Date: Mon, 16 Mar 1998 20:20:52 -0800 To: bernstein-announce@toad.com From: Cindy Cohn Subject: Cohn Testimony Here is the text of my testimony before the Senate Judiciary Committee's Subcommittee on Constitution, Federalism and Property Rights on Tuesday March 17. TESTIMONY OF CINDY A. COHN; LEAD COUNSEL, BERNSTEIN v. DEPARTMENT OF JUSTICE, ET AL. I want to thank the Sub-Committee for inviting me here today. Although there have been very many hearings and much discussion about cryptography here in Washington, this is the first, I believe, to seek testimony from one of the attorneys directly involved in the legal challenges to the cryptography regulations. I've been asked here because I am lead counsel in the case of Bernstein v. Department of Justice, et al. With the help of the Electronic Frontier Foundation, Professor Daniel J. Bernstein has been trying for over six years to publish on the Internet a simple cryptographic computer program which he wrote. He has been told that if he does, he will be prosecuted. We argued that American scientists, be they academics, in industry or hobbyists, should not have to submit their own work prior to publication to faceless government bureaucrats. This is especially so when those same bureaucrats have unchecked discretion to bar them from publishing his work. That is what the current scheme allows. In fact, before we brought suit those same agency bureaucrats told Professor Bernstein that publishing an academic paper about his software would be illegal and that putting his software into a public library would be illegal. The Federal District Court for the Northern District of California has agreed with us that the regulations are in violation of the First Amendment on their face, meaning that they violate the First Amendment rights of all Americans, not just Professor Bernstein. KARN AND JUNGER: TWO OTHER LEGAL CHALLENGES Two other similar cases are also pending. The first, Karn v. U.S. Department of State, is here in D.C. District Court. The Karn case is the clearest example of the quip often made about the Administration's cryptography policy--that it is based upon the belief that terrorists can't type. Mr. Karn was told that, although a book containing computer source code could be freely sent abroad, a floppy disk containing the exact same information could not. The second case, Junger v. Christopher, is in Cleveland, Ohio, and is based upon the government's position that Professor Junger, a law professor at Case Western University could be prosecuted for teaching a Computers and the Law course in his usual way. RULINGS OF THE BERNSTEIN CASE In the Bernstein case we have received three rulings from the District Court so far, all in our favor: 1) April 1996: Computer program source code is speech; 2) December 1996: ITAR was unconstitutional; 3) August 1997: New Commerce Department cryptography regulations issued in December, 1996 are unconstitutional. In short, the Federal District Court has declared that every single one of the current (and previous) regulations of encryption software are unconstitutional. The final ruling in our favor was appealed by the Administration, argued in December, 1997 before the Ninth Circuit Court of Appeals, and is now awaiting decision. I have attached a copy of the third District Court opinion to my written statement for your review. I hope you have your staff take the time to review it--it gives a clear and concise statement of some of the key constitutional requirements that any legislation on cryptographic software must meet and a better explanation than I could ever give you about why the current regulations are unconstitutional. As I mentioned before, the Bernstein case challenges the current government restrictions on cryptographic software on the grounds that they are in violation of the First Amendment. Although our case focuses, as it must, on the current regulations, the analysis would apply as well to proposed domestic restrictions which would restrict or license the creation, distribution or receipt of cryptographic software. Indeed, the constitutional problems which would arise if domestic controls were imposed are even more severe than those of the current scheme. The first doctrine of First Amendment law which the cryptography regulations violate is prior restraint of speech. The Bernstein case focuses on the easiest flaws to see in the current scheme--the lack of procedural protections. The Supreme Court has long held that if the government wants to institute a prepublication licensing scheme, it must contain: 1) Prompt decision - no more than 2 weeks; 2) Only a court can stop publication; the government must bring a court case rather than act administratively; 3) Government bears burden of proof in Court. This comes from a seminal Supreme Court case called Freedman v. Maryland. I should point out that as much as I would like to take credit for our legal analysis, we were not the first to see this problem. In fact, the first people to point out this problem in the regulations were in the Justice Department's Office of Legal Counsel in 1978. You see, the agencies have known for 20 years that this scheme is unconstitutional. Their own lawyers told them so. That is why you never hear them mention the First Amendment in their presentations to you. COMPUTER SOFTWARE IS PROTECTED EXPRESSION The key point in our case, and in your consideration of any proposed legislation, is that source code is protected expression for purposes of the First Amendment. On this point, the administration largely agrees. Let me repeat that--the Administration has not denied that in regulating computer software it is also regulating the "expressive activities" of Americans. This conclusion, which is obvious to anyone who has ever written or read a computer program, is also consistent with what Congress has repeatedly acknowledged. Software is treated as identical to other forms of protected expression in both the Copyright Act and the Freedom of Information Act. From a legal standpoint, the Bernstein case is not complex, nor does it break any dramatic new ground. It simply asks the courts to recognize that the First Amendment extends to science on the Internet, just as it does to science on paper and in the classroom. For it is this scientific freedom which has allowed us to even have an Internet, as well as the many other technologies which we enjoy today. OTHER FIRST AMENDMENT TESTS WHICH CRYPTOGRAPHY REGULATION MUST MEET Up to this point everything I've said isn't just my opinion. It's been decided by the Federal District Court. My legal team and I believe that there are other strong Constitutional reasons which prevent the regulation of cryptographic software. The District Court did not need to address these additional reasons, since it agreed with us that the first alone was sufficient to invalidate the regulations. In addition to procedural protections, the Constitution requires that any regulation which institutes a licensing scheme, or any other form of prior restraint, pass the strictest of tests. Even a claim of national security or public safety must be carefully weighed against our fundamental rights, and must be supported with hard evidence of direct, immediate and irreparable harm, not just conjecture and a few frightening scenarios. Further, aside from prior restraint, a scheme which targets speech on the subject of cryptography and treats that speech differently from speech on other topics must pass the tests of strict scrutiny--that the regulation address a compelling government interest and be narrowly tailored to reach only that interest and no further. That is, the government's concern about national security cannot reach so broadly as to prevent law-abiding citizens from having access to software which they can use for completely lawful purposes. Put into another context, it means that the government cannot require all of us to deposit our house keys with them on the off chance that one of us is a criminal. Further, the government must prove that their restrictions on speech actually meet their goals. Here, such proof would be difficult since terrorists, pedophiles and drug dealers can simply purchase or download strong German, Swiss or Japanese encryption software that is freely available all over the U.S. and the world--over 500 at last count. If necessary, criminals could even type in or scan one of the computer programs printed in the many books published on the subject. THE ADMINISTRATION'S LEGISLATIVE PROPOSALS FAIL THESE FIRST AMENDMENT TESTS Neither the current scheme nor any administration-supported, so-called "compromise" schemes proposed so far addresses these First Amendment problems. And even the SAFE bill, which is well-intentioned, fails to contain an assurance of judicial review of any agency decision to prevent publication due to alleged national security concerns, a key element required by the Constitution. SAFE also does not clearly protect scientists such as Professor Bernstein, but only protects those who seek to distribute mass market software already available abroad. This means that American scientists can no longer participate in the ongoing international development of this vital and important area of science. ENCRYPTED SPEECH IS STILL SPEECH In addition, we believe that regulation of encryption software and technology violates the First Amendment because of what encryption does. Encryption allows people to use electronic envelopes to protect their speech. The Supreme Court has noted that a state could not regulate ink or paper without raising constitutional concerns. We believe that similarly the government cannot prevent Americans from using electronic envelopes or require them to use key-escrowed envelopes without violating their First Amendment rights. This is because such rules compel them to speak to the Government anytime they wish to speak to anyone else. Encrypted speech is still speech. The elimination of privacy creates a chilling effect on that speech which implicates the First Amendment. ENCRYPTION WAS USED BY THE FOUNDING FATHERS In fact, in our research for this case we have discovered that the Founding Fathers used cryptography on a regular basis. Even the Constitution and the Bill of Rights themselves were often encoded, as Thomas Jefferson and James Madison exchanged drafts of those seminal documents. Cryptography was used by a virtual Who's Who of the American Founding Fathers--not only Jefferson and Madison but Benjamin Franklin, Alexander Hamilton, John and Abigail Adams, Aaron Burr, and many others. In sharp contrast to the Administration's arguments today, they viewed cryptography as an essential instrument for protecting information, both political and personal. Our research indicates that when the First and Fourth Amendments were enacted in the late 1700s, any suggestion that the Government should have the ability to prevent individuals from encrypting their messages, or that the Government should have a back-door key to all encrypted messages, would have struck the Constitution's framers as ridiculous. CONCLUSION In sum, our legal challenge to the current restrictions on encryption software is succeeding. It is succeeding because the First Amendment is clearly violated when the government institutes a prepublication licensing scheme which allows agency bureaucrats unfettered discretion to prevent American scientists from publishing their own ideas. It is succeeding because the Courts have recognized the importance of keeping the First Amendment intact as we move into the information age. As you consider the many legislative proposals about cryptography, we hope you will do the same. ****************************** Cindy A. Cohn, Cindy@McGlashan.com McGlashan & Sarrail, P.C. 177 Bovet Road, 6th Floor San Mateo, CA 94402 (650) 341-2585 (tel) (650) 341-1395 (fax)