From owner-freebsd-security Wed Aug 27 18:37:12 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id SAA28137 for security-outgoing; Wed, 27 Aug 1997 18:37:12 -0700 (PDT) Received: from sendero-ppp.i-connect.net (sendero-ppp.i-Connect.Net [206.190.143.100]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id SAA28056 for ; Wed, 27 Aug 1997 18:37:02 -0700 (PDT) Received: (qmail 2136 invoked by uid 1000); 28 Aug 1997 01:37:17 -0000 Message-ID: X-Mailer: XFMail 1.2-alpha [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Resent-Date: Tue, 26 Aug 1997 12:23:03 -0700 (PDT) Resent-Message-Id: <199708261923.MAA11338@gambit.punk.net> Resent-From: (Steve Roberts) Resent-To: linux-kernel@vger.rutgers.edu Date: Wed, 27 Aug 1997 18:37:17 -0700 (PDT) Organization: Atlas Telecom From: Simon Shapiro To: freebsd-security@freebsd.org Subject: FW: [OFFTOPIC] US Encryption Rules Rejected Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Interesting, but I disagree with the commentary in the first line ;-) ----- Forwarded Message ----: <199708261923.MAA11338@gambit.punk.net>----- From: (Steve Roberts) To: linux-kernel@vger.rutgers.edu Subject: [OFFTOPIC] US Encryption Rules Rejected >>From another list I am on... looks like the U.S. may finally start not being stupid on encryption.... (we may even be able to have crypto in the kernel distibution soon...) Encryption rules rejected Judge says federal regulations barring unlicensed exports unconstitutional August 26, 1997: 6:15 a.m. ET SAN FRANCISCO (Reuter) - U.S. government regulations on the export of encryption software are unconstitutional, a federal judge ruled on Monday. U.S. District Judge Marilyn Hall Patel said licensing requirements for the export of encryption software and related devices were an unconstitutional prior restraint on First Amendment free speech rights. Patel also issued a permanent injunction barring the government from enforcing the regulations against plaintiff Daniel Bernstein or anyone who sought to use, discuss or publish his encryption program. Encryption involves running a readable message though a computer program that translates the message according to an equation or algorithm into unreadable "ciphertext." "By the very terms of the encryption regulations, the most common expressive activities of scholars -- teaching a class, publishing their ideas, speaking at conferences, or writing to colleagues over the Internet -- are subject to a prior restraint by the export controls ...," Patel wrote in a 32-page ruling released in San Francisco. Patel said that, having found the regulations to be invalid, she could have issued a nationwide injunction barring their enforcement. But she said she had kept the injunction as narrow as possible pending appeal because "the legal questions at issue are novel, complex and of public importance." The ruling is important because the computer industry sees use of encryption technology across country borders as essential for advancing electronic commerce and private communications over the Internet. The government has previously cited national security concerns over the export of encryption programs. As a graduate student, Bernstein developed an encryption algorithm he called "Snuffle." In 1992, Bernstein asked the State Department whether Snuffle was controlled by export regulations then in force which classified cryptographic software as "defense articles." The government told him his program was subject to licensing by the Department of State prior to export. Alleging that he was not free to teach, publish or discuss with other scientists his theories on cryptography embodied in the Snuffle program, Berstein sued the State Department in 1995, challenging the regulations on free speech grounds. Bernstein is now a research assistant professor of mathematics, statistics and computer science at the University of Illinois at Chicago. Patel ruled last December that the old regulations limiting the export of encryption software violated the First Amendment. But late last year, President Bill Clinton issued an executive order transfering jurisdiction over the export of nonmilitary encryption products to the Commerce Department. Patel's latest ruling was on Bernstein's amended lawsuit which included the new regulations and new defendants. Patel said that her finding that encryption source code was speech protected by the First Amendment did not remove encryption technology from all government regulation. Cindy Cohn, a lawyer for Bernstein, called the ruling a "very big victory" for free speech advocates. "This brings us a step closer to people being able to freely publish ideas about encryption," she said. A U.S. Justice Department lawyer who defended the regulations could not immediately be reached for comment. The government could appeal the ruling. --------------End of forwarded message------------------------- --- Sincerely Yours, (Sent on 27-Aug-97, 18:34:40 by XF-Mail) Simon Shapiro i-Connect.Net, a Division of iConnect Corp. Director of Technology 14355 SW Allen Blvd., Suite 140 Beaverton OR 97008 Shimon@i-Connect.Net Voice: 503.677.2900, Emergency: 503.799-2313