January 01, 1998

Plaintiff's Reply Memo

9 min




Plaintiff, )


v. ) Civ.A. No. 95-1812 (LFO)


U.S. DEPARTMENT OF STATE, et al ) (Judge Oberdorfer)




Plaintiff, by counsel, submits this Reply memorandum, restricted to the two issues on which Plaintiff has moved for summary judgment: 1) whether the EAR restrictions on cryptographic source code violate the First Amendment; and 2) whether the President’s reliance on the International Economic Emergency Powers Act (IEEPA) to perpetuate export controls after expiration of the Export Administration Act (EAA) is lawful.

I. Application of the EAR to Crypto Source Code Violates the First Amendment

With respect to this issue, Plaintiff will continue to rely on the memoranda previously filed and considered by Judge Richey. There is a new decision on this issue. On July 2, 1998, Judge Gwin issued a decision in Junger v. Daley, CASE NO. 1:96-CV-1723, (N.D. Ohio), ___F.Supp.___, 1998 WL 388972. Judge Gwin, expressly disagreeing with the conclusion reached by Judge Patel inBernstein v. United States Dep't of State, 922 F. Supp. 1426 (N.D. Cal. 1996), rejected the plaintiff’s First Amendment challenge to the EAR as applied to crypto software. Judge Patel’s decision remains under consideration by the Ninth Circuit Court of Appeals. Oral argument on that appeal was held in December 1997, but a decision has not been announced.

The Defendants continue to advance the argument they have advanced in all three pending EAR/crypto litigations: there is no First Amendment violation because crypto software is controlled because of what it does not because of what itsays. That argument, at least as applied to the crypto source code at issue here, is fundamentally wrong as a matter of fact and legal analysis.

Defendants are simply wrong when counsel asserts, without any supporting evidence, that crypto software source code listings are:

more than informational — they also constitute instructions to a computer microprocessor that, with minimal additional programming, cause the computer to actually encrypt data. Source code is not merely "text," like a recipe or manual, but text that can be executed to program the computer to perform a certain function.

(Defs. Memo. at 22) That fact of the matter is that the source code at issue in this case, as well as other crypto software source code regulated under the EAR, cannot "cause [a] computer to actually encrypt data" any more than a bomb recipe can cause the destruction of a building. In both cases the information constitutes raw data for a human being to use to build a "functioning machine." In the case of a bomb, the builder must use the recipe, gather the ingredients, and make the explosive device. In the case of functioning cryptographic programs, the software engineer must take the crypto algorithm source code, gather the numerous other ingredients (source code for several necessary routines) and physically operate a mechanical device (a computer) to assemble an operating cryptographic program that must then be separately operated to actually encrypt or decrypt information. For purposes of the First Amendment analysis, there is no viable distinction between a bomb recipe and crypto source code. The government can constitutionally regulate or bar the use of bombs, but it cannot constitutionally prevent the export of instructions on how to make a bomb.1/ The government may be able to sanction theuse of cryptography2/ but that possibility does not mean it can sanction the export of cryptographic source code.

At one point in their argument Defendants apparently recognize that Plaintiff seeks to communicate – a First Amendment core activity – and not to export a functioning cryptographic machine.3/ The Defendants state that "the most commonly understood reason for exporting software, as plaintiff himself indicates, is to provide people with the capability of programming their computer to perform a certain function." (Def. Memo at 23)(emphasis added). Defendants thus recognize that Mr. Karn does not seek to export a functioning program, but with part of the "recipe" that will, if combined with other information, enable someone to then create a functioning cryptographic machine.

In contending that this system of controls is not based on the "content" of the speech, Defendants ask the Court to ignore the undisputed fact that computer source code that describes a data authentication function, but not a data confidentiality function, is not subject to export controls. This critical distinction is highlighted by the Defendants’ astounding "about face" with respect to their regulation of the Integrated DNSSEC source code.

As now acknowledged by Defendants, that source code in fact includes data encryption capabilities and is not limited to data authentication. The fact that Defendants initially failed to understand what they were licensing does not matter. Their astonishing change of position only emphasizes that the decision on whether to preclude the export of computer source code depends entirely on the government’s evaluation of thecontent of that source code. When the Defendants believed that DNSSEC source code contained only data authentication functions, they decided it was not subject to export controls. When they belatedly understood what that code actually contained, they decided that this particular source code is subject to export controls. The evolution of this decision plainly shows that the regulation of Plaintiff’s source code is entirely dependent on its content, not its functionality.

II. The President’s Invocation of IEEPA Is Reviewable Because It Exceeds Explicit Limitations in IEEPA

The Defendants erroneously contend that this Court cannot decide whether the President’s invocation of IEEPA is lawful. Their argument simply misreads the unambiguous decision of the Court of Appeals in Chamber of Commerce v. Reich, 74 F.3d 1322 (D.C. Cir. 1996). That court did hold, as quoted by Defendants’ counsel, that ""when a statute entrusts a discrete specific decision to the President and contains no limitations on the President's exercise of that authority, judicial review of an abuse of discretion claim is unavailable."Id., 74 F.3d at 1311 (emphasis added). Defendants’ counsel ignores the crucial holding. If the statutedoes "contain limitations" it does not matter that the President is entrusted to make the decision. The Judicial Branch not only can review such decisions to determine whether the President has acted within the limitations imposed by Congress, the court is obligated to fulfill its constitutional duty to enforce the Separation of Powers and insure that the President does not go beyond the congressionally-imposed limitations.

This case presents precisely such a situation. Congress unambiguously imposed limitations on the President’s discretion in IEEPA. As noted in Plaintiff’s prior memorandum, IEEPA authorizes the President to impose restrictionsonly ""to deal with any unusual and extraordinary threat, which has its source in whole or substantial part outside the United States." 50 U.S.C. &#sect; 1701(a). The only situation which led the President to declare a national emergency and impose the export controls at issue in this litigation was the failure of Congress to re-enact the EAA. That inaction cannot conceivably be construed as a "threat which has its source in whole of substantial part outside the United States." The President has exceeded an explicit limitation in IEEPA. Under the unambiguous holding in Chamber of Commerce, this Court has jurisdiction to review the President’s action.

Defendants are simply wrong when they argue that the Plaintiff has the "burden of showing that there would be no conceivable set of circumstances in which it would be proper for the President to use his authority under IEEPA to undertake this specific action." (Def. Memo. at 15) The validity of the President’s action must be reviewed and defended on the basis of what the Presidentdid, not what he might have donein some other "conceivable set of circumstances." If, as Plaintiff submits, the basis for the President’s action in declaring this specific national emergency was not "wholly or in substantial part" a situation that developed outside the United States, the action exceeds the explicit limitation in IEEPA and must be declared unlawful.

Judicial review of this decision will not in any way intrude into an area or foreign affairs or national security. Plaintiff does not ask the Court to second-guess the President with respect to the gravity or severity of any aspect of crypto controls. All Plaintiff seeks is a judicial recognition that the President himself relied on Congress’ failure to re-enact the EAA when he invoked IEEPA, and to hold that congressional inaction simply is not a "threat, which has its source in whole or substantial part outside the United States." That determination is plainly not a foreign affairs decision, nor does it require intrusion into issues reserved for the Executive Branch.

Respectfully submitted,

1/ The widespread availability of bomb-making instructions in U.S. Government publications, encyclopedias and on the Internet is evidence of the protected status of such information. The only known instance of an attempt to censor bomb-making information occurred in United States v. Progressive, 467 F.Supp. 990 (W.D. Wis. 1979). In that case the Executive Branch sought to enjoin publication of an article on how to make an H-bomb on grounds that "the national security . . . could be jeopardized by the publication of the article." Id. at 992. The prosecution obtained an initial injunction after persuading the trial judge that "concepts [in the article] that are vital to the operation of the hydrogen bomb [are not] in the public domain." Id. at 993. The magazine then produced evidence that the supposedly non-public elements of the H-bomb recipe had in fact been available for several years in the open public library of the government’s Los Alamos Scientific Laboratory. United States v. Progressive, 486 F. Supp. 5, 7 (W.D. Wis. 1979) The prosecution admitted this fact but contended it was a "mistake." Id. The district court nevertheless continued the injunction, but the Executive Branch subsequently decided that in light of the prior release and the additional publication of the same information in the Milwaukee Sentinel, (486 F.Supp. at 7-9), it would no longer seek to restrain publication and agreed to vacate the injunction after the defendant noted an appeal. See 610 F.2d 819 (appeal dismissed). There is no such "national security" element in the publication of the common "fertilizer bomb" instructions that have been the source of frequent public attention.

2/ Plaintiff does not concede this point since use of cryptographic software is still a form of communication and thus implicates the First Amendment while exploding a bomb is not a First Amendment activity. The point here is that in both situations the communication of content necessary to make a functioning machine is distinctly different from using that machine.

3/ It is entirely appropriate to describe a computerized cryptographic object code application as a "machine," especially since before the advent of powerful personal computers, u encryption was in fact utilized using physical machines such as the Enigma employed by the Germans in World War II.