1997-09-06 - Re: A helluva way to run a country, er, a world

Header Data

From: “Peter D. Junger” <junger@upaya.multiverse.com>
To: Cypherpunks <cypherpunks@cyberpass.net>
Message Hash: 30584074775882953a4c8845acce29b7dae30a193ebad4b34fd561651649eb2b
Message ID: <199709061848.OAA16428@upaya.multiverse.com>
Reply To: <v03102809b03734c24855@[]>
UTC Datetime: 1997-09-06 19:01:09 UTC
Raw Date: Sun, 7 Sep 1997 03:01:09 +0800

Raw message

From: "Peter D. Junger" <junger@upaya.multiverse.com>
Date: Sun, 7 Sep 1997 03:01:09 +0800
To: Cypherpunks <cypherpunks@cyberpass.net>
Subject: Re: A helluva way to run a country, er, a world
In-Reply-To: <v03102809b03734c24855@[]>
Message-ID: <199709061848.OAA16428@upaya.multiverse.com>
MIME-Version: 1.0
Content-Type: text/plain

I am not sure how serious the proposed FBI-backed bill is.  It may
just be intended as a bargaining chip.  Or perhaps its sponsors are
as clueless about contitutional law as they are about cryptography and
how computers work.

It is conceivable that the courts might uphold (a carefully drafted)
law regulating the _use_ of cryptographic software, but the proposed
bill does not do that.  Instead it provides:

        (b) As of January 1, 1999, it shall be unlawful for any
        person to manufacture for sale or distribution within
        the U.S., distribute within the U.S., sell within the
        U.S., or import into the U.S., any product that can be
        used to encrypt communications or electronic
        information, unless that product:

         (1) includes features, such as key recovery, trusted 
         third party compatibility or other means, that

          (A) permit immediate decryption upon receipt of
          decryption information by an authorized party without
          the knowledge or cooperation of the person using such
          encryption product; and

          (B) is either enabled at the time of manufacture,
          distribution, sale, or import, or may be enabled by the
          purchase or end user; or

         (2) can be used only on systems or networks that include
         features, such as key recovery, trusted third party
         compatibility or other means, that permit immediate
         decryption by an authorized party without the knowledge
         or cooperation of the person using such encryption
But notice that the ``products'' that are described here are actually
software, are computer programs.  (I suppose that some products could
be physical devices with the programs hard-wired or in firmware, and
to the extent that there are such devices the following analysis may
not be applicable.)

Now, although it is possible that Judge Freeh and Senator Feinstein are
not aware of the fact, computer programs are written and published, and
they certainly are not ``manufactured'' in any accepted meaning of that
word, and their writing and publication is---as Judge Patel just held
once again---protected by the First Amendment to the United States
Constitution like any other writing or publication.  It may, as I said,
be possible under the Constitution to regulate the use of cryptographic
software, but to forbid the publication (distribution, sale, or import)
of software because its content is unpleasing to the government is a
blatant violation of the First Amendment.

Yet the draftsmen of the Bill do not purport to regulate the use of
cryptographic software, they only purport to forbid its publication.

Which I find strange.

What I also find strange is that the ardent opponents of the CDA do
not seem much disturbed by such a proposed violation of the First
Amendment, or by the present constitutional violations embodied in the
``export'' regulations on encrption software that are being challenged
in the _Bernstein_ and _Junger_ cases.  Somehow those who care about
the right of programmers to express their ideas and to publish the 
software that they write have failed miserably in explaining to the
public, including those organizations that have traditionally been
concerned with protecting civil liberties, that programs are written
and published like any other text.

Part of the problem may be that those who publish software
commercially would rather be thought of---and regulated
as---manufacturers.  The last thing that they want is for people to
start claiming a first amendment right to read their programms and to
copy the ideas, or criticize the expression of the ideas, that are
buried there.  To the software moguls ``free speech'' must sound an 
awful lot like ``free software''.  And, however distasteful they may
find the proposed legislation, it at least has the virtue of making it 
illegal to import or distribute Linux.  And the nice thing about 
regulations of the sort proposed is that they raise insurmountable
barriers for any competitor who hopes to enter the market place for
computer software.

Another reason that there may not be so much concern among traditional
civil libertarians about the First Amendment implications of this
proposed crypto legislation or of the export regulations on encryption
software is that---as hard as it may be for the denizens of this list
to comprehend---they are simply not interested in cryptography.

But the constitutional issues raised by the proposed bill and the
export regulations on cryptographic software implicate all software,
not just encryption software.  For whatever else it may be, all
software is functional, and the government's argument comes down to
the claim that they can censor software because it is functional and
that ``functionality'' is not protected by the First Amendment.  Thus,
according to the arguments that have been made by the President
himself, it would be perfectly constitutional for the government, in
order to encourage efficiency and interoperability, to forbid the
publication of any software that does not comply with the Windows 95

Here is what President Clinton had to say when he transferred the
regulation of cryptographic software from the Department of State to
the Department of Commerce:

 Because the export of encryption software, like the export of other
 encryption products described in this section, must be controlled
 because of such software's functional capacity, rather than because
 of any possible informational value of such software, such software
 shall not be considered or treated as ``technology,'' as that term is
 defined in section 16 of the EAA (50 U.S.C. App. 2415) and in the EAR
 (61 Fed. Reg. 12714, March 25,
Don't you find that rather frightening?

Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
 EMAIL: junger@samsara.law.cwru.edu    URL:  http://samsara.law.cwru.edu   
     NOTE: junger@pdj2-ra.f-remote.cwru.edu no longer exists