[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Developments in the _Junger_ suit





Now that Judge Patel has declared again in the _Bernstein_ case that
cryptographic software is entitled to the full protection of the First
Amendment, it is time for me to bring you up to date on some
developments on the Cleveland front.

To assist in the preparation of an amended complaint in my suit that,
like _Bernstein_, seeks to enjoin the enforcement of the export
regulations restricting publication of encryption software, my Legal
Attack Team on June 12 submitted several ``classification requests''
to the Department of Commerce in an effort to determine exactly what
is, and what is not, covered by the definition of encryption software 
set out in the Export Administration Regulations.

The Bureau of Export Aministration in the Department of Commerce
responded to these requests on or about July 4 and amplified their
response on or about August 7.  That response, though not generally
very helpful, did contain a number of surprises.  In particular, two
versions of a one-time pad encryption program using the XOR function
that I wrote in 8086 assembly language and machine code and a similar
OTP program written by Paul Leyland in one line of C, were classified
as EAR 99, which means that those programs are ``not subject to the
licensing restrictions for encryption software''.

No explanation was given as to why these programs implementing the one
unbreakable form of encryption are not classified as encryption
programs subject to ECCN 5D002.

More importantly, the classification requests included several pages
of HTML links to strong, unexportable encryption programs on several
FTP servers outside of the United States, but the Bureau of Export
Administration said that they were unable to classify that material,
and instead supplied us with an advisory opinion with respect to that
request saying:  ``Professor Junger's activity is not an export that
is subject to the Export Administration Regulations (EAR).''  The
Bureau subsequently amplified this response, saying:  ``While the use
of html links by a person might, in some applications, involve an
export . . . we reiterate that the activity described by your
submission is not an export activity that is subject to the EAR and
would also not constitute conduct prohibited by Section 744.9 of the
EAR.'' 

The Bureau did, however, classify several programs that we submitted,
including one written by me in C that implements several different
encryption algorithms and Adam Back's RSA program in three lines of
Perl (which is available at <http:/www.dcs.ex.ac.uk>), as being
encryption programs that are subject to the export restriction of the
EAR.

The most significant part of the Bureau's response, however, was their
professed inability to classify one way or the other all programs
implementing certain specified encryption algorithms such as, for
example, OTP programs that XOR the bytes comprising the message with
the bytes in a one-time pad.  The Bureau said as to this request:
``BXA cannot provide a single classification opinion for any
encryption product that `implemements' a certain algorithm''.

Due to the kindness of John Young, our requests for classification and
BXA's responses will be available shortly at <http://www.jya.com/>.
The links to cryptographic programs on FTP sites outside the United
States are already available at 
<http://samsara.law.cwru.edu/links/cryptolinks.html>.

Stay tuned for further announcements once this labor day weekend is
past.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
 EMAIL: [email protected]    URL:  http://samsara.law.cwru.edu   
     NOTE: [email protected] no longer exists