US Attorney Suggests Solution To Open Source Encryption: Ban Importation Of Open Source Encryption

from the bangs-head-on-desk dept

McQuade: "I think it would be reasonable to ban the import of open-source encryption software" #UMichTalks — David Adrian (@davidcadrian) April 12, 2016

In light of these considerations, we conclude that encryption software, in its source code form and as employed by those in the field of cryptography, must be viewed as expressive for First Amendment purposes, and thus is entitled to the protections of the prior restraint doctrine. If the government required that mathematicians obtain a prepublication license prior to publishing material that included mathematical equations, we have no doubt that such a regime would be subject to scrutiny as a prior restraint. The availability of alternate means of expression, moreover, does not diminish the censorial power of such a restraint-that Adam Smith wrote Wealth of Nations without resorting to equations or graphs surely would not justify governmental prepublication review of economics literature that contain these modes of expression.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Is itthat hard to expect officials representing law enforcement to understand basic concepts? Earlier this week, University of Michigan hosted a debate on the whole "going dark/encryption" fight with the EFF's Nate Cardozo (disclaimer: he has represented us on certain legal issues) and US Attorney for the Eastern District of Michigan Barbara McQuade. While the event was filmed and livestreamed , as I type this, they don't appear to have posted a recorded version. However, it appears that Cardozo (not surprisingly) raised a key point that has been raised many times before: a US law against allowing unbroken encryption would have little impact on bad people using encryption, since there are many open source and non-US encryption products worldwide. But McQuade had a response to that ... and it was kind of insane:If you can't read that, she said: "I think it would be reasonable to ban the import of open-source encryption software." This is idiotic on any number of levels, and that an actual representative of law enforcement would make such a claim is immensely troubling and raises serious questions about the competency of the US Attorney's Office in Eastern Michigan.First off, the Open Technology Institute released a paper late last year showing that there was a ton of both open source and foreign encryption products that weren't subject to US regulations. Another paper, released earlier this year by the Berkman Center and written by Bruce Schneier (along with Kathleen Seidel and Saranya Vijayakumar), found that there were 865 encryption products from 55 different countries on the market when they wrote the paper (it could be more by now), with 546 of those from outside the US. In other words, there are a lot of these kinds of products. So, at the very least, they'd be used by people outside of the US.But, more to the point, a ban on importing them? We already had that legal fight, though back then it was on the question ofencryption. In Bernstein v. the US Department of Justice , the government sought to block Daniel Bernstein from publishing his algorithm for his Snuffle encryption system, saying it violated export laws related to exporting. Eventually, the 9th Circuit ruled thatand any regulations preventing publication would be unconstitutional.So, for McQuade's "simple" solution to take hold, we'd have to first ignore the First Amendment and a ruling directly on point to the issue she thinks is an easy solution. To be clear, the court's ruling stated:While it's true this technically only applies in the 9th Circuit (and McQuade's district is outside of that circuit), it's not like there's a competing ruling in another district and the ruling here would be a difficult one to overcome.Second, even if she could get past it,. At least in the Bernstein case, the argument would be to try to block an American citizen from publishing the content -- an "export" ban. An "import" ban would be an order of magnitude more futile, because anyone outside the US publishing such open source code would not be covered by US regulations, so they couldn't be blocked from doing anything by a US court. So then any "import" ban would come down to someone being forced to magically comb the entire global internet and make sure no one from the US could ever see or find that code -- which, of course, would bring us right back to questions of prior restraint and the First Amendment.There may be reasonable arguments to be made about encryption and its impact on law enforcement, but if the argument includes such inane ideas as banning the import of strong encryption, it's difficult to take the speaker seriously, or to conclude that they have any useful or competent knowledge on the subject at all.

Filed Under: banning encryption, barbara mcquade, encryption, free speech, going dark, import ban, open source encryption