It ended not with a bang, but a whimper. Thanks to a strategy of strategic amelioration of rules whenever they looked about to be struck down, combined with judicious promises not to prosecute people who were otherwise covered by the letter of the law, the US government has dodged the whole hail of bullets that was the Bernstein cryptography case. The proceedings produced a great opinion — Bernstein v. U.S. Dept. of Justice, 176 F.3d 1132 (9th Cir. 1999), but it was withdrawn, Bernstein v. U.S. Dept. of Justice, 192 F.3d 1308 (9th Cir. 1999) pending an en banc hearing that never happened. Then it was remanded.
Now comes news that, the Bernstein Cryptography Case Is Dismissed.
Chicago, 15 October 2003 – The longest-running court case against the government's encryption regulations has come to an end, for now.
The regulations were challenged by Daniel J. Bernstein, a professor of mathematics, statistics, and computer science at the University of Illinois at Chicago. Bernstein filed his lawsuit in February 1995 and won four court decisions against the constitutionality of the government's previous regulations.
In an October 2002 court hearing on the current encryption regulations, Department of Justice attorney Tony Coppolino told the court that the government would not enforce several portions of the regulations.
“I can assure you that the regulatory authority does not want [researchers who are collaborating at conferences] sending us an e-mail every time they change something in an algorithm,'' Coppolino told the court. Coppolino also said that commmercial book publishers and assembly-language publishers did not need to obtain licenses.
As observers predicted after the hearing, Chief Judge Marilyn Hall Patel of the United States District Court for the Northern District of California relied on the government's promises and dismissed Bernstein's case without deciding the constitutionality of the current regulations.
“If and when there is a concrete threat of enforcement against Bernstein for a specific activity, Bernstein may return for judicial resolution of that dispute,'' Patel wrote, after citing Coppolino's “repeated assurances that Bernstein is not prohibited from engaging in his activities.''
“I hope the government sticks to its promises and leaves me alone,'' Bernstein said in a statement today acknowledging Patel's decision. “But if they change their mind and start harassing Internet-security researchers, I'll be back.''
As noted in this message to Dave Farber's list, the net result of dismissing the Bernstein case is that the leading case on cryptography rights is the 6th circuit decision in Junger v. Daley, 209 F.3d 481 (6th Cir. 2000) — a case brought by Peter D. Junger, a law professor. That case holds,
Because computer source code is an expressive means for the exchange of information and ideas about computer programming, we hold that it is protected by the First Amendment.
I've written a fair amount about the regulation of cryptography, but I'll confess that I was dubious about Junger's decision to press the case. The complaint felt too much like a put-up job. I thought one could teach a law course just fine without the source code. It didn't feel strong as compared to a complaint by a mathematician like Bernstein who clearly had an interest in teaching and publishing his thesis. I was wrong. Junger was right, and he's more than entitled to the slight note of vindication in his posting.