More on the risks of teaching ...

[Peter D. Junger <junger () samsara law cwru edu>]

I have received a large number of personal responses to my article on the
risks of teaching about computers and the law (RISKS-14.65) as well as the
responses that appeared in RISKS-14.67.  (I am afraid that I lost some of the
personal responses, so if you haven't received a reply, please send me another
copy of your message.)  These have been most interesting and helpful and, for
the most part, supportive.

I would, however, like to correct some misapprehensions that appear in the
response by Jerry Leichter entitled "Re: Peter D. Junger's risks of
teaching..." (RISKS-14.67).

Mr Leichter writes:

    While more sophisticated in his writing, what Mr. Junger is really
    doing is simply repeating an argument we've seen many, many times on
    the net:

        1.  Anyone can write cryptographic software, so where is the
            secrecy?

        2.  The regulations as written forbid export of such things as -
            a favorite example that Mr. Junger surely did not re-invent
            independently - Captain Midnight Decoder rings.

But my trouble is that _I_ (not anyone, not anyone else, but just dear old
_moi-je_) wrote an encryption program that does not contain anything secret or
original and yet the ITAR regulations require me to get a license before I
_talk_ about this program with my students, if any of them should happen to be
foreign, without first obtaining a license from the State Department, a
license, which if it is granted, I could not expect to get before the semester
is over.  So I am not making the very sensible argument that Mr. Leichter
pooh-pools as old hat.  (I have no recollection of having ever seen any
reference to my old--or any other--Captain Midnight Decoder (which I don't
recall was a ring--wasn't it sort of a flat disk with a knob in the center?)
during the last several decades, but if Mr. Leichter is sure I did not
"reinvent" this example, I won't argue that point with him.)

Though I think it is sort of silly to require me to get a license to export my
program, since I don't want to export it--I just want to talk about it and
publish it and post it on my FTP server, all within the United States--that is
not my problem.  Once again, what I am concerned with is the requirement that
I get a license to talk (or publish) information about my program within the
United States, a requirement that is blatantly unconstitutional.

Thus Mr. Leichter's example of requiring a license for the exportation of an
encryption _chip_ has nothing to do with my problem.  (I must admit, however,
that I cannot conceive of a case where the export of an encryption chip, that
was not developed by or on behalf of the government, could be a serious threat
to our national security.)

His other example does, however, have some bearing on my problem, if only
because it illustrates how unclear, how far from being present, how
farfetched, is the danger of allowing information about cryptography to get
into the hands of the foreigners, for this example is: "conjectural software,
500 man-years in the making after a large research investment, for breaking
cryptosystems used by the US for communicating with its embassies abroad".
(Who would spend all that time and money to accomplish such a goal, whether
those who did it (were it done) would be deterred by export regulations, and
whether a program of such complexity could ever work are exercises that are
left to the reader.)

Even though we are basically talking about different issues, however,
the desire of Mr. Leichter to regulate the export of devices does
ultimately collide with the Constitutional right of free speech that is
my concern.  As he puts the problem:

    Mr. Junger teaches law.  Perhaps he'll take up the challenge of
    suggesting regulatory wording that covers "significant"
    cryptographic "equipment" - along the way, perhaps, coming up with a
    distinction that can be made in some useful way among "equipment",
    "software", and "specifications".

The trouble with this challenge--besides the fact that I have no interest in
drafting such regulations--is that the constitution forbids the regulation of
speech and that "specifications" fall squarely within the category of speech.
What is really interesting is that "software" seems to be both "equipment",
which is unprotected, and speech, which is constitutionally protected.
(That's why I find computers and the law an interesting subject.)

The problem that I face is not how to draft unconstitutional regulations but
how to challenge them.  The fact that the regulations are not enforced makes
it difficult to get their constitutionality before the courts.  And the fact
is that the regulatory scheme is not enforced by the bureaucrats, despite Mr.
Leichter's claim that that is their job; instead, as one who responded to me
privately put it, they rely on "FUD (Fear, Uncertainty and Doubt) to dissuade
people from using and distributing effective cryptographic software."

Peter D. Junger

Case Western Reserve University Law School, Cleveland, OH
Internet:  JUNGER () SAMSARA LAW CWRU Edu -- Bitnet:   -- Bitnet:  JUNGER@CWRU

------------------------------