it can’t and shouldn’t control the use of encryption, it should have announced a simple deregulation, rather than regulatory maze.”
EFF attorney Shari Steele said that “these First Amendment problems need to be fixed before we can support the government here.”
“The government has made some concessions, but they are not enough to make the regulations constitutional,” Steele added. “EFF will continue to support Professor Bernstein as he presses on with his litigation.”
According to EPIC General Counsel David Sobel, “The revised rules will make it easier for commercial firms to export and sell encryption products. While that is a positive development, the government will still retain significant control over this technology, to the detriment of efforts to create a truly secure Internet. It’s time to remove the bureaucratic requirements and permit the free exchange of encryption.”
The American Civil Liberties Union (http://archive.aclu.org) is the nation’s largest and oldest civil liberties organization. In its defense of the principles of the Bill of Rights, it advocates for both free speech and privacy rights.
The Electronic Frontier Foundation (http://www.eff.org) is a leading global nonprofit organization linking technical architectures with legal frameworks to support the rights of individuals in an open society. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF maintains one of the most-linked-to Web sites in the world.
The Electronic Privacy Information Center (http://www.epic.org) is a non-profit research and advocacy organization based in Washington, DC. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values in emerging communications media.
A copy of the latest encryption regulations can be found at: http://www.epic.org/crypto/export_controls/regs_1_00.html.
More information about the Bernstein case can be found at: http://www.eff.org/bernstein/.
Every month, you'll receive regular roundups of the most important civil rights and civil liberties developments. Remember: a well-informed citizenry is the best defense against tyranny.