[ISN] Cold War encryption laws stand, but not as firmly

From: InfoSec News (isn@private)
Date: Fri Oct 17 2003 - 00:13:58 PDT

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary"

    http://news.com.com/2100-1028_3-5092154.html
    
    By Declan McCullagh 
    Staff Writer
    CNET News.com
    October 15, 2003
    
    A pioneering attempt to overturn the U.S. government's Cold War-era
    laws restricting the publication of some forms of encryption code
    ended quietly Wednesday when a federal judge dismissed the
    lawsuit--but only after assurances that the anticrypto laws would not
    be enforced.
    
    U.S. District Judge Marilyn Hall Patel in San Francisco threw out the
    case after the Bush administration said it would no longer try to
    enforce portions of the regulations, according to parties involved in
    the proceedings.
    
    Daniel Bernstein, an iconoclastic math professor at the University of
    Illinois at Chicago, filed suit in 1995 after spending three years
    wrangling with the federal government over whether a simple encryption
    program could be freely distributed on the Internet. U.S. law at the
    time deemed online publication an "export" that could be punished with
    severe prison terms.
    
    "I hope the government sticks to its promises and leaves me alone--but
    if they change their mind and start harassing Internet-security
    researchers, I'll be back," Bernstein said in an e-mail statement.  
    Bernstein, author of the widely used qmail mail utility, did not
    respond to an interview request.
    
    Bernstein's case, and two other similar attempts, have been credited
    with forcing the federal government to drastically scale back its
    attempts to regulate the kind of privacy-protecting encryption
    technology used in every Web browser and many e-mail readers. At one
    point such encryption was regulated by the State Department and
    treated as a "munition" like tanks and fighter jets, but the Clinton
    administration responded to the lawsuits by relaxing the rules and
    transferring responsibility to the Commerce Department.
    
    At a hearing in October 2002, Justice Department attorney Tony
    Coppolino effectively placed even the latest rules on hold, saying the
    government would not use them to prosecute cryptographers engaged in
    legitimate research.
    
    That admission from the Justice Department was enough for Patel to
    dismiss the case, saying that Bernstein could come back to court if
    there was a serious threat of the laws being enforced.
    
    Bernstein's lawyers, with attorneys from the Electronic Frontier
    Foundation among them, complained that the encryption regulations had
    been repeatedly changed to derail Bernstein's case, which claimed the
    rules violated the First Amendment's guarantee of free expression. In
    a separate case, the 6th Circuit Court of Appeals had said: "Because
    computer source code is an expressive means for the exchange of
    information and ideas about computer programming, we hold that it is
    protected by the First Amendment."
    
    A January 2000 letter from Bernstein's lawyers to the government said
    that the rules unconstitutionally required researchers to divulge
    their work to the government. "The requirement that Professor
    Bernstein and others simultaneously notify both (the Commerce
    Department) and (the National Security Agency) at the time of
    electronic publication of source code, when no such notification is
    required for publication or communication of such code on paper, is
    another Constitutional problem," the letter said, citing regulations
    that will no longer be enforced.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Oct 17 2003 - 03:22:02 PDT