Junger v. Daley et al: Plaintiff's Motion for Summary Judgment and Brief in Support

18 October 1997
Source: Digital and hardcopy from Peter Junger

Documents of the suit: http://jya.com/pdj.htm

FILED
97 OCT 15 PM 1:58
CLERK OF U.S. DISTRICT COURT
NORTHERN DISTRICT OF OHIO
CLEVELAND

GINO J. SCARSELLI (0062327)
664 Allison Dr.
Richmond Hts., OH 44143-2907
(216) 291-8601

RAYMOND VASVARI (0055538)
1201 Superior Building
815 Superior Ave. East
Cleveland, OH 44114-2702
(216) 622-1780

KEVIN FRANCIS O'NEILL (0010481)
Assistant Professor of Law
Cleveland-Marshall College of Law
1801 Euclid Ave.
Cleveland, OH 44115
(216) 687-2286

UNITED STATES DISTRICT COURT

NORTHERN DISTRICT OF OHIO

EASTERN DIVISION

PETER D. JUNGER

Plaintiff

v.

WILLIAM DALEY, et al.

Defendants

______________________________________

)
)
)
)
)
)
)
)
)
)
)
)

Case No. 96 CV 1723

JUDGE NUGENT

PLAINTIFF'S MOTION FOR
SUMMARY JUDGMENT

Plaintiff Peter D. Junger respectfully moves this Court for Summary Judgment against the Defendants under rule 56(c) of the Federal Rules of Civil Procedure. Plaintiff's brief in support is filed together with this motion.

Respecfully submitted,

[Signature]

GINO J. SCARSELLI
Attorney for the Plaintiff

CERTIFICATE OF SERVICE

The undersigned hereby certifies that a copy of the foregoing was mailed on October 15, 1997, to Anthony J. Coppolino, Department of Justice, Civil Division Room 1084, 901 E Street, N.W., Washington, D.C. 20530 by Express Mail.

Respectfully submitted,

[Signature]

Gino J. Scarselli (0062327)
664 Allison Drive
Richmond Hts., OH 44143
Tel./FAx 216-291-8601

Attorney for the Plaintiff

FILED
97 OCT 15 PM 1:58
CLERK OF U.S. DISTRICT COURT
NORTHERN DISTRICT OF OHIO
CLEVELAND

GINO J. SCARSELLI (0062327)
664 Allison Dr.
Richmond Hts., OH 44143-2907
(216) 291-8601

RAYMOND VASVARI (0055538)
1201 Superior Building
815 Superior Ave. East
Cleveland, OH 44114-2702
(216) 622-1780

KEVIN FRANCIS O'NEILL (0010481)
Assistant Professor of Law
Cleveland-Marshall College of Law
1801 Euclid Ave.
Cleveland, OH 44115
(216) 687-2286

UNITED STATES DISTRICT COURT

NORTHERN DISTRICT OF OHIO

EASTERN DIVISION

PETER D. JUNGER

Plaintiff

v.

WILLIAM DALEY, et al.

Defendants

______________________________________

)
)
)
)
)
)
)
)
)
)
)
)

Case No. 96 CV 1723

JUDGE NUGENT

PLAINTIFF'S BRIEF IN
SUPPORT OF MOTION FOR
SUMMARY JUDGMENT

TABLE OF CONTENTS

STATEMENT OF FACTS
1

A. Regulatory Control under the Commerce Department
1

ARGUMENT
5

FIRST AMENDMENT CLAIMS
5

I. The Publication of Computer Software Is Protected by the First Amendment
6

A. The Regulations Restrict the Publication of Encryption Software, Not Its Use
8

II. The Regulations Discriminate against Electronic Publication, in Particular, Publication on the Internet
9

A. The Distinction Between Electronic and Print Publication Is Inconsistent with Government's Reasons for Controlling Encryption
10

B. The Distinction Between Print and Internet Publication Cannot Be Supported Under Reno v. ACLU
11

1. In Contrast to the Government's Official Position, the NSA Is Apparently Not Concerned About the Availability of Encryption Software on the Internet

13

III. The Plaintiff is Entitled to Bring a Facial Challenge Because the Regulatory Scheme Restricts Rights of Third Parties and Poses Real Risks of Censorship
13

A. The Scheme is Substantially Overbroad and Justifies a Facial Challenge under the Overbreadth Doctrine 14

1. The Scheme is Substantially Overbroad Because It Controls Encryption Software That Is Available Overseas, on the Internet and Published or Disclosed for Academic Reasons
15

2. The Scheme is Substantially Overbroad Because It Restricts Communications With Foreign Persons Who Do Not Pose a Risk to National Security and With U.S. Citizens
17

B. A Facial Challenge under Lakewood is Proper 18

1. The Scheme has a "Close Enough Nexus to Expression or Conduct Commonly Associated with Expression
18

2. The Scheme Lacks Clear and Objective Standards and Therefore Poses a Substantial Risk of Censorship
20

IV. The Scheme Is an Unconstitutional Prior Restraint 21

A. The Scheme Is Not Narrowly Tailored and Fails to Meet the Pentagon Papers Standard 22

B. The Scheme Fails to Provide the Freedman Safeguards 22

V. The Scheme Is Content-based and Fails Strict Scrutiny 23

CONCLUSION 24

TABLE OF CASES

Bernstein v. U.S. Dept. of State (Bernstein I), 922 F.SUPP 1426 (N.D. CALIF. 1996)
7

Bernstein v. U.S. Dept. of State (Bernstein II), 944 F.SUPP 1279 (N.D. CALIF. 1996)
23

Bernstein v. U.S. Dept. of State (Bernstein III), 1997 U.S. Dist. LEXIS 13146 (1997)
7, 10, 12, 19, 20, 22

Board of Airport Commissioners of Los Angeles v. Jews for Jesus, Inc., 482 U.S. 569 (1987)
14

Board of Trustees of S.U.N.Y. v. Fox, 492 U.S. 469 (1989)
14

Boos v. Barry, 485 U.S. 312 (1988)
23

Broadrick v. Oklahoma, 413 U.S. 601 (1973)
15

Bullfrog Films, Inc. v. Wick, 847 F.2d 502 (9th Cir. 1988)
17

City of Lakewood v. Plain Dealer Publishing Co., 486 U.S. 789 (1983)
14, 18, 19, 20

Connally v. General Construction Co., 269 U.S. 385 (1926)
21

Forsyth County v. The Nationalist Movement, 505 U.S. 123 (1992)
14, 21

Freedman v. Maryland, 380 U.S. 51 (1965)
21, 22, 23

FW/PBS, Inc. v. City of Dallas, 493 U.S. 215 (1990)
19, 21, 22

N.A.A.C.P. v. Button, 371 U.S. 415 (1963)
15

Nebraska Press Assoc. v. Stuart , 427 U.S. 539 (1976)
21

New York Times Co. v. United States, 403 U.S. 713 (1971)
21

RAV v. St. Paul, 505 U.S. 377 (1992)
23

Reno v. ACLU, 117 S.Ct. 2329 (1997)
5, 11, 12, 14, 18

Secretary of State of Maryland v. J. H. Munson Co., 467 U.S. 947 (1984)
14, 19

Shuttlesworth v. Birmingham, 394 U.S. 147 (1969)
18, 19

Southeastern Promotions, Ltd. v. Conrad, 420 U.S. 546 (1975)
19

Teitel Film Corp. v. Cusack, 390 U.S. 139 (1968)
23

Thornhill v. Alabama, 310 U.S. 88 (1940)
15

Virginia v. American Booksellers Ass'n, Inc., 484 U.S. 383 (1988)
14

Virginia State Bd. of Pharmacy v. Virginia Citizen's Consumer Council, 425 U.S. 748 (1976)
5

STATEMENT OF FACTS

A. Regulatory Control under the Commerce Department

On November 15, 1996, the President issued Executive Order No. 13026, in conjunction with a memorandum which transferred the export jurisdiction of nonmilitary encryption hardware, software, and related technologies from the United States Munitions List ("USML") of the State Department's International Traffic in Arms Regulations ("ITAR"), 22 C.F.R. 120 et seq., to the Controlled Commodities List ("CCL") of the Department of Commerce's Export Administration Regulations ("EAR"), 15 C.F.R. Part 730 et seq.

The EAR was originally derived from the Export Administration Act of 1979 ("EAA"), which is codified at 50 U.S.C.A. § 2401 et seq. When the EAA lapsed on August 24, 1994, the President extended it under the International Emergency Economic Powers Act ("IEEPA"), 50 U.S.C.A. § 1701 et seq. The President has renewed the extension each year, as required by the IEEPA, and the IEEPA authorized version of the EAR is now in its third year.

On December 30, 1996, both Commerce Department and the State Department issued rules in the Federal Register (61 Fed. Reg. 68572-87 and 61 Fed. Reg. 68633, respectively), which effectuated the transfer of nonmilitary encryption commodities from the USML to the CCL. The CCL uses "Export Control Classification Numbers", or ECCN's for identifying items which are contained therein. Encryption hardware is ECCN 5A002, Encryption software is ECCN 5D002. Encryption "technology" (the functional equivalent of the ITAR's "technical data") is ECCN 5E002.

Although the EAA defines "technology" as "information and know-how . . . that can be used to design, produce, manufacture, utilize, or reconstruct goods, including computer software and technical data, but not the goods themselves," 50 U.S.C. App. § 2415(4) (emphasis added), the EAR, as amended by the President, does not treat encryption software as technology.

Instead, encryption software is treated in the same manner as a commodity under ECCN 5A002, 15 C.R.F. Part 774, Note following 5D002, and is defined as "[c]omputer programs that provide capability of encryption functions or confidentiality of information or information systems. . . Such software includes source code, object code, applications software, or system software," 15 C.F.R. Part 772. For present purposes, encryption source code⁽¹⁾ and object code⁽²⁾ are the most relevant of the kinds of encryption software.

All encryption software controlled under 5D002, except for encryption source code published in a book or other printed material, is subject to licensing, and a license is required before an "export" to any destination other Canada. See 15 C.F.R. § 742.15(b).⁽³⁾ The EAR defines export generally as "an actual shipment or transmission of items subject to the EAR out of the United States, or release of technology or software subject to the EAR to a foreign national in the United States . . . ." 15 C.F.R. § 734.2(b)(1). As amended, however, the definition of "export" for encryption source code and object code includes publication on the Internet. See § 734.2(b)(9)(ii).

The EAR also requires a license for the disclosure of "technical assistance" (technology) to a foreign person "with the intent to aid a foreign person in the development or manufacture outside the United States of encryption commodities and software that, if of United States origin, would be controlled for 'EI' reasons under 5A002 or 5D002." 15 C.F.R. § 744.9.

Prior to the amendments, all software that was publicly available was not subject to the EAR and could be exported without a license. Since the amendments, encryption software, unlike all other software, is subject to licensing even if it is publicly available. See 15 C.F.R. §

_______________________

1. Encryption source code is defined as "[a] precise set of operating instructions to a computer that, when compiled, allows for the execution of an encryption function on a computer." 15 C.F.R. Part. 772 (definitions).

2. Encryption object code is defined as "computer programs containing an encryption source code that has been compiled into a form of code that can be directly executed by a computer to perform an encryption function." 15 C.F.R. Part. 772 (definitions).

3. Exceptions are made only for the export of certain mass market and key-recovery software. See id.

734.3(b). Thus, encryption software that is already available on the Internet without charge is subject to export and requires a license. And all license decisions are made on a "case-by-case" basis. As stated in the Commerce Department's letter to plaintiff's attorney January 29, 1997,

[i]n order to export encryption items subject to EI controls, including software, a license application must be submitted to the Commerce Department, which will grant or deny the application based on a case-by-case determination of "whether the export * * * is consistent with U.S, national security and foreign policy interests . . ."

Tab B to Supp. Compl.

B. The Application Process and Professor Junger's Submissions

On January 2, 1997, Plaintiff's attorney sent a letter, which was forwarded to the BXA, asking for clarification of the export controls given the transfer to the Commerce Department. The Director of the Office of Strategic Trade and Foreign Policy Controls responded for the BXA with a letter dated January 29, 1997, which declined to offer either a Commodity Classification or an Advisory Opinion⁽⁴⁾ due to what he termed a lack of "specific information." Nonetheless, he did offer some general guidance regarding the questions posed in the January 2 letter and invited Professor Junger to submit an official request for either an Advisory Opinion or a Commodity Classification. Tab B to Supp. Compl.

On June 12, 1997, Plaintiff's attorney submitted three commodity classification applications. The first application had five items, the second had three, of which one, the submission of "hyperlinks" to encryption programs at overseas sites, was reviewed as an advisory opinion. The third application also contained five items, but the BXA refused to render an opinion because none of the items "identified a specific software program," but instead asked for an opinion that the BXA could not give as to the implementation of particular algorithms. Tab C to Supp. Compl.

_______________________

4. See 15 C.F.R. 748.3.

To sum up BXA's classification decisions, all of the programs that were submitted were classified as "EI" software, meaning that they could not be exported without a license, except Professor Junger's "one-time pad," which was classified in the catch-all EAR 99 category meaning that the program can be exported without a license unless the export involves, for example, a person denied export privileges or the export to an embargoed country. Furthermore, the first chapter of Professor Junger's coursebook, which contained versions of his one-time pad and a one-time pad written by Paul Leyland at Oxford University, was also classified as EAR 99.

On July 18, 1997, and again on July 24, 1997, Plaintiff's attorney sent letters requesting clarification of some of BXA's classification decisions. Tab E to Supp. Compl. Two of the responses from the Director were quite telling. See Tab F, letter from Commerce, August 7, 1997. First, Professor Junger's course book was classified as EAR 99 because all of the programs contained within were classified as EAR 99. Id. at 1. The Director, however, went on to say that if the book contained programs classified under 5D002 (that is, classified for EI reasons), and the book was printed in electronic form, the programs would remain classified irrespective of the surrounding contents of the book. Id. at 2. Thus, any encryption program classified for EI reasons would have to be removed before the book was published, for example, on Professor Junger's website.

Second, the Director reiterated the agency's position that descriptions of encryption programs could not be submitted for a classification. Id. at 2-3 Asked about different versions of the same program or the same program written in a different programming language, the best the Director could say was that "licensing controls on encryption software that does maintain the secrecy of information may vary depending on how an algorithm is implemented in the software." Id. at 3. Since it was obvious that a controversy continued to exist between the plaintiff and the government, Plaintiff filed a supplemental and amended complaint.

ARGUMENT

FIRST AMENDMENT CLAIMS

The one constant throughout this litigation is Professor Junger's desire to publish all kinds of material, from encryption software to intellectual property law to the historical roots of the law of restitution to information about Buddhism to works censored in other countries. The contents of publications and his decisions about what to publish are all protected by the First Amendment. See Virginia State Bd. of Pharmacy v. Virginia Citizen's Consumer Council, 425 U.S. 748, 756 (1976). And the protection of the Amendment extends to his choice of medium. See Reno v. ACLU, 117 S.Ct. 2329, 2344(1997).

Professor Junger can publish all of the above listed material without government interference, except encryption software. Whether he publishes an encryption program by itself or in an article about computers and the law, he is prohibited from doing so without first obtaining a license.⁽⁵⁾

The regulations at issue are export controls under the EAR that make it a crime to "export" encryption software.⁽⁶⁾ By the way the regulations define "export," publishing encryption software on the Internet is considered an export unless certain precautions, that are at not possible for Professor Junger to implement, are taken.

The government's justification for prohibiting the Internet publication of encryption software is based on asserted national security and foreign policy interests. "Encryption products [including software], when used outside the United States, can jeopardize our foreign policy and national security interests." Tab A to Supp. Compl., White House Memorandum, November 15, 1996. The government takes this position even through encryption software that is widely

_______________________

5. See Tab B to Supp. Compl., letter from Commerce, January 29, 1997, at 2.

6. As used in this brief, "encryption software" refers to software covered for EI reasons under the commodity classification 5D002. See 15 C.F.R. Part 772.

available overseas and in the public domain and even though encryption software in print form can be freely exported without a license.

The central claim of this suit is that Professor Junger's rights to publish and receive encryption software are protected by the First Amendment just as his rights to publish and receive Buddhist texts and law review articles. The threshold questions, therefore, are whether the publication of software is protected by the First Amendment and whether the export regulations restrict publication. If so, the regulations are unconstitutional.

I. The Publication of Computer Software Is Protected by the First Amendment.

The publication of computer programs, that is, software, is no different than the publication of any text. Computer programs can be printed in a book or transmitted over the phone lines and posted to a World Wide Web page on the Internet.⁽⁷⁾ They are written in languages, some of which share many of the same characteristics of English, French or German, and like any works of authorship, they are copyrightable as literary works,⁽⁸⁾ 17 U.S.C. § 101,

_________________________

7. Thus, a recent version of a popular dictionary includes reference to "software" in the definition of the word "publish":

1. to issue (printed or otherwise reproduced textual or graphic material, computer software, etc.) for sale or distribution to the public. . . 6. to issue newspapers, books, computer software. . . .

Random House Unabridged Dictionary (2d. 1993)

8. Congress conferred copyright protection on computer programs adopting the suggestions of a national commission set up to study the question of whether copyright law should cover software.

When the National Commission on New Technological Uses of Copyrighted Works (CONTU) originally proposed to expand copyright law to protect computer software, one of the most significant opposing arguments was that software is a technology, and therefore different than books, works of art, and music. To counter this argument, proponents of the expansion focused on another aspect of the hybrid nature of computer software by stressing that software is not only a technology, but also a literary medium or text.

Michael A. Dryja, Looking to the Changing Nature of Software for Clues to its Protection, 3 U. Balt.

102(a)(1). For these reasons, Judge Patel expressly held that software is speech protected by the First Amendment. Bernstein v. U.S. Dept. of State (Bernstein I), 922 F.Supp. 1426, 1434-36 (N.D. Calif. 1996).

The government cannot seriously dispute the fact that computer programs are written and are expressive. As well as being able to run on computers, programs express ideas, some of which are actually better expressed as programs in computer languages than as descriptions in English or mathematics. Ex. 1B, Appel. Decl. 6. Programs are a medium of expression for programmers, computer scientists and anyone, like Professor Junger, "whose ideas are described or demonstrated with the help of computer code." Ex. 1B, Appel ¶ Decl. 6; see generally Ex. 1A, Abelson Decl. ¶¶ 9-14.

Instead, the government claims that computer programs, specifically encryption programs, are controlled "because of [their] functional capacity, rather than because of any possible informational value. . ." Tab A to Supp. Compl., Executive Order at 2. In other words, encryption programs are not regulated for any ideas they express or information they contain, but because they are "functional" and their use by foreign persons might impair U.S. national security and foreign policy interests. See id; see also Tab A, White House Memorandum at 1. Therefore, according to the government, encryption programs are entitled to less First Amendment protection than other forms of speech.

Judge Patel rejected the government's "functionality" argument in Bernstein I and again in Bernstein v. U.S. Dept. of State (Bernstein III), 1997 U.S. Dist. LEXIS 13146 (August 25, 1997). As she noted, although software in some forms can be used to operate a computer, software's functionality does not "negate" its expressiveness.⁽⁹⁾ Bernstein I, 922 F.Supp. at 1435; (Bernstein III), 1997 U.S. Dist. LEXIS 13146 at * 52 n.20.

_______________________

Intell. Prop. J. 109, 119 (1995) (footnotes omitted) (emphasis added).

9. In Bernstein I, Judge Patel rejected the government's argument because the reasons given by the government for controlling encryption software were not relevant to whether software is speech in the first place and because she recognized that many texts that are functional -- recipes, do-it-yourself manuals, even technical information on how to construct a hydrogen bomb -- are nonetheless speech. See 922 F.Supp. at 1435.

For a separate reason, software's functionality is not at issue. This case is not about regulations that restrict the use or functionality of encryption programs. This is a challenge to regulations that restrict the publication and disclosure of encryption programs regardless of their use.

A. The Regulations Restrict the Publication of Encryption Software, Not Its Use

The regulatory scheme prohibits the "export" of software defined generally as "an actual shipment or transmission . . . out of the United States, or release. . . to a foreign national in the United States." 15 C.F.R. 734.2 (b). The export of encryption software, however, has a separate definition of "export" that includes

downloading or causing the downloading, of such software to locations (including electronic bulletin boards and Internet file transfer protocol and World Wide Web sites) outside the U.S., and making such software available for transfer outside the United States, over radio, electromagnetic, photo optical, or photoelectric communications facilities accessible to persons outside the United States, including transfers from electronic bulletin boards and Internet file transfer protocol and World Wide Web sites, or any cryptographic software subject to controls under this regulation . . .

15 C.F.R. § 734.2(b)(9)(ii).

Making encryption software available for transfer "from electronic bulletin boards and Internet file transfer protocol [ftp] and World Wide Web sites" is nothing other than publishing encryption software on the Internet.⁽¹⁰⁾

Although the reasons the government has given for controlling the export of encryption software have to do with the software's potential use, the regulations do not prohibit its use. The regulations only prohibit the publication and disclosure of encryption software in electronic form

_____________________

10. Publishing software on the Internet is not considered an export if certain precautions are taken. See EAR 734.2(b)(9)(ii)(B). For most Internet publishers, including Professor Junger and most computer scientists, implementing the precautions is impracticable and may be impossible to verify. Ex. 1C, Second Blaze Decl. ¶¶ 28-29, Ex. 1F, Pl.'s Second Decl. ¶ 15; Ex. 1P, ACM letter, February 12, 1997, at 3. Thus, for all practical purposes, the scheme precludes the publication of encryption software on the Internet.

and in such a way that someone overseas may have access to it. What the regulations ignore are the reasons a person may want to publish encryption programs that may have nothing to do with their use.

Software programs are published for a number of reasons other than the operations they can perform on a running computer. Sometimes programs are published for purely teaching and pedagogical reasons, or entering "frivolous" contests, see Ex. 1D, Ellison Decl. at ¶ 26, or studying a programmer's writing style, see Ex. 1A, Abelson Decl. ¶ 11-16. Likewise, encryption programs are published not just as a means of keeping other communication private or confidential, but sometime to demonstrate a point about how computers work, see Ex. 1F, Pl.'s Decl. at 9, to raise a discussion on intellectual property law as it relates to software, see, e.g., id. ¶ 12, or as a game to see how may lines of code it takes to implement the RSA algorithm.⁽¹¹⁾

The regulations do not distinguish among the reasons why someone publishes an encryption program. All "exports" of encryption software require a license regardless of whether an encryption program is sent by email to a foreign agent or published on a website to enter a programming contest.⁽¹²⁾ The regulations, however, do discriminate on the basis of the medium one chooses to publish. That is, the regulations discriminate against electronic publication.

II. The Regulations Discriminate against Electronic Publication, in Particular, Publication on the Internet

The regulations treat the publication of encryption software by posting it to a website or sending it to a discussion group on the Internet as an "export," although they also provide that

___________________

11. Although quite technical, information about the "RSA game" can be found at "http://www.dcs.ex.ac.uk/~aba/rsa/story.html"

12. ¹This is an example of the danger of licensing schemes because the crime, for example, is not aiding or abetting a foreign terrorist, but publishing without a license. See the prior restraint section of this brief, infra,.

the publication of the same material in a book or magazine is not controlled at all under the EAR.⁽¹³⁾ 15 C.F.R. § 734.3, Notes to paragraphs (b)(2) and (b)(3). At first blush, this distinction appears consistent with the government's reasons for controlling encryption software because of its "functional" capability. The distinction, however, actually works against the government.

A. The Distinction Between Electronic and Print Publication Is Inconsistent with Government's Reasons for Controlling Encryption

First, as Judge Patel pointed out, "the exception seeks to codify a distinction between paper and electronic publication that makes little or no sense and is untenable." Bernstein III, 1997 U.S. Dist. LEXIS 13146 at * 56. On one hand, the government justifies the distinction because encryption source code in electronic form can be easily converted into a "functioning encryption product," which the government claims can pose a serious threat to national security. Id. at * 57. On the other hand, encryption source code in printed form is not subject to export control because it presumably does not pose a threat to national security. It follows that translating source code into object code to produce a "functioning encryption product" is trivial and can pose a threat to national security, but scanning or typing source code into a word processing program--and thus putting it in electronic form--is not trivial and poses no threat to national security. The government would have to concede, then, that the RSA algorithm in three lines of Perl, which was submitted by plaintiff's counsel and classified as 5D002 encryption software,⁽¹⁴⁾ poses a threat to national security after it is typed into a WordPerfect document, but poses no threat sitting there on paper.⁽¹⁵⁾

_______________________

13. The government, however, reserves the right to change this and regulate encryption software or paper. 61 Fed. Reg. 68575 (Addendum A to this brief); see also Bernstein III, 1997 U.S. Dist. LEXIS 13146 at *55-56.

14. See Tab C Supp. Compl., Application No. 082060, Item 4, Attachment C.

15. These are the three lines of Perl that are subject to export while I type them on my computer, but not subject to export controls on the printed paper filed with the Court:

Second, the EAR treats encryption object code, which is functional, more favorably than encryption source code, which is not functional. For example, onetime review for certain mass market encryption software is available for object code, but not source code. See 61 Fed. Reg. 68574 (Addendum A to this brief). If the government were only concerned with functionality, there would be no reason to treat object code more favorably than source code (or even as favorably) since object code is functional whereas source code is not.⁽¹⁶⁾

The distinction between print and electronic form is not just capricious, it discriminates against publication on the Internet, which the Supreme Court has recently held is entitled to the same First Amendment protection as print. Reno v. ACLU, 117 S. Ct. 2329 (1997).

B. The Distinction Between Print and Internet Publication Cannot Be Supported Under Reno v. ACLU

The Court in Reno described the Internet as "dynamic" and "multifaceted.⁽¹⁷⁾ 117 S.Ct. at 2344.

[The Internet] provides relatively unlimited, low-cost capacity for communication of all kinds. The Government estimates that "as many as 40 million people use the Internet today, and that figure is expected to grow to 200 million by 1999." This dynamic, multifaceted category of communication includes not only traditional print and news services, but also audio, video, and still images, as well as interactive, real-time dialogue. Through the use of chat rooms, any person with a phone line can become a town crier with a voice that resonates farther than it could from any soapbox. Through the use of Web pages, mail exploders, and newsgroups, the same individual can become a pamphleteer.

_______________________

   [Note by JYA: Three lines of printed code censored at plaintiff's request.
   See the code outside the US at: http://www.dcs.ex.ac.uk/~aba/rsa/]

16. Recall that object code is software in "computer executable form" according to the its definition in 15 C.F.R. Part 772.

17. See ACLU v. Reno, 929 F.Supp. 824, 834-37 (E.D. Pa. 1996), aff'd, Reno v. ACLU, 117 S.Ct. 2329 (1997) for a description of the methods of publishing and communicating over the Internet (findings of fact ¶¶22-48); see also Reno v. ACLU, 117 S.Ct. at 2334-35 for a good description of the World Wide Web.

Id. (footnote omitted). The relatively low-cost needed to access the Internet has contributed to its importance as a medium of publication for businesses, advocacy groups, academic institutions, governments and individuals. Id. at 2335.

From the publishers' point of view, it constitutes a vast platform from which to address and hear from a world-wide audience of millions of readers, viewers, researchers, and buyers. Any person or organization with a computer connected to the Internet can "publish" information.

Id.

One of the Internet's best qualities is that it allows teachers, students and academic institutions to publish and access information in an easy and affordable way. Thus, many libraries, schools, universities, teachers and students have their own "home pages" on the World Wide Web. For students and teachers, the Internet allows them to publish their writings and research for peer review. At least one university now requires students to publish their master's theses and doctoral dissertations on the World Wide Web for review. See Ex. 1B, Appel Decl. ¶ 17 and Attachment C.

As a way of publishing research, including software, for peer review, the Internet is especially important for computer scientists and programmers and in particular cryptographers. See Ex. 1E, Goldberg Decl. ¶ 12. The government has also recognized the importance of the Internet for computer scientist and researchers. Large-scale projects funded by the government are often written by many programmers and expected to be published on the Internet. See Appel Decl. ¶ 11. For example, a government funded national computer project involving the NSA requires that researchers publish source code on the Internet during the term of their contracts. See id. ¶ 14 and Attachment A.

Notwithstanding the importance of academic and scientific publication on the Internet, the regulations target Internet publication of encryption software by anyone. As restrictions targeted against the Internet, the regulations are constitutionally suspect. See Bernstein III, 1997 U.S. Dist. LEXIS 13146 at * 58. Any distinction between the print and Internet publications has been ruled out by the Supreme Court in Reno.

As the District Court found "the content on the Internet is as diverse as human thought." . . . We agree with its conclusion that our cases provide no basis for qualifying the level of First Amendment scrutiny that should be applied to this medium.

117 S.Ct. at 2344 (citation omitted). The same First Amendment protection, therefore, that applies to the publication of encryption software in a book, law review article or a scientific journal applies to the publication of encryption software on the Internet.

1. In Contrast to the Government's Official Position, the NSA Is Apparently Not Concerned About the Availability of Encryption Software on the Internet

According to the government's "official" position as described in the Executive Order and White House Memorandum of November 15, 1996, Tab A and Supp. Compl. the regulations are necessary to limit the availability abroad of encryption software that might be used against United States interests. High-ranking NSA officials, however, have taken a different position in testimony to Congress. Vice Admiral J. M. McConnell of the NSA testified before Congress that "[e]ncryption software distribution via Internet, bulletin board or modem does not undermine the effectiveness of encryption export controls." Ex. 1T William Crowell, Deputy Director of the NSA, repeated the same point to Congress saying that "serious users of security products don't obtain them from the Internet." Ex. 1S Their testing at least suggests that the asserted national security threats are overblown or the regulations are ineffective. Thus, if the publication of encryption software on the Internet does not undermine the encryption controls, and therefore national security interests, there is no basis for restricting, let alone licensing, such publications and abridging First Amendment rights.

III. The Plaintiff is Entitled to Bring a Facial Challenge Because the Regulatory Scheme Restricts Rights of Third Parties and Poses Real Risks of Censorship

Professor Junger is entitled to bring a facial challenge because the scheme restricts not

only his rights, but the rights of anyone who wants to publish, receive, read and study encryption software. See Secretary of State of Maryland v. J. H. Munson Co., 467 U.S. 947, 956-957 (1984). In First Amendment contexts, the Supreme Court has recognized two exceptions to the general rule that a plaintiff cannot challenge a statute or regulation on its face. Both apply here.

The first exception applies where a statute or regulation is so broad it infringes on the First Amendment rights of third parties. See Board of Airport Commissioners of Los Angeles v. Jews for Jesus, Inc., 482 U.S. 569, 575-76 (1987). The second applies where a licensing scheme has a close enough nexus to expression or expressive activity and allegedly vests government officials with excessive discretion. See City of Lakewood v. Plain Dealer Publishing Co., 486 U.S. 789 (1983).

The regulations create a licensing scheme on publication and, therefore, necessarily implicate First Amendment rights. On its face, the scheme encompasses speech that cannot threaten national security and provides no clear and objective standards to restrain the discretion of government agencies. As such, the scheme is open to a facial challenge under both the overbreadth doctrine and Lakewood.

A. The Scheme is Substantially Overbroad and Justifies a Facial Challenge under the Overbreadth Doctrine

The overbreadth doctrine permits a facial challenge whenever a law threatens a substantial amount of constitutionally protected speech even if the law has some permissible applications. See e.g., Virginia v. American Booksellers Ass'n, Inc. 484 U.S. 383 (1988); Reno v. ACLU, 117 S.Ct. 2329 (1997). A person whose own speech is protected may challenge an overbroad law on its face to protect his own speech, see Board of Trustees of S.U.N.Y. v. Fox, 492 U.S. 469, 484 (1989), and the speech of parties not before the court, see Forsyth County v. Nationalist Movement, 505 U.S. 123, 129 (1992).

In the context of an overbreadth the challenge, a statute or regulation is facially invalid if it "does not aim specifically at evils within the allowable area of control . . . but sweeps within its

ambit other activities" protected by the First Amendment. Thornhill v. Alabama, 310 U.S. 88, 97 (1940). The overbreadth, however, "must not only be real, but substantial as well, judged in relation to the statute's plainly legitimate sweep." Broadrick v. Oklahoma, 413 U.S. 601, 615 (1973).

The government's legitimate interests are the protection of U.S. citizens, permanent residents and the citizens of other countries against terrorism and criminal activity. See Tab A to Supp. Compl., White House Memorandum at 1. These interests may even support some restrictions on constitutional rights. One of the problems, however, with the regulatory scheme is that it "sweeps too broadly" and encompasses protected activity that poses no threat to national security or poses such an incidental threat that it risks First Amendment rights that "need breathing space to survive." See N.A.A.C.P. v. Button, 371 U.S. 415, 432-33 (1963).

The scheme is substantially overbroad for several reasons. It covers encryption software after it is already available overseas and on the Internet, interferes with academic freedom and restricts rights to communicate not just with foreign persons outside the United States, but with United States citizens. It may even reach software that contains no encryption capability whatsoever under provisions regulating encryption software. See Ex.1G, Liebman Decl. at ¶ 17-21, Ex. 1H, Behlendorf Decl. ¶ 5-11.

1. The Scheme is Substantially Overbroad Because It Controls Encryption Software That Is Available Overseas, on the Internet and Published or Disclosed for Academic Reasons

There is no question that encryption is already available and being developed overseas. See, e.g., Pl.'s Video Ex. Under the pre-amended EAR, any software or technology that was available outside the United States was entitled to a foreign availability ruling. See 15 C.F.R. 768. The EAR now specifically excludes encryption software (and technology) from the foreign availability exemption procedures. See 15 C.F.R. 768.1(b). The result is that U.S. citizens and permanent residents cannot publish without a license what is already available abroad.

Neither can U.S. citizens or permanent residents publish what is in the public domain free

of charge (which may also be available overseas). For example, the RSA algorithm in Perl and the "Pretty Good Privacy" ("PGP") encryption programs that were submitted by Plaintiff's counsel for classification review were downloaded from Internet sites overseas. See Tab C to Supp. Compl., Application No. Z082060. Moreover, since the government does not seem to consider the use of "hyperlinks" that connect an Internet user to overseas sites where encryption software can be downloaded, one has to really wonder what the government is trying to achieve. The government's position might even be somewhat amusing if not for the scheme's consequences, some of which were pointed out, for example, in a letter to the BXA from the U.S. Public Policy Arm of the Association for Computing Machinery ("ACM"):

As a professional society of computer scientists which produces a number of peer-reviewed technical journals, we are concerned that the [export regulations] will hamper both communication and education in our field. . . . [at 1]

. . . .

Electronic communications, including the World Wide Web, list serves, Usenet news groups and video conferencing are becoming the prominent means by which scientists communicate. . . Part 734.2 which prohibits making cryptographic software available outside the U.S. will not only eliminate this international communication but also technical communication among U.S. scientists. . . . [at 2]

. . . .

Computer science, mathematics, engineering, and electronic security may all include technical instruction in encryption technologies . . . [at 3]

. . . .

The argument made previously with regard to digital media also applies to education. As part of their course work, students often use electronic media as resources (WWW, digital libraries, CD-ROMs), as communication device for the class outside the classroom (electronic mail, listserves), and to learn from listening to the discussions among research scientists (Usenet groups, listserves). Part 7.34.3 (b)(3) [sic] which covers encryption source code in electronic form or media will restrict these types of educational instruction. Instructors will be unable to take advantage of digital media in their courses. Students studying cryptography will be unfairly disadvantaged as they will be unable to access valuable resources even in the process of furthering their education.

Ex. 1P, ACM letter, February 12, 1997, at 1-3; See also Ex. 1N, AAAS letter, February 7,

1997.⁽¹⁸⁾

The consequences of the scheme do not concern just the sciences. Professor Junger and other law professors cannot, for that matter, include an example of an encryption program in a law article to explain intellectual property law as it applies, or should apply, to computing or to make a political point about censorship if the program is published on the Internet. See Tab F to Supp. Compl., letter from Commerce at 2.

2. The Scheme is Substantially Overbroad Because It Restricts Communications With Foreign Persons Who Do Not Pose a Risk to National Security and With U.S. Citizens

The scheme as a whole affects the rights of U.S. citizens and permanent residents to communicate with foreign persons outside the United States. See Bullfrog Films, Inc. v. Wick, 847 F.2d 502 (9th Cir. 1988). In Bullfrog, the Ninth Circuit stated that "in the absence of some overriding governmental interest such as national security, the First Amendment protects communications with foreign audiences to the same extent as communications within our borders." Id. at 509 n.9. (quoting 646 F. Supp. 492, 502 (C.D.Cal. 1986) (emphasis added)). The curtailment of the right of Americans to communicate with foreign persons outside the United States thus depends on the existence of an overriding government interest, such as national security, that is compelling enough to curtail purely domestic communication. The broad national security and foreign policy interests asserted by the government to support the encryption regulations may be enough to restrict the rights of Americans to communicate with some foreigners, but not all.

Apart from restrictions the scheme places on the right to communicate with foreigners, the scheme also restricts communications between U.S. persons, including U.S. persons overseas. According to the Washington Post, there are more than three million U.S. citizens

_______________________

18. Although there are academic exceptions from licensing for encryption technology and non-encryption software and technology, the academic exceptions do not apply to encryption software. See 15 §§ C.F.R. 744.9, 734.3(b).

living abroad. See Ex. 1Q. And the regulations do not distinguish between foreign citizens and U.S. citizens abroad.

The scheme also restricts communication between U.S. persons within the United States where there is no question that the First Amendment applies. As noted, there is an exception to the definition of "export" for encryption software if certain precautions are taken to prevent the software from being downloaded overseas. See 15 C.F.R. § 734.2(b)(9)(B)(ii)(A). In other words, if adequate precautions are taken, encryption software can be published on the Internet without being considered an export. These precaution, however, are impossible for most people who publish on the Internet to implement.⁽¹⁹⁾ See, note 10, supra. For most people, then, the scheme precludes all publication of encryption software on the Internet. As a consequence, Americans cannot communicate with Americans over the Internet if even part of their communication includes an encryption program.

B. A Facial Challenge under Lakewood is Proper

The Supreme Court has consistently allowed facial challenges when the exercise of First Amendment rights was premised on the discretion of a government official. See Shuttlesworth v. Birmingham, 394 U.S. 147, 151 (1969); Lakewood, 486 U.S. at 755-57 (citing cases). Under Lakewood, a person may bring a facial challenge whenever a licensing scheme "allegedly vests unbridled discretion in a government official over whether to permit or deny expressive activity." Id. at 755-56.

1. The Scheme has a "Close Enough Nexus to Expression or Conduct Commonly Associated with Expression

The only requirement needed to support a facial challenge to an unbridled or standardless

______________________

19. Even if the precautions were practically possible, the government cannot justify any discrimination between Internet publication and publication in print under Reno v. ACLU, 117 S.Ct. 2329 (1997).

licensing scheme is a connection between the scheme and expressive activity, or as the Court put it, "a close enough nexus to expression, or conduct commonly associated with expression." Lakewood, 486 U.S. at 759. This scheme has such a nexus; it prohibits publication without a license. Consequently, the scheme adversely affects the research of computer scientists, programmers and anyone whose work involves encryption software and prohibits the unrestricted publication of encryption software on the Internet to the extent that even a law review article that includes an encryption program cannot be published on a website without either removing the program or getting the government's approval. Tab F to Supp. Compl., Letter from Commerce, August 7, 1997.

In Bernstein, and earlier in this case, the government has argued that the encryption regulations are too dissimilar to the licensing schemes in Lakewood and other cases where the Court permitted facial challenges. See Bernstein III, 1997 U.S. Dist. LEXIS 13146 at *51-53. In Lakewood, the Court permitted a facial challenge to an ordinance that gave the mayor the discretion to permit newspaper boxes on public property. In other cases, the Court has permitted facial challenges to licensing schemes that regulated the zoning of adult bookstores and theaters, solicitation, parades and musical productions.⁽²⁰⁾ The only thing, however, that newracks, zoning ordinances, solicitation, parades and musical productions have in common with each other -- and with computer programs -- is that they all are sufficiently related to expression or expressive activity. As Judge Patel observed,

The encryption regulations . . . are much more like the regulation of newspaper racks than lying or sitting. The new regulations are directed quite specifically and "by their terms" to an entire field of applied scientific research and discourse. Where one places a newspaper rack is not an activity associated with expression, but the availability of newspapers generally is. Similarly, while the export of a commercial cryptographic software program may not be undertaken for expressive reasons, that same activity . . . is often undertaken by scientists for purely expressive reasons.

_____________________

20. FW/PBS, Inc. v. City of Dallas, 493 U.S. 215(1990) (zoning ordinance regulating adult bookstores); Secretary of State of Maryland v. Joseph H. Munson Co., 467 U.S. 947 (1984) (charity solicitation); Shuttlesworth v. Birmingham, 394 U.S. 147 (1969) (parade); Southeastern Promotions Ltd. v. Conrad, 420 U.S. 546 (1975) (production of the musical "Hair").

Bernstein III, 1997 U.S. Dist. LEXIS 13146 at *53.

2. The Scheme Lacks Clear and Objective Standards and Therefore Poses a Substantial Risk of Censorship

By definition, any licensing scheme that has a close enough nexus to expression or expressive conduct and vests excessive discretion in agency officials poses a threat of the risks identified in Lakewood: self-censorship and the difficulty of proving content-based censorship or discrimination. Lakewood, 486 U.S. at 759. These risks are present here and are simply the consequences of a licensing scheme that has no clear and objective standards. See id. at 758-59.

Licensing decisions on encryption software and technology are made on a "case-by-case basis" alluding to national security and foreign policy interests, but lacking any clear or objective standards. 15 C.F.R. § 742.15(b)(4)(ii), (b)(5)

In order to export encryption items subject to EI controls, including software, a license application must be submitted to the Commerce Department, which will grant or deny the application based on a case-by-case determination of "whether the export . . . is consistent with U.S. national security and foreign policy interests."

Tab B to Supp. Compl., Letter from Commerce, at 2. This lack of standards in the licensing procedure is sufficient by itself to support a facial challenge.

In addition to the discretion to issue licenses, there is apparently no limitation on the government's discretion to classify software and technology as "EI" items. For years, Professor Junger has censored the publication of his onetime pad program believing that it was encryption software and all encryption software was controlled. Although encryption software is defined as"[c]omputer programs that provide capability of encryption functions or confidentiality of information or information systems," 15 C.F.R. Part 772, and Professor Junger has used the program to encrypt and decrypt messages, the BXA did not classify the program as encryption software under 5D002. If the BXA was following some clear, objective standards, they are a

mystery to Professor Junger.⁽²¹⁾

IV. The Scheme Is an Unconstitutional Prior Restraint

Before a United States citizen or permanent resident can publish encryption software on the Internet--whether for academic reasons or otherwise--he must submit the software to the Commerce Department under a complicated set of rules and ask for a commodity classification request or an advisory opinion, or apply directly for a license under an equally complicated set of rules. He could forego those procedures and publish without a license, but he would risk severe civil and criminal penalties. His right to publish is conditioned on government approval.

This challenged scheme is a paradigm of a prior restraint, "the most serious and least tolerable infringement on first amendment rights." Nebraska Press Assoc. v. Stuart, 427 U.S. 539, 559 (1976). Prior restraints are anathema to the First Amendment, and as result, "[a]ny system of prior restraints of expression comes to this Court bearing a heavy presumption against its constitutional validity." New York Times Co. v. United States, 403 U.S. 713, 714 (1971) (per curiam) (quoting Bantam Books, Inc. v. Sullivan, 372 U.S. 58, 70 (1963) (citations omitted)).

For any licensing scheme to meet this presumption, the government must satisfy two, independent requirements. First, the restraint must impose "narrow, objective and definite standards" to limit the discretion of the licensing officials. Forsyth County v. The Nationalist Movement, 505 U.S. 123, 131 (1992). If the licensing scheme is a restraint on publication, rather than expressive conduct, as the case here, the government must satisfy the additional burden of establishing a "direct, immediate and irreparable" harm. New York Times, 403 U.S. at 730 (Stewart, J., concurring). Second, the scheme must meet the procedural requirements set forth in Freedman v. Maryland, 380 U.S. 51, 58-60 (1965). FW/PBS, Inc. v. City of Dallas, 493 U.S.

_____________________

21. The classification of Professor Junger's one-time pad is a perfect example of the vagueness inherent in the regulations. See Connally v. General Construction Co., 269 U.S. 385, 391 (1926) (law is void for vagueness if persons "of common intelligence must necessarily guess at its meaning and differ as to its application").

215, 227-28 (1990).

A. The Scheme Is Not Narrowly Tailored and Fails to Meet the Pentagon Papers Standard

As noted, licensing decisions are made by the BXA on a case-by-case basis without any discernible, objective standards, and decisions on classifying software as 5D002 or otherwise are equally opaque. This lack of discernible standards and complete discretion on the part of BXA officials is enough to render the scheme an unconstitutional prior restraint.

Moreover, under the Pentagon Papers case, the government must prove "direct, immediate and irreparable" harm, which the government cannot do. Even if the government could show that a particular export presented "direct, immediate and irreparable," it cannot meet this standard for an across-the-board licensing scheme.

The government has not shown that the export of all encryption software and technology subject to the EAR will cause substantial harm to national security and foreign policy interest. Moreover, the government would be hard pressed to assert such irreparable harm from the export of Professor Junger's program or programs that are already widely available on the Internet.

B. The Scheme Fails to Provide the Freedman Safeguards

The licensing scheme fails for a second, independent reason: It lacks the minimal procedural safeguards required under Freedman v. Maryland, 380 U.S. 51, 58-60 (1965). Any scheme that licenses publication must provide three safeguards: (1) definite and reasonable time constraints within which the licensor must decide whether to issue or deny a license; (2) prompt judicial review if the license is denied; and (3) a requirement that the government go to court and prove its case. FW/PBS, Inc. v. City of Dallas, 493 U.S. at 215, 227-29.

Judge Patel recently struck down the EAR scheme on encryption as an unconstitutional prior restraint. Bernstein III, 1997 U.S. LEXIS 13146 *63. The EAR scheme poses the same

procedural problems as the ITAR scheme, which she found unconstitutional in Bernstein II, 944 F. Supp. 1279 (1996). The EAR scheme, like the ITAR's, does not place sufficiently minimal time constraints and does not provide for prompt judicial review in the event that a license is denied. License decisions, for all encryption software, except mass market and key recovery software, are required to be made within 90 days from the time it is registered unless the application is referred to the President. 15 C.F.R. § 750.4(a)(1). If an application is referred to the President, there are no time limits on his decision. If a license is denied, an appeal can be taken to the Under Secretary of Commerce, but no specific time limit is given for a decision on the appeal. 15 C.F.R. § 756.2(c)(1).

Without addressing the third Freedman requirement, the scheme fails the first two. The 90 day time period, which may be extended by referral to the President, the lack of any specified time in which an appeal must be decided, and the lack of prompt judicial review fall short of the minimum safeguards, and thus the scheme is unconstitutional. See Teitel Film Corp. v. Cusack, 390 U.S. 139, 141-42 (1968) (per curium) (holding that 50-57 day period for obtaining decision in film censorship context not a sufficiently "specified brief period").

V. The Scheme Is Content-based and Fails Strict Scrutiny

The regulations are not content-neutral restrictions on expression that should be subject to something less than strict scrutiny. The licensing scheme is not content- neutral because it applies only to the publication of encryption software and not to the publication of other types of software. As content-based restrictions, the regulations are presumed invalid, RAV v. St. Paul, 505 U.S. 377, 381 (1992) and must be struck down unless the government can affirmatively show that the "regulation is necessary to serve a compelling interest and that it is narrowly drawn to achieve that end." Boos v. Barry, 485 U.S. 312 (1988).

CONCLUSION

For the foregoing reasons, Plaintiff's motion for summary judgment on the First Amendment claims should be granted.

Respectfully submitted,

[Signature]

GINO J. SCARSELLI (0062327)
664 Allison Dr.
Richmond Hts., OH 44143-2904
(216) 291-8601

RAYMOND VASVARI (0055538)
1300 Bank One Center
600 Superior Ave. East
Cleveland, OH 44114-2650
(216) 522-1925

KEVIN FRANCIS O'NEILL (0010481)
Professor of Law
Cleveland-Marshall College of Law
1801 Euclid Ave.
Cleveland, OH 44115
(216) 687-2286

ADDENDUM A

=======================================================================

[Federal Register: December 30, 1996 (Volume 61, Number 251)]
[Rules and Regulations]
[Page 68572-68587]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE
Bureau of Export Administration
15 CFR Parts 730, 732, 734, 736, 738, 740, 742, 744, 748, 750, 768,
772, and 774
[Docket No. 960918265-6366-03]
RIN 0694-AB09

Encryption Items Transferred From the U.S. Munitions List to the
Commerce Control List
AGENCY: Bureau of Export Administration, Commerce.
ACTION: Interim rule.
-----------------------------------------------------------------------

*****

[[Page 68574]]

pursuant to the Presidential Memorandum of that date may be released
from ``EI'' controls and thereby made eligible for mass market
treatment after a one-time BXA review. To determine eligibility for
mass market treatment, exporters must submit a classification request
to BXA. 40-bit mass market encryption software may be eligible for a 7-
day review process, and company proprietary software may be eligible
for 15-day processing. See new Supplement No. 6 to part 742 and
Sec. 748.3(b)(3) for additional information. Note that the one-time
review is for a determination to release encryption software in object
code only. Exporters requesting release of the source code should refer
to paragraph (b)(3)(v)(E) of Supplement No. 6 to part 742. If, after a
one-time review, BXA determines that the software is released from EI
controls, such software is eligible for all provisions of the EAR
applicable to other software, such as License Exception TSU for mass-
market software. If BXA determines that the software is not released
from EI controls, a license is required for export and reexport to all
destinations, except Canada, and license applications will be
considered on a case-by-case basis.
    (2) Key Escrow, Key Recovery and Recoverable encryption software
and commodities. Recovery encryption software and equipment controlled
for EI reasons under ECCN 5D002 or under ECCN 5A002, including
encryption equipment designed or modified to use recovery encryption
software, may be made eligible for License Exception KMI after a one-
time BXA review. License Exception KMI is available for all
destinations except Cuba, Iran, Iraq, Libya, North Korea, Syria and
Sudan. To determine eligibility, exporters must submit a classification
request to BXA. Requests for one-time review of key escrow and key
recovery encryption products will receive favorable consideration
provided that, prior to the export or reexport, a key recovery agent
satisfactory to BXA has been identified (refer to new Supplement No. 5
to part 742) and security policies for safeguarding the key(s) or other
material/information required to decrypt ciphertext as described in
Supplement No. 5 to part 742 are established to the satisfaction of BXA
and are maintained after export or reexport as required by the EAR. If
the exporter or reexporter intends to be the key recovery agent, then
the exporter or reexporter must meet all of the requirements of a key
recovery agent identified in Supplement No. 5 to part 742. In addition,
the key escrow or key recovery system must meet the criteria identified
in Supplement No. 4 to part 742. Note that eligibility is dependent on
continued fulfilment of the requirements of a key recovery agent
identified in Supplement No. 5 to part 742. Since the establishment of
a key management infrastructure and key recovery agents may take some
time, BXA will, while the infrastructure is being built, consider
exports of key recovery encryption products which facilitate
establishment of the key management infrastructure before a key
recovery agent is named, consistent with national security and foreign
policy. When BXA approves such cases, exporters of products described
in Supplement No. 4 to part 742 are required to furnish the name of an
agent by December 31, 1998. Requests for one-time review of recoverable
products which allow government officials to obtain, under proper legal
authority and without the cooperation or knowledge of the user, the
plaintext of the encrypted data and communications will also receive
favorable consideration.
    (3) Non-recovery encryption items up to 56-bit key length DES or
equivalent strength supported by a satisfactory business and marketing
plan for exporting recoverable items and services. Manufacturers of
non-recovery encryption items up to 56-bit key length DES or equivalent
strength will be permitted to export and reexport under the authority
of License Exception KMI, provided that the requirements and conditions
of the License Exception are met. Exporters must submit a
classification request for an initial BXA review of the item and a
satisfactory business and marketing plan that explains in detail the
steps the applicant will take during the two-year transition period
beginning January 1, 1997 to develop, produce, and/or market encryption
items and services with recoverable features. Producers would commit to
produce key recovery products. Others would commit to incorporate such
products into their own products or services. Plans will be evaluated
in consideration of good faith efforts by the exporter to promote key
recovery products and infrastructure. Such efforts can include: the
scale of key recovery research and development, product development,
and marketing plans; significant steps to reflect potential customer
demand for key recovery products in the firm's encryption-related
business; and how soon a key recovery agent will be identified. Note
that BXA will accept requests for classification of non-recoverable
encryption items up to 56-bit key length DES or equivalent strength
under this paragraph from distributors, re-sellers, integrators, and
other entities that are not manufacturers of the encryption items. The
use of License Exception KMI is not automatic; eligibility must be
renewed every six months. Renewal after each six-month period will
depend on the applicant's adherence to explicit benchmarks and
milestones as set forth in the plan approved with the initial
classification request and amendments as approved by BXA. This
relaxation of controls and use of License Exception KMI will last
through December 31, 1998. The plan submitted with classification
requests for the export of non-recoverable encryption items up to 56-
bit key length DES or equivalent strength must include the elements in
new Supplement No. 7 to part 742. Note that distributors, re-sellers,
integrators, and other entities that are not manufacturers of the
encryption items are permitted to use License Exception KMI for exports
and reexports of such items only in instances where a classification
has been granted to the manufacturer of the encryption items. The
authority to so export or reexport will be for a time period ending on
the same day the producer's authority to export or reexport ends.
    Exporters authorized to export 56-bit DES or equivalent strength
non-key recovery products in exchange for commitments to key recovery
will be allowed to service and support the customers of those products
during and after the two-year period. Support and service includes
maintenance or replacement of products to correct defects or maintain
existing functionality. It also includes upgrades that do not increase
the strength of the encryption in the product.
    Exporters authorized to export 56-bit DES or equivalent strength
non-key recovery products during the interim period may also export
under a license additional quantities of those 56-bit DES or equivalent
strength non-key recovery products after the two-year period to
existing customers. Such sales may be made to the customers of any
exporter that was authorized to export such products in exchange for
key recovery commitments during the two-year period. The additional
quantities sold may not be disproportionate to the customer's embedded
base.
    (4) All other encryption items--(i) Encryption licensing
arrangement. This is intended to continue without change the regulatory
treatment of the distribution and warehouse arrangements currently
permitted under

[[Page 68575]]

the International Traffic in Arms Regulations. Applicants may submit
license applications for exports and reexports of certain encryption
commodities and software in unlimited quantities for all destinations
except Cuba, Iran, Iraq, Libya, North Korea, Syria, and Sudan.
Applications will be reviewed on a case-by-case basis. Encryption
licensing arrangements may be approved with extended validity periods
specified by the applicant in block #24 on Form BXA-748P. In addition,
the applicant must specify the sales territory and classes of end-
users. Such licenses may require the license holder to report to BXA
certain information such as item description, quantity, value, and end-
user name and address.
    (ii) Applications for encryption items not authorized under an
encryption licensing arrangement. Applications for the export and
reexport of all other encryption items will be considered on a case-by-
case basis.
    (5) Applications for encryption technology. Applications for the
export and reexport of encryption technology will be considered on a
case-by-case basis.
    Note that all ``EI'' encryption items are not subject to any
mandatory foreign availability procedures of the EAA or the EAR. In
section 1(a) of Executive Order 13026, the President states:

    I have determined that the export of encryption products
described in this section may harm national security and foreign
policy interests even where comparable products are or appear to be
available from sources outside the United States, and that facts and
questions concerning the foreign availability of such encryption
products cannot be subject to public disclosure or judicial review
without revealing or implicating classified information that could
harm United States national security and foreign policy interests.
Accordingly, section 4(c) and 6(h)(2)-(4) of the Export
Administration Act of 1979 (``the EAA'') * * *, all other analogous
provisions of the EAA relating to foreign availability, and the
regulations in the EAR relating to such EAA provisions, shall not be
applicable with respect to export controls on such encryption
products.
    This interim rule amends part 768, Foreign Availability, to make
clear that the provisions of that part do not apply to encryption items
transferred to the Commerce Control List.
    This interim rule also amends part 734 to exclude encryption items
transferred from the U.S. Munitions List to the Commerce Control List
consistent with E.O. 13026 (61 FR 58767, November 15, 1996) and
pursuant to the Presidential Memorandum of that date from the de
minimis provisions for items exported from abroad. This rule also
amends part 734 of the EAR to reflect that encryption software
controlled for EI reasons under ECCN 5D002 that has been transferred to
the Department of Commerce from the Department of State by Presidential
Memorandum will be subject to the EAR even when publicly available. A
printed book or other printed material setting forth encryption source
code is not itself subject to the EAR (see Sec. 734.3(b)(2)). However,
notwithstanding Sec. 734.3(b)(2), encryption source code in electronic
form or media (e.g., computer diskette or CD ROM) remains subject to
the EAR (see Sec. 734.3(b)(3)). The administration continues to review
whether and to what extent scannable encryption source or object code
in printed form should be subject to the EAR and reserves the option to
impose export controls on such software for national security and
foreign policy reasons. Note that there is a new definition of ``export
of encryption source code and object code software'' (see
Sec. 734.2(b)(9)).
    This rule creates a new License Exception KMI for exports of
certain encryption software and equipment. This rule also amends part
740 and Supplement No. 2 to part 774 to reflect that encryption
software will not be eligible for ``mass market'' treatment under the
General Software Note or for export as beta-test software under License
Exception BETA unless released from EI controls through a one-time BXA
review (refer to new Supplement No. 6 to part 742). Encryption items
transferred from the USML to the CCL prior to November 15, 1996 are not
controlled for EI reasons. Note that License Exception TMP is available
for temporary exports and reexports of encryption items except under
the provisions for beta-test software. License Exceptions TMP and BAG
effectively replace the Department of State's personal use exemption.
Software and technology that was controlled by the Department of
Commerce prior to December 30, 1996 are not affected by this rule and
will continue to be eligible for the publicly available treatment.
Software controlled by the Department of Commerce prior to December 30,
1996 will continue to be eligible for mass market treatment under the
General Software Note, and License Exception TSU for mass-market
software.
    For purposes of this rule, ``recovery encryption products'' refers
to encryption products (including software) that allow government
officials to obtain under proper legal authority and without the
cooperation or knowledge of the user, the plaintext of encrypted data
and communications. Such products fulfill the objectives of the
Administration's encryption policy. Other approaches to access and
recovery may be defined in the future.
    This interim rule also amends part 742 to reflect the new combined
national security and foreign policy controls imposed by this rule, and
adds a new Supplement No. 4 titled ``Key Escrow or Key Recovery
Products Criteria'' that includes product criteria, a new Supplement
No. 5 titled ``Key Escrow or Key Recovery Agent Criteria, Security
Policies, and Key Escrow or Key Recovery Procedures'' that includes
interim requirements for key recovery agents, a new Supplement No. 6
titled ``Guidelines for Submitting a Classification Request for a Mass
Market Software Product that contains Encryption'' that includes the
criteria for the one-time review of classification requests for release
of certain encryption software from EI controls, and a new Supplement
No. 7 titled ``Review Criteria for Exporter Key Escrow or Key Recovery
Development Plans.''
    This interim rule also amends part 744 to add a general prohibition
in Sec. 744.9 with respect to technical assistance in the development
or manufacture abroad of encryption commodities and software controlled
for EI reasons and makes conforming changes throughout the EAR.
    This interim rule makes conforming changes in part 748 for
classification requests, amends part 750 of the EAR to reflect the
Department of Justice role in the review of encryption license
applications, adds new definitions to part 772, and amends the Commerce
Control List (Supplement No. 1 to part 774) by adding new EI controls
under ECCNs 5A002, 5D002, and 5E002 for commodities, software and
technology that are placed under Commerce Department jurisdiction,
consistent with E.O. 13026, by Presidential Memorandum.
    In certain cases, semiannual reporting requirements on quantities
shipped and country of destination will be imposed on exporters, in
order to allow the United States to fulfill the reporting requirements
of its international obligations, such as the Wassenaar Arrangement.
    The scope of controls on the release to foreign nationals of
technology and software subject to the EAR may be amended in a separate
Federal Register Notice.
    This rule involves no new curtailment of exports, because the
transfer or removal of items from the United States Munitions List to
the CCL maintains a continuity of controls. Therefore, the

*****

[Note: Full BXA document at: http://jya.com/bxa123096.txt]

CERTIFICATE OF SERVICE

The undersigned hereby certifies that a copy of the foregoing was served on October 14, 1997, upon Anthony J. Coppolino, Department of Justice, Civil Division Room 1084, 901 E Street, N.W., Washington, D.C. 20530 by Express Mail.

Respectfully submitted,

[Signature]

Gino J. Scarselli (0062327)
664 Allison Drive
Richmond Hts., OH 44143
Tel. 216-291-8601
Fax 216-291-8601
Attorney for the Plaintiff

EXHIBITS TO PLAINTIFF'S MOTION FOR SUMMARY JUDGMENT

JUNGER V. DALEY, et al.

CASE NO. 96 CV 1723

CONTENTS

Ex. 1A Declaration of Harold Abelson [5 pp.]

Ex. 1B Declaration of Prof. Andrew W. Appel [26 pp.]

Ex. 1C (Second) Declaration of Matt Blaze [21 pp.]

Ex. 1D Declaration of Carl Ellison [20 pp.]

Ex. 1E Declaration of Ian Goldberg [7 pp.]

Ex. 1F (Second) declaration of Peter D. Junger [14 pp.]

Ex. 1G Declaration of John R. Liebman [not provided]

Ex. 1H Declaration of Brian Behlendorf [4 pp.]

Ex. 1N AAAS letter to BXA dated February 7, 1997 [4 pp.]

Ex. 1P AAAS letter to BXA dated February 12, 1997 [8 pp.]

Ex. 1Q Washington Post Graphic dated September 27, 1997 [1 p.]

Ex. 1R AAAS letter to Representative Gingrich dated September 29, 1997 [2 pp.]

Ex. 1S Statement of Deputy Director, William Crowell, to the House Committee on the Judiciary Hearing on H.R. 3011, September 25, 1996 [4 pp.]

Ex. 1T Statement of Vice Admiral McConnell Before the Subcommittee on Technology and the Law of the Committee on the Judiciary United States Senate (103 Congress, 2nd Session), May 3, 1994 [4 pp.]

Pl.'s Video Ex. (resubmitted) [not provided]

[Exhibits were provided in hardcopy and are omitted here. For some online versions see Peter Junger's Web site at: http://samsara.LAW.CWRU.Edu/comp_law/jvd/]

CONTENTS
Ex. 1A	Declaration of Harold Abelson [5 pp.]
Ex. 1B	Declaration of Prof. Andrew W. Appel [26 pp.]
Ex. 1C	(Second) Declaration of Matt Blaze [21 pp.]
Ex. 1D	Declaration of Carl Ellison [20 pp.]
Ex. 1E	Declaration of Ian Goldberg [7 pp.]
Ex. 1F	(Second) declaration of Peter D. Junger [14 pp.]
Ex. 1G	Declaration of John R. Liebman [not provided]
Ex. 1H	Declaration of Brian Behlendorf [4 pp.]
Ex. 1N	AAAS letter to BXA dated February 7, 1997 [4 pp.]
Ex. 1P	AAAS letter to BXA dated February 12, 1997 [8 pp.]
Ex. 1Q	Washington Post Graphic dated September 27, 1997 [1 p.]
Ex. 1R	AAAS letter to Representative Gingrich dated September 29, 1997 [2 pp.]
Ex. 1S	Statement of Deputy Director, William Crowell, to the House Committee on the Judiciary Hearing on H.R. 3011, September 25, 1996 [4 pp.]
Ex. 1T	Statement of Vice Admiral McConnell Before the Subcommittee on Technology and the Law of the Committee on the Judiciary United States Senate (103 Congress, 2nd Session), May 3, 1994 [4 pp.]
	Pl.'s Video Ex. (resubmitted) [not provided]