From: Evan Martin (martine_at_danga.com)
Date: Thu Mar 11 2004 - 11:44:32 PST
I mentioned this case briefly in section, but not by name:
http://cr.yp.to/export.html
Basically, Daniel Bernstein (at the time a grad student, now a professor
at UIC) devised a system he called "snuffle" that could make a
private-key system (like DES from the textbook) out of any one-way hash
function (like MD5 from the textbook). Normally, this would be
interesting but not monumental, but at the time (and even now) there are
many legal restrictions on cryptography: it's regarded by our
government as "munitions", and cannot be legally exported in the same
way it's illegal to sell guns to countries like Iraq. But as far as I
know, hash function code is legal to export.
What's particularly interesting about these limitations is that it meant
that researchers could not publish papers about cryptography in places
that could potentially be exported, because doing so would put them in
the same category as arms trackers.
DJB (that's what he's usually known by) wrote two descriptions of
snuffle: at one extreme, prose, and at the other, code. He then sent
all of them to the export controllers and asked which ones would be
legal to export. ( In
http://www.eff.org/Privacy/Crypto_export/Bernstein_case/Legal/950221.exhibits/exhibit.a,
he wrote: "The portions of snuffle.c and unsnuffle.c which actually
perform encryption and decryption contain just 15 lines each of C code
with no cryptographic technology per se.")
When he was told they'd all be illegal, he brought it to court,
challenging the constitutionality(!) of the law. And after many years,
he eventually won, sorta; they relaxed the export controls, and so the
case was dismissed as no longer an issue.
This page has documentation: http://cr.yp.to/export/docs.html .
Apparently he fought this for a full ten years!
This case is interesting because of initial ruling: code falls under the
first amendment. I quote from a press release:
This is the first time a U.S. court has ruled that source code is
speech under First Amendment analysis. Previously, courts have held
that software is speech for copyright law only.
The decision states in part:
"This court can find no meaningful difference between computer
language, particularly high-level languages as defined above, and
German or French....Like music and mathematical equations, computer
language is just that, language, and it communicates information
either to a computer or to those who can read it....Thus, even if
Snuffle source code, which is easily compiled into object code for
the computer to read and easily used for encryption, is essentially
functional, that does not remove it from the realm of speech....For
the purposes of First Amendment analysis, this court finds that
source code is speech."
Ack, it still gives me goosebumps every time I read it.
Here's a good summary of the conflict:
"Cryptography and Speech" -- http://www.cyberlaw.com/cylw1095.html
And here's a brief page of some of DJB's other contributions:
http://logicerror.com/djb
His page is
http://cr.yp.to
and has quite a bit on it.
-- Evan Martin martine_at_danga.com http://neugierig.org _______________________________________________ Cse461 mailing list Cse461_at_cs.washington.edu http://mailman.cs.washington.edu/mailman/listinfo/cse461
This archive was generated by hypermail 2.1.6 : Thu Mar 11 2004 - 11:44:38 PST