D. J. Bernstein
Bernstein v. United States

Summary of the regulations

The executive branch of the United States government used export-control laws for decades to interfere with research into Internet security.

The government regulations are extremely complicated, but the basic idea is simple. You aren't allowed to ``export'' instructions and advice on protecting computers and communications against attackers, unless you first

  1. show the information to the government and
  2. wait for the government censors to approve the ``export.''
``Export'' is defined as disclosure to foreigners, inside or outside the United States. Violators are subject to huge civil and criminal penalties.

Can you imagine how painful it would be to talk to someone if every new line out of your mouth had to be cleared with the government before you said it?

There are many exceptions to the regulations. The most famous exception is the printed-materials exception, applied on a case-by-case basis by the government before 1996 and made official in 1996: printed books and other printed materials are not subject to the regulations.

In January 2000, the government added a big new exception, allowing many types of information to be published without government censorship. However, the regulations still require showing the materials to the government before ``export,'' so American cryptographers still aren't allowed to have in-person scientific discussions with foreign cryptographers. Furthermore, some types of information are still censored.

The government subsequently stated that notification was not required for researchers collaborating at conferences, and that licenses were not required for commercial book publishers or for assembly-language publishers.

Purpose of the regulations

What is the government, particularly the National Security Agency, trying to accomplish with these regulations?

The official story from the government lawyers is that the regulations prevent terrorists from communicating in secret. This is patently absurd. Terrorists have been able to communicate in secret for many years, as illustrated by NSA's failure to prevent the 1993 World Trade Center bombing that killed 6 people, the 1998 embassy bombings that killed 224 people, and the 11 September 2001 attacks that killed thousands of people.

Unbreakable cryptographic software has been widely available for a long time. (Recent research has focused on making cryptography faster and more convenient for legitimate users; but inconvenience doesn't seem to stop terrorists.) Even if we burned every book on cryptography, erased every legitimate copy of cryptographic software, and swore never to breathe a word about cryptography again, terrorists would still be able to communicate in secret. As one judge put it: ``The barn doors are open and the pigs have fled.''

Many people believe that the government's real goal is to keep cryptography out of the hands of legitimate users. However, there isn't enough evidence at this point to come to any definite conclusions about the government's interests. Specifically:

Many people also believe that the government's regulatory changes in 1996 and 2000 were deliberate attempts to evade judicial review. However, there isn't enough evidence to be sure about this.

My lawyers filed declarations in 1995 and 1996 describing in more detail the factual issues that should be addressed at trial. If you're an attorney, and if you might be interested in helping me interview NSA employees and review NSA files during pre-trial discovery in any subsequent court battles, send email to djb-privileged-discovery@cr.yp.to explaining your background and qualifications.

Of course, regulations can be held unconstitutional without a trial, when it simply doesn't matter what the government is trying to accomplish. This happened several times in my case.