PHILIP R. KARN, JR                   )
7431 Teasdale Avenue                 )
San Diego, California 92122          )
      Plaintiff                      )
         v.                          )
etc                                  )
        and                          )     Civil Action No. 95-1812-LFO
        and                          )


In this action, on remand from the Court of Appeals, plaintiff challenges the government's policy of controlling the exportation from the United States of powerful U.S.-origin "cryptographic" software, which can be used to "scramble" text and other communications created or transmitted using a computer. Plaintiff seeks the right to distribute throughout the world, in an unrestricted fashion, a diskette containing several encryption software programs that indisputably fall within applicable licensing requirements.

The use of cryptography has historically been one of the most significant national security matters facing the United States. The United States has a critical interest in gathering intelligence information abroad for several reasons, including to learn of potentially hostile acts against the interests of the United States. The key purpose of export licensing controls on cryptographic products is to regulate the distribution abroad of powerful cryptography which, if it fell into the wrong hands, could hinder the government's ability to collect essential information. The President has specifically determined that the unrestricted export of cryptographic products, including certain software, can jeopardize this country's foreign policy and national security interests. Plaintiff asks the Court to reverse the President's judgment in this instance and permit him to market abroad a computer diskette containing some of the programs subject to licensing controls without regard to where it is going, to whom, and for what purpose.

This is the second round for this litigation in district court. Plaintiff originally challenged the application of export licensing regulations then-administered by the Department of State to his diskette containing encryption software. On March 22, 1996, the Court rejected all of plaintiff's theories in dismissing his statutory claims and entering summary judgment for the government as to his constitutional claims. Karn v. U.S. Department of State, 925 F.Supp. 1 (D.D.C. 1996) (Richey, J.), remanded by 107 F.3d 923 (1997). During the pendency of plaintiff's appeal, the regulatory policy being challenged was transferred to the licensing jurisdiction of the Department of Commerce. Without reversing or vacating the Court's prior decision, the Court of Appeals remanded the case for reconsideration of the claim raised by plaintiff under the Administrative Procedure Act, which was no longer statutorily precluded from judicial review. This is the principal task before the Court.
Plaintiff's APA claim, which challenges the rational basis of the government's determination that his software diskette is subject to export licensing requirements, remains unreviewable. Courts have routinely held that determinations as to which items should be subject to export restrictions for national security or foreign policy reasons fall within the purview of the Executive branch because they involve policy judgments that are not susceptible to judicial review. If the court reaches the merits of plaintiff's APA claim, the regulations have a substantial rational basis and readily survive under the deferential standard of review applicable.

Plaintiff's "Amended Complaint" also raises a new statutory claim that challenges the statutory authority upon which the regulations at issue are based, the International Emergency Economic Powers Act ("IEEPA"). Judicial review of this claim is also limited. The Court may not review the President's threshold decision to utilize his authority under the IEEPA to maintain in effect the applicable regulatory provisions. Beyond this, plaintiff's contention that the IEEPA precludes export licensing controls on encryption software is without merit.

Finally, plaintiff's Amended Complaint seeks to re-open all of the constitutional issues previously rejected by the Court. As noted, the Court of Appeals did not vacate or reverse the district court's prior decision on these claims. The regulations plaintiff now challenges are, in substance, precisely the same as when the district court previously ruled. As such, the prior decision may be treated as law of the case on the constitutional issues. Should the Court choose to reconsider plaintiff's constitutional claims, they continue to lack merit.


1. Cryptography and Encryption Software

The national security of the United States depends in part on the ability of the government to obtain timely information about the activities and plans of potentially hostile foreign governments, groups, and individuals abroad. The United States therefore uses a variety of means to monitor and intercept communications by foreign intelligence targets. See Declaration of Barbara A. McNamara, Deputy Director, National Security Agency, 3, 4. Among other things, the United States engages in signals intelligence (SIGINT), which is the collection and analysis of information from foreign electromagnetic signals. Id. Primary responsibility for the government's SIGINT activities belongs to the National Security Agency (NSA), a component of the Department of Defense. Id. Based on information derived from these activities, NSA provides reports on a rapid-response basis to national policymakers, military commanders, and other entities throughout the federal government. Id. 4. This information has proven to be highly reliable and essential to the national defense, national security, and the conduct of the foreign affairs of the United States. Id. The SIGINT capabilities of the United States can be significantly compromised by the use of cryptography by foreign intelligence targets. Id. 5.

Cryptography concerns the encryption and decryption of communications, and is used in an effort to prevent communications from being intercepted and read or altered. In the absence of cryptography, information transmitted is unsecure and may be viewed by those other than the intended recipient. By utilizing cryptographic devices, including software, information can be secured with the intention that whatever is sent is inaccessible to anyone except the intended recipient. Encryption is the process of converting a message from its original form (commonly known as "plaintext") into a scrambled form (known as "ciphertext") that cannot be deciphered (or "decrypted") by persons who lack the "key" needed to unscramble the message. See McNamara Decl. 5.

Encryption has long been a tool in the conduct of military and foreign affairs. See McNamara Decl. 5; see also David Kahn, The Code Breakers: The Story of Secret Writing (1967). Today, foreign intelligence targets use encryption in an effort to maintain the secrecy of their communications. See McNamara Decl. 5. For example, encryption can be used to conceal the communications of terrorists, drug smugglers, or others intent on taking hostile actions against U.S. facilities, personnel, or security interests. Id. Accordingly, one of the NSA's principal SIGINT activities is "cryptanalysis," the science of "reading" ciphertext without having access to the key that was used to encrypt the message. Id.

Historically, encryption was performed by mechanical devices. Today, mechanical encryption devices have been largely replaced with electronic ones. Messages can now be encrypted electronically through the use of dedicated hardware, such as the electronic circuitry embedded in a telephone scrambler. In addition, encryption now can be performed by general-purpose computers, including "desktop" computers of the sort in common use here and abroad. In order to encrypt data, a computer must use software that controls the encoding of the data.

A computer software program is a set of instructions to a computer that direct computer hardware to perform certain tasks or functions. See Bateman v. Mnemonics, Inc., 79 F.3d 1532, 1537 n.11 (11th Cir. 1996); see also Digidyne Corp. v. Data General Corp., 734 F.2d 1336, 1342 (9th Cir. 1984), cert. denied, 473 U.S. 908 (1985) (software is "a set of instructions [to a computer] that allows the system to accomplish a particular task"). Software programs take two general forms: object code and source code. See McNamara Decl. 9. Both object code and source code consist of a sequence of instructions to enable a computer to perform certain functions. Object code (or "machine" code) represents those instructions as a sequence of binary digits ("1's" and "0's") that can be executed directly by the computer's microprocessor. Id. Source code represents the same computer instructions in "specialized alphanumeric [programming] languages" such as BASIC, C, FORTRAN, or Java. See Sega Enterprises, Ltd. v. Accolade, Inc., 977 F.2d 1510, 1514 n.2 (9th Cir. 1993); see also Johnson Controls, Inc. v. Phoenix Control Systems, Inc., 886 F.2d 1173, 1175 n.2 (9th Cir. 1989) ("source code" is a set of instructions to the computer, in programming languages such as BASIC or FORTRAN and "object code" is the same set of instructions in binary code).
With respect to encryption in particular, an encryption "source code" is a computer program that expresses a cryptographic "algorithm" in a precise set of operating instructions that enable a computer to perform cryptographic functions. See McNamara Decl. 8. A cryptographic algorithm is a mathematical function or equation that can be implemented electronically in software to transform data into an unintelligible form. Id. 8 and n. 4.

Computer programming languages that comprise source code can be "understood" by humans trained in this field. See Cadence Design Systems, Inc. v. Avant! Corp., 125 F.3d 824, 825, n.2 (9th Cir. Sept. 23, 1997); Brown Bag Software v. Symantec Corp., 960 F.2d 1465, 1468 n.1 (9th Cir.), cert. denied, 506 U.S. 869 (1992). This does not negate the functional nature of source code, nor render it a mere "information" as plaintiff strains to argue. First, it is not necessary to be able to comprehend source code in order to use it to control the operation of a computer. Source code may be converted automatically into object code through the use of commonly available conversion software called a compiler. See McNamara Decl. 9; Sega Enterprises, 977 F.2d at 1514 n.2; Brown Bag Software, 960 F.2d at 1468 n.1. This automated process of compiling source code into object code is a trivial task that can take a matter of seconds at the press of a keystroke. See McNamara Decl. 9. As a result, software products distributed in the form of source code can readily be used to make computers perform desired tasks — in the case of encryption source code, the task of encrypting data.

Moreover, in source code form, software can more easily be modified to perform different or additional functions. See Comshare Inc. v. United States, 27 F.3d 1142, 1144 (6th Cir. 1994) (source code is "routinely enhanced to create new versions of executable code" and is "indispensable" to the process of enhancing or debugging executable code). Programming in source code also enhances the "portability" of software to allow it to be executed on computers with different operating systems (such as MS-DOS or MacIntosh). In addition, if written in certain programming languages called "interpreted" languages, source code may itself be directly executed on a computer. See McNamara Decl. 10 (programming languages, like BASIC and PERL are "interpreted" languages). Using an "interpreter" program, source code may be converted to executable object code "on the fly" -- that is, at the same time the program is being executed by the computer to perform a particular function. Id. Unlike a compiler, an interpreter does not ordinarily generate a separate executable file of object code, but creates and executes machine code as the program runs. Id. Thus, programs in interpreted languages cannot be executed without the source code itself.

2. Export Controls on Encryption Software

At the time this lawsuit commenced, export licensing requirements on encryption items, including software, were established pursuant to the Arms Export Control Act, 22 U.S.C. § 2778, and administered by the State Department. On November 15, 1996, President Clinton issued an Executive Order and Memorandum, pursuant to his authority under the International Emergency Economic Powers Act, directing that export licensing jurisdiction over most cryptographic products, including software, be transferred from the State Department to the Department of Commerce. See Executive Order 13026, 3 C.F.R., 1996 Comp. p. 228 (1997), and Pres. Mem., 32 Weekly Comp. Pres. Doc. 2397 (Nov. 15, 1996) (Tab 1 to Declaration of William A. Reinsch, Undersecretary of Commerce for Export Administration). Interim regulations carrying out the President's policy were published by the Department of Commerce on December 30, 1996, and the licensing requirements at issue are now set forth in the Export Administration Regulations ("EAR"), 15 C.F.R. Part 730 et seq.; see 61 Fed. Reg. 68572 et seq. (December 30, 1996) (Tab 2 to Reinsch Declaration).

The EAR establishes licensing and other requirements for the export of multiple commodities, software, technology, and related activities, from the United States for national security and foreign policy reasons. The heart of the EAR is the "Commerce Control List" ("CCL"), see 15 C.F.R. Part 774, which lists items whose export is regulated for national security and foreign policy reasons. The CCL is divided into 10 categories, such as nuclear materials (Category 0), computers (Category 4), and lasers and sensors (Category 6). Within each category, the CCL designates specific kinds of items subject to export controls, each of which is assigned an Export Control Classification Number("ECCN"). Encryption circuitry and hardware products are covered in Category 5 by ECCN 5A002, while encryption software is covered by ECCN 5D002. See 15 C.F.R. Part 774, ECCN 5A002 and 5D002.

Because encryption items covered by ECCN 5A002 and 5D002 "may be used by persons abroad to harm national security, foreign policy and law enforcement interests," they generally may not be exported without a license. See 15 C.F.R. § 742.15. When a license is required under the EAR, it "will be reviewed on a case-by-case basis by [the Commerce Department, Bureau of Export Administration ("BXA")], in conjunction with other agencies, to determine whether the export or reexport is consistent with U.S. national security and foreign policy interests." See 15 C.F.R. § 742.15(b). The EAR is not a complete prohibition on the exportation of encryption products, including software, but, rather, establishes a licensing process so that the government can determine where the product is going, for what purpose, and whether the particular export poses a national security or foreign policy concern. See Reinsch Decl. 5. For purposes of encryption software subject to ECCN 5D002, the EAR defines "export" to include an actual shipment, transfer, or transmission out of the United States (or to an embassy or affiliate of a foreign country in the United States), including by means of making the software available electronically for downloading outside the United States through the Internet. See 15 C.F.R. § 734.2(b)(9).

The policy basis for licensing the export of encryption items under the EAR is set forth in the President's Executive Order and Memorandum. The President specifically found that encryption products (including software), when used outside the United States, "can jeopardize our foreign policy and national security interests," and that the "exportation of encryption products accordingly must be controlled to further U.S. foreign policy objectives, and promote our national security, including the protection of the safety of U.S. citizens abroad." Pres. Mem. at 1. The President also determined that "the export of encryption software, like the export of other encryption products . . . , must be controlled because of such software's functional capacity" to encrypt data,"rather than because of any possible informational value of such software . . . " E.O. 13026, §(1)(c). The President determined that these considerations apply not only to object code but also to source code, since "encryption source code can easily and mechanically be transformed into object code." Id. The President therefore directed that all encryption software, whether in the form of source code or object code, be subject to the same export controls as encryption hardware. Pres. Mem. at 3, 4.

The EAR reiterates that encryption products are controlled for export because of their functional capacity, and therefore treats encryption software like encryption hardware. See 15 C.F.R. § 742.15. This means that encryption software, unlike other kinds of software on the Commerce Control List, is subject to export controls even when it is publicly available. See id. §§ 732.2(b), 734.3(b)(3), 734.7, 734.8, 734.9 (exemptions to licensing requirements for technical information, i.e. "technology," not applicable to encryption software). Also, whereas items whose export is controlled for national security reasons are generally eligible for national security "decontrol" if comparable items are available abroad, the President specifically determined that "the export of encryption products . . . could harm national security and foreign policy interests even where comparable products are or appear to be available from sources outside the United States . . . ." E.O. 13026, § 1. The President therefore directed that the foreign availability provisions of the EAR "shall not be applicable with respect to export controls on such encryption products." Id.; see 15 C.F.R. § 768.1(b).

3. Prior Proceedings in This Action

When plaintiff first filed suit, he challenged a "commodity jurisdiction" determination by the State Department that his diskette containing encryption software was subject to export licensing requirements. See Declaration of William J. Lowell, Department of State, 4. By way of background, on February 12, 1994, plaintiff had submitted to the State Department a commodity jurisdiction request for the book Applied Cryptography by Bruce Schneier, which contained a printed appendix of various encryption source codes. Lowell Decl. 10 and Tab 4. By letter dated March 2, 1994, the State Department advised the plaintiff that the book is not subject to its export licensing jurisdiction. Id. 11 and Tab 5. However, the State Department stated that this determination as to the book did not extend to two computer disks referenced in the book and available from the author. Id.

By letter dated March 9, 1994, plaintiff submitted a second commodity jurisdiction request for a diskette containing source codes for data encryption. Lowell Decl. 12 and Tab 6. Plaintiff stated that the diskette contained the same source codes printed in the appendix of Applied Cryptography. See Tab 6 to Lowell Declaration at 1, 2. By letter dated May 11, 1994, the State Department determined that the diskette was subject to export licensing requirements under the USML. Lowell Decl. 15 and Tab 9. Plaintiff appealed this determination ultimately to the Assistant Secretary of State for Political-Military Affairs. Lowell Decl. 19 and Tab 12. By letter dated June 13, 1995, the Assistant Secretary affirmed the determination that the source code diskette is cryptographic software covered by the USML and subject to export licensing requirements. Id. at 1. Thereafter, plaintiff filed this action, challenging the State Department's decision on statutory and constitutional grounds.
The district court dismissed plaintiff's APA claim, and entered summary judgment for the government as to plaintiff's constitutional claims. The Court held that judicial review of plaintiff's non-constitutional APA claim was precluded, both expressly and impliedly, by the Arms Export Control Act. Karn, 925 F.Supp. at 5-7. The Court then held that plaintiff's Due Process and First Amendment constitutional claims are without merit. Id. at 8-14.

As noted, during the pendency of plaintiff's appeal, export licensing jurisdiction was transferred to the Commerce Department under the Export Administration Regulations. The parties advised the Court of Appeals and noted in particular that the IEEPA, unlike the AECA, did not contain a statutory preclusion of judicial review. In light of the Executive Order and new regulations promulgated under the IEEPA, the Court of Appeals remanded this case to district court "to consider the reviewability of and, if appropriate, the merits of [plaintff's] claim under the Administrative Procedure Act." See Court of Appeals Jan. 21, 1997 Order. The court stated that "[b]ecause 'basic tenets of judicial restraint and separation of powers call upon [the court] first to consider alternative grounds for resolution' when the court is asked to answer a question involving the Constitution of the United States, Lamprecht v. FCC, 958 F.2d 382, 389-90 (D.C. Cir. 1992), we do not reach the constitutional issues raised by this appeal." Id.

Plaintiff petitioned the Court of Appeals for rehearing and requested that it direct the district court to hold an evidentiary hearing on remand. The Court of Appeals declined to do so and, instead, left this to the discretion of the district court by stating, in a one sentence amendment to its remand order, that the "district court may conduct such evidentiary hearings as it deems appropriate" with respect to any disputed issues of material fact as to the application and constitutionality of the new regulations. See Feb. 13, 1997 Court of Appeals Order.

4. Administrative Proceedings On Remand

On remand, the Court established a schedule, which included time for plaintiff to pursue an administrative determination from the Commerce Department. See Order filed June 2, 1997. By letter dated July 22, 1997, plaintiff submitted to Commerce an application requesting "commodity classification" determinations for the contents of his software diskette. See Reinsch, Decl. 11 and Tab 7. In his July 22 letter, plaintiff conceded that the diskette "includes source code for 'strong' encryption which might normally be treated as [Encryption Items]" subject to export control, but argued that it should not be subject to export control because the "identical information" was printed in the Applied Cryptography appendix, and that the source codes on the disk were available on the Internet. Id. and Tab 7.

By letter dated August 22, 1997, the Bureau of Export Administration advised plaintiff of its determination that his diskette includes encryption software programs in source code form that are classified as ECCN 5D002 on the Commerce Control List. Reinsch Decl. 12 and Tab 8. In response to the points raised by plaintiff, BXA noted that the EAR expressly distinguish between printed materials containing encryption source code and encryption source code in electronic form or media, such as his computer diskettes. See Tab 8 at 2 (citing 15 C.F.R.§ 734.3(b)(2)-(3) and accompanying Note). BXA determined that plaintiff's diskette does not merely contain readable information, but software that may easily be compiled and executed on a computer. Id.

With respect to public availability, BXA advised plaintiff that, at the President's direction, the exception to export licensing controls for software or technical data that may be "publicly available" does not apply to encryption software. Tab 8 at 2 (citing Supp. 1 to 15 C.F.R. Part 744, ECCN 5D002). BXA also advised plaintiff that while, in certain circumstances, the foreign availability of items on the CCL affects the availability and scope of export licenses, the President has determined that the export of encryption products formerly regulated under the United States Munitions List ("USML") (such as the diskette at issue) "could harm national security and foreign policy interests even where comparable products are or appear to be available from sources outside the United States." Id. In short, BXA applied its regulations, as mandated by the President, to plaintiff's diskette. Based thereon, plaintiff's diskette was classified ECCN 5D002 and is subject to export licensing requirements.

By letter dated September 30, 1997, plaintiff appealed BXA's determination to Undersecretary Reinsch, reiterating his arguments that the diskette should not be subject to export licensing requirements. See Tab 9 to Reinsch Declaration. By letter dated November 17, 1997, Undersecretary Reinsch affirmed BXA's determination. See Tab 10 to Reinsch Declaration. Undersecretary Reinsch noted that there is no dispute between BXA and plaintiff that, as written, the EAR apply to the software on the diskette. Id. Accordingly, the nature of plaintiff's appeal was a request that BXA revisit the regulations themselves and the encryption export policy on which they were based. Id. While not an appropriate basis for an administrative appeal, Undersecretary Reinsch nonetheless addressed some of the issues plaintiff raised.

First, Undersecretary Reinsch advised plaintiff that his diskette is not subject to export licensing requirements because of any informational value it may reflect. Tab 10 to the Reinsch Declaration. As Mr. Resinch stated, the diskette does not contain mere “text” that can be “read,” but software programming instructions directed to a computer microprocessor that can, with minimal additional effort, readily enable a computer to perform a cryptographic function. Id. In source code form, software can be more easily enhanced and modified, and automatically compiled on a computer in a matter of seconds for execution to encrypt data. Id. In addition, Mr. Reinsch stated that software in source code form is more “portable” for use with different computer operating systems. Id.

Undersecretary Reinsch then addressed plaintiff's contention that the source code in electronic form on the diskette was no different than source code in printed form, and concluded that there are any number of problems that must be overcome before any printed software program will be functional on a computer, from errors in the printed text to errors that can occur in scanning or typing the printed text into a computer. Tab 10 to Reinsch Declaration. As Undersecretary Reinsch explained, the basis for the regulatory distinction at issue is that source code in electronic form as it exists on the diskette can more readily and easily facilitate the spread of an encryption capability abroad. Id. With respect to foreign availability, Mr. Reinsch reiterated that the President has determined that the export of encryption products formerly regulated under the USML (such as the diskette at issue here) could harm national security and foreign policy interests even where comparable products are or appear to be available from sources outside the United States. Id. For these reasons, BXA's original commodity classification determination was affirmed. Thereafter, plaintiff filed the Amended Complaint now pending.


There is no dispute that plaintiff seeks to export a computer diskette containing several encryption source code programs that could be used to maintain the confidentiality of electronic communications. There is also no dispute that the diskette comes squarely within the terms of the EAR. Nonetheless, plaintiff asserts that the government is obligated, both as a matter of administrative law and constitutional law, to allow the unlicensed and unrestricted export of the diskette, regardless of the identity of the recipient of the diskette or the uses to which the diskette's encryption capabilities will be put. None of plaintiff's claims has merit.

Plaintiff's primary contention is that it is irrational for the government to draw a regulatory distinction between a computer diskette containing cryptographic source code in computer-ready electronic form and in printed form. To the extent that this claim is based on the APA, judicial review is precluded since decisions about what items should be controlled for export are based on national security and foreign policy judgments not susceptible to judicial oversight. Plaintiff attempts to circumvent this obstacle by recasting his claim as a constitutional challenge under the Due Process Clause. Should plaintiff's constitutional claims be reconsidered, this claim should again be rejected. As with plaintiff's statutory APA claim, the government is entitled to prevail as long as its actions bear a rational relationship to a legitimate purpose. Moreover, the rationality of the government's policy is not subject to courtroom factfinding.

There is, moreover, a manifestly rational basis for the government's actions in this case. As plaintiff himself inadvertently demonstrated in his declaration submitted to the Commerce Department, a diskette containing source code in computer-ready form provides a materially easier and more reliable basis for performing encryption than does printed source code. Similarly, the fact that some encryption software is already available overseas does not render unconstitutional the government's requirement that reliable U.S.-providers obtain a license to export encryption products in order for the government to assess whether the export might harm U.S. interests.

Plaintiff 's First Amendment claims are likewise without merit. Licensing requirements on a diskette containing encryption software, which can readily be used to program a computer to perform a technical encryption function, are in no way comparable to "prior restraints" on pure information. Cryptographic software, including source code, is licensed for export under the EAR because of its functional capability to maintain data confidentiality, not because of any informational value that it may be claimed to have in a particular case. Indeed, ideas and information about such software are widely and freely published in the United States (and abroad), and such publicly available information is unrestricted for export. The government's reasons for regulating the export of cryptographic source code are entirely unrelated to the suppression of any ideas that may be reflected in the source code, as the district court previously found.


Part A: Statutory Claims


Count I of plaintiff's Amended Complaint alleges that it is arbitrary and capricious, and an abuse of discretion, for the Commerce Department to subject plaintiff's diskette to export licensing requirements when, plaintiff claims, the "identical information" is contained in the appendix of Applied Cryptography. Am. Compl. 57. The Court previously rejected this APA claim on the ground that the Arms Export Control Act expressly barred judicial review of the designation of an item controlled for export. Karn, 925 F. Supp. at 5. The matter was remanded because no statutory preclusion of review presently applies.
The mere absence of a statutory bar to review does not mean that plaintiff may now go forward with his non-constitutional APA challenge. The decision to place encryption products, including cryptographic source code, on the CCL is beyond the reach of judicial review even in the absence of an explicit statutory bar. That decision, and related decisions regarding the scope of the restrictions on the export of encryption items, reflect delicate considerations of national security and foreign policy that are beyond the purview of the judicial branch. Several courts have refused to review the determination of whether an item should be regulated for export -- entirely apart from whether the statute precludes review.

In United States v. Martinez, 904 F.2d 601, 602 (11th Cir. 1990), the court held that the designation of an item on the USML as subject to export licensing requirements for national security reasons — in that case cryptographic devices — "possesses nearly every trait that the Supreme Court has enumerated [that] traditionally renders a question `political.'" Id. (citing Baker v. Carr, 369 U.S. 186, 217 (1962)). Accord United States v. Helmy, 712 F. Supp. 1423, 1428-30 (E.D. Cal. 1989), cert. denied, 504 U.S. 945 (1992). "No satisfactory or manageable standards exist for judicial determination of the issue. . . . ." Martinez at 602.

Questions concerning what perils our nation might face at some future time and how best to guard against those perils "are delicate, complex, and involve large elements of prophecy. They are and should be undertaken only by those directly responsible to the people whose welfare they advance or imperil. . . ." Id. (citing Chicago & Southern Air Lines [v. Waterman SS. Corp.], 333 U.S. 103, 111 (1948)).

Similarly, in United States v. Mandel, 914 F.2d 1215 (9th Cir. 1990), the court held that whether export controls must be placed on a particular item "are quintessentially matters of policy entrusted by the Constitution to the Congress and the President, for which there are no meaningful standards of judicial review." Id. at 1223 (designation of sophisticated computers on the CCL not reviewable). Accord United States v. Moller-Butcher, 560 F. Supp. 550, 553-54 (D. Mass. 1983) ("[t]he power to classify goods on the CCL -- and to restrict them for export on national security grounds -- can (and should) be turned over to the executive branch, as it has the dominant role in conducting foreign policy"). Likewise, in United States v. Bozarov, 974 F.2d 1037, 1041-45 (9th Cir. 1992), cert. denied, 507 U.S. 917 (1993), a case concerning the export of computer disc equipment, the court upheld the constitutionality of the preclusion of judicial review under the EAA, finding that the need for uniformity in the realm of foreign policy is particularly acute; it would be politically disastrous if the Second Circuit permitted the export of computer equipment and the Ninth Circuit concluded that such exports were not authorized by the [Act]. Id. at 1044. See also United States v. Spawr Optical Research, Inc., 864 F.2d 1467, 1473 (9th Cir. 1988), cert. denied, 493 U.S. 809 (1989) ("It would severely undermine the [Commerce] Secretary's authority if judges and juries in individual criminal proceedings were permitted to reverse licensing determinations" as to what items should be covered on the CCL and "it would convert the judicial system into a policy-making forum, one in which the judiciary possess significantly less expertise and resources than the Secretary").

Accordingly, under the foregoing authority, whether cryptographic software -- and in particular, plaintiff's diskette -- "belongs" on the CCL, Martinez, 904 F.2d at 601, whether such software "should have been placed" on the CCL, id. at 602, or whether there was "any basis in fact," Mandel, 914 F.2d at 1222-23, for the Secretary's decision to place such software on the CCL and subject it to export licensing, is not a justiciable question. Reduced to its essence, plaintiff asks the Court to decide what is in the national security and foreign policy interests of the United States, and render a decision contrary to the judgment of the President and Secretary of Commerce. Whether plaintiff's encryption software diskette should be licensed for export turns on discretionary assessments made by Executive branch officials as to whether the uncontrolled distribution of an item overseas might harm U.S. interests. Particularly in the area of encryption, facts and circumstances surrounding the threats faced by the United States, and its capability and judgment on how best to deal with them, are, as the President determined, among the most sensitive national security information. See E.O. 13206, § 1; Halkin v. Helms, 598 F.2d 1, 8 (D.C. Cir. 1978) (upholding state secrets privilege on information related to NSA's collection of intelligence); Martinez, 904 F.2d at 602 (neither the Court nor the parties can be "privy to reports of the intelligence services on which this decision, or decisions like it, may have been based"). Accordingly, plaintiff's remanded APA claim challenging the designation of his diskette as subject to the CCL is not subject to judicial review.


A. Review Of Plaintiff's APA Claims Is Limited To The Record And Turns On The "Rational Basis" Standard.

The standards for judicial review of agency action challenged as "arbitrary and capricious" under Section 706 of the APA are well established. First, such review is not de novo. Rather, "the focal point for judicial review should be the administrative record already in existence, not some new record made initially in the reviewing court." Camp v. Pitts, 411 U.S. 138, 142 (1973). "The task of the reviewing court is to apply the appropriate APA standard of review, 5 U.S.C. § 706, to the agency decision based on the record the agency presents to the reviewing court." Florida Power & Light Co. v. Lorion, 470 U.S. 729, 743-44 (1985). The Court may not review the factual basis of the agency's determination by conducting its own fact-finding proceedings. Rather, where the record may fail to explain the basis of an agency's action, the court should obtain from the agency, including through affidavits if necessary, additional explanation of the reasons for the agency decision. Camp v. Pitts, 411 U.S. at 143.

Moreover, the Court's review of the merits of the agency action is a narrow one. The APA standard of review is highly deferential and presumes the validity of the agency action. Motor Vehicle Manufacturers Ass'n v. Ruckelshaus, 719 F.2d 1159, 1164 (D.C. Cir. 1983); Troy Corp. v. Browner, 120 F.3d 277, 283 (D.C. Cir. 1997). While review should be "careful and searching," the "court is not empowered to substitute its judgment for that of the agency." Citizens to Preserve Overton Park v. Volpe, 401 U.S. 402, 416 (1971); see also National Treasury Employees Union v. Horner, 854 F.2d 490, 498 (D.C. Cir. 1988). Rather, the reviewing court "must defer to the agency if its action has a rational basis in the record." Overton Park, 401 U.S. at 416. As the Court of Appeals has put it: "the proper inquiry under the 'arbitrary and capricious' standard is 'whether a reasonable person, considering the matter on the agency's table, could arrive at the judgment the agency made.'" New York State Commission on Cable Television v. F.C.C., 749 F.2d 804, 813 (D.C. Cir. 1984) (citation omitted). The record of plaintiff's commodity classification request for his software diskette demonstrates a clear rational basis for the government's action.

B. Limiting Export Licensing Requirements To Software In Electronic Media Is Rationally Based.

Plaintiff claims it is irrational for the government to regulate the export of software that is already in electronic form, such as on his computer diskette, but not source code printed on paper. This challenge does not go to the specific commodity classification at issue, but to the regulations themselves, which limit licensing controls to electronic software. Such a distinction is plainly rational, however. Indeed, it demonstrates that the government has not over-reached in regulating encryption software by limiting the scope of the export controls at issue. As stated by Commerce Undersecretary Reinsch, the regulatory distinction is based on the fact that the electronic diskette "can more readily and easily facilitate the spread of an encryption capability abroad." Tab 10 to Reinsch Declaration at 2.

Plaintiff argues, however, that the diskette contains the same "information" as the source codes printed in Applied Cryptography, which were not controlled for export. Tab 9 to the Reinsch Declaration at 3. Plaintiff claims that "[d]ifferences in formatting of information relate to shape, size, type-face and general make-up or arrangement" and that "[s]uch differences do not affect the content of information." Id. This contention is off-point and inaccurate. It is not the "content of information" on the diskette that is at issue, but the ease with which the software programs thereon can be executed on a computer to encrypt data. As Undersecretary Reinsch pointed out, "[t]he diskette does not contain mere 'text' that can be 'read,' but software programming instructions directed to a computer microprocessor that can, with minimal additional effort, readily enable a computer to perform a cryptographic function." Tab 10 to Reinsch Declaration. The "information" on the diskette is quite different from the text of a legal brief or journal article. The diskette contains programming instructions that can ultimately be executed by the computer's microprocessor to enable the computer to perform a technical function -- in this case to encrypt data.

Thus, the notion that the printed book and diskette contain the "same information" misses the crucial point: the diskette is far more than informational, but directly functional as well for use in programming a computer to encrypt data. Indeed, plaintiff himself has stated that the software on this diskette is provided not merely to inform people, but "for those who wish to incorporate encryption into their applications." Tab 6 to Lowell Declaration, March 9, 1994 Letter to State Department at 2. Plaintiff recognized from the beginning of this dispute that his diskette provides a practical means for actually using source codes on a computer to encrypt data.

Recognizing the functionality of the diskette, plaintiff is left to argue that printed versions of the source codes have the same functionality. Citing a declaration he filed in this case, plaintiff argued that the printed source codes can be converted into an electronic format by typing or "scanning" them into a computer through Optical Character Recognition ("OCR") technology. See Tab 9 to Reinsch Declaration and the Declaration of Philip R. Karn. But as plaintiff's own submission demonstrates, there are important differences between software in electronic and printed form, certainly enough to conclude that their different treatment is rationally based.

As Undersecretary Reinsch stated, it is far easier to use the diskette as a means of obtaining encryption software than to start with printed source code. Before printed code can be rendered functional on a computer, any number of problems must be overcome, from errors in the printed text to errors that can occur in scanning or typing the printed text into a computer. Tab 10 to Reinsch Declaration at 2; see also McNamara Decl. 13-14. The source code of a computer program must be set forth precisely in order for the program to be executed. See McNamara Decl. 13. Unless any and all errors that arise through copying the printed source code can be identified and corrected, the program will not work. Id. The process of reviewing source code to detect for errors can be painstaking and tedious, because each character and space of the code must be examined, and some source codes may be quite long and complicated. Id; see DES Source Code at Tab 18 to the McNamara Declaration. Moreover, as Undersecretary Reinsch noted, the printed source code from which the program is typed or scanned into a computer must be error or "bug" free to begin with. Tab 10 to Reinsch Declaration at 2; see also McNamara Decl. 14. Verifying the accuracy of the printed source code requires the expertise of someone familiar with the particular source code language and with the fundamentals of cryptography. McNamara Decl. 14.

Plaintiff's declaration, submitted to the Commerce Department, candidly confirms all of this. Mr. Karn states that after scanning the "TRIPLE DES" source code from the Applied Cryptography appendix into a computer, he "began correcting the scanner's many errors, such as mistaking the digit '0' for the letter 'O' or mistaking the vertical bar '|' for the letter 'I'." Karn Decl. 5. After correcting such errors, Mr. Karn states that the compiling process "immediately pointed out additional errors I had overlooked in my visual inspection so I could correct them by reference to the Book." Id. 6. Mr. Karn "also noticed several errors in the [TRIPLE DES] listing printed in the Book." Karn Decl. 6. Mr. Karn then tested the program but, "[u]nfortunately, the test did not succeed, meaning that at least one error went undetected by the compiler in either the code as printed in the Book or as scanned." Karn Decl. 7. After scrutinizing the code more closely, Mr. Karn said he found and easily corrected another error in the printed version of the source code. "However, it still did not produce correct results." Id. After another hour of searching, Mr. Karn finally located and corrected the error. Id.

In short, on five separate occasions in this process, Mr. Karn encountered and had to correct errors before getting the printed source code properly converted to electronic form. There is, moreover, no genuine dispute of material fact on this issue. The parties stipulated that scanning may not produce error-free reproductions, and that it is thereafter necessary to "debug" the code. Joint Statement Of Facts Not In Dispute 23, 29. The parties also stipulated that the time it takes to type printed code, by itself, does not measure the time needed to execute the program, since typographical errors and program "bugs" must be detected. Id 28. Finally, the parties stipulated that verifying the accuracy of the code requires someone, like Mr Karn, who is familiar with the source code and has knowledge of cryptography. Id. 24.

The parties also agree that, ultimately, the technical impediments of typing or scanning may be overcome to produce executable software. McNamara Decl. 17. But the work Mr. Karn went through, supported by his expertise and knowledge of the source code, only confirms what the district court previously found: it is much easier to insert a ready-made, error-free diskette into a computer and work from there to program the computer to encrypt, than to transform printed source code into a functioning encryption program. See Karn v. Department of State, 925 F. Supp. at 14 ("plaintiff concedes that using the source code in Part Five of Applied Cryptography to encode material takes greater effort and time than using the Karn diskette").
For these reasons, it is surely reasonable for the Commerce Department to conclude that most users would seek to obtain software in an electronic media that renders it easier to "incorporate encryption into their [computer] applications," as Mr. Karn put it, rather than to bother with the scanning or typing process (for which many users would lack the knowledge to correct errors in the code). And, it is also reasonable for the government to conclude that the greater risk of the uncontrolled distribution of encryption software worldwide, and hence the greater threat to the government's national security interests, lies with software that is already in electronic form. For these reasons, plaintiff's remanded APA claim should be rejected.


Plaintiff's second set of statutory claims were not previously litigated, and are based on the new statute underlying the licensing controls at issue — the International Emergency Economic Powers Act. The Amended Complaint alleges two types of statutory violations. First, plaintiff alleges that the "implementation of the EAR, under the auspices of the IEEPA, for a period of more than three years is not authorized by that statute" and, therefore, violates Section 706(2)(C) of the APA. Am. Compl. 71. Second, plaintiff claims that the IEEPA expressly precludes the regulation of encryption software as an "informational" item. The first claim is not reviewable and the second claim clearly meritless.

A. The Court May Not Review The President's Exercise Of Authority Under The International Emergency Economic Powers Act To Extend the Export Administration Regulations.

As explained above, the Export Administration Regulations generally implement the Export Administration Act of 1979, 50 U.S.C. App. §§ 2401 et seq. When the EAA has lapsed, as it presently has, the President has issued Executive Orders under IEEPA directing that these regulations continue in force. The EAA last lapsed on August 19, 1994, and the President has continued the EAR in effect by Executive Order ever since. As should be apparent, plaintiff's claim that this extension exceeds statutory authority is directed at action taken by the President himself. This is fatal to plaintiff's claim, for several reasons.
First, this claim is brought under the APA and the President is not an "agency" under the APA whose actions are subject to judicial review. Franklin v. Massachusetts, 505 U.S. 788, 800 (1992). Assuming "for the sake of argument that some claims that the President has violated a statutory mandate are judicially reviewable outside the framework of the APA, see Dames & Moore v. Regan, 453 U.S. 654, 667 (1981), . . . longstanding authority holds that such review is not available when the statute in question commits the decision to the discretion of the President." Dalton v. Specter, 511 U.S. 462, 474 (1994).

The IEEPA authorizes the President "to deal with any unusual and extraordinary threat, which has its source in whole or substantial part outside the United States, to the national security, foreign policy, or economy of the United States, if the President declares a national emergency with respect to such a threat." 50 U.S.C. § 1701(a). This includes the authority to regulate the export of items subject to the jurisdiction of United States. Id. § 1702(a)(1)(B). In a case considering the same issue present here, United States v. Spawr Optical Research, Inc., 685 F.2d 1076, 1079-1082 (9th Cir. 1982), cert. denied, 461 U.S. 905 (1983), the court refused to review the President's decision to extend the EAR based on a similar grant of authority under the Trading With the Enemy Act, 50 U.S.C. §§ 1-44 ("TWEA"). The court noted that "the statute contained no standards by which to determine whether a national emergency existed or continued," and declined to address "the declaration and duration of a national emergency" to extend the EAR. Spawr, 684 F.2d at 1080.

The practice of using TWEA and IEEPA to maintain EAR controls when the EAA lapses has occurred intermittently for nearly 30 years. As the court in Spawr noted, Congress has "not only tolerated" the practice of extending the EAR by Executive Order when the EAA lapsed, but "expressed approval" of the President's actions to maintain export regulations in this way. Spawr, 685 F.2d at 1081. As one member of Congress observed, "'[o]ne of the reasons why the Export Administration Act has been allowed to expire so many times is because there was [the TWEA] . . . .'" Spawr, 685 F.2d at 1081 (citation omitted). In enacting IEEPA, Congress reaffirmed its approval of the practice of using such emergency authority to extend the EAR when the EAA lapsed. See House Report 95-459 to H.R. 7738, Trading With the Enemy Act Reform Legislation, 95th Cong., 1st Sess. (1977) at 13. As the Supreme Court has stated:

Dames & Moore, 453 U.S. at 668 (quoting Youngstown Sheet & Tube Co. v. Sawyer, 343 U.S. 579, 637 (1952)). Plaintiff cannot satisfy this burden.

There is no doubt that the President has authority under IEEPA to extend the EAR and there is no limit on the length of time that he may so act. Neither the IEEPA nor National Emergencies Act, 50 U.S.C. § 1622, establish a definite time limit on a declared national emergency where the President determines that the emergency continues. These statutes authorize the President to renew a declared emergency annually by transmitting a notice to Congress. 50 U.S.C. § 1622. Any national emergency declared by the President shall terminate only if Congress enacts a joint resolution (which must be presented to the President), or if the President issues a proclamation terminating the emergency. 50 U.S.C. § 1622.

Moreover, the Supreme Court has refused to review the duration of national emergencies that have been imposed by the President. In Regan v. Wald, 468 U.S. 222, 242 (1983), the Court upheld travel restrictions to Cuba imposed by President Kennedy under the TWEA two decades beforehand. The Court rejected as nonjusticiable the contention that "there is no 'emergency' at the present time" and that the relations between Cuba and the United States are subject to ''only the 'normal' tensions inherent in contemporary international affairs." Id. at 242 (citations omitted). See also Welch v. Kennedy, 319 F.Supp. 945, 947 (D.D.C. 1970) (rejecting a claim that the national emergency imposed by President Truman in 1950 with respect to China, North Korea and Vietnam had become "stale," holding that "if such emergency as currently exists does not warrant exercise of the powers granted by Congress in [the TWEA] it is for Congress to speak"). There can be little doubt that the President's use of IEEPA to extend the EAR, for however long necessary, is beyond judicial purview.

B. The IEEPA Provides Statutory Authority To Control The Export Of Encryption Software Such As Plaintiff's Diskette.

The only aspect of plaintiff's statutory authority claim that might be reviewable is whether export controls on cryptographic software maintained by the Secretary of Commerce under the EAR exceed a specific provision of the IEEPA. Plaintiff claims that export controls on his encryption software diskette exceed statutory authority under a provision of IEEPA that precludes the regulation of so-called "informational materials," 50 U.S.C. § 1702(b)(3). Am. Compl. 73. This claim is without merit.
"It is axiomatic that '[t]he starting point in every case involving construction of a statute is the language itself.'" Landreth Timber Co. v. Landreth, 471 U.S. 681, 685 (1984) (quoting Blue Chip Stamps v. Manor Drug Stores, 421 U.S. 723, 756 (1975) (Powell, J. concurring). The first step of statutory construction is to apply the plain meaning of the statute since there is a "strong presumption that Congress expresses its intent through the language it chooses." INS v. Cardoza-Fonseca, 480 U.S. 421, 432 n. 12 (1987). If the language of a statute is clear, the court is to look no further in determining the statute's meaning. If, however, the language of the statute is unclear, the court may enlist the aid of pertinent legislative history. Environmental Defense Fund v. Reilly, 909 F.2d 1497, 1502 (D.C. Cir. 1990).

Pursuant to Section 1702(b)(3) of IEEPA, the authority under that statute does not extend to the importation or exportation of "information and informational materials," whether commercial or otherwise, regardless of format or medium of transmission, including but not limited to "publications, films, posters, phonograph records, photographs, microfilms, microfiche, tapes, compact disks, CD ROMS, artworks, and news wire feeds." 50 U.S.C. § 1702(b)(3). Plaintiff's contention that this precludes export licensing for cryptographic software is without merit. Indeed, this very section provides that exports which are otherwise controlled for national security reasons under Section 5 of the EAA, or anti-terrorism and nonproliferation foreign policy reasons under Section 6 of that Act, 50 U.S.C. App. §§ 2404, 2405, are unaffected by the IEEPA's informational materials provision -- that is, they are not exempt from export control. In transferring encryption items to the Commerce Control List, the President expressly directed that they be subject to the requirements of both Sections 5 and 6 of the EAA. See Presidential Memo at 2, 2. Accordingly, the very "informational materials" provision on which plaintiff relies indicates that where items are subject to the requirements of both Sections 5 and 6 of the EAA, the exemption from control under IEEPA does not apply.

Beyond this, the text of Section 1702(b)(3) does not provide that any software, let alone encryption software, is encompassed by the terms of this exception. Software is a very specific type of commodity and a term of art that is well known to Congress. It is not reasonable to assume that Congress would have omitted the common terms "software" or "computer program" if it intended to preclude any regulation thereof under IEEPA. One term in Section 1702(b)(3) that could be associated with software is "CD-ROMS," which can be a medium for conveying software. But mere reference to this medium is insufficient to conclude that Congress intended to exclude all software from export controls under IEEPA, particularly in light of the separate reference to items regulated pursuant to the EAA.

Legislative history also does not indicate that software is meant to be decontrolled for export by this exemption. Rather, it reflects only a general intent that IEEPA not be used to regulate "information protected by the First Amendment." See House Conf. Rep. 103-482, 1994 U.S. Cong. & Admin. News 305, 483. The intent of the "informational materials" provision is generally "to protect the constitutional rights of Americans" to "educate themselves" about the world by communicating with people of other countries in a variety of ways, such as "sharing information and ideas" with persons around the world, "traveling abroad," and "engaging in educational, cultural, and other exchanges" with persons around the world. Id. at 482. This does not indicate any intent to exclude from export control an item so specific as software, which can have an actual technical capability to enable a computer to perform a specific function. A claim concerning statutory authority turns on what the statute actually provides, not on the post-hoc imposition of a First Amendment theory that Congress never considered.

Finally, construing this "informational materials" provision of IEEPA to preclude export controls on software would lead to "absurd or impracticable consequences." United States v. Missouri Pacific Railroad Co., 278 U.S. 269, 278 (1929); National Ass'n of Broadcasters v. F.C.C., 740 F.2d 1190, 1202 (D.C. Cir. 1984). Software has been subject to export licensing requirements for many years, including on the EAR. In addition, the EAR also regulates the export of technical information, called "technology," which is proprietary (i.e. non-public) information necessary for the development, production, and use of products controlled on the CCL. See 15 C.F.R. § 772 (definition of "technology"); 15 C.F.R. § 734.3(b)(3) (exceptions to technology controls for published information). Such technology can have profound national security and foreign policy implications (for example, information on the manufacture of nuclear facilities or super computers). Under plaintiff's theory, if cryptographic source code were deemed to be a mere "informational material," then no source code could be regulated for export under IEEPA. What is more, "technology" regulated under the EAR, which is also arguably "informational material," likewise would be precluded from export control under the IEEPA. In short, plaintiff's theory would negate significant and long-standing aspects of the U.S. export controls on software and technology. This construction is unreasonable where Congress expressly intended that IEEPA be used to extend the EAR.

Part B: Constitutional Claims


Plaintiff's amended complaint raises several constitutional claims that were previously decided by the Court. The Court of Appeals did not reach these issues and, in remanding the case for reconsideration of a statutory claim, did not reverse or vacate the Court's decision. In substance, the government's determination with respect to plaintiff's diskette is precisely the same as when plaintiff originally filed suit. Moreover, the EAR, in pertinent part, establish the same export licensing requirements that plaintiff originally challenged as unconstitutional. Indeed, plaintiff conceded in the Court of Appeals that his constitutional claims were ripe for appellate review notwithstanding the change in regulatory jurisdiction.

Under these circumstances, there are no grounds for reconsidering the Court's prior analysis. As the Court of Appeals has put it, "the same issue presented in the same case in the same court should lead to the same result." LaShawn A., v. Barry, 87 F.3d 1389, 1393 (D.C. Cir. 1996) (original emphasis). As the Supreme Court has stated, "[i]n the absence of extraordinary circumstances, such as where the initial decision was 'clearly erroneous and would work a manifest injustice,'" courts should be loathe to reconsider prior decisions. Christianson v. Colt Indus. Operating Corp., 486 U.S. 800, 817 (1988) (citations omitted). This doctrine is not a jurisdictional limitation, but does express "the practice of courts to refuse to reopen what has been decided." Messenger v. Anderson, 225 U.S. 436, 444 (1912). Accordingly, absent compelling grounds for reconsideration, the Court's prior conclusions of law should continue to apply to plaintiff's challenge to the EAR. Plaintiff should not get another "bite at the apple" on his constitutional theories for no reason other than that he wants a second opinion.
In addition, the Court of Appeals did not purport to remand all of the issues in this case with its observation that the "district court may conduct such evidentiary hearings as it deems appropriate" with respect to any disputed issues of material fact as to the application and constitutionality of the new regulations. See Feb. 13, 1997 Court of Appeals Order. This states nothing more than the general discretion a district court has in deciding any lawsuit. But the Court of Appeals' Order does not purport to supplant other applicable requirements of law. Plaintiff would still have to demonstrate that such an evidentiary proceeding is warranted. Under Fed.R.Civ.P. 56, the "mere existence of some alleged factual dispute . . . will not defeat an otherwise properly supported motion" for summary judgment. Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 247-48 (1986) (emphasis in original). Rather, the non-moving party "'must come forward with specific facts showing there is a genuine issue for trial.'" Bias v. Advantage International, Inc., 905 F.2d 1558, 1561 (D.C. Cir.), cert. denied, 498 U.S. 958 (1990) (citing Matsushita Elec. Industrial Co. v. Zenith Radio Corp., 475 U.S. 574 (1986)).

In previously granting summary judgment for the government, the Court rejected plaintiff's request for an evidentiary hearing and determined that no genuine issue of material fact exists in this case. This continues to be the case. Neither plaintiff's statutory nor constitutional claims that the regulations are "irrational" are subject to an evidentiary proceeding. Moreover, many of the material facts relevant to plaintiff's claims have been stipulated to. See Defendants' Second Statement of Material Facts As To Which There Is No Genuine Issue 42-51, 53-54. Beyond this, plaintiff's desire to question the national security judgments at issue does not constitute a genuine dispute of fact, as the Court previously found. Karn, 925 F. Supp. at 11 ("plaintiff attempts to disguise a disagreement with the foreign policy judgment of the President as a factual dispute").


A. Designating Plaintiff's Computer Diskette As Subject To Export Control Under the EAR Does Not Violate Due Process.

Plaintiff brings two claims alleging that designation of his computer diskette as subject to the EAR's export licensing requirements violates the Due Process Clause of the Fifth Amendment. First, plaintiff reiterates his claim (raised also on APA grounds) that the government lacks a rational basis for distinguishing between a diskette containing cryptographic source code and source code in printed form in Applied Cryptography. Am. Compl. 61. In addition, plaintiff argues that it is irrational to designate the diskette because such source code is available overseas via the Internet. Id. 67. The Court previously decided these claims correctly. Karn, 925 F. Supp. at 13-14.

It is well settled that a governmental regulation comports with the requirements of the equal protection component of the Due Process Clause "[i]f the laws passed are seen to have a reasonable relation to a proper legislative purpose." Nebbia v. New York, 291 U.S. 502, 537 (1934); PBGC v. R.A. Gray & Co., 467 U.S. 717, 729 (1984); Usery v. Turner Elkhorn Mining Co., 428 U.S. 1, 15 16 (1976); Vacco v. Quill, 117 S.Ct. 2293, 2297 (1997). Rational basis review "'is not a license for courts to judge the wisdom, fairness, or logic'" of governmental policies. Heller v. Doe, 509 U.S. 312, 319 (1993). Rather, under rational basis review, "a classification must be upheld . . . 'if there is any reasonably conceivable state of facts that could provide a rational basis for the classification.'" Heller, 509 U.S. at 320. This standard "does not apply merely to congressional . . . legislative schemes, but extends to administrative regulatory action as well . . . ." Steffan v. Perry, 41 F.3d 677, 684-85 (D.C. Cir. 1994).

The rationality of the government's actions "is not subject to courtroom factfinding and may be based on rational speculation unsupported by evidence or empirical data." FCC v. Beach Communications, Inc., 508 U.S. 307, 315 (1993); Steffan, 41 F.3d at 289. Accordingly, "[t]he government . . . 'has no obligation to produce evidence to sustain the rationality of a [regulatory] classification.'" Steffan, 41 F.3d at 288 (quoting Heller, 509 U.S. at 320). Conversely, a plaintiff cannot prevail by offering to "prove," as a factual matter, that the assumptions underlying the government's actions are incorrect. "Outside of the realm of 'heightened scrutiny' there is . . . never a role for evidentiary proceedings." National Paint & Coatings Ass'n v. City of Chicago, 45 F.3d 1124, 1127 (7th Cir.), cert. denied, 115 S. Ct. 2579 (1995). Under rational basis review, "to say that . . . a [factual] dispute exists -- indeed, to say that one may be imagined -- is to require a decision for the [government]." Ibid. (emphasis in original).

Plaintiff's "due process" claims rest on much the same objections to the "rationality" of the government's actions that underlie the APA claim. But plaintiff cannot circumvent the bar on judicial review of non-constitutional claims by dressing up his APA claim in constitutional garb. See, e.g., Czerkies v. Department of Labor, 73 F.3d 1435, 1439, 1443 (7th Cir. 1996) (en banc). Plaintiff's due process claims are cognizable only to the extent that they transcend the confines of "garden-variety [APA] claim[s]," Czerkies, 73 F.3d at 1443, and demonstrate defects of constitutional magnitude. Plaintiff falls far short of making such a showing.

1. Limiting Export Licensing Requirements To Software In Electronic Media Rationally Based.

Defendants have already outlined above the compelling rationale for subjecting cryptographic software to export licensing requirements: to protect vital national security and foreign policy interests, including the foreign intelligence-gathering capabilities of the United States. This rationale applies with full force to cryptographic software in the form of source code, which can be used to encrypt messages by converting such code for execution through an automated process. As also set forth above, it simply does not follow that the government lacks a rational basis for regulating encryption source code in computer-ready form when printed source code is not treated the same. Plaintiff's own declaration provides a graphic illustration of the obstacles posed by the use of printed source code. It is certainly reasonable for the government to conclude that individuals and entities abroad are more likely to seek a cryptographic capability through software already in electronic form. The government therefore has a rational basis for believing that the unrestricted export of cryptographic source code in electronic form poses a greater threat to its interests than the corresponding export of published materials.

2. Foreign Availability of Encryption Software On The Internet Does Not Render Export Controls Unconstitutional.

Plaintiff also alleges that the government's action is irrational since certain software is available abroad through the Internet. This argument "fundamentally misapprehend[s] the substantive due process guarantee." Lindsey Coal Mining Co. v. Chater, 90 F.3d 688, 694-95 (3d Cir. 1996). If the lines drawn by a regulatory scheme are rational as a general matter, a plaintiff cannot establish a due process violation by attempting to show that the assumptions underlying the law fail in the particular circumstances of the plaintiff's own case. As the Court of Appeals has held, for purposes of rational basis review, "[t]hat there may be exceptions to the assumption[s] on which the regulation is premised is irrelevant, . . . so long as the classification (the regulation) in the run of cases serves its purpose . . . ." Steffan, 41 F.3d at 286. Plaintiff is simply arguing that, to the extent that Category ECCN 5D002 of the CCL includes his diskette, the availability of the same source code on the Internet might make the regulation overinclusive. But "[j]ust because a measure is over- or under-inclusive will not render it irrational." Lindsey Coal, 41 F.3d at 694-95; accord, Steffan, 41 F.3d at 687. As the Supreme Court has made clear, "courts are compelled under rational-basis review to accept [the government's] generalizations even when there is an imperfect fit between means and ends." Heller, 509 U.S. at 321.

Moreover, the government has a rational basis for its action even if the software on plaintiff's diskette, or similar software, is available on the Internet. The United States is not the sole possessor of encryption in the world — a fact that the NSA must deal with every day in carrying out its critical mission. McNamara Decl. 18. That mission is inherently complicated if more sophisticated encryption products from the United States are made readily available overseas by any means of export, for any purpose (commercial or otherwise), to any person, entity, group, or government, and in any quantity. It is clearly reasonable for the government to assume that unrestricted export of plaintiff's diskette would result in wider distribution of the source code. For one thing, a diskette can be sent to persons who do not have access to the Internet. In addition, it is reasonable to assume that at least some foreign users would be more likely to use encryption source code coming directly from a reliable source, rather than depending on a publicly accessible Internet site. See McNamara Decl. 19 ("serious users of encryption are less likely to trust the use of free encryption products available from unknown sources on the Internet, which may contain bugs or viruses"). The very fact that plaintiff anticipates foreign demand for his diskette shows the rationality of that assumption. In addition, apparent existing availability of particular encryption products abroad says nothing about how widely such products are used or how effective such products may be, compared to reliable U.S-origin products, such as Mr. Karn's diskette may be regarded. Given the weight of the government's interests at stake, this judgment by no means constitutionally irrational.

B. Export Controls On Plaintiff's Diskette Do Not Constitute An Impermissible Prior Restraint Under the First Amendment.

Plaintiff next claims that export licensing controls on his diskette constitute an impermissible prior restraint on the disclosure of "ideas and information." Am. Compl. 65. This claim is without merit. Regulating encryption software for export bears no resemblance to classic prior restraints. Prior restraint doctrine applies where, as in the famous Pentagon Papers case, the government seeks to enjoin the publication of information it believes might be harmful to security, New York Times v. United States, 403 U.S. 713 (1970) (per curiam), or where it seeks to disfavor or control certain ideas or information. Near v. Minnesota, 283 U.S. 697, 711 (1931) (state officials sought to censor a newspaper by enjoining it from publishing "scandalous and defamatory matter," including "charges of official misconduct"). Prior restraint theory is concerned with the free flow of pure information and ideas.

Here, in contrast, controls on the export of encryption source code are not aimed at preventing the free exchange of information and ideas about cryptography, either domestically or internationally. The EAR goes out of its way to distinguish between the export of encryption hardware and software, which have a technical capability to encrypt, and the public dissemination of information about cryptography. Information that is or will be made publicly available is not subject to the EAR's controls. See 15 C.F.R. § 734.3(b)(3). This includes publication through open symposia and conferences, fundamental academic research, and information released by instruction at academic institutions. Id. §§ 734.3(b)(3), 734.7, 734.8, 734.9. In addition, the EAR excludes books, magazines, and other printed materials on all subjects, thereby imposing no controls on the export of publications on cryptography. Id. § 734.3(b)(2). Consequently, there is a broad array of publicly exchanged information and ideas on cryptography, from textbooks, to magazine articles, to academic courses, to public symposia. McNamara Decl. 21-39 and Tabs 1-16; see also Tabs 1-21 to the Declaration of Anthony J. Coppolino. In short, the focus of the export controls at issue is not with the spread of ideas, which are widely published, but with the uncontrolled spread of items that can provide an actual capability on a computer to conceal information abroad that is vital to U.S. interests.

C. Export Controls On Encryption Software Are Constitutionally Permissible Content-Neutral Regulations.

The last of plaintiff's constitutional theories is that export licensing controls on his diskette violate his right to the freedom of speech. Am. Compl. 63. Again, this claim was previously analyzed by the Court and decided correctly. Karn, 925 F. Supp. at 9-12. The Court correctly found that "the government regulation at issue is clearly content-neutral" and, therefore subject to intermediate First Amendment scrutiny. See Karn, 925 F. Supp. at 10 (citing United States v. O'Brien, 391 U.S. 367, 377 (1968)); see also Turner Broadcasting System, Inc. v. FCC, 512 U.S. 622, 642 (1994). The government's concern is not with the suppression of ideas, but with the proliferation of cryptographic hardware and software that might make it easier for foreign intelligence targets to deny the United States access to information vital to U.S. interests. Karn, 925 F. Supp. at 10. The Court also correctly found that the government is "not regulating the export of the diskette because of any expressive content." Id. Whatever informative value encryption source code may have for some, it remains a sequence of instructions to a computer, and it is routinely written, distributed, and used for the wholly non-expressive purpose of making a computer carry out specified tasks — here, the task of encrypting data. Indeed, the EAR treats encryption source code exactly like encryption object code and hardware, which are not even arguably a means of expressing ideas about cryptography. See 15 C.F.R. 742.15.

The Court then correctly found that export licensing controls on cryptographic source code satisfies each of the requirements of O'Brien. Karn, 925 F.Supp. at 11-12. The policy plainly "further[] an important or substantial governmental interest," O'Brien, 391 U.S. at 377, since the use of encryption products by foreign intelligence targets "can have a debilitating effect on NSA's ability to collect and report . . . critical foreign intelligence." McNamara Decl. 5; Karn at 11. In addition, the interests served by the EAR's export controls are "unrelated to the suppression of free expression." O'Brien at 377. Clear evidence of this lies in the fact that the government does not regulate the publication of ideas about cryptography or cryptographic software, and academic discussion. See 15 C.F.R. § 734.3(b)(3); McNamara Decl. 20-40; Tabs 1-21 to the Coppolino Declaration.
Finally, the EAR's export controls are narrowly tailored. Id. This requirement is satisfied if the government's interests "'would be achieved less effectively" or would be "more exposed to harm" absent export controls. Clark v. Community for Creative Non-Violence, 468 U.S. 288, 297 (1984); Ward v. Rock Against Racism, 491 U.S. 781, 799 (1989). The unlimited export of significant U.S.-origin encryption would surely expose the government's interests to more harm, and result in those interests being achieved less effectively. See McNamara Decl. 5 (encryption used for foreign intelligence targets can have a debilitating effect on U.S. interests).

At the same time, the government has taken care not to cast its net more widely than necessary. Export controls are targeted at precisely the activity that threatens the government's legitimate interests. First, the regulation at issue applies to actual software programs, not merely descriptions of such programs, or published books, articles, and ideas about cryptography. This "leave[s] open ample alternative channels of communication" for the exchange of information and ideas regarding cryptography. Ward, 491 U.S. at 802. Moreover, not just any type of software is regulated, but a specific kind: encryption software in electronic form. Moreover, not only must the software at issue be encryption software, but a specific type of encryption software. Only programs that have a general capability to encrypt information are at issue here. Furthermore, not every such encryption program is subject to export licensing. Finally, the regulations do not prohibit the export of encryption products altogether, but rather establish a licensing system under which exports that are consistent with our national security and foreign policy interests may go forward. See 15 C.F.R. 742.15(b). For these reasons, export controls on encryption software are narrowly tailored and easily satisfy First Amendment scrutiny.


For the foregoing reasons, defendants' motion to dismiss or, in the alternative, for summary judgment should be granted, and plaintiff's Amended Complaint should be dismissed with prejudice.

Respectfully submitted,

Assistant Attorney General

Acting United States Attorney

Deputy Branch Director

Department of Justice
Civil Division, Room 1084
901 E Street, N.W.
Washington, D.C. 20530
Tel. (Voice): (202) 514-4782
(FAX): (202) 616-8470 or 616-8460

Attorneys for the Defendants.

Office of Chief Counsel for Export Administration
United States Department of Commerce

Office of the General Counsel
National Security Agency
United States Department of Defense