Philip Karn is a programmer at Qualcomm, working largely on cellular technologies. Karn's case stems from his attempts to gain a license to export source code for cryptographic algorithms printed in Bruce Schneier's Applied Cryptography: Protocols, Algorithms and Source Code in C. Both the Department of State and subsequently the Department of Commerce determined that the book (including source code) was in the 'public domain' and freely exportable (note: in the export control context "public domain" has a meaning unrelated to its meaning under copyright law), but that the same source code in electronic format could not be exported. Among the encryption source code on the disk which Karn sought to export were the Enigma, DES, 3DES, and IDEA algorithms. In addition to the fact that all the source code in the book could be exported in print form, Karn claims the restrictions on these algorithms in particular help show the irrationality of the encryption export controls because:

• The DES and 3DES algorithms have already been approved in one case for export in electronic form.
• The Enigma code was used by the Germans during World War II and was broken by the allies during the same period.
• The IDEA algorithm was, itself, developed abroad and is available internationally as part of PGP version 5.0i.

The Karn case has had a complicated history in the courts. The case was filed in United States District Court for the District of Columbia. In 1996, the judge in the case, Judge Richey, granted summary judgment to the government, throwing out Karn's case for two reasons. First, any incidental restriction of Karn's free speech rights resulting from the export rules was justified, he wrote, because the government was really only interested in regulating encryption because of its functional properties (i.e. its ability to keep data confidential). Second, Karn's claims that restricting his export just because the source code was on a disk not on paper was irrational could not be heard because a provision in the Arms Export Control Act said that export control decisions were not subject to judicial review (under the Administrative Procedures Act). After this decision, Karn appealed the case to the Court of Appeals for the D.C. Circuit. Before his case could be heard, President Clinton transferred jurisdiction over encryption exports to the Commerce Department from the State Department. The D.C. Circuit sent the case back down to the District Court, to decide the administrative law claim under the new Commerce Department regulations. Before the case could be heard again in the District Court, a new judge took over the case.

On February 18, 1999, Judge Oberdorfer granted Karn's request for an evidentiary hearing. Once Judge Oberdorfer decides Karn's administrative law claims, the case will probably be appealed. Karn would appeal Judge Richey's decision on the freedom of speech claims, and whichever side loses on the administrative law claims would appeal those.

• Karn v. U.S. Dep't of State, 925 F.Supp. 1 (D.D.C. 1996) (Decision by Judge Richey, granting summary judgment to the government).
  
• Karn v. U.S. Dep't of State, 107 F.3d 923 (D.C.Cir. 1997) (Order by D.C. Circuit Court of Appeals, remanding the case to the District Court after the transfer of jurisdiction over encryption exports to the Commerce Department).
  
• The Amended Complaint in the Karn case.
  
• Philip Karn's site with information on the case.
  
• The Electronic Frontier Foundation's comprehensive Karn Case Archive.

The Bernstein Case

Daniel Bernstein is a mathematician and cryptographer, currently on the faculty of the University of Illinois at Chicago. He developed a specialized cryptographic algorithm, and sought to be able to "export" the source code and an academic paper discussing the algorithm. In his complaint, he specifically alleged:

Plaintiff intends general publication of the Items. . . . Plaintiff also wishes to discuss the Items at mathematical conferences and open public meetings of interested academics, business people and lay persons.

Plaintiff wishes to publish the Items and discuss their contents in order to disseminate his ideas and information about cryptography to other mathematicians and to business and lay persons interested in his ideas. Such activity is part of the normal process of academic and scientific exchange of ideas and information.

Bernstein does claim that the export regulations are vague as to whether speaking in public about his algorithm is restricted, or whether print publication (i.e. placing his paper in the 'public domain') is restricted. However, unlike Karn, Bernstein did not request or receive approval for the export of the same materials in print and electronic form, nor did the government make separate decisions based upon the medium of the item. Therefore, the Bernstein case's most significant argument is in his First Amendment claims: the undeniable fact that, even if not all encryption software is protected speech, Bernstein does use his software in expressive ways.

In mid-1997, Judge Patel of the U.S. District Court for the Northern District of California held that encryption software does constitute protected, expressive speech and said that the encryption export controls were unconstitutional. She did, however, narrow her order pending the outcome of the government's appeal to the Ninth Circuit Court of Appeals.

On May 6, 1999, the Ninth Circuit Court of Appeals affirmed Judge Patel's ruling that the Export Administration Regulations (EAR) constituted a prior restraint on speech". The opinion stated, "[I]nsofar as the EAR regula- tions on encryption software were intended to slow the spread of secure encryption methods to foreign nations, the govern- ment is intentionally retarding the progress of the flourishing science of cryptography. To the extent the government's efforts are aimed at interdicting the flow of scientific ideas (whether expressed in source code or otherwise), as distin- guished from encryption products, these efforts would appear to strike deep into the heartland of the First Amendment." However, the court emphasized the narrowness of its First Amendment holding by stating that not all software can be considered expressive.

The Justice Department challenged the Ninth Circuit ruling, and was granted a rehearing before a larger panel of judges of the Appeals Court. The hearing was scheduled for December 1999. The government filed a motion to delay the hearing because the Department of Commerce is expected to issue revised export regulations. The hearing has now been rescheduled for March 21, 2000.

For those interested in exporting encryption products: The decision does not immediately allow free export of compiled software or hardware. It appears to very narrowly allow the export of Dan Bernstein's Snuffle and similar source code, but even that result has been stayed (i.e., delayed) while the course of further proceedings in the case is sorted out. Those interested in exporting encryption should still seek the advice of a lawyer or risk criminal penalties.

• Bernstein v. United States Dep't of State, 922 F.Supp. 1426 (N.D. Cal. 1996) (Bernstein I - the first decision by Judge Patel, holding that cryptographic source code is speech protected by the First Amendment and that Bernstein's claims were "justiciable").
• Bernsteinv. United States Dep't of State, 945 F.Supp. 1279 (N.D. Cal. 1996) (Bernstein II - Judge Patel's second decision, holding that the encryption licensing scheme is a prior restraint, and making various other rulings).
• Bernstein v. United States Dep't of State, 974 F.Supp. 1288 (N.D.Cal. 1997) (Bernstein III - the critical third decision, in which Patel ruled infavor of the government on the statutory challenges under IEEPA, but held that the encryption export regulations were unconstitutional as a prior restraint on protected speech).
• Bernstein v. United States Dept. of Justice , _____ F.3d _________ (9th Cir. 1999) (Ninth Circuit opinion ruling the export regs unconstitutional and affirming the district court decision in Bernstein III)
• CDT joined other civil liberties groups in filing an amicus brief in support of Bernstein.
• The Electronic Frontier Foundation's Bernstein Case Archive of documents filed in the case.
• Professor Michael Froomkin's analysis of the Ninth Circuit Court of Appeals decision.
• Commerce Dept. and DOJ Statements on Ninth Circuit decision.
• BXA's response to the Bernstein legal team's request for a clarification of the January 2000 encryption regulations.

The Junger Case

Peter Junger, plaintiff in the third case before the courts, is not a computer scientist, but a law professor who teaches "Computers and the Law" at Case Western Reserve. He does understand programming languages, however, and two of the programs he sought to export were very rudimentary encryption programs he had written himself. He sought to post his programs and software such as PGP and RSA source code on his web site so as to use them in his course as a demonstration of how computers work. He was denied permission to 'export' the source code in this manner by the Commerce Department, and filed the lawsuit.

In July, 1998, Judge Gwin from the United States District Court for the Northern District of Ohio granted summary judgment for the government. He decided that "exporting source code is conduct that can occasionally have communicative elements" but that this is not enough; for the licensing scheme to be an unconstitutional "prior restraint" on speech it must impinge on "expression, or ... conduct commonly associated with expression," said Gwin. "Even if the Export Regulations have impaired the isolated expressive acts of academics like Plaintiff Junger, exporting software is typically non-expressive."

On March 1, 1999, the American Civil Liberties Union of Ohio filed a brief for Professor Junger as plaintiff-appellant in his appeal to the United States Court of Appeal for the Sixth Circuit from Judge Gwin's judgment.

CDT joined other civil liberties groups in filing an amicus brief in support of Junger in the Sixth Circuit.

On April 4, 2000, the Sixth Circuit Court of Appeals found against the government. "Because computer source code is an expressive means for the exchange of information and ideas about computer programming, we hold that it is protected by the First Amendment." The full decision is available.

• Junger v. Daley, --- F.Supp. ----, 1998 WL 388972 (N.D.Ohio 1998).
  
• Junger's site with archived documents related to the case.
  
• Supplemental and Amended Complaint in the Junger case.