Daniel Bernstein seems intent on striking the deathblow to U.S. government regulations on cryptography.
The latest chapter in his decade-long battle began to unfold on Friday, when lawyers representing both the Department of Commerce and Bernstein, a University of Illinois associate professor of mathematics, statistics and computer science, prepared to ask federal district court judge Marilyn Hall Patel to grant a summary judgment. At stake: the last remnants of a system that once prevented U.S. citizens from releasing software code that creates secure, electronic communications.
Bernstein is trying to eradicate the last of the export laws that previously kept Americans from distributing any work related to cryptography.
It's a bit confusing to some in the cryptography arena who feel that the current laws allow anyone to distribute their programs without fear of reprimand. Bruce Schneier, security expert and author of Applied Cryptography, said the future battle over encryption won't be trying to free software code, but rather preventing corporations from using it to limit rights.
"We always thought about cryptography as being a tool to protect the little guy versus the big guy," said Schneier. "It never occurred to us that the Digital Millennium Copyright Act would get passed."
Even with the looming fight over the DMCA, many are still uncomfortable with the court battle Bernstein continues to wage.
"When you empower people to do things, we empower them to do bad things," said Mike Godwin, staff council at the Center for Democracy and Technology. "It's a hard problem: What do you allow people to do in a free society? This is the hard part of democracy. You have to end up trusting people."
The problem, the government claims, occurs when the technology falls into the hands of people outside democracies. Earlier this year, for example, The Wall Street Journal bought a computer in Kabul, Afghanistan, that held encrypted files. The news organization broke the security -- with the help of the government -- revealing a wealth of information about al-Qaida activities.
The security was relatively easy to break, since the al-Qaida operatives who owned the computer used an off-the-shelf, 40-bit encryption program. However, if they had used one of the newer, more powerful encryption programs, those messages would likely have been lost forever.
That has been the heart of the government's fight to limit general access to cryptography for the last 30 years. It does this by requiring people to apply for a license called a commodities jurisdiction. Without this license, nobody can export any cryptography product, which includes publishing it on the Web -- and, for good reason, according to Stewart Baker, an affable Washington lawyer with Steptoe & Johnson.
Baker, who was general counsel for the National Security Agency from 1992 until 1994, said there is strong evidence, for example, that World War II was won because we had better cryptographers than Germany and Japan. Behind tight security at Fort Meade, Maryland, the NSA has teams of mathematicians and programmers working on the some of the world's most powerful supercomputers, making and cracking codes.
Making the knowledge freely accessible to everyone, Baker said, takes away one of the United States' strategic advantages.
Bernstein has repeatedly beaten back the government's attempt to restrict cryptographic technology. But, Baker said, much of that battle was waged during a different political climate.
"If it had come up 10 years later, this battle probably could have been won," Baker said. "But even then it would have been a very hard battle because there are so many valuable uses for encryption.... My guess is that at the end of the day, we would have ended up here."
Here is a place where very strong public encryption technology is available to the public, thanks to a handful of people, working in a loose collective led by Dr. Whitfield Diffie. The group developed their own system for secure communication that was so strong the NSA deemed it a threat to national security to sell it commercially. That started an epic battle between the government and the technology community, which is chronicled in Steven Levy's book Crypto.
The legal flare-up began in 1995 when Bernstein filed suit against the State Department, claiming the export laws that limited where academics could publish their research were unconstitutional.
With the help of Cindy Cohn, now a staff attorney with the Electronic Frontier Foundation, Bernstein successfully challenged the government's ability to restrict publishing code. In 1999, Patel agreed with Cohn. Three years later, the 9th Circuit Court of Appeals upheld Patel's ruling.
Since then, the government has eased restrictions on export technology, although the government still maintains the right to limit certain exports.
