TED Case Studies            crypbutton.gif (2645 bytes)

hakerdude.gif (4936 bytes)

Cryptography and Exports



TED Home Page About TED Research Projects Sort Cases
TED Cases Issue Papers Site Index


I. Identification

1. The Issue

          Daniel J. Bernstein, while a doctoral candidate at University of California Berkley, wanted to publish a cryptographic algorithm, Snuffle.c and Unsnuffle.c (together Snuffle 5.0), to prompt discussion about the program from other students and professors. Mr. Bernstein to filed a commodity jurisdiction request to the Department of State, and was denied permission to export Snuffle 5.0 under the International Traffic in Arms Regulations (ITAR). Mr. Bernstein filed five separate requests to publish: "the paper, the encryption source code, the decryption source code, an English description of how to encrypt, and an English description of how to decrypt. The State Department consolidated, and denied all five requests."1The Office of Defense Trade Controls (ODTC) classified Snuffle 5.0 as a defense related article on the United States Munitions List (USML) and subject to licensing. Mr. Bernstein filed suit against the Department of State alleging that the Arms Export Control Act (AECA) and ITAR constituted a prior restraint to Mr. Bernstein's right to free speech. The courts found injunctive relief for the plaintiff in Bernstein I and II. However, President Clinton, on   November 15, 1996 issued an executive order to transfer jurisdiction over non-military encryption products and related technology to the Department of Commerce under the Export Administration Regulations (EAR). Mr. Bernstein amended his suit to reflect this change.2  

2. Description

    With the advent of language and writing, came ways for which to conceal meanings. The use of cryptography can be traced back to over 2500 years ago to the days of Sparta.3 With the emergence of the information age, and the popularity of e-commerce on the rise, the world-wide demand for secure cryptographic solutions has increased. Firmly in the control of governments thirty years ago, computer specialists, applied scientists, and mathematicians have now entered the picture with cryptographic solutions that the government fears it cannot circumvent. All over the world, governments have been grappling with the question of how to control the import/export of cryptography for commercial use, so as to maintain internal control. In the case of Daniel J. Bernstein, the United States government denied permission to export a simple public-key cryptographic program written by Mr. Bernstein, because of fear of diminishing power and control.

    First of all, cryptography involves the processes of encryption and decryption. Encryption is where a readable, or plaintext, document is entered into a mathematical algorithm, and is transformed into unreadable, or cyphertext, document. Decryption involves the reverse process where the "cyphertext" document is run through either the same, or different algorithms, to form a plaintext document. The simplest forms of ciphers, or specific methods of encryption,  involve the use of one algorithm to encrypt or decrypt. This type of system is referred to as symmetric key cryptography. The use of two different algorithms is a bit more complex, and much more secure. This method is called Public Key cryptography 3. An example of a symmetric cipher is the Caesar cipher, where each letter is is moved forward thirteen letters. This cipher is still in use in some Usenet groups, and built in to the browser is a toggle called ROT13, meaning "Rotate 13", which deciphers the program. These types of ciphers are of little concern to governments. The problem is with the duel algorithm ciphers, or Public Key cryptography. This system uses public keys and private-keys to encrypt and decrypt data. The difference between the two keys is that the public key is issued to anyone the private-key holder wishes to decrypt their messages, and there is only one private-key. The public key holders are able to encrypt messages with their public key, for which the private-key holder decrypts with his private-key. For every one private-key, there could exist thousands of public keys. The difficulty lies with the single private-key, and the government would like to possess it, eyethruhole.gif (2876 bytes)just in case they need to decipher an intercepted document.     

    In the case of  button.gif (5054 bytes) Bernstein vs. United States Department of State, et. al., the program uncovered both the public key (Snuffle.c) and the private-key (Unsnuffle.c). Mr. Bernstein wanted to publish his work on paper, the Internet, and attach the code in software format. Knowing that cryptography is a controlled product that the United States government deems as sensitive, Mr. Bernstein filed a commodity jurisdiction request to move his work outside of the countries boarders. Furthermore, he sought a determination of whether his program and related information fell under the International Traffic in Arms Regulations (ITAR)4. The Office of Defense Trade Controls categorized (ODTC) Snuffle 5.0 as a "stand-alone cryptographic algorithm which is not incorporated into a finished software product"5 and was deemed to require a license from the Department of State.

    Mr. Bernstein filed five separate requests to the State Department to" publish the paper, the encryption source code, the decryption source code, an English description of how to encrypt, and an English description of how to decrypt. The State Department consolidated, and denied all requests."6 Feeling that he had exhausted all personal means, Mr. Bernstein approached the button.gif (5054 bytes) Electronic Frontier Foundation who found Mr. Bernstein a pro-bono attorney, Cindy Cohn of button.gif (5054 bytes)McGlahan & Sarrail. Ms. Cohn, on behalf of her client, filed suit in 1992, against the Department of State claiming that the requirements for licensing of strong ciphers for exportation under ITAR constituted a prior restraint to free speech.7

    "On November 15, 1996, President Clinton issued an executive order 13026, titled "Administration of Export Controls on Encryption Products""8 in which the jurisdiction of non-military encryption products was transferred to the Department of Commerce under the Commerce Control List (CCL), under the Export Administration Regulations (EAR). The Defendants suggested that this move was authorized under the International Emergency Economic Powers Act (IEEPA), and the plaintiffs suggest that the government exceeded its statutory authority provided by the IEEPA. This statute authorizes the President

...to deal with any unusual and extraordinary threat, which has its source in whole or in substantial part outside the United States, to the national security, foreign policy, or economy of the United States, if the President declares a national emergency with respect to such a threat. 50 U.S.C § 1701(a). Furthermore, the President may "investigate, regulate, or prohibit any transaction in foreign exchange," 50 U.S.C. § 1702 (a) (1) (A) (I) and "investigate, regulate, direct and compel, nullify, void, prevent or prohibit, any...exportation of...any property in which any foreign country or foreign national thereof has any interest..." 50 U.S.C § 1702 (a) (1) (B) 9

   With this broad stroke of power, President Clinton would seem to be able to place any non-military product that seemed to threaten national security, onto the commerce control list (CCL). However, the Plaintiff claimed that the use of the IEEPA to transfer jurisdiction was a ploy by the United States government to avoid the issue by enacting a national security exception, and exceeded authority by claiming the IEEPA was a "statute of specific reference and cannot be read as adopting subsequent changes to sections 2404 and 2405 of the Export Administration Act of 1979 (EAA)"10. The plaintiff also pointed out that the IEEPA explicitly excluded any authority

to regulate or prohibit, directly or indirectly--any postal, telegraphic, or other personal communication, which does not involve a transfer of anything of value;...or the importation from any country, or the exportation to any country, whether commercial or otherwise, regardless of format or medium of transmission, of any information or informational materials, including but not limited to, publications, films, posters, phonographic records, photographs, microfilms, microfiche, tapes, compact discs, CD ROM's, artworks, and news wire feeds. 50 U.S.C. § 1702 (b) (1) & (3) (1991 Supp. 1996)11,

      These exceptions would lean toward the plaintiffs position, if they could prove that the programs Mr. Bernstein wished to export had "no value". Clearly, the value of the program was on an academic level, and not meant for purposes of financial gain. The value therefore, was not monetary but informational. Without an attached value, what was the real outcome the government was seeking to achieve? The United States government was seeking to prohibit the free transfer of knowledge, and to limit the transfer of cryptographic material to within the boarders of the United States, by any means. As evidence, President Clinton said in the press release that followed Executive Order 13026, "the export of encryption software, like the export of other encryption products described in this section, must be controlled because of the software's functional capacity, rather than because of any informational value of such software..."12 Furthermore, the products must be controlled for foreign policy and national security purposes, even though some strong encryption products are already available over the Internet.

    However, Judge Marilyn Hall Patel found for the defendants on the question of statutory authority under the IEEPA. Pointing out that

[T]he rules of statutory interpretation are not hard and fast. 'A provision which, in terms, however, reads as a specific reference may, in context, be construed as a general reference.' United States v. Rodriguez-Rodriguez, 863 F.2d 830, 831 (11th Cir. 1989). Such is the case here. Read in context, section 1702 (b) (3) excludes rather than incorporates those items covered under the EAA. Moreover, the sections referenced are themselves fairly general and are clearly intended to be fleshed out by regulations suited to meet the changing needs of national security and foreign policy. Given the goals of the IEEPA and the powers it gives to the President, it would seem odd indeed for Congress to exclude from the exemption those items the President deems sensitive to the National security under the EAA, but to freeze that list of items as of a certain date.13

In other words, Judge Patel viewed the list of exclusions as merely guidelines for the President to follow, so as to maintain a rational outlook when using this law as a means of controlling the outflow of products. These exclusions were not set in stone, but listed items that could potentially be barred from exiting the country for reasons other than national security and foreign policy. Therefore, items particularly damaging to the overall opinion of the government are excluded, but items that damage the inter-workings of government are not excluded.

    The second argument in the case was that these regulations for licensing of encryption materials constituted a prior restraint on the Mr. Bernstein's right to free speech. In the view of the Supreme Court, "it has been generally, if not universally, considered that it is the chief purpose of the guarantee to prevent previous restraints upon publication." Near v. Minnesota, 283 U.S. 697, 713 (1931). Furthermore, "it is for this reason that the Court has held: 'Any prior restraint on expression comes to this court with a 'heavy presumption' against its constitutional validity." Organization for a Better Austin V. Keefe, 402 U.S. 415, 419 (1971) 14According to this, Judge Patel should automatically view any attempt of prior restraint of free speech with suspicion.

    The defendants, argued a facial challenge to the licensing scheme and contrasted the case to that of Lakewood, 486 U.S. at 759, in which a newspaper challenged the validity of a city's right to issue, or deny annual applications for newspaper dispensers on city property.

Defendants contend that while licensing schemes that vest unbridled discretion to regulate conduct commonly associated with expression are appropriate for facial attack under prior restraint doctrine, such is not the case here where the activity at issue is the programming of a computer to encrypt information.15

The defendant's view a computer program as a non-speech event, since the function of the program negates its purpose as speech. In written or software format, the licensing scheme placed a prior restraint on export, and hence a prior restraint on trade. This type of restraint was intended, because the President felt that the export of such items damaged the security of the United States. Furthermore, the Defendants claimed that by targeting a broad category for export controls, the government was not putting a prior restraint on Mr. Bernstein's to free speech. As evidence of this argument, the Defense put forth the case of Roulette v. City of Seattle, 97 F.3d 300, 305 (9th Cir. 1996) where the city imposed an ordinance that made it illegal to sit or lie in a public place. The plaintiffs in this case claimed that the ordinance targeted people that sit or lie, and imposed a restraint to their free speech. In the decision, the court ruled "[t]he fact that sitting can possibly be expressive, however, isn't enough to sustain plaintiffs' facial challenge to the Seattle ordinance..."16 Therefore, by targeting a large group of people, instead of those with just intent on expressing speech, the ordinance could not be facially challenged.

    The court found no validity in these cases, as for the manner of interpretation used by the defendants. The court saw the regulations as impeding

[t]he activities of scholars--teaching a class, publishing their ideas, attending conferences, or writing to colleagues over the Internet--are subject to a prior restraint by the export controls when they involve cryptographic source code or computer programs. In the field of applied science ideas are not just expressed in abstract, theoretical terms, nut the precise applications. Those applications are subject to licensing under the encryption regulations and are excluded from the exemptions for fundamental research and educational information. This is precisely the kind of law identified in Lakewood that risks self-censorship on the part of the decision maker. 17

Therefore, the court found in favor of the Plaintiff, finding that, indeed, the government regulations had in fact thwarted the plaintiff's ability to discuss his research on a scholarly level. The court viewed this as a normal activity, and the media used in this discussion was a normal occurrence in the plaintiff's area of study.

    In so far as the scope of relief, the plaintiff requested that a permanent injunction be levied against the defendant, and extend the injunction to include "students, colleagues and others not before the court. Bresgal v. Brock, 843 F.2d 1163 (9th Cir. 1987)"18 The defendants however, protested nationwide injunction on the grounds that "relief should be no broader than necessary, Meinhold v. United States Department of Defense, 34 F.3d 1469, 1480 (9th Cir. 1994) and because the issues are novel and of public importance. Azurin v. Von Raab, 792 F.2d 914, 1915 (9th Cir. 1986)"19 From the final decision, it is clear that Judge Patel found the defendant's relief argument more compelling than the plaintiffs. Judge Patel ordered:

1) plaintiff's motion for summary judgement is GRANTED in part and DENIED in part in accordance with the foregoing;

2) defendants' motion for summary judgement is DENIED in part and GRANTED in part in accordance with the foregoing;

3) the Department of State, Energy, Justice and the Central Intelligence agency are dismissed as defendants;

4) the court's holding in Bernstein V. United States Department of State, 945 F. Supp. 1279, is superseded by this order;

5) the court declares that the Export Administration Regulations, 15 C.F.R. Pt. 730 et. seq. (1997) and all rules, policies and practices promulgated or pursued thereunder insofar as they apply to or require licensing for encryption and decryption software and related devices and technology are in violation of the First Amendment on the grounds of prior restraint and are, therefore, unconstitutional as discussed above, and shall not be applied to plaintiff's publishing of such items, including scientific papers, algorithms or computer programs;

6) defendants are permanently enjoined from doing or causing to be done the following acts:

    a) further and future enforcement, operation or execution of statutes, regulations, rules, policies and practices declared unconstitutional under this order, including criminal or civil prosecutions with respect to plaintiff or anyone who uses, discusses or publishes or seeks to publish plaintiff's encryption program and related materials described in paragraph 5) of this order; and

    b) threatening, detaining, prosecuting, discouraging or otherwise interfering with plaintiff or any other person described in paragraph 6) above in the exercise of their federal constitutional rights as declared in this order.20

The order maintains the power of the President's use of regulatory might to control the export of cryptography from all possible exporters, except Mr. Bernstein. Other possible exporters will have to win their day in court in order to discuss their matters with others abroad. However, the outcome of this case will benefit those academic professionals that wish to share cryptographic programs with interested parties outside the boarders of the United States.

    In far as the commercial export of cryptographic works, the United States, as well as other countries restrict exports in much the same manner. The use of regulations affords a government the power to deny sensitive material from escaping its boarders. In France, the import/export and use of cryptography is illegal. Other countries view cryptography as a means of commerce and security, and unfettered trade exists in and outside of these nations. Businesses that specialize in security software are unable to compete with these outside forces, due to their government's, perceived, weakened position.

    Currently, the only cryptographic programs that are able to be exported from the United States are mass marketed encryption and 56 bit Data Encryption Standard (DES), which is a symmetric algorithmic cipher. For twenty-one years, DES has effectively served the needs of encryption. Yet according to a spokesperson for the National Institute of Standards and Technology (NIST), "We've had a data encryption standard that has served us well since 1977, but its age is starting to show now."21 In fact, on July 17, 1998, the button.gif (5054 bytes) Electronic Frontier Foundation sent out a press release claiming they had produced a machine that could crack DES in under three days.22 As a result, NIST has announced fifteen potential candidates for the new Advanced Encryption Standard (AES). Among these candidates are proposals from companies such as IBM, and the Swiss Federal Institute of Technology. To be considered for the AES, submissions must comply with stated requirements. The proposed algorithms must either by a symmetric or private-key system. Also, they must uphold key sizes of 128 key bits, 192 key bits, and 256 key bits. Additionally, they must be coded in either C or Java programming language.23

    Similarly, some in the United States government perceive the need for stronger encryption, as well as a need for domestic businesses to provide their wares abroad. However, the question still remains as to what to do with the private-key storage dilemma? There are many interested parties involved in this debate, which include the button.gif (5054 bytes)American Bar Association's Science and Technology Information Security Committee and button.gif (5054 bytes)The Center for Democracy and Technology. New initiatives call for key escrow or key recovery to Trusted Third Parties (TTPs), such as banks, insurance companies, or businesses that specialize in key escrow. The Center for Democracy and Technology is wary of relationship between the TTPs  and the recoveror. A study conducted by the center revealed that the key recoveror, through a third party, compromises the security of the data.24 The ABA subcommittee, The Key Escrow Working Group, has suggested two possible solutions to the problem; "key splitting and separation of encrypted key recovery keys from access to data."25Key splitting is a simple splitting of one key into two, three, or more pieces, and dividing them between TTPs. The only means to which the TTPs will recover the keys is through collusion. This solution provides the TTPs with less liability, and the depositor with a modest comfort level. The other possible solution is to allow the "TTP to decrypt the key recovery keys, but not the ability to have access to the encrypted key recovery keys." As a result, "a TTP could only compromise the user's data if a party with access to the physically secure, encrypted working keys (for instance, law enforcement personnel), were to send the encrypted data to the TTP."26

    Other issues deal with the question of why? Why should law enforcement have access to private keys, without issuing a warrant directly to the owner? Some well presented arguments are put forth by human rights organizations. These groups seek to relax restraints of cryptographic trade. It is important, in the business of human rights organizations, to maintain secure correspondence and ensure authenticity with those that report human rights atrocities. They argue against the Canadian government holding private keys in escrow stating, "This is comparable to asking for the front-door keys for 10 million Canadian homes to be deposited at the local police station, 'just in case' there was a need to execute a eyethruhole.gif (2876 bytes)search warrant", says Jeffrey Shallit, vice-president of button.gif (5054 bytes)Electronic Frontier Canada.27

    As you can see, a case involving the right to speech by one person has uncovered the vary nature of a government's purpose for denying the rights to trade a particular product. The vary essence of cryptographic export controls is the possible diminishing effects of power of a government. Power is zero sum, and trade is not. The United States Congress seeks to loosen controls of cryptography export controls, yet the President seeks to limit it at the same time. Because of the quick pace of computer technology, and the slow pace of government agreement, technology may outpace liberalized controls. In other words, stronger cryptography may hit the shelves of the United States market, yet at the same time the same companies could be schlepping outdated software abroad. The concerns of law enforcement are legitimate, but we cannot freely equip an investigatorail body with information that should be deemed private, hence private-key. Those that seek to use secure measures should be assured that these measures are secure. The Federal Bureau of Investigation should seek alternative measures to decrypt information they view as criminal, along with the standard measures to ensure privacy; such as a search warrant. Once these questions and issues are resolved, the companies that wish to sell security programs abroad should be allowed to without unnecessary restrictions. 

3. Related Cases

4. Draft Author:

     John Michael Sutton

04/15/99

bluesquigglyline.gif (4343 bytes)

II. Legal Clusters

5. Discourse and Status:

6. Forum and Scope:

7. Decision Breadth:

8. Legal Standing:

bluesquigglyline.gif (4343 bytes)

III. Geographic Clusters

9. Geographic Locations

a. Geographic Domain: United States

b. Geographic Site: ALL

c. Geographic Impact: United States

10. Sub-National Factors:

11. Type of Habitat:

bluesquigglyline.gif (4343 bytes)

IV. Trade Clusters

12. Type of Measure:

13. Direct v. Indirect Impacts:

14. Relation of Trade Measure to Environmental Impact

a. Directly Related to Product: No

b. Indirectly Related to Product: No

c. Not Related to Product: No

d. Related to Process: No

15. Trade Product Identification:

16. Economic Data

    According to a Department of Commerce study conducted in 1995, the estimated market for encryption confidentiality products was estimated at over $1 billion. This accounts for about 1-3% of the estimated total international software market 28. Since there exists an export ban on this product, the data gathered by the Department of Commerce was edited by the National Security Agency. The above product identification number comprised a broad category of computer hardware, and software. This number is probably incorrect.   

17. Impact of Trade Restriction:

    There are no specific numbers given, however, the aforementioned study indicates that market share is affected significantly in 14 of 31 countries due to the export controls of the United States.

18. Industry Sector:

19. Exporters and Importers:

bluesquigglyline.gif (4343 bytes)

V. Environment Clusters

20. Environmental Problem Type: N/A

21. Name, Type, and Diversity of Species

22. Resource Impact and Effect:N/A

23. Urgency and Lifetime:N/A

24. Substitutes:N/A

bluesquigglyline.gif (4343 bytes)

VI. Other Factors

25. Culture: No

26. Trans-Boundary Issues:No

27. Rights:Yes

28. Relevant Literature

bluesquigglyline.gif (4343 bytes)

  1. Cryptography Control Archives (downloaded 04/07/99) ftp://ftp.cygnus.com/pub/export/export.html
  2. Daniel J. Bernstein v. United States Department of State (downloaded 03/05/99) http://samsara.law.cwru.edu/comp_law/berm970825dec.html
  3. Schneier, Bruce; button.gif (5054 bytes)Applied Cryptography; (John Wiley & Sons, New York, 1995); Chapter 1
  4. Bernstein, op. cit., p 3
  5. Bernstein, op. cit., p 3
  6. Archives, op. cit.
  7. Tech Law Journal (downloaded 04/06/99) http://www.techlawjournal.com/courts/bernstein/Default.htm
  8. Bernstein, op. cit., p 3
  9. Bernstein, op. cit., p 8
  10. Bernstein, op. cit., p15
  11. Bernstein, op. cit., p 8
  12. Bernstein, op. cit., p 4
  13. Bernstein, op. cit., p 15
  14. Bernstein, op. cit., p 16
  15. Bernstein, op. cit., p 18
  16. ibid.
  17. Bernstein, op. cit., p 19
  18. Bernstein, op. cit., p 23
  19. Bernstein, op. cit., p 24
  20. Bernstein, op. cit., p 25
  21. Nelson, Matthew, "DES Replacement One Step Closer", InfoWorld, August 31, 1998, pp. 1-2.
  22. Electronic Frontier Foundation (downloaded 04/06/99) http://eff.org/pub/Privacy/Crypto_misc/DESCracker/HTML/19980716_eff_descracker_pressrel.html
  23. National Institute of Standards and Technology )downloaded 04/06/99) http://csrc.nist.gov/encryption/aes/aes_9709.htm
  24. The Center for Democracy and Technology; CDT Policy Post; Vol. 4, No. 20; September 16, 1998.
  25. ABA Science and Technology Information Security Committee; Response to the Department of Trade and Industry's "Licensing of Trusted Third Parties for the Provision of Encrypted Services" (downloaded 04/06/99) http://www.abanet.org/scitech/ec/isc/ukkeyr.1.html
  26. ibid.
  27. Electronic Frontier Canada (EFC) / Global Internet Liberty Campaign (GILC) Press Release  (downloaded 04/06/99). http://www.hri.ca/doccentre/cryptography/efc-pr27apr98.shtml
  28. The United States Department of Commerce, The United States Department of Commerce and the National Security Agency, A Study of the International Market for Computer Software with Encryption. (1995)