杏吧原创

Internet encryption ban ‘violates free speech’

TIME is running out for the US government to counter claims that it is acting illegally by restricting the export of data encryption technology on the Internet.

In February, Daniel Bernstein, a graduate student at the University of California, Berkeley, filed a complaint against the Department of State, the Department of Defense, the Department of Commerce and the National Security Agency, plus named officials and department heads. The defendants were each given 60 days to reply.

鈥淲e鈥檙e asking for a court to say that what they鈥檙e doing is unlawful,鈥 explains Lee Tien, a member of the team of lawyers representing Bernstein, 鈥渁nd then on top of that for a court to say not only is it unlawful but you can鈥檛 do it any more.鈥

The US鈥檚 International Traffic in Arms Regulations controls the export of strong encryption techniques, defining them as munitions. Postings on the Internet can be accessed from anywhere in the world, so the government says that Bernstein would be in breach of ITAR if he publishes his encryption research on the network. But Bernstein claims that this violates his right of free speech, which is guaranteed under the American constitution. Bernstein鈥檚 legal costs are being underwritten by the Electronic Frontier Foundation, a group based in Washington DC, which campaigns for the extension of constitutional protection to the Internet.

Bernstein鈥檚 troubles began in 1992 when he asked the State Department for permission to publish his research on encryption. He wanted to distribute an algorithm called Snuffle, together with a research paper and a software program based on it. Snuffle is designed to make live communications secure. His plan was to circulate his work to cryptography specialists for peer review on the Internet and in scientific journals.

The department replied that he would first need a licence to operate as an arms dealer, after which he would have to get separate approvals to send information to each recipient of either the software, or the paper describing the software. He appealed against the ruling in 1993 but has never received a response, which has left him unable to publish his research. Defying the regulations could mean a jail sentence.

Bernstein and his lawyers, the San Francisco-based firm of McGlashan and Sarrail, say that the regulations constitute 鈥減rior restraint鈥, which is banned by the First Amendment to the constitution. Prior restraint means preventing someone from speaking out in case they say something objectionable, rather than allowing them to speak and then taking action.

Bernstein鈥檚 complaint will be the first such case to be heard in the US. But software developer Phil Karn expects to follow him into the courts. Karn is appealing against the State Department鈥檚 decision that the floppy disc of text and program files issued with his book Applied Cryptography cannot legally be exported.

Meanwhile in Britain, a student at the University of Exeter has produced an version of a well-known encryption algorithm known by the acronym RSA. Adam Back is signing off all his messages to the Internet with the algorithm 鈥 his version is just the right length for a standard signature file. And at the Computers, Freedom, and Privacy Conference in San Francisco last week, Duncan Frissell, a lawyer from New York, printed the RSA signature file onto sticky labels, along with warnings that 鈥淔ederal law prohibits transfer of this label to foreigners鈥.