First Amendment Freedoms and the Encryption Export Battle: Deciphering the Importance of Bernstein v. United States Department of Justice, 176 F.3d 1132 (9th Cir. 1999)

• Publication year: 2021

79 Nebraska L. Rev. 465. First Amendment Freedoms and the Encryption Export Battle: Deciphering the Importance of Bernstein v. United States Department of Justice, 176 F.3d 1132 (9th Cir. 1999)

465

Note* David McClure

First Amendment Freedoms and the Encryption Export Battle: Deciphering the Importance of Bernstein v. United States Department of Justice, 176 F.3d 1132 (9th Cir. 1999)

`[E]ncryption technologies are the most important technological breakthroughin the last one thousand years. No other technological discovery . . . will havea more significant impact on social and political life. Cryptography willchange everything.'(fn1)

TABLE OF CONTENTS

I. Introduction: Where Encryption Meets
the First Amendment................................... 465
II. Encryption and Its Importance Today................... 466
A. Modern Encryption At Work.......................... 467
B. Encryption Regulations............................. 469
III. Bernstein v. United States Department of Justice...... 470
IV. The Battle and the First Amendment's Effect on It..... 472
A. The Battle Lines................................... 472
B. Which Side Should the First Amendment Favor?....... 477
C. Future Implications................................ 482
V. Conclusion: The Greater Importance of Bernstein....... 483

I. INTRODUCTION: WHERE ENCRYPTION MEETSTHE FIRST AMENDMENT

For many years, a battle has raged over export restrictions on strong encryption products. Encryption ensures confidential and se

466

cure communications among individuals, and the Commerce Department and the State Department have long restricted its export because of national security concerns.(fn2) Industry and privacy groups have fought against the restrictions for various reasons, ranging from the desire to sell encryption software in new markets to preventing government from accessing personal communications between individuals.(fn3) Daniel Bernstein, a computer science graduate student, challenged these restrictions in 1996, placing himself in the center of this ongoing battle.(fn4) In 1999, the Ninth Circuit Court of Appeals held in Bernstein's favor, saying that such restrictions constituted a violation of the First Amendment.(fn5) This ruling changed the dynamic of the encryption export debate, and it has helped propel to victory those who oppose regulations on the technology.

The first part of this casenote provides background information necessary to understand the history and nature of encryption technology and the regulations that restrict its export. The second part provides a detailed analysis of Bernstein v. United States Department of Justice.(fn6) The casenote ends with an examination of the competing views in the encryption export battle and a discussion of the First Amendment's influential role in the overall conflict.

II. ENCRYPTION AND ITS IMPORTANCE TODAY

Cryptography, the art of secret writing, has existed in some form since the dawn of history-from the first observers of Egyptian hieroglyphs(fn7) to the biblical Daniel's deciphering of handwriting on the wall.(fn8) It has been a passion and practice of some of history's notable figures, including Thomas Jefferson who is considered the `Father of American Cryptography' for his invention of the `wheel cypher' in the 1790s.(fn9) Throughout the ages, cryptography's most visible participants have been governments and militaries fighting battles and wars in which intercepted and deciphered messages meant victory or de-feat.(fn10) Approximately thirty years ago, however, cryptography started taking on greater importance outside the realm of kings and spies.

467

Modern encryption emerged during the 1970s as a result of government and industry research and interaction-the primary players being Stanford and MIT researchers, IBM, and the National Security Agency.(fn11) This research produced two important breakthroughs in cryptosystems: (1) the Data Encryption Standard (DES); and (2) RSA (the Rivest-Shamir-Aldeman algorithm).(fn12) These new technologies, combined with the advent of other modern communication technologies, such as the fax machine and internet, were major steps in encryption's expansion beyond governmental and military usage.(fn13) The efforts of software engineer Philip Zimmerman took the process even further. He developed Pretty Good Privacy (PGP), encryption software for ordinary e-mail, and published it as freeware in 1991.(fn14) This made encryption available worldwide and greatly concerned the United States government, prompting it to initiate a three-year criminal investigation of Zimmerman based on U.S. export restrictions.(fn15) While worldwide security for sending messages would seem to be a positive development, such protection worried officials concerned with national security. In order to understand these governmental fears, it is important to recognize how modern encryption works.

A. Modern Encryption at Work

Modern digital encryption has been described as a `lockbox' placed around a message by the sending party that can only be retrieved by someone with the appropriate electronic key.(fn16) The value of the technology is its ability to maintain the secrecy and security of the message throughout the delivery process. One commentator states:

The technology is the equivalent of the lock on the front door of a house. Without a lock, the house would have limited value and would be difficult to sell. With a relatively low-cost lock in place, the contents of the house are secure, and the value of the house increases tremendously.(fn17)

This is the general function of encryption, but it is necessary to examine more technical aspects and terminology(fn18) to understand where governmental anxieties originate. One scholar provides this

468

concise explanation of the encryption process: `using a computer program, an encryption algorithm (a mathematical equation) converts a plaintext message and encodes it, using a key, into apparently unintelligible ciphertext.'(fn19) Each component is critical to the process, but it is the electronic key that is at the center of the encryption controversy. Keys are used to encrypt and decrypt messages. There are primarily two types of encryption systems: 1) private key systems, also known as `secret key,' `single key,' or `symmetric' key systems; 2) public key systems, also known as `public-private key,' `dual key,' or `asymmetric' key systems.(fn20) In private key systems, both the sender and receiver use the same key. In public key systems, two keys are used-a public key that is posted on the internet or elsewhere that can only be used to encrypt the message, and a private key that is held by the recipient party solely to decode the message. Public key systems are more advantageous in that they avoid the danger of transporting the same key between parties.

In each of the two systems, keys consist of `bits,' which are the binary units of information that have the value 0 or 1.(fn21) In order to decode a message by `brute force' (i.e., without having the key), it is necessary to try every possible key combination.(fn22) Therefore, the longer the key, the more difficult it is to decipher the message. The strength of the encryption key grows exponentially with each additional bit.(fn23) For example, a one-bit key would have two possibilities, but a two-bit key would have four possibilities. The Digital Encryption Standard (DES), the standard since the 1970s, uses a 56-bit key, and thus has 256 possibilities (or approximately 7.2057594 and times; 1016 pos-sibilities).(fn24) Philip Zimmerman's PGP troubled government officials because it used a 128-bit key.(fn25) It is possible to crack a 56-bit key using a number of high-powered computers,(fn26) but current technology would take several trillion times the age of the universe to crack a

469

128-bit key.(fn27) Uncrackable encryption technology in the hands of terrorists, drug smugglers, tax evaders, and foreign governments could frustrate U.S. law enforcement and foreign policy interests.

B. Encryption Regulations

Despite its possible illegal uses, encryption is not regulated in any manner within the United States; individuals can sell, manufacture, use, and import encryption technology of any strength.(fn28) There are restrictions, however, on the export of strong encryption technology. Such restrictions are not a new development,(fn29) but opposition to them has reached fever pitch in recent years. The Arms Export Control Act (AECA)(fn30) and the Export Administration Act (EAA)(fn31) govern the export of encryption. Prior to 1996, the State Department was charged with promulgating International Traffic in Arms Regulations (ITAR)(fn32) to implement AECA. Under these regulations, encryption software was frequently designated as a `munition' and placed on the United States Munition List (USML) pursuant to ITAR.(fn33) In 1996, President Clinton issued an Executive Order transferring jurisdiction over nonmilitary encryption products from the State Department to the Department of Commerce.(fn34) The Executive Order mandated that nonmilitary encryption products that normally would be placed on the USML would instead be moved to the Commerce Control List (CCL) under the Commerce Department-administered Export Administration Regulations (EAR).(fn35) Encryption products designed solely for military purposes remained on the USML and under ITAR.(fn36) Under both ITAR and EAR, individuals must obtain a license prior to exporting certain types of encryption technology.(fn37) It was in this context that Daniel Bernstein and the First Amendment took center stage.

470

III. BERNSTEIN V. UNITED STATES DEPARTMENT OF JUSTICE

Bernstein ran into the encryption export restrictions in 1992. As a graduate student at the University of California at Berkeley, he developed `Snuffle,' a...