Galexia

  Research

Article - US Developments in Encryption Export Control (June 1998)


[ Galexia Dots ]

Related Galexia services and solutions

Published

There have been some recent developments regarding US policy on the export of encryption software and its publication on the Internet. While there has been no change to general policy regarding the export ban, a small concession has been made for financial institutions, that may be a signal of more far-reaching changes in the near future.

New Guidelines

On 7 July 1998 the United States Department of Commerce announced new export guidelines for financial service encryption products.

The guidelines will allow the export of encryption products of any bit-length to banks, financial institutions and their branches around the world to secure private electronic transactions. Strong encryption products - with or without recovery features - will be exportable to eligible institutions without a license to 45 countries, including Australia.

These new guidelines will affect encryption exports for almost 70 percent of the world’s financial institutions and the world’s 100 largest banks.

In launching the guidelines, US Commerce Secretary William Daley said:

‘This action gives our nation’s financial institutions the flexibility they need to remain globally competitive. Importantly, it balances those needs with law enforcement, national security and foreign policy concerns. Through steps like this we can continue to encourage the development of an electronic commerce system users can trust.’

The 45 eligible countries are either members of the international anti-money laundering accord, the Financial Action Task Force, or have enacted anti-money laundering laws. Manufacturers and other exporters will be able to ship the products to these countries with only minimum reporting requirements.

In reality, the changes will do little to widen the availability of strong encryption software. The guideline’s main effect is to reduce paperwork for the export of encryption to already trusted financial institutions.

Judge Rules on First Amendment Challenge

The provision of the guidelines followed closely on the heels of a court win for the US Government in the high profile cryptography case, Junger v Daley.

On July 3, 1998 Judge Gwin of the United States District Court of the Northern District of Ohio held that the existing export ban on encryption software was not in breach of the First Amendment. The Court found that computer programs were not writings protected by the constitution because they were ‘inherently functional’’.

The case was brought by Peter Junger, a law professor, who argued that the enforcement of export regulations on encryption software actually prevented him from publishing his class materials and articles for his course in Computing and the Law on the Internet because they contained encryption programs.

Junger claimed in his suit that those encryption programs were writings that were entitled to the full protection of the First Amendment.

However, the government argued that its export regulations, which require that one obtain a license from the Commerce Department before publishing materials containing encryption software on the Internet or the World Wide Web, seek only to restrict the distribution of encryption software itself, not ideas on encryption.

The Court agreed with the government, finding that: ‘the Export Regulations are constitutional because encryption source code is inherently functional, because the Export Regulations are not directed at source code’s expressive elements, and because the Export Regulations do not reach academic discussions of software, or software in print form.’’

In an earlier case in California brought by mathematics professor Daniel Bernstein, Federal District Court Judge Patel had held that computer programs are speech that is protected by the First Amendment. This had raised hopes that the ban could be overcome by concerted constitutional action. However, Judge Gwin rejected those arguments, saying that the Bernstein court’s assertion that ‘language equals protected speech’ was unsound.

Judge Gwin argued that computer source code is a purely functional device:

‘The court in Bernstein misunderstood the significance of source code’s functionality. Source code is ‘purely functional’, in a way that the Bernstein Court’s examples of instructions, manuals, and recipes are not. Unlike instructions, a manual, or a recipe, source code actually performs the function it describes. While a recipe provides instructions to a cook, source code is a device, like embedded circuitry in a telephone, that actually does the function of encryption. ‘

This clear split between the two courts has not helped clarify the relationship between the export ban and the First Amendment. Both cases are on appeal.

It will be interesting to see how the matters are dealt with in higher courts. The potential for a loss in either case might act as a trigger for a further round of concessions by the US Government and the weakening of the export ban.

NOTE: The District Court’s decision was overturned by the 6th Circuit Court of Appeal. The appeal court’s decision is available at http://bulk.resource.org/courts.gov/c/F3/209/209.F3d.481.98-4045.html - April 2000

Chris Connolly
Galexia



[ Galexia Dots ]