1st

FEDERAL COURTS SPLIT ON ENCRYPTION

First Amendment and Judicial Review of Commodity
Jurisdiction Determinations Disputed

TWO FEDERAL JUDGES HAVE REACHED CONFLICTING conclusions on whether existing export controls on encryption software programs violate First Amendment freedom of speech protections. The cases under review were brought by software developers who have been stymied by the regulations in their efforts to distribute their programs—which contain encryption algorithms subject to U.S. export licensing requirements—internationally. Moreover, the cases are one of the numerous battlegrounds in a dispute between encryption software producers that blame the controls for loss of overseas market share and a White House bent on controlling such exports for national security reasons.

In the two cases, Bernstein v. Department of State, and Karn v. Department of State, the plaintiffs argue that the source codes for their software is free speech—just like a book or an article—and thus exempt from governmental regulations aimed at restricting their dissemination.

In Bernstein, Judge Marilyn H. Patel of the U.S. District Court for the Northern District of California on April 15 denied the government’s motion to have the case thrown out. The government had argued that the case was not subject to judicial review. Judge Patel ruled that source code is equivalent to speech and should be afforded protection under the First Amendment. “For the purposes of First Amendment analysis, this court finds that source code is speech,” said Patel in her decision.

The case was brought by Daniel Bernstein, a University of Illinois professor, who as a graduate student at the University of California at Berkley attempted to put the source code for his encryption program “Snuffle” on the Internet for academic discussion. In 1992, the State Department, which administers export licensing restrictions on encryption software, determined that Bernstein’s program fell under its regulatory purview. After several appeals of this determination, Bernstein filed suit.

The suit does not question State’s commodity jurisdiction determination. Commodity jurisdiction decisions are not reviewable by the courts under the Arms Export Control Act (AECA), which codifies State’s export control functions. Rather, the case calls into question the constitutionality of the AECA by claiming that its provisions, as applied to Bernstein’s encryption program, violate his right to free speech.

In the other case, D.C. District Judge Charles R. Richey on March 22 dismissed a similar First Amendment suit brought by Phillip Karn who wanted to export Applied Cryptography, a book written by Bruce Schneier on encryption. Karn’s suit highlights the illogic of U.S. encryption controls: Even though the book outlined source code for encryption programs and was not subject to export controls, the computer diskettes that accompanied the book were.

Richey Misstates Law

Industry officials consider the Karn decision hasty and misguided. “Judge Richey’s decision was perfunctory. He did not give Mr. Karn’s arguments the attention they deserved,” said Professor Hank Perrit, an encryption legal expert and professor at Villonova Law School. “Though there are factual differences between [Bernstein and Karn], the opinion does not use the differences to justify the results,” added Professor Perrit.

In his opinion, Richey attempted to achieve what he a claimed as consistency in U.S. export law. “To achieve consistency between the EAA and the AECA the Court concludes that decisions made pursuant to the commodity jurisdiction procedure should not be reviewable,” said Richey. To wit, he went on at length with an elaborate comparison of the judicial review provisions of the AECA and the Export Administration Act (EAA). “[T]he EAA also contains a judicial review prohibition,” noted Richey.

The problem with Richey’s analysis is that the EAA has lapsed. Meanwhile, the International Emergency Economic Powers Act (IEEPA) presently authorizes export controls. And IEEPA does provide for judicial review. “It’s pretty thin soup,” says Eric Hirschhorn, a lawyer at Winston and Strawn. “His whole attitude is unfortunate,” he continued. Others in the legal community echo this view on Richey’s bungled analogy of AECA and the EAA.

In stark contrast to the Bernstein case, Richey found no merit in Karn’s First Amendment claims. “The [State Department] is entitled to summary judgment on the plaintiff’s First Amendment claim,” said Richey. “It is self evident that the decisions are different, period,” said Thomas Cooper, Karn’s counsel at Venable, Baether, Howard & Civiletti. The differences should lead to interesting activity at the appellate level. Lawyers for Karn filed for appeal on April 19.

Final resolution of both cases will take some time while the Karn dismissal is appealed and the Bernstein cases go to trial. So exporters will have to wait for the impact. “The ultimate result of both of these cases may have high significance for exporters,” said Cooper in an interview.
Encryption controls are becoming the number one issue for the exporter lobby. To make commerce work on the Internet good security must be available. The export control regime for mass-marketed software is an anachronism, notes Professor Perrit. “We are beginning to have it available all of the world.”

In that context, the Karn case is a step back, and the Bernstein case a step forward. But with final resolution in the courts years away, it seems that only legislation could set things straight. Not too likely for this thorny problem in an election year.n