28 November 1997
Source: Hardcopy from Peter Junger

Documents of the suit: http://jya.com/pdj.htm
Peter Junger's Web site: http://samsara.LAW.CWRU.Edu/comp_law/jvd/

UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF OHIO
EASTERN DIVISION

Pursuant to Rule 56 of the Federal Rules of Civil Procedure, defendants, through their undersigned counsel, hereby move for summary judgment. The grounds for this motion are that there is no genuine issue of material fact in this action, and defendants are entitled to judgment as a matter of law on all claims. See Fed.R.Civ.P. 56(c); Dambrot v. Central Michigan University, 55 F.3d 1177, 1182 (6th Cir. 1995) (citing Anderson v. Liberty Lobby. Inc., 477 U.S. 242, 247- 46 (1986)); see also 8:8.2 (certification that there is no genuine issue of material fact). In support of this motion, the Court is respectfully referred to the accompanying memorandum of points and authorities, declarations, attached exhibits, and any further evidence that may be presented to the Court.

Respectfully Submitted,

FRANK W. HUNGER
Assistant Attorney General

EMILY M. SWEENEY
United States Attorney

VINCENT M. GARVEY
Deputy Branch Director

[Signature]

ANTHONY J. COPPOLINO
Department of Justice
Civil Division, Room 1084
901 E Street, N.W.
Washington, D.C. 20530
Tel. (Voice): (202) 514-4782
(FAX): (202) 616-8470 or 616-8460

Attorneys for the Defendants

Date: November 18, 1997

- 2 -

CERTIFICATE OF SERVICE

I hereby certify that on this the 17th day of November 1997, a copy of the foregoing Defendants' Second Cross-motion For Summary Judgment, was served, via overnight express mail, on:

Gino J. Scarselli
664 Allison Drive
Richmond Hts., Ohio 44143
Tel: (216) 291-8601

[Signature]

ANTHONY J. COPPOLINO

UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF OHIO
EASTERN DIVISION

FRANK W. HUNGER
Assistant Attorney General

EMILY M. SWEENEY
United States Attorney

VINCENT M. GARVEY
ANTHONY J. COPPOLINO
Department of Justice
Civil Division, Room 1084
901 E Street, N.W.
Washington, D.C. 20530
Tel. (Voice): (202) 514-4782

Attorneys for the Defendants

Date: November 18, 1997

TABLE OF CONTENTS

INTRODUCTION		1
SUMMARY OF ARGUMENT		2
BACKGROUND ON CRYPTOGRAPHY AND ENCRYPTION SOFTWARE		5
REGULATORY BACKGROUND ON ENCRYPTION EXPORT CONTROLS		9
FACTUAL BACKGROUND		13
ARGUMENT		14
I.	THE EXPORT OF AN ENCRYPTION SOFTWARE PROGRAM, INCLUDING       VIA THE INTERNET, IS NOT THE MERE "PUBLICATION" OF AN "IDEA"	14
II.	THE EAR'S EXPORT CONTROLS ARE CONSTITUTIONALLY PERMISSIBLE CONTENT-NEUTRAL REGULATIONS	18
	A. The Intermediate Standard of Review Applies to Export      Licensing Controls On Cryptographic Hardware	18
	B. Export Controls on Encryption Software Satisfy Intermediate      Scrutiny	22
III.	THE EAR'S EXPORT CONTROLS ARE NOT A FACIALLY UNCONSTITUTIONAL PRIOR RESTRAINT	28
	A. The Government Does Not Seek to Enjoin the Publication of Ideas      Concerning National Security Through Export Controls	28
	B. Export Licensing Requirements For Encryption Software Are Not      A System of Prior Restraint	29
IV.	EXPORT LICENSING CONTROLS ON CRYPTOGRAPHIC SOFTWARE ARE NOT OVERBROAD	33
V.	PLAINTIFF LACKS STANDING TO CHALLENGE EXPORT LICENSING CONTROLS ON "TECHNOLOGY" AND, IN ANY EVENT, SUCH CONTROLS ARE CONSTITUTIONAL	37
VI.	EXPORT CONTROLS ON ENCRYPTION SOFTWARE UNDER THE EAR DO NOT EXCEED STATUTORY AUTHORITY	40
CONCLUSION		40

FEDERAL CASES
Bateman v. Mnemonics. Inc., 79 F 3d 1532 (11th Cir. 1996)	7
Bernstein v. Department of State, 974 F.Supp. 1288 (N.D. Cal. 1997)      (appeal pending)	4-5, 33, 40
Broadrick v. Oklahoma, 413 U.S. 601(1973)	33, 34
Brockett v. Spokane Arcades. Inc., 472 U.S. 491(1984)	33, 35
Brown Bag Software v. Symantec Corp., 960 F.2d 1465 (9th Cir.),      cert. denied, 506 U.S. 869 (1992)	8
Cadence Design Systems. Inc. v Avant! Corp., 1997 WL 583702      (9th Cir. Sept. 23. 1997)	8
City of Lakewood v. Plain Dealer Publishing Co., 486 U.S. 750 (1988)	3, 28, 30, 31
Clark v. Community for Creative Non-Violence, 468 U.S. 288 (1984)	18, 27
Comshare Inc. v. United States, 27 F.3d 1142 (6th Cir. 1994)	9
Christy v. Randlett, 932 F.2d 502 (6th Cir. 1991)	31
Desert Outdoor Advertising. Inc. v. City of Moreno Valley,      l03 F.3d 8l4 (9th Cir. 1996). cert. denied, 65 U S L.W. 3666 (Oct. 14. 1997)	31
Diamond v. Diehr, 450 U.S. 175 (1980)	7
Digidyne Corp. v. Data General Corp., 734 F.2d 1336 (9th Cir. 1984),      cert. denied, 473 U.S. 908 (1985)	7
DLS, Inc. v. City of Chattanooga, 107 F.3d 403 (6th Cir. 1997)	23, 30, 31
East Brooks Books. Inc. v. City of Memphis, 48 F.3d 220 (6th Cir. 1995),      cert. denied, 116 S.Ct. 277 (1995)	23, 31
Forsythe County, Georgia v. Nationalist Movement, 505 U.S. 123 (1992)	31
Freedman v. Maryland, 380 U.S. 51(1965)	32
FW/PBS Inc. v. City of Dallas, 493 U.S. 215 (1990)	3, 30, 32, 33
Gerritsen v. City of Los Angeles, 994 F 2d 570 (9th Cir. 1993),      cert. denied, 510 U.S. 915 (1993)	32
Grossman v. City of Portland, 33 F.3d 1200, 1201 (9th Cir. 1994)	32
Johnson Controls. Inc. v. Phoenix Control Systems. Inc., 886 F.2d 1173 (9th Cir. 1989)	7
Karn v. Department of State, 925 F. Supp. 1 (D.D.C. 1996)      remanded, 107 F.3d 923 (D.C. Cir. 1997) (pending)	5, 22
Leonardson v. City of East Lansing, 896 F.2d 190 (6th Cir. 1990)	34
Members of Los Angeles City Council v. Taxpayers for Vincent,     466 U S. 789 (1983)	34, 35
Lovell v. City of Griffin, 303 U.S. 444 (1938)	31
Michigan State AFL-CIO v. Miller, 103 F.3d 1240 (6th Cir. 1997)	19
New York State Club Association v. New York City, 487 U.S. 1 (1987)	33, 34
New York Times v. United States, 403 U.S. 713 ( 1970) (per curiam)	2, 28, 29
Near v. Minnesota, 283 U.S. 697 (1931)	28-29
Reno v. ACLU, 117 S.Ct. 2329 (1997)	17
Roulette v. City of Seattle, 97 F.3d 300 (9th Cir. 1996)	32
Secretary of State of Maryland v. Joseph H. Munson Co., 467 U.S. 947 (1984)	35, 38
Sega Enterprises. Ltd. v. Accolade, Inc., 977 F.2d 1510 (9th Cir. 1993)	7, 8
Shuttlesworth v. City of Birmingham, 394 U.S. 147 (1969)	31
Southeastern Promotions, Ltd. v. Conrad, 420 U.S. 546 (1975)	31
Steffel v. Thompson, 415 U.S. 452 (1974)	38
Turner Broadcasting System, Inc. v. FCC, 512 U.S. 622 (1994)	18, 19, 23, 26,  27
United States v. Edler Industries, 579 F.2d 516 (9th Cir. 1978)	39
United States v. Helmy, 712 F. Supp. 1423 (E.D. Cal. 1989)	25
United States v. Mandel, 914 F 2d 1215 (9th Cir. 1990)	24
United States v. Martinez, 904 F 2d 601 (I 1th Cir. 1990)	24
United States v. Moller-Butcher, 560 F. Supp. 550 (D. Mass. 1983)	25
United States v. O'Brien, 391 U.S. 367 (1968)	23
United States v. Posey, 864 F.2d 1487 (9th Cir. 1989)	39
United States v. Spawr Optical Research, Inc., 864 F.2d 1467. 1473      (9th Cir. 1988), cert. denied, 493 U.S. 809 (1989)	25
United States v. Van Hee, 531 F.2d 352 (6th Cir. 1976)	38
Vittitow v. City of Upper Arlington, 43 F.3d 1100 (6th Cir ),      cert. denied, 515 U.S.1211 (1995)	19
Ward v. Rock Against Racism, 491 U.S. 781 (1989)	19, 23, 26, 27
Warth v. Seldin, 422 U.S. 490 (1975)	33
CONSTITUTION
U.S. Const. Art. 1, § 8, cl. 3, 11-14	23
U.S. Const. Art. II, § 2, cl. 1	23
STATUTES
International Emergency Economic      Powers Act, 50 U.S.C. §§ 1701-1706 (IEEPA)	40
EXECUTIVE ORDERS
E.O. 13026, 61 Fed. Reg. 58767 (Nov. 19, 1996)	9-10, 11-12, 25, 26, 38
Presidential Memorandum, 32 Weekly Comp. Pres. Doc. 2397 (Nov. 15, 1997)	10
REGULATIONS
Export Administration Regulations, 15 C F R. Part 730 et seq.	10
15 C.F.R. § 732.2(b)	12
15 C.F.R. § 734.2(b)(9)	11
15 C.F.R. §§ 734.3(b)(2)	20
15 C.F.R. §§ 734.3(b)(3)	12, 20
15 C.F.R. § 734.7	12, 20, 39
15 C.F.R. § 734.8	12, 20, 39
15 C.F.R. § 734.9	12, 20, 39
15 C.F.R. § 742.15	11, 12, 19, 31, 38
15 C.F.R. § 742.15(b)	27
15 C.F.R. § 742.1 5(b)(1)-(3), Supplement Nos. 4-7	11, 27
15 C.F.R. § 768.1(b)	13
15 C.F.R. Part 772	10, 37-38
15 C.F.R. Part 774, ECCN SA002	10
15 C.F.R. Part 774, ECCN SD002	passim
15 C.F.R. Part 774 (Commerce Control List)	10, 31
61 Fed. Reg. 68572 et seq., (Dec. 30, 1996)      (amendments to EAR re: encryption items)	10

INTRODUCTION

This is the second round of cross-motions for summary judgment in this action, in which the plaintiff challenges on First Amendment grounds licensing requirements maintained by the United States Government on the export of "cryptographic" or "encryption" software -- software that can be used on a computer to "scramble" electronic data in order to maintain the secrecy of information. Plaintiff seeks the right to distribute throughout the world, in an unrestricted fashion, encryption software programs that the President has determined can jeopardize this country's foreign policy and national security interests when used outside the United States. Plaintiff asks the Court to reverse the President's judgment on this matter and abolish all export licensing requirements on encryption software, on a nationwide injunctive basis, as to all application of the regulations at issue. Plaintiff's claims are entirely without merit and should be rejected.

The use of cryptography has historically been one of the most significant national security matters facing the United States. The government has a compelling interest in protecting its ability to obtain information abroad critical to national security or foreign policy. Export controls on cryptographic products are not targeted at the transmission of ideas or information concerning cryptography -- which are widely and freely disseminated -- but at the spread of U.S.-origin products that provide an actual encryption capability overseas.

The controversy at issue in this lawsuit has decidedly shifted from when the action originally commenced. Plaintiff first alleged that export controls on encryption maintained by the State Department threatened his ability to teach a class concerning cryptography, and to publish and export a computer software program known as a "one time pad" ("OTP"), along with a textbook he was preparing for his course. After licensing jurisdiction shifted to the Commerce

Department in December 1996, plaintiff finally sought an administrative determination from the government (largely at the Court's behest) and now concedes that his ability to teach a class concerning cryptography, including to foreign students, is not at issue. Plaintiff was also advised that the program he developed is not encryption software subject to export licensing requirements. In addition, plaintiff learned that there is no restriction on the publication of a chapter from his textbook. The new controversy in this case focuses whether plaintiff should be free to export four other encryption software programs recently found by the Commerce Department to be subject to export licensing requirements. Because so many theories of law are raised in this action, an initial summary is in order.

SUMMARY OF ARGUMENT

Plaintiff characterizes the transmission of actual encryption software programs from the United States as the "publication" of "ideas" concerning cryptography, and claims that any licensing requirement on such "publication" is an impermissible prior restraint on speech. This is wrong both factually and legally. As plaintiff himself concedes, encryption software programs have a technical capability to encrypt data on a computer. Whatever informational value such software may hold for those trained in computer programming, it indisputably controls the functioning of a computer and is the engine for encrypting data. If used abroad, such software can obviously hinder the government's access to information critical to national security.

For this reason, authority plaintiff cites concerning classic prior restraints on speech. such as the famous "Pentagon Papers" case -- which sought to bar publication of information concerning the Vietnam War, see New York Times v. United States, 403 U.S. 713 (1970) (per curiam) -- are inapposite. The government does not seek to limit plaintiff from spreading ideas

- 2 -

or information about cryptography but, rather, from exporting globally actual software programs that have a technical capability to encrypt data. Equally unfounded is plaintiff's reliance on authority subjecting certain licensing schemes to a "facial" prior restraint challenge. See, e.g.,City of Lakewood v. Plain Dealer Publishing Co., 486 U.S. 750 (1988); FW/PBS Inc. v. City of Dallas, 493 U.S. 215 (1990). Such authority applies to the licensing of purely expressive activities, such as parades, newspaper distribution, theatrical productions, or adult entertainment. It is manifestly inapposite to licensing of the export of an item that, whatever its attendant informational value to some, provides a technical capability to encrypt -- which is the overriding purpose of its development and export. The notion plaintiff advances through this claim -- that the President would have to obtain advance judicial approval before stopping a U.S. citizen from providing a powerful encryption capability to Saddam Hussein or the entire world -- is specious. Whatever First Amendment implications there may be for the licensing policy at issue, the prior restraint doctrine does not apply.

Also without merit is plaintiff's facial "overbreadth" challenge, which seeks to invalidate the licensing requirements at issue not only as to plaintiff, but as to all possible applications, even those unrelated to his own activities, and on a nationwide injunctive basis. The law does not support relief of the nature plaintiff seeks. Indeed, plaintiff has not properly stated an overbreadth claim at all, since he continues to challenge application of the regulations to his own academic circumstances. Simply put, plaintiff cannot seek invalidation of the regulations as to Microsoft (for example) because he wants to post a program to his Web site. Moreover, the export policy at issue has a substantially permissible purpose, particularly as to U.S. commercial software providers, and serves that purpose in a narrowly tailored fashion.

- 3 -

The proper focus of this case should be on whether export licensing requirements for encryption software may constitutionally apply to the plaintiff himself. As to this claim, basic First Amendment analysis applies, starting with an assessment of whether the regulations are directed at the content of ideas. As set forth below, the regulations do not limit the dissemination of ideas about cryptography, but focus on products that can actually encrypt information. Hence, the "intermediate" standard of First Amendment scrutiny applies and is easily satisfied. The regulations serve a permissible purpose to protect the government's interests abroad, and do not otherwise impinge on the broad discourse that occurs daily in the field of cryptography. There is, moreover, no plausible "academic exception" to the export licensing requirements. Even if plaintiff's intentions for exporting encryption software were entirely academic -- which is questionable -- once the program is exported abroad in an unrestricted fashion, any recipient may use the product against the interests of the United States.

In the final analysis, this is a simple case, greatly complicated by plaintiff's presentation of the facts and law. Courts have consistently deferred to the President's judgment as to which commodities should be controlled for export to protect the nation's national security and foreign policy interests. Though in the guise of a "free speech" claim, this case presents no different issue. Powerful encryption products, including software, can unquestionably harm the government's interests abroad, and efforts to limit this harm through export licensing requirements do not run afoul of the First Amendment.¹

_____________________

¹ Plaintiff relies heavily on the district court's decision in Bernstein v. Department of State, 974 F. Supp. 1288 (N.D. Cal. Aug. 25,1997) (injunction stayed and appeal pending), where the court held that export licensing controls on encryption source code constitute a system of prior restraint. This court is obviously not bound by that decision which, in the government's (continued . . . )

- 4 -

BACKGROUND ON CRYPTOGRAPHY AND ENCRYPTION SOFTWARE

The national security of the United States depends in part on the ability of the government to obtain timely information about the activities and plans of potentially hostile foreign governments, groups, and individuals abroad. The United States therefore uses a variety of means to monitor and intercept communications by foreign intelligence targets. See Declaration of Barbara A. McNamara, Deputy Director, National Security Agency, ¶¶ 3, 4. Among other things, the United States engages in signals intelligence (SIGINT), the collection and analysis of information from foreign electromagnetic signals. Id. Primary responsibility for the government's SIGINT activities belongs to the National Security Agency (NSA), a component of the Department of Defense. L. Based on information derived from these activities, NSA provides reports on a rapid-response basis to national policymakers, military commanders, and other entities throughout the federal government. Id. 114. This information has proven to be highly reliable and essential to the national defense, national security, and the conduct of the foreign affairs of the United States. Id. The SIGINT capabilities of the United States can be significantly compromised by the use of cryptography by foreign intelligence targets. See McNamara Decl. ¶ 5.

Cryptography concerns the encryption and decryption of communications, and is used in an effort to prevent communications from being intercepted and read or altered. In the absence

_______________________

¹ ( . . . continued) view, is in error for the reasons set forth herein. A prior district court decision in Karn v. Department of State, 925 F.Supp. I (D.D.C. 1996), remanded by 107 F.3d 923 (D.C. Cir. 1997) upheld export licensing controls on cryptographic software in a First Amendment challenge to the previously applicable State Department regulations, and is now pending on remand upon the transfer of licensing jurisdiction to the Commerce Department.

- 5 -

of cryptography, information sent via a computer is unsecure and may be viewed by those other than the intended recipient. By utilizing cryptographic devices, including software, messages or text can be secured with the intention that whatever is sent is inaccessible to anyone except the intended recipient able to decrypt the message. Encryption is the process of converting a message from its original form (commonly known as "plaintext") into a scrambled form (known as "ciphertext") that cannot be deciphered (or "decrypted") by persons who lack the "key" needed to unscramble the message. See McNamara Decl. ¶ 5.²

Encryption has long been a tool in the conduct of military and foreign affairs. See McNamara Decl. ¶ 5; see also David Kahn The Code Breakers: The Story of Secret Writing (1967). Today, foreign intelligence targets use encryption in an effort to maintain the secrecy of their communications. See McNamara Decl. ¶ 5 For example, encryption can be used to conceal the communications of terrorists, drug smugglers, or others intent on taking hostile actions against U.S. facilities, personnel, or security interests. Id. Accordingly, one of the NSA's principal SIGINT activities is "cryptanalysis," the science of "reading" ciphertext without having access to the key that was used to encrypt the message. Id.

Until the end of the Second World War, encryption was ordinarily performed by mechanical devices, such as the "Enigma" machines used by Nazi Germany. Since then, mechanical encryption devices have been largely replaced with electronic ones. Today, messages can be encrypted electronically through the use of dedicated hardware, such as the electronic circuitry embedded in a telephone scrambler. In addition, encryption now can be performed by

_______________________

² Most modern cryptographic systems utilize what is referred to as a "key," which is the specific information (analogous to a password) that is necessary to encrypt and decrypt a message. Id. ¶ 5, n.2

- 6 -

general-purpose computers, including "desktop" computers of the sort in common use here and abroad. Early computers were "programmed" to perform different tasks by manually re-wiring their circuitry. See Diamond v. Diehr, 450 U.S. 175, 194 and n. 1 (1980) (Stevens, J. dissenting). Modern software programming evolved as a means of enhancing the functionality of computers to enable them to perform the multiple tasks they do today. In order for a computer to encrypt data, it must use a software program that controls the encoding of the data.

A computer software program is a set of instructions to a computer that direct computer hardware to perform certain tasks. See Bateman v. Mnemonics. Inc., 79 F.3d 1532, 1537 n. 11 (11th Cir. 1996); see also Digidyne Corp. v. Data General Corp., 734 F.2d 1336, 1342 (9th Cir. 1984), cert. denied, 473 U.S. 908 (1985) (software is "a set of instructions [to a computer] that allows the system to accomplish a particular task"). Software programs take two general forms: object code and source code. See McNamara Decl. ¶ 9. Both object code and source code consist of a sequence of instructions to enable a computer to perform certain functions. Object code (or "machine" code) represents those instructions as a sequence of binary digits ("1's" and "0's") that can be executed directly by the computer's microprocessor. Id. Source code represents the same computer instructions in "specialized alphanumeric [programming] languages" such as BASIC, C, FORTRAN, or Java. See Sega Enterprises, Ltd. v. Accolade, Inc., 977 F.2d 1510, 1514 n.2 (9th Cir. 1993); see also Johnson Controls, Inc. v. Phoenix Control Systems, Inc., 886 F.2d 1173, 1175 n.2 (9th Cir. 1989) ("source code" is a set of instructions to the computer, in programming languages such as BASIC or FORTRAN and "object code" is the same set of instructions in binary code). With respect to encryption in particular, an encryption "source code" is a computer program that expresses a cryptographic "algorithm" in a precise set of

- 7 -

operating instructions that enable a computer to perform cryptographic functions. See McNamara Decl. ¶ 8. A cryptographic algorithm is a mathematical function or equation that can be implemented electronically in software to transform data into an unintelligible form (i.e., into ciphertext). Id. ¶ 8 and n. 4.³

Computer programming languages that comprise source code can be "understood" by humans trained in this field. See Cadence Design Systems, Inc. v. Avant! Corp., 125 F.3d 824, 825, n.2 (9th Cir. Sept. 23, 1997); Brown Bag Software v. Symantec Corp., 960 F.2d 1465, 1468 n.l (9th Cir.), cert. denied, 506 U.S. 869 (1992). But this does not negate the functional nature of source code, nor render it a mere "idea" as plaintiff strains to argue. First, it is not necessary to be able to comprehend source code in order to use it to control the operation of a computer. Source code may be converted automatically into object code through the use of commonly available conversion software called a compiler. See McNamara Decl. ¶ 9; Sega Enterprises, 977 F.2d at 1514 n.2; Brown Bag Software, 960 F.2d at 1468 n.l. This automated process of compiling source code into object code is a trivial task that can take a matter of seconds at the press of a keystroke. See McNamara Decl. ¶ 9 As a result, software products distributed in the form of source code can readily be used to make computers perform desired tasks -- in the case of encryption source code, the task of encrypting data.⁴

_______________________

³ An example of a cryptographic algorithm is the Data Encryption Algorithm, published by the government in 1977. See Tab 12 to McNamara Declaration. Source code for the Data Encryption Standard ("DES"), which implements the algorithm in computer programming language, is set forth at Tab 13 to the McNamara Declaration.

⁴ A cursory look at a source code program for the Data Encryption Standard ("DES") underscores that such programs are not akin to the exposition of scientific theory, but are executable instructions that enable a computer to perform an encryption function. See Tab 13 to ( continued . . . )

- 8 -

Moreover, in source code form, software can more easily be modified to perform different or additional functions. See Comshare Inc. v. United States, 27 F.3d 1142, 1144 (6th Cir. 1994) (source code used to manufacture software is "routinely enhanced to create new versions of executable code" and is "indispensable" to process of enhancing or debugging executable code). Programming in source code also enhances the "portability" of software to allow it to be compiled and executed on computers with different operating systems (such as MS- DOS, MacIntosh, OS2 or Unix). For example, one of plaintiff's declarants describes an export of source code to a Japanese company in order for the program to be incorporated in Web Browser software being separately developed overseas. See Declaration of John R. Liebman ¶ 5.

The theoretical thread on which plaintiff's case lies is that computer programs in source code are no different from a journal article describing a scientific theory. This is clearly wrong. The point of modern programming is to enhance the functionality of computers. While encryption source code programs may be understood by trained scientists (as they would have to in order to program a computer), source code is a functional item that controls the sequence of instructions to a microprocessor and can ultimately be executed to encrypt data.

REGULATORY BACKGROUND ON ENCRYPTION EXPORT CONTROLS

On November 15, 1996, President Clinton issued an Executive Order and Memorandum directing that export licensing jurisdiction over most cryptographic products, including software, be transferred from the State Department to the Department of Commerce. See Executive Order

_____________________

⁴ ( . . . continued) McNamara Declaration.

- 9 -

13026, 61 Fed. Reg. 58767 (Nov. 19,1996) and Pres. Mem., 32 Weekly Comp. Pres. Doc. 2397 (Nov. 15, 1996) (Tab 1 to Declaration of William A. Reinsch, Undersecretary of Commerce). Interim regulations carrying out the President's policy were published by the Department of Commerce on December 30, 1996, and the licensing requirements at issue are now set forth in the Export Administration Regulations ("EAR"), 15 C.F.R. Part 730 et seq.; see 61 Fed. Reg. 68572 et seq. (December 30, 1996) (Tab 2 to Reinsch Declaration).⁵

The EAR establishes licensing and other requirements for the export of multiple commodities, technology, and related activities, from the United States for national security and foreign policy reasons. The heart of the EAR is the "Commerce Control List" ("CCL"), see 15 C.F.R. Part 774, which is a list of items whose export is regulated for national security and foreign policy reasons. The CCL is divided in to 10 categories, such as nuclear materials (Category 0), computers (Category 4), and lasers and sensors (Category 6). Within each category, the CCL designates specific kinds of items subject to export controls, each of which is assigned an Export Control Classification Number("ECCN"). Encryption circuitry and hardware products are covered in Category 5 as amended by ECCN SA002, while encryption software is covered by amended ECCN SD002. See 15 C.F.R. Part 774, ECCN 5A002 and SD002.⁶

_____________________

⁵ The State Department retains jurisdiction over cryptographic items, including software, that are specifically designed for military applications. See 61 Fed. Reg. 68633 (Dec. 30,1996). Such items are not at issue in this case.

⁶ The EAR defines encryption software to mean computer programs that provide the "capability of encryption functions or confidentiality of information or information systems, and include source code and object code. See 15 C.F.R. Part 772 (definitions). Encryption source code is defined to mean "[a] precise set of operating instructions to a computer that, when compiled, allows for the execution of an encryption function on a computer." Id. Encryption object code is defined to mean "[c]omputer programs containing an encryption source code that (continued . . .)

- 10 -

Because encryption items covered by ECCN SA002 and SD002 "may be used by persons abroad to harm national security, foreign policy and law enforcement interests," they generally may not be exported without a license. See 15 C.F.R. § 742.15. When a license is required under the EAR, it "will be reviewed on a case-by-case basis by BXA, in conjunction with other agencies, to determine whether the export or reexport is consistent with U.S. national security and foreign policy interests." See 15 C.F.R. § 742.1 5(b).⁷ The EAR is not a complete prohibition on the exportation of encryption products. including software, but, rather, establishes a licensing process so that the government can determine where the product is going, for what purpose, and whether the particular export poses a national security or foreign policy concern. See Reinsch Decl. ¶ 5 For purposes of encryption software subject to ECCN SD002, the EAR defines "export" to include an actual shipment, transfer, or transmission out of the United States (or to an embassy or affiliate of a foreign country in the United States), including by means of making the software available electronically for downloading outside the United States through the Internet. See 15 C.F.R. § 734.2(b)(9).

The policy basis for licensing the export of encryption items under the EAR is set forth in the President's Executive Order and Memorandum. The President specifically found that encryption products (including software), when used outside the United States, "can jeopardize

_____________________

⁶ ( . . . continued) has been compiled into a form of code that can be directly executed by a computer to perform an encryption function." Id.

⁷ Less restrictive licensing provisions are applicable to certain "mass-market" encryption software and "key recovery" encryption items (that is, encryption items designed to allow government officials to decrypt ciphertext under proper legal authority). 15 C.F.R. § 742.15(b)(1)-(3) and Supplement Nos. 4-7 to 15 C.F.R. Part 742. See Reinsch Decl. ¶¶ 7, 8.

- 11 -

our foreign policy and national security interests," and that the "exportation of encryption products accordingly must be controlled to further U.S. foreign policy objectives, and promote our national security, including the protection of the safety of U.S. citizens abroad." Pres. Mem. at 1. The President also determined that "the export of encryption software, like the export of other encryption products . . ., must be controlled because of such software's functional capacity" to encrypt data,"rather than because of any possible informational value of such software . . . " E.O. 13026, §(1)(c), 61 Fed. Reg. 58768. The President determined that these considerations apply not only to object code but also to source code, since "encryption source code can easily and mechanically be transformed into object code." Id. The President therefore directed that all encryption software, whether in the form of source code or object code, be subject to the same export controls as encryption hardware. Pres. Mem. at 3, ¶ 4.

The EAR reiterates that encryption products are controlled for export because of their functional capacity, and therefore treats encryption software like encryption hardware. See 15 C.F.R. 742.15. This means that encryption software, unlike other kinds of software on the Commerce Control List, is subject to export controls even when it is publicly available in this country. See id. §§ 732.2(b), 734.3(b)(3), 734.7, 734.8, 734.9 (exemptions to licensing requirements for technical information, i.e. "technology," not applicable to encryption software). Also, whereas items whose export is controlled for national security reasons are generally eligible for national security "decontrol" if comparable items are available abroad, the President specifically determined that "the export of encryption products . . . could harm national security and foreign policy interests even where comparable products are or appear to be available from sources outside the United States ...." E.O. 13026, § 1, 61 Fed. Reg. 58767. The President

- 12 -

therefore directed that the foreign availability provisions related to items controlled under the EAR "shall not be applicable with respect to export controls on such encryption products." Id.; see 15 C.F.R. § 768.1(b).

FACTUAL BACKGROUND

By letters dated June 12, 1997, Prof. Junger submitted three applications requesting ''commodity classification" determinations for various encryption software programs and other items. See Tabs 5, 6, 7 to Reinsch Declaration.⁸ In response, the Bureau of Export Administration of the Commerce Department ("BXA") advised Prof. Junger that four encryption software programs he wishes to export in electronic form or media were covered by ECCN 5D002 and, therefore, subject to the EAR's export licensing requirements, and that certain other software programs were not subject to these requirements. See Reinsch Decl. ¶ 11 and Tabs 8 and 9. BXA also advised Prof. Junger that there were no restrictions under the EAR on making the chapter he submitted on Computers and the Law publicly available. See Reinsch Decl. ¶ 12 and Tabs 10 and 13.⁹ Thus, the only aspect of BXA's determination that would involve any

_____________________

⁸ A classification request is not an application for a license to export the item, and a determination thereon does not mean that the item cannot be exported. See Reinsch Decl. ¶ 10. It is simply a determination as to whether or not the item is subject to the EAR's export licensing requirements and, where applicable, the appropriate ECCN. Id.

⁹ Professor Junger requested a separate determination on the status of the same chapter if he later decided to modify it to include software that was subject to ECCN SD002. BXA advised Prof. Junger merely because an exporter chooses to consolidate such a program with other material that is not regulated does not exempt the software in electronic form from licensing requirements, though the remainder of the chapter would be unregulated. See Reinsch Decl. ¶ 14 & Tab 13. BXA considered the status of software in electronic form separately, see Reinsch Decl. ¶ 14; McNamara Decl. ¶ 15, and did not indicate that the chapter would require a license for publication, as alleged. See Supp. Compl. ¶ 43.

- 13 -

export licensing requirement on Prof. Junger concerns the four encryption software programs he submitted that are covered by ECCN SD002. See Tab 9 to Reinsch Declaration.¹⁰

ARGUMENT

I. THE EXPORT OF AN ENCRYPTION SOFTWARE PROGRAM, INCLUDING
VIA THE INTERNET, IS NOT THE MERE "PUBLICATION" OF AN "IDEA."

While plaintiff ultimately presents several specific First Amendment claims, the first eight pages of his argument is based largely on semantics. Plaintiff argues that he merely seeks to "publish" a computer program, which is "no different than the publication of any text." See Pl. Mem. at 5-6. He equates encryption software with foreign languages and, incongruously, "Buddhist texts." Id. at 5, 6. He argues that such programs are a "medium of expression" for programmers and computer scientists. Id. at 7. He also argues that the "reasons a person may want to publish encryption programs" should outweigh the fact that such software has a technical function to encrypt data on a computer. Id. at 9. And, plaintiff argues that the Internet is merely a means of "publishing" ideas, such as encryption programs, that is no different from publishing sexually explicit "indecent" material online. Id. at 10-12. In short, plaintiff's theory is that

_____________________

¹⁰ Prof. Junger's also sought a commodity classification for "any encryption program that can be used to maintain secrecy by implementing a certain algorithm such as RC2 or RSA." See Tab 6 to Reinsch Declaration (Item Nos. 4 and 5) and Tab 12 (July 18, 1997 Letter from Gino Scarselli to Commerce Department). BXA advised Prof. Junger that this request provided insufficient detail on which to make a determination, since encryption products, including software, may have fundamentally different functions, even though they "implement" the same algorithm in hardware or software. See Reinsch Decl. ¶ 16 and Tab 13.

- 14 -

"software" equals "speech," the "Internet" equals "publication," and, therefore, regulating Internet distribution is a prior restraint. None of these notions withstand scrutiny.¹¹

First, the notion that a computer software program is purely an item of "speech" is inaccurate and off-point. As outlined above, the theoretical basis for plaintiff's argument is that source code (but not object code) is understandable by those skilled in computer programming. But merely positing that source code has expressive value to some does not advance the First Amendment analysis. The question is not whether the "item" can be expressive, but whether regulation of some activity with that item -- here, its export from the United States -- impermissibly limits expression.

In this regard, plaintiff barely acknowledges the most material fact as to which there is no genuine dispute: encryption software programs, including in source code form, have the technical capacity to enable a computer to perform a function -- in this case, to encrypt.¹² No other mere "text" can provide such a technical capability. The text of a "recipe," "do-it-yourself manual," information on how to build a hydrogen bomb, see Pl. Mem. at 7, n. 9, or Buddhist prayer for that matter, cannot be executed to program a computer's microprocessor to perform any technical

_____________________

¹¹ It should be noted that Internet export is only one aspect of the plaintiff's claims, since he seeks the right to export software by any means. See Supp. Compl. ¶ 56.

¹² Plaintiff and his declarants reluctantly concede at several points that encryption software is an item that does not merely convey ideas, but causes a computer to perform an encryption function. See Pl. Mem. at 7 (software is "able to run on a computer"); Declaration of Peter D. Junger (Exh. F) ¶ 5 (software "run[s]" on a computer); ¶ 8 (algorithms are implemented by a program running on a computer); Declaration of Harold Abelson (Exh. A) ¶ 16 (software program is a sequence of operations carried out by a computer in executing the program); Declaration of Matt Blaze (Exh. C) ¶ 6 (cryptography is applied to secure communications including computer files); Declaration of Bruce Schneier (Exh. N to plaintiffs first summary judgment motion) ¶¶ 2, 15 (aim of cryptography is to turn intelligible messages into gibberish and cryptography is well suited for computers).

- 15 -

function, such as to encrypt data. Encryption source code is not merely technical information or "know-how" that "relates to" a technical function, or explains a cryptographic theory, or "describes" how the software functions. It is itself the item essential to encrypting data on a computer. See McNamara Decl. ¶ 10. Without the underlying source code software, a computer cannot encrypt. This is in clear contrast to the other technical information plaintiff describes. The blueprints for a plane cannot fly. A recipe for cake is not to be eaten. The manual for a bomb cannot explode. For these items, the functional information is separate from creating the function itself. For encryption software, whatever informative value it has for some, it is not merely informative, but directly functional as well. As set forth below, this weighs the First Amendment analysis in favor of permissible regulation.

Second, the notion that the Internet is merely a means of "publication" of ideas is quite misleading when it comes to posting a software program. Plaintiff consistently uses the term "publish" or "publication" when, in fact, an "export" is at issue.¹³ There is no restriction on plaintiff's right to "publish" software in the United States. Similarly, there is no restriction on his right to use the Internet to publish articles or course materials, or communicate with students or colleagues for academic reasons. See Suppl. Compl. ¶¶ 51, 52; Pl. Mem. at 12. Rather, the narrow issue here concerns the global dissemination of actual encryption software. Plaintiff must concede that the Internet is an international telecommunications medium, through which items posted are available all over the globe. See McNamara Decl. ¶ 19. The posting of software to the Internet does not merely allow it to be "read" by someone for informative reasons. Indeed, that is perhaps the least common reason software is posted online. Software distributed on the

_____________________

¹³ See Suppl. Compl. ¶¶ 3, 20, 55; Pl. Mem at 2, 5, 6, 8, 9, 10, 12, 18, 21.

- 16 -

Internet is an electronic file that can readily be downloaded to a computer hard drive for execution. See McNamara Decl. ¶ 19; see also Junger Decl. ¶ 27 (Pl. Exh. F) (plaintiff seeks to make an encryption program available on his Web site "from which it can be downloaded").¹⁴

Thus, while the "reasons a person may wish" to post a software program to the Internet may be academic, see Pl. Mem. at 9, the fact remains that such an act constitutes the international dissemination of a software program that can be downloaded and used to provide a technical capacity to encrypt. As Undersecretary Reinsch explains, even if Prof. Junger or other academics make source code available to the world on the Internet for purely academic reasons, i.e., to enable individuals to study the theory of the software or appreciate its alleged artistry, once transmitted abroad electronically online in an unlimited fashion such software would be accessible to anyone for any use, including for use to encrypt communications. Reinsch Decl. ¶ 21. Even a non-commercial export of powerful encryption can harm the government's interests abroad. Id. Also, commercial ventures may utilize software that originates in an academic setting, and software distributed purportedly for academic purposes can be transformed into a commercial product. Id. For these reasons, there is no sound reason for an "academic" exception to export controls.¹⁵ Moreover, Professor Junger concedes he does not seek to post software to

_____________________

¹⁴ Plaintiff's reliance on Reno v. American Civil Liberties Union et al., 117 S.Ct. 2329 (1997) is very wide of the mark. The ACLU case does not purport to declare the Internet a regulation-free zone for any purpose. That case concerned the regulation of sexually explicit indecent material being made available to minors in the United States on the Internet. The court in no way grappled with, or remotely considered, the question of whether the government could regulate the use of the Internet to transmit a encryption software program overseas. Moreover, unlike the regulation of "indecent" material, the regulation at issue here is not directed at the content of speech, but the spread of an encryption capability. See Part II infra.

¹⁵ It is through the licensing process that the Commerce Department would consider (continued. . .)

- 17 -

his Web site solely for his students, see Suppl. Compl. ¶ 29; Junger Decl. ¶ 24, nor solely for academic purposes. Rather, he would also make such software available to "other interested persons," see Junger Decl. ¶¶ 17, 18, and he seeks to vindicate a "duty" of the legal profession "to make strong and easily usable encryption software available to all persons -- within or without the United States" to enable confidential legal communications. See Junger Decl. ¶ 27. For whatever reason Professor Junger seeks to export encryption software, the regulations satisfy the First Amendment.

II. THE EAR'S EXPORT CONTROLS ARE CONSTITUTIONALLY PERMISSIBLE
CONTENT-NEUTRAL REGULATIONS.

A. The Intermediate Standard Of Review Applies To Export Licensing Controls On Cryptographic Software.

The First Amendment draws a sharp distinction between content-based and content- neutral laws. When the government seeks to "suppress, disadvantage, or impose differential burdens on speech because of its content," the First Amendment ordinarily subjects such efforts to strict scrutiny. Turner Broadcasting System, Inc. v. FCC, 512 U.S. 622, 642 (1994). "In contrast, regulations that are unrelated to the content of speech" are subject to less demanding First Amendment scrutiny, because they ordinarily "pose a less substantial risk of excising certain ideas or viewpoints from the public dialogue." Id.

A regulation is content-neutral if it is "justified without reference to the content of the regulated speech." Clark v. Community for Creative Non-Violence, 468 U.S. 288, 293 (1984). The government's purpose in imposing the restriction "is the controlling consideration" in this

_____________________

¹⁵ (. . . continued) the purpose of the export -- that is, the "end-use" intended -- along with an assessment of the proposed end-user and destination. Reinsch Decl. ¶ 21.

- 18 -

inquiry. Ward v. Rock Against Racism, 491 U.S. 781, 791 (1989). The test is whether the government has adopted the restriction "because of disagreement with the message [the speech] conveys." Ward, 491 U.S. at 791. A law "that serves purposes unrelated to the content of expression is deemed neutral[] even if it has an incidental effect on some speakers or messages but not others." Id. See Vittitow v. City of Upper Arlington, 43 F.3d 1100, 1103-04 (6th Cir.), cert. denied, 511 U.S. 1211 (1995); Michigan State AFL-CIO v. Miller, 103 F.3d 1240, 1250-51 (6th Cir. 1997).¹⁶

Measured against these benchmarks, the EAR's controls on the export of encryption products, including encryption software, undoubtedly are content-neutral. Neither the text of the regulations nor their stated purpose are directed at regulating speech because of the message it conveys. The EAR seeks to controls the export of encryption software because of what it does, not because of what (if anything) it says. The overarching policy objective set forth by the President is to control the spread of encryption products abroad, including software, because they have a functional capacity that can be used to jeopardize the United States' security interests. See Pres. Mem. at 1, 3 (114) and E.O. 13206, § l(c). The EAR itself reflects this regulatory purpose. See 15 C.F.R. § 742.15. Whatever informative value source code may have for some, it remains a sequence of instructions to a computer, and it is routinely written, distributed, and used for the

_____________________

¹⁶ The appropriate level of First Amendment scrutiny depends not on whether the government is regulating "speech" or "conduct," but instead on the purpose of the governmental regulation. As long as the regulation is not animated by a desire to suppress disfavored messages, it is subject to intermediate rather than strict scrutiny even if it unquestionably regulates speech. See, e.g., Turner, 512 U.S. at 641-61 (applying intermediate scrutiny to regulations requiring cable operators to carry broadcast television programming); Ward, 491 U.S. at 790-803 (applying intermediate scrutiny to regulations restricting volume of music played in outdoors concerts).

- 19 -

wholly non-expressive purpose of making a computer carry out specified tasks -- here, the task of encrypting data. Indeed, the EAR treats encryption source code exactly like encryption object code and encryption hardware, which are not even arguably used as a means of expressing and conveying ideas about cryptography. See 15 C.F.R. 742.15.¹⁷

At the same time, the EAR does not attempt to restrict the free flow of public information and ideas about cryptography, either domestically or internationally. Information that can be used in the design and operation of encryption products -- in the parlance of the EAR, encryption "technology" -- that is or will be made publicly available is not subject to the EAR's controls and may be freely exported. See 15 C.F.R. § 734.3(b)(3).¹⁸ In addition, the EAR excludes books, magazines, and other printed materials on all subjects, thereby imposing no controls on the export of publications on cryptography. See id. § 734.3(b)(2). In short, the EAR goes out of its way to distinguish between the export of encryption products, which requires a license, and the public dissemination of cryptographic information, which does not. This regulatory scheme obviously is not the product of government hostility toward the subject of cryptography or the free exchange of ideas on that subject.

None of the arguments plaintiff advances to show that the regulations are content-based have merit. First, the fact that all software is not regulated in the same manner as encryption, or that "mass-market" and "recoverable" encryption are subject to licensing exceptions, see Supp.

_____________________

¹⁷ Again, while source code may have theoretical value for some, it can automatically be compiled and executed and, in source code form, modified or enhanced, and rendered portable for various operating systems.

¹⁸ Technology is "publicly available" if, inter alia, it is published or otherwise is generally accessible to the interested public in any form (id. § 734.7); it is a product of fundamental research (id. § 734.8); or it is distributed through academic instruction (id. § 734.9).

- 20 -

Compl. ¶ 77, in no way demonstrates that encryption controls are content-based -- that is, based on the underlying ideas reflected in the software. The difference in regulatory treatment is based on the fact that the function of encryption software is of particular national security significance. The notion that encryption controls must be "content-based" because "word processing" software is not subject to the same licensing requirements is devoid of merit.

For the same reason, the fact that "mass market" and "recoverable" encryption are subject to licensing exceptions is not a distinction that turns on the content of ideas, but on the fact that the technical capacity of such products pose less potential harm to the government's interests. In the case of recoverable software, the government would have a legal means of access to encrypted text. In the case of "mass market" software, the key length of such software is limited to 40-bits, rendering the encryption of less significance than encryption software that remains subject to licensing requirements.¹⁹ This is a distinction that turns the capability or effectiveness of the product to maintain the secrecy of data, not on the content of an idea the software purportedly reflects. It is fairly analogous to regulating the export of a safe secured with 100 separate locks, but not a safe secured by just one lock.

Similarly, the fact that source code is regulated for export in electronic but not printed form, see Supp. Compl. ¶ 77, reflects that the regulation is not directed at the content of ideas --

_____________________

¹⁹ It has been publicly estimated that the time needed to break a message encrypted with 40-bit key length by "brute force" computer attack on the encryption ranges from 3.6 to 5.5 hours, whereas the time needed for 56-bit encryption ranges from 27 to 41 years, and 64-bit encryption from 7 thousand to 11 thousand years. See Testimony of William P. Crowell, National Security Agency, at 10-11 (Tab 14 to McNamara Declaration) and Testimony of Deputy Assistant Attorney General Robert S. Litt at 7 (Tab 26 to the Declaration of Anthony J. Coppolino); see also Declaration of Matt Blaze, ¶ 14 (Pl. Exh. C) (strength of encryption based in part on "key" length).

- 21 -

since that might be discernible from the printed text -- but, rather, with the ready implementation of the software on a computer system. See McNamara Decl. ¶¶ 20-21 . Indeed, the distinction between printed and electronic source code weighs against plaintiff's overall theory. If printed source code could easily be executed to function to encrypt data on a computer as plaintiff contends, see Pl. Mem. at 10, there is no question that source code in electronic form -- such as plaintiff wishes to export -- provides this function as well.²⁰ In sum, because export controls on cryptographic software are not targeted at the content of ideas, intermediate scrutiny applies to evaluating plaintiff's claims. See Karn v. Department of State, 925 F. Supp. at 10 (export controls on cryptographic source code are content-neutral).

B. Export Controls on Encryption Software Satisfy Intermediate Scrutiny.

A content-neutral government regulation will be sustained under the First Amendment "if 'it furthers an important or substantial governmental interest; if the governmental interest is unrelated to the suppression of free expression; and if the incidental restriction on alleged First Amendment freedoms is no greater than is essential to the furtherance of that interest.' " Turner,

_____________________

²⁰ Plaintiff's long discussion of the regulatory distinction between regulating encryption software in electronic form but not source code printed on paper -- what plaintiff calls "discriminating" against "electronic publication" -- presents no constitutional issue. Plaintiff is simply wrong that printed source code facilitates an encryption function on a computer in the same manner as software in electronic media. It is easier and more practical to use source code in electronic form to obtain an encryption function. See McNamara Decl. ¶¶ 20-21; see also Declaration of Philip R. Karn ¶¶ 5-15 (Exh. W to plaintiff's first summary judgment motion) (describing scanning errors and errors in the original code). Hence, it is more likely that people would prefer to obtain software in this form, and more likely that the greater risk of widespread distribution of software is in electronic form. McNamara Decl. ¶ 21. The district court in the Karn case has initially rejected the claim that the distinction between printed and electronic source code presents constitutional concerns. See Karn, 925 F. Supp. at 14 (finding that use of OCR technology to encrypt with printed source code takes greater time and effort, citing Karn Decl. ¶¶12-12).

- 22 -

512 U.S. at 662 (quoting United States v. O'Brien, 391 U.S. 367, 377 (1968)); see also DLS, Inc. v. City of Chattanooga, 107 F.3d 403, 410 (6th Cir. 1997); East Brooks Books, Inc. v. City of Memphis, 48 F.3d 220 (6th Cir. 1995), cert. denied, 116 S.Ct. 277 (1995). "To satisfy this standard, a regulation need not be the least speech-restrictive means of advancing the Government's interests. 'Rather, the requirement of narrow tailoring is satisfied "so long as the . . . regulation promotes a substantial government interest that would be achieved less effectively absent the regulation.' " Id. (quoting Ward, 491 U.S. at 799). A regulation is narrowly tailored where the means chosen do not 'burden substantially more speech than is necessary to further the government's legitimate interests.' " Id.

Export controls on encryption software, including source code, readily pass constitutional muster under the First Amendment standards governing content-neutral regulations. First, they plainly "further[] an important or substantial governmental interest." Turner, 512 U.S. at 662. Here, the government has a compelling interest in controlling the export of encryption products to hostile countries, organizations, and individuals whose use of such products abroad could jeopardize our national security and foreign policy.²¹ As the Deputy Director of the NSA has explained, the National Security Agency provides essential intelligence reports on a rapid response basis to national policymakers, including military commanders, based on sophisticated intelligence collection technologies. See McNamara Decl. ¶ 5 The use of encryption products by foreign intelligence targets "can have a debilitating effect on NSA's ability to collect and report . . . critical foreign intelligence." Id. See also Testimony of Deputy Assistant Attorney General

_______________________

²¹ As a constitutional matter, the authority to restrict exports for reasons of national security and foreign policy finds its origins both in Article I and in Article II. See Art. I, 8, cl. 3, 11-14; Art. II, 2, cl. 1.

- 23 -

Litt, Tab 26 to Coppolino Declaration, at 4-5 (encryption used to secure communications and data in international crimes, including Aldrich Ames spy case, terrorist plot to bomb U.S. airliners in Asia, and international drug-trafficking). Absent the kind of licensing requirements contained in the EAR, domestic producers of encryption software could engage in the unrestricted export of their products to any person abroad for any reason, regardless of a particular encryption product's strength and its potential attractiveness to hostile interests abroad.²²

This is, moreover, the type of interest that merits great deference. Courts have recognized that the decision on whether to control a particular commodity for export is one that inherently involves national security and foreign policy judgments that should be left to the discretion of the Executive branch. See United States v. Martinez, 904 F.2d 601, 602 (11th Cir. 1990) (designation of cryptographic devices under Category XIII(b) of the USML not reviewable since neither the courts nor the parties are privy to reports of the intelligence services on which this decision, or decisions like it, may have been based); see also United States v. Mandel, 914 F.2d 1215, 1223 (9th Cir. 1990) (determination as to whether restrictions must be placed on the export of a particular commodity "are quintessentially matters of policy entrusted by the Constitution to

_______________________

²² As explained above, even if the person exporting the software does not intend or expect that the software will be used for purposes contrary to this country's national security and foreign policy interests, he has no direct control over the use to which the software will be put once it has been exported, particularly if the software is made available for unrestricted downloading via the Internet. See Reinsch Decl. ¶ 21.

- 24 -

the Congress and the President . . ."); United States v. Spawr Optical Research. Inc., 864 F.2d 1467,1473 (9th Cir. 1988), cert. denied, 493 U.S. 809 (1989) (same).²³

The value of controlling the export of encryption software and other encryption products is not negated by the fact that some encryption products are also available from foreign sources abroad, as plaintiff alleges. See Reinsch Decl. ¶ 21; McNamara Decl. ¶¶ 18-19. As noted above, the President has expressly determined that the uncontrolled export of encryption items "could harm national security and foreign policy interests even where comparable products are or appear to be available from sources outside the United States." E.O. 13206, § 1. The existing availability of particular encryption products abroad says nothing about how widely such products are used or how effective such products may be. See Testimony of Undersecretary Reinsch at 3-4 (Tab 4 to Reinsch Declaration) (claims of widespread foreign availability of encryption not accurate); Testimony of Deputy Assistant Attorney General Litt at 15 (Tab 26 to Coppolino Declaration) (foreign encryption products are not ubiquitous or widely used in absence of an infrastructure to support key distribution and the interoperability of products). Nor does the apparent foreign availability of some items imply that this country's interests would be unimpaired by the unrestricted export of all encryption software products, regardless of their strength and usefulness abroad. Export controls seek to ensure that U.S. origin products are not

_______________________

²³ Accord United States v. Moller-Butcher, 560 F. Supp. 550, 553-54 (D. Mass. 1983) ("[t]he power to classify goods on the CCL -- and to restrict them for export on national security grounds -- can (and should) be turned over to the Executive branch, as it has the dominant role in conducting foreign policy"); United States v. Helmy, 712 F. Supp. 1423 (E.D. Cal. 1989) (the designation of export controlled commodities is "the very product of a national security analysis").

- 25 -

exported in an uncontrolled fashion and thereby increase the national security and foreign policy concerns that the United States already faces abroad. See McNamara Decl. ¶ 18.²⁴

In addition to being substantial, the interests served by the EAR's export controls are "unrelated to the suppression of free expression,"' Turner, 512 U.S. at 662, for largely the same reasons the regulations are content-neutral. Export licensing requirements apply equally to all types of cryptographic products, not merely software, because of the potential harm caused by their function to encrypt information overseas. The government's concern is with the unrestricted spread of an encryption capability abroad. The EAR does not suppress the free exchange of ideas about cryptography, either among computer scientists or members of the public. Indeed, there is a broad discourse in the field of cryptography, from academic publications and seminars, textbooks, and catalog courses at many U.S. universities. See McNamara Decl. ¶¶ 22-37 and Tabs 1 - 11; see Coppolino Decl., Tabs 1-25 (describing college courses and texts in cryptography).

Finally, the EAR's export controls are narrowly tailored. The narrow tailoring requirement is satisfied if the government's interests "'would be achieved less effectively absent the regulation."' Turner, 512 U.S. at 662 (quoting Ward, 491 U.S. at 799). That surely is the case here. Encryption software on a computer diskette or similar electronic media can be

_______________________

²⁴ The President has determined that "facts and questions concerning the foreign availability of [comparable] encryption products cannot be made subject to public disclosure or judicial review without revealing or implicating classified information that could harm United States national security and foreign policy interests." E.O. 13206, 61 Fed. Reg. 58767 (Nov. 19, 1996). Facts concerning NSA's ability to gather intelligence information abroad, including dealing with the threat of foreign available encryption, are among the most sensitive and classified national security information that cannot be publicly disclosed. See McNamara Decl. ¶ 18. Plaintiff's assertion that NSA is "not concerned" with the export of U.S.-origin encryption on the Internet, see Pl. Mem. at 13, is incorrect and based on a mis-reading of NSA's testimony to Congress. See McNamara Decl. ¶ 19.

- 26 -

converted from source code into object code at the press of a button, thereby enabling computers to scramble messages and other data. Elimination of export controls on encryption would permit the unrestricted export of encryption software to any person, organization, or country, without regard to the strength of the software, the identity of the recipients, or the uses to which they might be put. The government's interest in gathering foreign intelligence and breaking encrypted foreign communications would surely be "more exposed to harm" absent export controls. CCNV, 468 U.S. at 297.

Moreover, the EAR's export controls "do not 'burden substantially more speech than is necessary to further the government's legitimate interests."' Turner, 512 U.S. at 662 (quoting Ward, 491 U.S. at 799). The government has taken care not to cast its net more widely than necessary. Export controls are targeted at precisely the activity that threatens the government's legitimate interests, in several ways. First, the EAR does not prohibit the export of encryption products altogether, but rather establishes a licensing system under which exports that are consistent with our national security and foreign policy interests may go forward. See 15 C.F.R. 742.15(b) (encryption export license applications reviewed "to determine whether the export or reexport is consistent with U.S. national security and foreign policy interests"). The licensing requirements are tailored to the risks presented, with less restrictive requirements for exports that pose lesser risks. See id. § 742.1 5(b)( 1)-(2) (exceptions for 40-bit mass market software and encryption allowing for the recovery of plaintext).²⁵ Finally, the EAR's provisions regarding

_______________________

²⁵ Also, cryptographic software limited in function to authenticating that data has not been tampered with, or to the encryption of passwords or PIN numbers for access to a computer, or to use in banking and financial transactions, is not subject to licensing controls under CCL category ECCN 5D002. See 15 C.F.R. Part 774, ECCN 5D002, Note (b).

- 27 -

encryption technology "leave open ample alternative channels of communication," Ward, 491 U.S. at 802, for the exchange of information and ideas regarding cryptography. See McNamara Decl. ¶¶ 22-37 and Tabs 1-11; Coppolino Decl., Tabs 1-25. For these reasons, the EAR's export controls are narrowly tailored to satisfy intermediate First Amendment scrutiny.

In sum, while the export of source code might, in some circumstances, be intended for informational purposes and, in these instances, licensing controls might incidentally infringe on such expression, the regulation nonetheless serves a valid governmental purpose, is not intended to suppress ideas concerning cryptography (and, indeed, does not), and is drawn narrowly to apply to actual software programs, and only the more significant programs.

III. THE EAR'S EXPORT CONTROLS ARE NOT A FACIALLY
UNCONSTITUTIONAL PRIOR RESTRAINT.

Plaintiff's primary First Amendment arguments rest on the prior restraint doctrine. He argues that the licensing system on encryption software imposes a restraint on publication that is presumptively impermissible under classic prior restraint theory presented in New York Times v. United States, 403 U.S. 713 (1970) (per curiam), and under cases invalidating licensing schemes for expressive activities. See e.g., City of Lakewood, supra. Both of plaintiff's prior restraint theories are in error.

A. The Government Does Not Seek to Enjoin the Publication of
Ideas Concerning National Security Through Export Controls.

In the famous New York Times case, the government sought to enjoin the publication of the Pentagon Papers because it feared that the documents contained "'information whose disclosure would endanger the national security."' 403 U.S. at 718 (Black, J., concurring) (quoting government brief); id. at 726 n.* (Brennan, J., concurring). See also Near v.

- 28 -

Minnesota, 283 U.S. 697, 711 (1931) (state officials sought to censor a newspaper by enjoining it from publishing "scandalous and defamatory matter," including "charges of official misconduct." In such traditional prior restraint cases, the government's underlying object was to prevent speakers from communicating disfavored information and ideas to the public. These prior restraints thus went to the core of the First Amendment, which serves foremost to preserve the free flow of information and ideas. It is chiefly for this reason that the use of prior restraints is subject to a "heavy presumption" of unconstitutionality. See New York Times, 403 U.S. at 714 .

Here, in contrast, the government's controls on the export of encryption source code and other encryption products are not aimed at preventing the free exchange of information and ideas about cryptography. The exclusion of publicly available technology and printed materials from the scope of the EAR ensures that licensing requirements for the export of encryption products cannot be used to keep cryptographic information out of the hands of computer scientists or the public at large, either here or abroad. Whereas in the Pentagon Papers case, the government was concerned that classified national security information might be exposed, here the concern is not with the spread of information overseas bearing upon national security issues, but with the spread of an actual capability that can be used abroad to conceal critical information that affects the national security of the United States. This scheme simply bears no meaningful resemblance to the efforts to restrain speech in cases like New York Times.

B. Export Licensing Requirements For Encryption Software Are
Not A System of Prior Restraint.

Plaintiff also relies on cases involving licensing requirements for expressive activities like newspaper distribution, leafleting, parades, and adult entertainment. However, none of these cases supports facial invalidation of the EAR's controls on the export of encryption software.

- 29 -

To the contrary, they make clear that facial challenges are permissible only when a licensing scheme is directed narrowly and specifically at expressive activities -- something that the EAR's encryption export controls simply do not do.

In Lakewood, the court established standards for "distinguish[ing] laws that are vulnerable to facial challenge [on prior restraint grounds] from those that are not." 486 U.S. at 759. In order for a licensing law to be subject to a facial challenge, it "must have a close enough nexus to expression, or to conduct commonly associated with expression, to pose a real and substantial threat" of censorship. Id. The basis for such a facial challenge is that the law at issue gives a government official or agency substantial power "to discriminate based on the content or viewpoint of speech by suppressing disfavored speech or disliked speakers." Id. (emphasis added); see also DLS, Inc. v. City of Chattanooga, 107 F.3d at 410 (ordinance that does not allow officials to pass judgment on the content of speech survives Lakewood and FW/PBS facial challenge). In contrast, "laws of general application that are not aimed at conduct commonly associated with expression" are not subject to facial invalidation, but rather may be challenged only on an as-applied basis. Id. at 760-61.

Applying these standards, the EAR's export controls are not subject to facial invalidation under the prior restraint doctrine. To begin with, the specific activity at issue -- the export of encryption source code -- cannot fairly be said to be an activity that has a close nexus to expression, or is so commonly associated with expression, that a facial challenge would be warranted. Source code is a set of instructions to a computer, and it is commonly distributed and exported for the wholly non-expressive purpose of controlling a computer's operation. While it may be conceivable that the export of encryption source code, in some instances, would be

- 30 -

intended to have an expressive purpose, the regulations are not "directed narrowly and specifically" at that activity. Lakewood, 486 U.S. at 760. The EAR's controls on the export of encryption source code are part and parcel of its general controls on the export of all encryption products, see 15 C.F.R. 742.15, and other items whose export might harm the United States' interests. See generally 15 C.F.R. Part 774 (Commerce Control List). At best it may be said that this general licensing scheme includes within its broad scope a particular activity (the export of encryption source code) that, in some instances, might have an informational element, but need not be and normally is not.

Indeed, such an activity stands in direct contrast to the kinds of licensing activities such as parading, posting signs, distributing newspapers or handbills, or adult entertainment, that are almost always undertaken for expressive purposes and for which a facial challenge may properly lie. See, e.g., Lakewood (licensing distribution of newspapers on public property); Forsyth County v. Nationalist Movement, 505 U.S. 123 (1992) (licensing public speeches and parades); Shuttlesworth v. City of Birmingham, 394 U.S. 147 (1969) (licensing parades); Lovell v. Griffin, 303 U.S. 444 (1938) (licensing distribution of literature). See also Southeastern Promotions, Ltd. v. Conrad, 420 U.S. 546 (1975) (denial of access to a municipal auditorium for the musical "Hair" based solely on the city's judgment as to the potentially "obscene" nature of the production). The Sixth Circuit and other circuits have assessed facial challenges as to similar licensing schemes.26 In such cases, facial challenges have been entertained where the law in

_______________________

²⁶ See DLS, Inc. v. City of Chattanooga, 107 F.3d at 413-14 (applying Lakewood and FW/PBS to ordinance regulating "adult" establishments); East Brooks Books, 48 F.3d at 224 (same); Christy v. Randlett, 932 F.2d 502 (6th Cir. 1991); Desert Outdoor Advertising. Inc. v. City of Moreno Valley, 103 F.3d 814, 816-17 (9th Cir. 1996), cert. denied, 65 U.S.L.W. 3666 (continued . . .)

- 31 -

question was directed at expression or conduct commonly associated with expression. The EAR does nothing of the kind.

Indeed, the two cases on which plaintiff most heavily relies, FW/PBS Inc. v. City of Dallas, supra, and Freedman v. Maryland, 380 U.S. 51 (1965), both involved licensing schemes on sexually explicit adult entertainment. The Supreme Court stated that "[t]he core policy underlying Freedman is that the license for a First Amendment-protected business must be issued within a reasonable period of time, because undue delay results in the unconstitutional suppression of protected speech." FW/PBS, 493 U.S. at 228. It was because the ordinance in Freedman involved the "direct censorship of particular expressive material," id. at 229, that the procedural requirements of prompt licensing and judicial review initiated by the government were required.

A principle of law cannot be wrenched from the contexts in which it has been applied. Merely because a "licensing" process is at issue here does not mean that a facial "prior restraint" is implicated. Censorship of nude dancing or adult films cannot reasonably be compared to licensing controls on the export of an encryption software program with the capacity to hinder access by the United States to critical communications abroad. The notion, based on this authority, that the government must unduly hasten its assessment of the national security impact of such an export, or that the President's designees must rush to court to stop someone from

_______________________

²⁶ (. . . Continued) (Oct. 14, 1997) (posting commercial signs); Roulette v. City of Seattle, 97 F.3d 300 (9th Cir. 1996) (ordinance regulating sitting on sidewalk not subject to Lakewood facial challenge); Grossman v. City of Portland, 33 F.3d 1200, 1201 (9th Cir. 1994) (demonstrating in public park); Gerritsen v. City of Los Angeles, 994 F.2d 570, 573-74 (9th Cir.), cert. denied, 510 U.S. 915 (1993) (distributing handbills).

- 32 -

exporting a significant encryption capability, is specious.²⁷ There is simply no resemblance between this regulatory scheme and those that have been condemned as prior restraints by the Supreme Court. Plaintiff's facial prior restraint claim is without merit.²⁸

IV. EXPORT LICENSING CONTROLS ON CRYPTOGRAPHIC SOFTWARE
ARE NOT OVERBROAD.

The second type of facial challenge plaintiff raises is an "overbreadth" challenge. See Pl. Mem. at 14-16; Supp. Compl., Count II. Overbreadth is an exception to the prudential standing requirement that a plaintiff generally "must assert his own legal rights and interests." Warth v. Seldin, 422 U.S. 490, 499 (1975). An overbreadth claim applies to enactments alleged to be so broad that they are incapable of any permissible application, not merely the application implicated by plaintiffs own circumstances. New York State Club Assn. v. New York City, 487 U.S. 1, 14 (1987). For such claims, courts may relax standing requirements to allow a party to challenge a statute on its face because it threatens others not before the court. Brockett v. Spokane Arcades, 472 U.S. 491. 503 (1984); Broadrick v. Oklahoma, 413 U.S. 601 (1973).

_________________________

²⁷ The Supreme Court in FW/PBS did not even require that the City of Dallas initiate judicial review before denying a license to operate a sexually oriented business, on the ground that the government did not "exercise discretion by passing judgment on the content of protected speech." FW/PBS, 493 U.S. at 229.

²⁸ Accordingly, defendants submit that the district court's conclusions in Bernstein on which plaintiff relies, see Pl. Mem. at 19, are in error. Regulating the export of encryption software cannot reasonably be compared to "regulating newsracks." Bernstein, 974 F. Supp. at 1305. Moreover, the regulations are not "directed quite specifically" to "and entire field of scientific research and discourse," id. -- but expressly exempt such discourse from regulation while focusing on a software item that can be used to encrypt. Also, even assuming, arguendo that some scientists may export software for "purely expressive reasons," id., this is not commonly associated with encryption exports -- normally undertaken for individuals to use the software abroad -- so as to warrant a facial challenge. The proper approach is to assess any alleged impermissible application, such as to academics, on an as-applied basis.

- 33 -

The overbreadth doctrine has been called "strong medicine" to be used "sparingly and only as a last resort." Broadrick, 413 U.S. at 613. To succeed on an overbreadth challenge, plaintiff must demonstrate that the statute is "'substantially' overbroad." See New York State Club Ass'n., 487 U.S. at 11 (quoting Members of the City Council of Los Angeles v. Taxpayers for Vincent, 466 U.S. 789, 801 ( 1984)). That is, plaintiff must show that the alleged "overbreadth of the statute must not only be real, but substantial as well, judged in relation to the statute's plainly legitimate sweep." Broadrick, 413 U.S. at 615; see also Leonardson v. City of East Lansing, 896 F.2d 190, 195 (6th Cir. 1990). A law will not be facially invalidated on overbreadth grounds simply because it has some conceivably unconstitutional applications. See Taxpayers for Vincent, 466 U.S. at 800. Rather, "[plaintiffs] must demonstrate from the text of [the regulations] and from actual fact that a substantial number of instances exist in which [the regulations] cannot be applied constitutionally." See New York State Club Ass'n., 487 U.S. at 14 (emphasis added). In the absence of such a showing, "whatever overbreadth may exist should be cured through case-by-case analysis of the fact situations to which its sanctions, assertedly, may not be applied." Broadrick, 413 U.S. at 615-16.

Plaintiff's overbreadth claim fails for two reasons. First, the alleged overbreadth at the heart of plaintiff's claim largely concerns his own circumstances and, therefore, present little more than an as-applied claim. Second, plaintiff has not demonstrated that he has standing to assert interests that are distinct from his own to invalidate the regulations in all applications.

On the first point, the overbreadth doctrine does not apply where the party challenging the statute is one "who desire to engage in protected speech that the overbroad statute purports to

- 34 -

punish," since, in such a circumstance, there is "no want of a proper party" to challenge the statute. Brockett, 472 U.S. at 504; Taxpayers for Vincent, 466 U.S. at 802-803 (overbreadth does not apply where ordinance would potentially abridge the rights of plaintiff in the same manner as third parties not before court). In such a case, the court should address only the specific application at issue, while otherwise leaving the regulations intact. Brockett, 472 U.S. at 504.

The central argument plaintiff makes is that export controls on encryption software are "overbroad" because they might encompass his desire to export encryption for purportedly academic reasons. See Supp. Compl. ¶ 69. This claim presents an alleged impermissible application of the regulations as to which plaintiff would be a proper party, but fails to identify any significant difference between his claim and that of third parties. See Taxpayers for Vincent, 466 U.S. at 802. For this reason, the overbreadth doctrine does not apply.

Second, plaintiff has not demonstrated standing to bring an overbreadth challenge on behalf of anyone else. The relaxation of standing requirements through the overbreadth doctrine does not simply allow any plaintiff to raise a claim on behalf of third parties. A plaintiff must still show some injury to himself that is at least related to the alleged overbreadth, even if he does not share the same injury as the third party. See Secretary of State of Maryland v. Joseph H. Munson Co., 467 U.S. 947, 958 (1984). For example, in Munson, the plaintiff had standing to challenge on overbreadth grounds a requirement that charitable organizations pay no more than 25% of receipts for expenses, even though plaintiff was not a charitable organization, since the activity plaintiff sought to protect was "at the heart of the business relationship" between himself (as a fundraiser) and his clients, who were charitable organizations. See 467 U.S. at 958. In

- 35 -

other words, plaintiff was injured by the requirement at issue and could, therefore, seek to vindicate the First Amendment injury suffered by charities that he did not share.

Export licensing controls on encryption products, including software, apply primarily to commercial entities. See Reinsch Decl. ¶ 21. Even if the regulations could not constitutionally be applied to Professor Junger's activities, that does not justify invalidation of the regulations as to companies such as Microsoft, Netscape, or any other commercial software manufacturer. Professor Junger does not allege any injury that gives him standing to invalidate the regulations for such applications, which have nothing to do with his own alleged injury.²⁹

Assuming the merits of plaintiff's overbreadth claim is reached, the regulations have a broad, substantially permissible purpose. Plaintiff nowhere demonstrates from the text of the regulations or actual application that the regulations have been applied in a substantial number of impermissible ways. The regulations serve the vital purpose of preventing the spread of a significant encryption capability abroad -- a plainly legitimate sweep -- and serve to regulate predominantly commercial software developers. While application of the regulations to academics like plaintiff satisfy constitutional requirements, even if that were in question, the regulations are applied permissibly in a substantial--indeed, vast majority of cases. Moreover, the regulations are narrowly and specifically drawn, and are not overbroad. Only the more significant encryption programs are subject to export controls, and many other programs are subject to licensing exceptions. The regulation of such software does not extend to the

_________________________

²⁹ Plaintiff's attempt to vindicate the rights of individuals, including U.S. citizens, located abroad "who do not pose a threat to security," see Supp. Compl. ¶ 72; Pl. Mem. at 17, is far too generalized a grievance on behalf of third parties to establish plaintiff s standing to bring an overbreadth claim.

- 36 -

publication of ideas and academic discussion of cryptography. There is simply no substantial overbreadth here.³⁰ Whether under a prior restraint or an overbreadth theory, there are no grounds for facial invalidation of the rules.

V. PLAINTIFF LACKS STANDING TO CHALLENGE EXPORT LICENSING
CONTROLS ON "TECHNOLOGY" AND, IN ANY EVENT, SUCH CONTROLS
ARE CONSTITUTIONAL.

Plaintiff's supplemental complaint appears to challenge export licensing controls under the EAR not only for encryption software, but also as to controls on "technology" under the EAR, see Supp. Compl. ¶¶ 1, 2, 21, 22, 23, 56, 58 and 77, and he seeks an injunction with respect to both provisions. Id., Prayer for Relief. Plaintiff's memorandum, however, is devoted entirely to the constitutionality of export controls on encryption software. In the absence of argument on the technology regulations, the court should deem plaintiff's challenge thereto to be withdrawn. Should these claims be reached, they are without merit.

Licensing controls under the EAR on so-called "technology" are distinct from controls on the export of encryption software. Technology is defined under the regulations as unpublished, proprietary information (also referred to as "technical data") that concerns the development, production, or use of a separate commodity itself controlled for export. See 15 C.F.R. Part 772 (definition of ''technology'').³¹ While most software is treated as "technology" under the EAR,

_________________________

³⁰ Plaintiff's related "vagueness" claim fails as well. See Supp. Compl. ¶ 74 Far from not providing adequate notice, the regulations are quite detailed in describing what encryption software programs are and are not subject to export licensing, down to a description of the key length in "bits" for such programs.

³¹ See 15 C.F.R. Part 772 (defining "technology" to mean specific information necessary for the "development" "production" and "use" of a product, including technical data which may take the form of blueprints, plans, diagrams, models, engineering designs and ( continued . . .)

- 37 -

the President expressly determined that encryption software subject to ECCN 5D002 not be treated as technology, but as a commodity like encryption hardware. See E.O. 13026, § l(c); 15 C.F.R. 742.15; ECCN 5D002. Hence, the EAR provisions concerning technology are not applicable to the export of encryption software, and the Commerce Department did not apply these provisions adversely to plaintiff in responding to his commodity classification requests.³²

Accordingly, as a threshold matter, plaintiff lacks standing to challenge the technology controls on an as-applied basis. Whatever interference with his activities plaintiff alleges, such claims are based on export controls for encryption software. Moreover, absent any demonstrated injury resulting from the "technology" provisions, plaintiff lacks standing to challenge them on their face as well. See Munson, 467 U.S. at 958. In the face of the broad academic activity in the area of cryptography -- numerous college courses, textbooks on cryptographic theory, fundamental research published in scholarly journals, and academic symposia, see McNamara Declaration, Tabs 1-11; Coppolino Declaration, Tabs 1-25, plaintiff cannot demonstrate a credible threat of injury to challenge the EAR technology controls. See Steffel v. Thompson, 415 U.S. 452, 459 (1974) (allegations of a "subjective chill" are "not an adequate substitute for a claim of specific present objective harm or a threat of specific future harm").

Even if the merits were reached, several courts, including the Sixth Circuit, have long recognized the facial validity of export licensing controls on technical data for national security

_________________________

³¹ ( . . . continued) specifications, manuals and instructions).

³² Indeed, the Commerce Department did advise plaintiff that publication of his chapter from Computers and the Law was not subject to licensing controls as technology. See Tabs 8 and 13 to Reinsch Declaration.

- 38 -

and foreign policy reasons. See United States v. Van Hee, 531 F.2d 352, 355-56 (6th Cir. 1976), (Congress subjected technical data to the same controls as arms "doubtless . . . in recognition of the fact that world peace and American security and foreign policy could be threatened by the exportation of such data without the necessity of actually sending arms or implements abroad"). See also United States v. Edler Industries, 579 F.2d 516, 520 (9th Cir. 1978); United States v. Posey, 864 F.2d 1487, 1496-97 (9th Cir. 1989).³³

Moreover, the EAR sets forth several exclusions to the definition of "technology" subject to export controls, which carve out categories of protected speech and activities from licensing requirements and thereby limit the reach of the regulations. See 15 C.F.R. §§ 734.7, 734.8, 734.9 (information, including research, that is published or will be published, available at public libraries, released at public conferences or through educational instruction are excluded from technical data controls). Rather than seeking to license such publication or open discussion, the EAR is structured to exclude such information from its reach in the first place. On their face, the technology regulations neither present First Amendment concerns -- nor have they been applied impermissibly here.³⁴

_________________________

³³ Indeed, the court in Edler observed that technical data regulations constituted a "general regulatory statutes, not intended to control the content of speech," See Edler, 579 F.2d at 520. thereby precluding a Lakewood facial prior restraint claim.

³⁴ Hence, plaintiff's bald assertions in his supplemental complaint, not reiterated in his brief, that the EAR preclude him from sending "technology" overseas, and require that any "technology" is subject to a "prepublication review," see Supp. Comp. 56, 58, are flatly wrong. The EAR do not seek to regulate as "technology" information that is or will be published. See 15 C.F.R. 734.7.

- 39 -

VI. EXPORT CONTROLS ON ENCRYPTION SOFTWARE UNDER THE EAR DO
NOT EXCEED STATUTORY AUTHORITY.

Finally, in his supplemental complaint, plaintiff alleges that the export licensing regulations at issue concerning encryption software exceed statutory authority under the International Emergency Economic Powers Act ("IEEPA"), 50 U.S.C. §§ 1701-1706. See Suppl. Comp., Count V. Again, however, plaintiff has not presented this issue to the court in his motion for summary judgment. Accordingly, the court should deem this count to be withdrawn. It should be noted that, while defendants otherwise disagree with its decision on the First Amendment issues, the district court in Bernstein rejected identical arguments that the export controls on encryption software at issue exceed statutory authority under the IEEPA. Bernstein, 974 F. Supp. at 1297-1303.

CONCLUSION

For the foregoing reasons, plaintiff's motion for summary judgment should be denied, defendants' motion for summary judgment should be granted, and this action should be dismissed with prejudice.

- 40 -

Respectfully Submitted,

FRANK W. HUNGER
Assistant Attorney General

EMILY M. SWEENEY
United States Attorney

VINCENT M. GARVEY
Deputy Branch Director

[Signature]

ANTHONY J. COPPOLINO
Department of Justice
Civil Division, Room 1084
901 E Street, N.W.
Washington, D.C. 20530
Tel. (Voice): (202) 514-4782
(FAX): (202) 616-8470 or 616-8460

Attorneys for the Defendants

OF COUNSEL:

THOMAS C. BARBOUR
ROMAN W. SLONIEWSKY
MARYNELL DeVAUGHN
Office of Chief Counsel for Export Administration
United States Department of Commerce

CERTIFICATE OF SERVICE

I hereby certify that on this the 17th day of November 1997, a copy of the foregoing Defendants' Memorandum of Points and Authorities in Support of Defendants' Second Cross-Motion For Summary Judgment and in Opposition to Plaintiff's Motion for Summary Judgment, was served, via overnight express mail, on:

Gino J. Scarselli
664 Allison Drive
Richmond Hts., Ohio 44143
Tel: (216) 291-8601

[Signature]

ANTHONY J. COPPOLINO

[End]

Hypertext conversion by JYA/Urban Deadline