US Attorney Suggests Solution To Open Source Encryption: Ban Importation Of Open Source Encryption
from the bangs-head-on-desk dept
Is it really that hard to expect officials representing law enforcement to understand basic concepts? Earlier this week, University of Michigan hosted a debate on the whole "going dark/encryption" fight with the EFF's Nate Cardozo (disclaimer: he has represented us on certain legal issues) and US Attorney for the Eastern District of Michigan Barbara McQuade. While the event was filmed and livestreamed, as I type this, they don't appear to have posted a recorded version. However, it appears that Cardozo (not surprisingly) raised a key point that has been raised many times before: a US law against allowing unbroken encryption would have little impact on bad people using encryption, since there are many open source and non-US encryption products worldwide. But McQuade had a response to that... and it was kind of insane:McQuade: "I think it would be reasonable to ban the import of open-source encryption software" #UMichTalks
— David Adrian (@davidcadrian) April 12, 2016
First off, the Open Technology Institute released a paper late last year showing that there was a ton of both open source and foreign encryption products that weren't subject to US regulations. Another paper, released earlier this year by the Berkman Center and written by Bruce Schneier (along with Kathleen Seidel and Saranya Vijayakumar), found that there were 865 encryption products from 55 different countries on the market when they wrote the paper (it could be more by now), with 546 of those from outside the US. In other words, there are a lot of these kinds of products. So, at the very least, they'd be used by people outside of the US.
But, more to the point, a ban on importing them? We already had that legal fight, though back then it was on the question of exporting encryption. In Bernstein v. the US Department of Justice, the government sought to block Daniel Bernstein from publishing his algorithm for his Snuffle encryption system, saying it violated export laws related to exporting weapons. Eventually, the 9th Circuit ruled that software source code was speech protected by the First Amendment and any regulations preventing publication would be unconstitutional.
So, for McQuade's "simple" solution to take hold, we'd have to first ignore the First Amendment and a ruling directly on point to the issue she thinks is an easy solution. To be clear, the court's ruling stated:
In light of these considerations, we conclude that encryption software, in its source code form and as employed by those in the field of cryptography, must be viewed as expressive for First Amendment purposes, and thus is entitled to the protections of the prior restraint doctrine. If the government required that mathematicians obtain a prepublication license prior to publishing material that included mathematical equations, we have no doubt that such a regime would be subject to scrutiny as a prior restraint. The availability of alternate means of expression, moreover, does not diminish the censorial power of such a restraint-that Adam Smith wrote Wealth of Nations without resorting to equations or graphs surely would not justify governmental prepublication review of economics literature that contain these modes of expression.While it's true this technically only applies in the 9th Circuit (and McQuade's district is outside of that circuit), it's not like there's a competing ruling in another district and the ruling here would be a difficult one to overcome.
Second, even if she could get past it, it would be pointless and useless. At least in the Bernstein case, the argument would be to try to block an American citizen from publishing the content -- an "export" ban. An "import" ban would be an order of magnitude more futile, because anyone outside the US publishing such open source code would not be covered by US regulations, so they couldn't be blocked from doing anything by a US court. So then any "import" ban would come down to someone being forced to magically comb the entire global internet and make sure no one from the US could ever see or find that code -- which, of course, would bring us right back to questions of prior restraint and the First Amendment.
There may be reasonable arguments to be made about encryption and its impact on law enforcement, but if the argument includes such inane ideas as banning the import of strong encryption, it's difficult to take the speaker seriously, or to conclude that they have any useful or competent knowledge on the subject at all.
Filed Under: banning encryption, barbara mcquade, encryption, free speech, going dark, import ban, open source encryption
