Summary of the regulations

The government regulations are extremely complicated, but the basic idea is simple. You aren't allowed to ``export'' instructions and advice on protecting computers and communications against attackers, unless you first

1. show the information to the government and
2. wait for the government censors to approve the ``export.''

Can you imagine how painful it would be to talk to someone if every new line out of your mouth had to be cleared with the government before you said it?

There are many exceptions to the regulations. The most famous exception is the printed-materials exception, applied on a case-by-case basis by the government before 1996 and made official in 1996: printed books and other printed materials are not subject to the regulations.

In January 2000, the government added a big new exception, allowing many types of information to be published without government censorship. However, the regulations still require showing the materials to the government before ``export,'' so American cryptographers still aren't allowed to have in-person scientific discussions with foreign cryptographers. Furthermore, some types of information are still censored.

The government subsequently stated that notification was not required for researchers collaborating at conferences, and that licenses were not required for commercial book publishers or for assembly-language publishers.

Purpose of the regulations

The official story from the government lawyers is that the regulations prevent terrorists from communicating in secret. This is patently absurd. Terrorists have been able to communicate in secret for many years, as illustrated by NSA's failure to prevent the 1993 World Trade Center bombing that killed 6 people, the 1998 embassy bombings that killed 224 people, and the 11 September 2001 attacks that killed thousands of people.

Unbreakable cryptographic software has been widely available for a long time. (Recent research has focused on making cryptography faster and more convenient for legitimate users; but inconvenience doesn't seem to stop terrorists.) Even if we burned every book on cryptography, erased every legitimate copy of cryptographic software, and swore never to breathe a word about cryptography again, terrorists would still be able to communicate in secret. As one judge put it: ``The barn doors are open and the pigs have fled.''

Many people believe that the government's real goal is to keep cryptography out of the hands of legitimate users. However, there isn't enough evidence at this point to come to any definite conclusions about the government's interests. Specifically:

• Some people point to the government's admitted wiretapping of protesters such as Martin Luther King, Jr., in the 1960s. However, the government says that it doesn't do that sort of thing any more.
• Some people point to the government's ECHELON system. According to a European Parliament report, ECHELON is a massive interception system aimed at ``private and commercial'' communications, and ECHELON ``probably'' violates the European Convention on Human Rights. However, the government says that it intercepts corporate communications for only one reason, namely to prevent illegal bribes.
• Some people point to the amount of money that NSA receives to supply cryptography to other parts of the United States government. However, NSA says that it really doesn't mind competition.

My lawyers filed declarations in 1995 and 1996 describing in more detail the factual issues that should be addressed at trial. If you're an attorney, and if you might be interested in helping me interview NSA employees and review NSA files during pre-trial discovery in any subsequent court battles, send email to djb-privileged-discovery@cr.yp.to explaining your background and qualifications.

Of course, regulations can be held unconstitutional without a trial, when it simply doesn't matter what the government is trying to accomplish. This happened several times in my case.