FILED
97 FEB 13 PM 4:29

UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF OHIO
EASTERN DIVISION

PETER D. JUNGER,                  )      CASE NO. 96 CV 1723
                                  )
     Plaintiff                    )                     
                                  )      JUDGE DONALD C. NUGENT
     v.                           )
                                  )               
MADELEINE K. ALBRIGHT, DEPART-    )      FIRST SUPPLEMENTAL
MENT OF SATE; WILLIAM DALEY,      )      AND AMENDED COMPLAINT
DEPARTMENT OF COMMERCE;           )
KENNETH A. MINIHAN, NATIONAL      )
AGENCY                            )
                                  )
     Defendants.                  )

1. On August 7, 1996, the plaintiff filed a complaint together with a motion for preliminary injunction challenging the constitutionality of provisions of the International Traffic in Arms Regulations (ITAR), 22 C.F.R. §§ 120 et seq., administered by the State Department. On December 30, 1996, regulatory jurisdiction over nonmilitary encryption was transferred from the State Department under the ITAR to the Commerce Department under amendments to the Export Administration Regulations (EAR), 15 C.F.R. Part 730 et seq. (see Tab A). Because the controversy between the plaintiff and the defendants continues to exist under the amendments to the EAR, the plaintiff files this supplemental and amended complaint.

2. The plaintiff incorporates, as if fully rewritten, all paragraphs of the original complaint except paragraph 7, naming William J. Lowell, Director of the Department of State's Bureau of Politico-Military Affairs, Office of Defense Trade Controls (i'ODTC") and the ODTC as defendants.

- 1 -

JURISDICTION, VENUE AND PARTIES

3. This claims in this supplemental and amended complaint arise under the Constitution of the United States and federal statutory law. Declaratory relief is sought under 28 U.S.C. §§ 2201-02. The jurisdiction of this Court continues pursuant to 28 U.S.C. § 1331.

4. The plaintiff continues to reside in the Northern District of Ohio.

5. The individual defendants are members of the executive branch of the government of the United States. The individual defendants are sued as officers or employees of the United States acting under color of law in their official capacities.

6. Madeleine Albright (Department of State) is the United States Secretary of State.

7. William Daley (Department of Commerce) is the United States Secretary of Commerce. William Daley and the Department of Commerce are substituted for William J. Lowell, Director of the Department of State's Bureau of Politico-Military Affairs, Office of Defense Trade Controls ("ODTC") and the ODTC.

8. The defendants and their respective agencies (collectively "the government") are responsible for the interpretation and administration of the regulations at issue in this complaint.

STATUTORY AND REGULATORY BACKGROUND

9. The President relied on his authority under the International Emergency Economic Powers Act (EEPA), 50 U.S.C. §§ 1701 et seq., and his inherent foreign affairs powers to transfer control of non-military encryption from the ITAR to the EAR. The EAR was originally promulgated under the Export Administration Act of 1979 (EAA), 50 U.S.C. App. § 2401 et seq. The EAA, however, was not intended to be permanent legislation and lapsed on August 20, 1994. Since then, the President has authorized the continuation of the EAR and the recent amendments by executive order.

10. The President has explicitly left open the option of transferring encryption controls back to

- 2 -

the ITAR, "upon enactment of any legislation reauthorizing the administration of export controls." Memorandum from the White House. November 15, 1996. ql 8 (Tab A).

11. The transfer of jurisdiction to the Commerce Department on December 30, 1996, concerned (non-military)¹ encryption commodities, software and technology (collectively, encryption items (EIs)). Under the amended EAR, EI items are listed on the Commerce Control List (CCL) and are controlled for export under "Export Control Classification Numbers ' (ECCNs) SA002, SD002 and SE002. Encryption software and encryption technology are controlled under ECCN SD002 and SE002, respectively. 15 C.F.R. Part 774, 61 Fed. Reg. 68586-87.

12. All encryption software controlled under ECCN SD002. except for encryption source code contained in a printed book or other printed material, is subject to licensing under the EAR. See 15 C.F.R. § 734.3, 61 Fed. Reg. 68578.

13. Licenses are required for export of EI items, including software, to all destinations except Canada. See 15 C.F.R. § 742.15(b), 61 Fed. Reg. 68581. Exceptions are made for certain mass market and key-recovery, none of which are relevant to Plaintiffs proposed activities. 15 C.F.R. § 742.15 (b), 61 Fed. Reg. 68581-82.

14. "Export" under the EAR "means an actual shipment or transmission of items subject to the EAR out of the United States, or release of technology of software subject to the EAR to a foreign national in the United States." 15 C.F.R. § 734.2, 61 Fed. Reg. 68578. The "export" of encryption source code and object code includes

(i)(A) An actual shipment, transfer, or transmission out of the United States; or

(i)(B) A transfer of such software in the United States to an embassy or affiliate of a controlled country";

_____________________________

1 Encryption items that are specifically designed. developed. configured. adapted or modified for military applications (including command. control and intelligence applications)" remain on the ITAR under the State Department jurisdiction. See 61 Fed. Reg. 68633 (Tab A). Unless otherwise noted in this complaint. reference to encryption items, encryption software (including source code and object code). and encryption technology excludes items presently controlled under the ITAR.

- 3 -

(ii) . . . downloading or causing the downloading, of such software to locations (including electronic bulletin boards and Internet file transfer protocol and World Wide Web sites) outside the U.S., and making such software available for transfer outside the United States, over radio, electromagnetic, photo optical, or photoelec- tric communications facilities accessible to persons outside the United States, including transfers from electronic bulletin boards and Internet file transfer protocol and World Wide Web sites, or any cryptographic software subject to controls under this regulation unless the person making software available takes precautions as adequate to prevent unauthorized transfer of such code outside the United States . . .

15 C.F.R. § 734.2(b)(9), 61 Fed. Reg. 68578.

15. Under the EAR, licenses are also required for providing "technical assistance" (technology) to a foreign person "with the intent to aid a foreign person in the development or manufacture outside the United States of encryption commodities and software that, if of United States origin, would be controlled for 'EI' reasons under ECCN 5A002 or 5D002." 15 C.F.R. § 744.9, 61 Fed. Reg. 68584-85. This intent. however. is absent if the assistance provided is 'the mere teaching or discussion of information about cryptography, including, for example, in an academic setting, . . . even where foreign persons are present." Id.

16. Before the December 30, 1996, amendments to the EAR. all publicly available technology and software, including technology and software that (a) was, or will be published, (b) software that was distributed at cost, and (c) technology and software released through fundamental research and in academic courses, was not subject to the EAR and thus did not require a license forexport. See 15 C.F.R. § 734.3(b). 61 Fed. Reg. 12747-48 (March 25, 1996): § 732.4 (b)(3). 61 Fed. Reg. 12748; §§ 734.7-9, 61 Fed. Reg. 12749-50; § 744.9., 61 Fed. Reg. 12806.

17. Since the December 30, 1996, amendments. the public availability section, does not apply to encryption software controlled under ECCN 5D002. 15 C.F.R. Part 772 Note to ECCN 5D002. 61 Fed. Reg. 68587.

18. Encryption software and technology that are available abroad may be exempted from the EAR licensing requirements following a determination by the Under Secretary of Commerce for Export Administration. See 15 C.F.R.  768, 61 Fed. Reg. 12915-20. Since the December 30, 1996, amendments, however, the foreign availability exception does not apply to encryption items

- 4 -

controlled for EI reasons. 15 C.F.R. § 768.1, 61 Fed. Reg. 68585.

19. The EAR is administered by the Department of Commerce's Bureau of Export Administration (BXA) on a "case-by-case" basis in consultation with other agencies, including the Department of Justice. A license is required before encryption software controlled under ECCN 5E002 and encryption technology controlled under ECCN SE002 (and subject to the EAR) can be 'exported."

In order to export encryption items subject to EI controls, including software, a license application must be submitted to the Commerce Department. which will grant or deny the application based on a case-by-case determination of "whether the export * * * is consistent with U.S, national security and foreign policy interests . . . ²

20. Violations of the EAR are punishable by civil and criminal penalties. See 15 C.F.R. § 764.3, 61 Fed. Reg. 12903.

FACTS SPECIFIC TO THE PLAINTIFF

21. The plaintiff taught the course "Computers and the Law" this past cemester.

22. In the course, the plaintiff used a short "one-time pad" (OTP) encryption program. which he initially wrote in May 1993, to demonstrate how computers work and how computer cottware is covered by intellectual property law. The plaintiff's OTP program falls under the definition ot encryption software and is thus subject to control under ECCN SD002. The book used in the course, which was prepared by the plaintiff, includes the plaintiff's program, written in 8086 assembly language source code, and other encryption programs controlled under ECCN 5D002. A copy of the relevant parts of his coursebook, including the source code for the OTP program, was previously attached as Pl.'s Ex. A. A copy of the relevant parts of the version used this past semester is attached at Tab B.

____________________________

2 Letter from Commerce Department to Plaintiff's counsel, January 29. 1997 (Tab D).

- 5 -

23. During the registration period, a foreign student from Thailand registered to audit the computers and law course. After discovering that a foreign student had registered, the plaintiff spoke with Professor Katz, Director of Foreign Graduate Studies at CWRU, and told Professor Katz that allowing the student to audit the course would not avoid problems with U.S. export laws. The plaintiff refused to violate the law in order to teach it and refused to place himself or the Thai student at risk. The Thai student dropped the class and subsequently signed up for an independent study with the plaintiff. If not for the ITAR, the Thai student would have been allowed to enroll in the computers and law class.

24. The plaintiff has set up a web site located at http://samsara.law.cwru.edu. The Web site includes information about the courses that the plaintiff teaches, including "Computers and the Law." The web site is set up for his students and anyone who may be interested in his courses and other topics of interest to the plaintiff.

25. To avoid violating the ITAR or the EAR (collectively "U.S. export regulations"), the plaintiff has not published his OTP program and other encryption software on his web site and has not made them available by Internet file transfer protocol (ftp).

26. The plaintiff wanted to publish an article, "Understanding Law and Computers." on his web site that included his OTP program. He has published the article on his web site, but because of U.S. export regulations, the article does not include his OTP program or any other encryption software .

27. During the computers and law course, the plaintiff gave his students instructions to create an executable version of his OTP program (see Tab C). The students were required to create an executable version and then use it to encrypt a secret message. To avoid violating U.S. export regulations, the plaintiff did not post the instructions on his website or make them available to his students by ftp.

28. Because of U.S. export regulations, the plaintiff has not sent encryption software or technology outside the United States by email or otherwise.

- 6 -

29. During this past semester, Ms. John Tiley of Oxford Brookes University (Oxford Polytechnic), whose husband spent the semester as a visiting professor at CWRU, requested a copy of the plaintiff's course material. Because of the ITAR, the plaintiff could not give her a copy of his course book. Under the EAR, the plaintiff may send a copy of his course book and other printed material to Ms. Tiley, but cannot send them to her in electronic form (unless they are reviewed by the BXA).³

30. Because of U.S. export regulations, the plaintiff has not set up 'links" on his web site that connect directly to sites, within and without the United States, where encryption software, such as the Pretty Good Privacy (PGP) encryption program, can be downloaded.

31. Because of U.S. export regulations, the plaintiff has not posted his program or other encryption software to Internet newsgroups.

32. On January 2, 1997, the plaintiff's counsel sent a letter to counsel for the government requesting confirmation that teaching encryption software and encryption technology to foreign students in class did not require a license under the EAR (see Tab D). The letter was forwarded to the Commerce Department. which, on January 29, 1997, confirmed this point (see Tab D).

33. The plaintiff wants to publish his computers and law coursebook and other articles and course materials that contain encryption source code or object code) in electronic form, including publishing them on his web site or allowing them to be download by internet file transfer protocol ("ftp"). In its final form, the plaintiff wants to have his coursebook published on CD-ROM.

34. The plaintiff wants to publish his OTP program and other encryption source code and object code by itself (i.e., not included in course materials or law articles) on his web site or allow the code to be downloaded via ftp.

35. The plaintiff wants to send his program, course materials and other encryption software or technology that he might include in his course to foreign persons and persons outside the United

___________________________

3 See Letter from Commerce Department to Plaintiff's counsel. January 29, 1997. page 5 (Tab D).

- 7 -

States by email or any other means.

36. The plaintiff wants to set up links on his web site directly to locations on the Internet where encryption programs, such as PGP, can be downloaded.⁴

37. It is not practically possible for the plaintiff to restrict foreign access to encryption source code on his web site or through ftp transfers. Even if it were practically possible and cost effective for the plaintiff to restrict foreign access to his web site and ftp transfers, the plaintiff does not want to do so.

38. But for U.S. export regulations the plaintiff would have engaged in the activities listed above.

39. The plaintiff must apply to the BXA for a license before he can lawfully "export" his program, other encryption software and related technology subject to the EAR to all destinations other than Canada.

40. None of the encryption software or encryption information that the plaintiff wants to disclose is classified for security reasons by the United States goverrlment. All of the encryption software that he wants to disclose other than his encryption program is "publicly available'', as defined in EAR § 734.3(b)(3).

CLAIMS FOR RELIEF

Count One (EAR): First Amendment Prior restraint

41. The plaintiff realleges and incorporates herein paragraphs 1to 40 as if fully rewritten.

42. The plaintiff is prohibited from "exporting" encryption software controlled under ECCN 5D002 and encryption technology under ECCN 5E002 subject to the EAR without first applying for and obtaining a license from the BXA.

_________________________________

4 PIaintiff's counsel requested clarification of "links" to sites where encryption software can be downloaded. Plaintiff's letter to Defs.' counsel. January 2,1997, at 3 (Tab E). Conspicuously absent from the Commerce Department's letter is a response to that question. See Letter from Commerce Department to Plaintiff's counsel. dated January 29, 1997 (Tab D).

- 8 -

43. The EAR's restrictions on the export of encryption software and technology without a license or the government's approval have chilled, and continue to chill, the plaintiff's speech and have caused him to restrict his research and censor his publications and communications with foreign persons.

44. In order to apply for a license. the plaintiff must submit his material to prepublication review .

45. The EAR provides classification and advisory opinions from the BXA. 15 C.F.R. § 750.1, 61 Fed. Reg. 12829. Requests for classification opinions are to be answered within 14 days from their receipt, and requests for advisory opinions within 30 days of receipt. 15 C.F.R. § 750.2, 61 Fed. Reg. 12830. To the extent that classification and advisory opinions require submission of material, they function as prepublication reviews.

46. Any requirement that the plaintiff submit material for prepublication review absent the government going to court and demonstrating direct harm to United States national security or foreign affairs interests is presumptively unconstitutional.

47. There are no constitutionally adequate procedural safeguards to protect against abuse of discretion on the part of BXA officials responsible for licensing decisions.

48. The provisions of the EAR referred to in the paragraphs above requiring prepublication review and licenses before the "export" of encryption software and technology constitute (facially and as applied) prior restraints on publication and free expression in violation of the First Amendment to the United States Constitution.

Count Two (EAR): First Amendment Overbreadth

49. The plaintiff realleges and incorporates herein paragraphs I to 48 as if fully rewritten.

50. Most of the encryption software that the plaintiff wants to disclose is widely available on the Internet and can be downloaded at locations outside the United States and Canada.

51. The provisions of the EAR referred to in the paragraphs above control a substantial

- 9 -

amount of speech. Under the amended EAR, the public availability section, EAR § 734.3(b)(3), does not exempt software controlled under ECCN 5D002 (other than in printed form) from licensing.

52. Under the amended EAR, the procedures for exempting items on the CCL from licensing requirements on the basis of an item's foreign availability do not apply [to] encryption software and encryption technology (controlled under ECCN 5D002 and 5E002, respectively). EAR § 768. 53. The exemption of encryption software controlled under ECCN 5D002 from the public availability exception and the exemption of EI items from the foreign availability exception are arbitrary and unreasonable and result in facially overbroad restrictions of speech in violation of the First Amendment.

Count Three (EAR): First Amendment Strict Scrutiny

54. The plaintiff realleges and incorporates herein paragraphs 1 to 53 as if fully rewritten.

55. The EAR (i) treats encryption software and encryption technology less favorably than other software and technology subject to the EAR. (ii) treats encryption source code in electronic form less favorably than encryption source code in printed form, and (iii) treats certain mass market encryption software and key-recovery encryption sottware more favorably than the plaintiff's OTP program and other software that the plaintiff seeks to publish and make available on the Internet and to persons outside the United States and Canada. All of these discriminatory treatments are content-based restrictions on publication and free expression and. theretore. invalid under the First Amendment.

Count Four (EAR): Academic Freedom, Freedom of Association

56. The plaintiff realleges and incorporates herein paragraphs 1 to 55 as if fully rewritten.

57. The provisions of the EAR referred to in the paragraphs above restrict the plaintiff's right's to use the Internet to teach, research, receive and publish encryption software and technology and,

- 10 -

therefore, violate his rights of freedom of academic freedom.

58. The provisions of the EAR referred to in the paragraphs above restrict the plaintitf's rights to exchange and discuss encryption software and technology with foreign persons and, therefore. violate his rights of freedom of association.

Count Five (IEEPA): Ultra Vires and Separation of Powers

59. The plaintiff realleges and incorporates herein paragraphs 1 to 58 as if fully rewritten.

60. The IEEPA does not give the President the authority to regulate the publication of any information or informational materials, except for those "otherwise controlled for export" under 50 U.S.C. App. §§ 2404 and 2405 (to the extent such controls promote nonproliferation or antiterrorism policy). 50 U.S.C. § 1702(b)(3).

61. The IEEPA does not permit the President to regulate "any postal, telegraphic, or other personal communication which does not involve a transfer of anything of value." 50 U.S.C. § 1702(3)(b)(2). Thus, the IEEPA does not permit the President to regulat[e] noncommercial encryption software or technology.

62. The IEEPA does not permit the President to extend a state of emergency indefinitely.

63. By requiring registration and a license prior to the disclosure of unclassified encryption software or encryption technical data within the United States, the President is engaged in controlling the exchange of encryption information between persons within the United States. including the dissemination of encryption information on the internet. The President has, therefore, adopted a defacto policy of restricting the domestic dissemination of unclassified encryption information which has the direct effect of restricting the availability of encryption software within the United States.

64. Congress, and not the Executive. is constitutionally responsible for formulating and developing a domestic policy on encryption and for placing restrictions on the availability of nonmilitary encryption software and technology within the United States.

- 11 -

65. Congress has not delegated its responsibility referred to in the paragraph above to the President or the defendants under the IEEPA.

66. Thus, the defendants regulation of noncommercial and nonmilitary encryption software is ultra vires and in violation of the constitutional doctrine of separation of powers.

PRAYER FOR RELIEF

WHEREFORE. the plaintiff demands that judgment be entered against the defendants. Specifically, the plaintiff demands such declaratory, injunctive and other relief as follows:

On Count One

(1) A declaration that the provisions of the Export Administration Regulations (EAR), 15 C.F.R. Part 730 et seq., referred to in the paragraphs above that require prepublication review and a license before the 'export" of unclassified "encryption software" and "encryption technolo- gy," as those terms are defined in the EAR, are facially unconstitutional prior restraints in violation of the First Amendment.

On Count Two

(2) A declaration that the December 30, 1996, amendments to sections 15 C.F.R. § 734.3, excluding encryption software controlled under ECCN 5D002 from the public availability exception, and 15 C.F.R. § 768, EI items from the foreign availability determination, are unconstitutional in violation of the First Amendment.

On Count Three

(3) A declaration that the provisions of the EAR referred to in the paragraphs regulating encryption software and encryption technology are content-based regulations in violation of the First Amendment.

- 12 -

On Count Four

(4) A declaration that the provisions of the EAR reterred to in the paragraphs regulating encryption software and encryption technology infringe on the plaintiff's rights of academic freedom and freedom of association in violation of the First Amendment.

On Count Five

(5) A declaration that the provisions of the EAR referred to in the paragraphs regulating nonmilitary and noncommercial encryption software and encryption technology are beyond the authority vested in the President under the International Emergency Economic Powers Act (IEEPA). 50 U.S.C. §§ 1701 et seq., and are thus ultra vires and violate the constitutional doctrine of separation of powers.

On All Counts

(6) A permanent injunction enjoining the detendants and their agents, employees, attorneys, successors in office, assistants and all persons acting in concert and cooperation with them, from interpreting, applying and enforcing the Export Administration Regulations (EAR), 15 C.F.R. Part 730 et seq., to require that that the plaintiff register or obtain a license or approval from the defendants before disclosing to any other person by speech. publication or any other means or by any medium (including on the Internet), any unclassified encryption software and encryption technology presently subject to the EAR.

(7) A permanent injunction enjoining the defendants and their agents. employees, attorneys, successors in office, assistants and all persons acting in concert and cooperation with them, from interpreting, applying and enforcing the Export Administration Regulations (EAR), 15 C.F.R. Part 730 et seq., to require that any person register or obtain a license or approval from the defendants before disclosing to any other person by speech, publication or any other means or by any medium (including on the Internet), any unclassified encryption software and encryption

- 13 -

technology presently subject to the EAR.

(8) An award of attorney fees pursuant to the court's discretion or the Equal Access to Justice Act. costs and such other relief as the Court deems proper.

Respectfully submitted,

[Signature]

GINO J. SCARSELLI (0062327)
664 Allison Dr.
Richmond Hts., OH 44143-2904
(216) 291-8601

KEVIN FRANCIS O'NEILL (0010481)
Professor of Law
Cleveland-Marshall College of Law
1801 Euclid Ave. Cleveland, OH 44115
(216) 687-2286

RAYMOND VASVARI (0055538)
1300 Bank One Center
600 Superior Ave. East
Cleveland, OH 44114-2650
(216) 522-1925

Attorneys for the Plaintiff

- 14 -

CERTIFICATE OF SERVICE

The undersigned hereby certifies that a copy of the foregoing was served on February 13, 1997, upon Anthony J. Coppolino, Department of Justice. Civil Division Room 1084, 901 E Street, N.W., Washington, D.C. 20530 by Express Mail.

Respectfully submitted.

[Signature]

Gino J. Scarselli (0062327)
664 Allison Drive
Richmond Hts., OH 44143
Tel. 216-291-8601
Fax 216-291-8601

Attorney for the Plaintiff

Tab A

Digitized version of printed Presidential memorandum: http://jya.com/pm111596.txt

Digitized version of printed Executive Order 13026 in the Federal Register: http://jya.com/eo13026.txt

Digitized version of printed Bureau of Export Administration Interim rule in the Federal Register: http://jya.com/bxa123096.txt

Digitized version of printed ITAR Final regulations in the Federal Register: http://jya.com/itar123096.txt

Tab B

Digitized version of printed "Computers and the Law" excerpts: http://jya.com/pdjcatl.htm

Tab C

Tab D

Digitized version of printed Department of Commerce letter to Plaintiff's attorney: http://jya.com/docgjs.txt

Tab E

Digitized version of Plaintiff's attorney's letter to the Defendant's counsel: http://jya.com/gjsdoj.htm