96 NOV 7 AM 11:23

UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF OHIO
EASTERN DIVISION 

PETER D. JUNGER,                  )      CASE NO. 96 CV 1723
                                  )
     Plaintiff                    )                     
                                  )      JUDGE NUGENT
     v.                           )               
                                  )      
WARREN CHRISTOPHER, et al.        )
                                  )
     Defendants.                  )

STATEMENT OF ISSUES, POINTS AND AUTHORITIES
IN ANTICIPATION OF ORAL ARGUMENTS

GINO J. SCARSELLI (0062327)
664 Allison Dr.
Richmond Hts., OH 44143-2904
(216)291-8601

RAYMOND VASVARI (0055538)
1300 Bank One Center
600 Superior Ave. East
Cleveland,OH 44114-2650
(216)522-1925

KEVIN FRANCIS O'NEILL (0010481)
Professor of Law
Cleveland-Marshall College of Law
1801 Euclid Ave.
Cleveland, OH 44115
(216)687-2286


SUMMARY OF THE PLAINTIFF'S POSITION

The International Traffic in Arms Regulations, ("ITAR," "the regulations"), 22 C.F.R. §§ 120 et seq. (1995), require a license or other government approval before the communication or exchange of a certain kind of information, cryptographic software and technical data.

The regulations cover a wide range of communication, including what passes among students, professors and researchers. Although the government asserts that the regulations do not control academic teaching and research, it has repeatedly criticized Professor Junger for not submitting for review an encryption program, which he wrote and uses to teach law students how cryptography works and why it has important legal and political consequences.1 This is the hallmark of not just a licensing scheme, but a censorship scheme.

Professor Junger argues that the regulations amount to an unconstitutional system of overbroad and vague prior restraints. They are not sufficiently clear, vest far too much discretion in administrative officials and do not provide the minimum safeguards that are necessary whenever the government licenses speech. Thus, the proper analysis for this case is found in the Supreme Court decisions addressing licensing and censorship schemes2 rather than United States v. O'Brien and its progeny.3

_______________________

1 Defs. First Br. at 8, 10 n.9; Defs.' Second Br. at 11.

2 Freedman v. Maryland, 380 U.S. 51 (1965); City of Lakewood v. Plain Dealer Publishing Co., 486 U.S. 750 (1988); FW/PBS. Inc. v. Dallas, 493 U.S. 215 (1990).

3 United States v. O'Brien, 391 U.S. 367 ( 1968); Clark v. Community for Creative Non-Violence, 468 U.S. 288 (1984); Ward v. Rock Against Racism, 491 U.S. 781 (1989).

1

ISSUES

Prof. Junger challenges those provisions of the ITAR, as written and as would be applied to his conduct, that require a license or some other government approval before disclosing cryptographic software or technical data. The following are principal standing and First Amendment issues that plaintiff respectfully suggests ought to be addressed at oral argument:

Standing Issues

I. Prof. Junger has alleged that he cannot disclose at least some cryptographic information (either cryptographic software or technical data) to foreign persons or place some of the information on the internet without a license. Does Prof. Junger have standing to challenge the regulations? Or must he first apply for a license?



First Amendment Issues

II. As a threshold matter, is source code and object code expression or so closely related to expression that is protected by the First Amendment?

III. There is no dispute that certain cryptographic software and technical data is subject to licensing under ITAR. Do the licensing requirements amount to a system of unconstitutional prior restraints?

IV. The government has asserted that export controls on cryptographic software and technical data are necessary to protect its ability to gather foreign intelligence. Do the regulations control a substantial amount of protected expression that is unrelated to the government's stated purpose?

V. Notwithstanding that all statutes and regulations are imbued with some ambiguity, are these regulations sufficiently clear to persons of ordinary intelligence?

2

POINTS AND AUTHORITIES SUPPORTING PLAINTIFF'S ARGUMENTS

I. Prof. Junger has Standing to Challenge the Regulations and He is not Required to Apply for a License.

Prof. Junger is teaching "Computers and the Law" this semester. He has given his students a copy of his encryption program, or more precisely, a representation of machine code with instructions on how to create a functioning program. He has also given his students instructions on how to use it to encrypt and decrypt messages. His program and the instructions are presumably subject to licensing. See Crowell Decl. ¶ 14; Lowell Decl. ¶ 17.

Notwithstanding the exemption for "general scientific, mathematical or engineering principles" in 22 C.F.R. 120.10(a)(5), Prof. Junger is not sure if giving foreign students a copy of his program and the instructions constitutes the "export" of a defense article, technical data or a defense service. See 22 C.F.R. 120.6, 120.9(a), 120.10(a) and 120.17(a). He wants foreign students to take the class, but does not want to change what or how he teaches, as others have. See Pl.'s Ex. U, Blaze Decl. ¶ 15. Yet he cannot let foreign students enroll if it poses a risk to himself or them. Foreign students would be at risk if, for example, they disclosed course materials that include cryptographic software to other foreign students or returned home with the materials in hand. As a consequence, a foreign student from Thailand was not allowed to enroll in the class. Significantly, the exclusion of foreign students from the class is supported by the law school administration. See Pl.'s Ex. S, Katz Decl., and Ex. T, Leatherberry Decl.

Before the beginning of this semester, Prof. Junger set up a World Wide Web ("Web") site (at http://samsara.law.cwru.edu). He has posted course materials and other information for his students and anyone else who might be interested. But he has refrained from posting cryptographic software and technical data.

Prof. Junger has legitimately refrained, and continues to retrain, from conduct protected by the First Amendment that the government admits might be subject to licensing. See Lowell

3

Decl. ¶ 17. Thus, Prof. Junger has satisfied the constitutional injury requirement.

He has also satisfied the ripeness requirement. He may challenge the regulations facially without having to apply for a license.4 City of Lakewood v. Plain Dealer Publishing Co., 486 U.S. 750, 755-56 (citing Freedman v. Maryland, 380 U.S. 51 , 56 ( 1965)). Moreover, since he challenges the regulations on First Amendment overbreadth grounds, he has standing to raise the rights of third parties not before the Court. See, e.g., Airport Comm'rs v. Jews for Jesus. Inc., 482 U.S.569,574(1987).

II. Source Code and Object Code are Protected by the First Amendment.

There is no dispute that technical data other than what is ordinarily thought of as software, source code and object (machine) code, is protected expression. The threshold question then is whether source code and object code are also protected under the First Amendment. In Bernstein v. Dept. of State, Judge Patel held that source code and object code were speech because they share the expressive characteristics of natural languages and were protected as literary works by copyright law. 922 F.Supp 1426, 1434-36 (N.D. Calif. 1996).

In addition to the reasons given by Judge Patel, code that actually encrypts deserves First Amendment protection apart from its own expressive content. Code that actually encrypts can be used to keep other communication secret and confidential. To the extent that source code and object code have a function, that function is to protect the secrecy and confidentiality of other communication. For this reason alone, cryptographic computer code deserves First Amendment protection. As a means of protecting confidentiality and furthering other communication. cryptographic code is no different than the newsracks at issue in Lakewood or the ink and paper at issue in Minneapolis Star & Tribune Co. v. Comm. of Revenue, 460 U.S. 575 ( 1983).

_________________________

4 As a practical matter, it is not clear how he could petition for a license every time he wants to disclose cryptographic software and technical data in class or on his Web site.

4

III. ITAR's Licensing Scheme is a Classic Prior Restraint.

Any requirement that a person must first seek a license or other government approval before publishing or disclosing protected expression is a classic prior restraint. Near v. Minnesota, 283 U.S. 697 (1931).

In the present case. there is no dispute that certain cryptographic software and technical data is subject to licensing under ITAR. See Defs.' First Br. at 17; Lowell Decl. ¶¶ 17, 20. Before Prof. Junger (or anyone else) discloses certain cryptographic software or technical data to foreign persons or on the internet, he must submit the information to review. In most instances, he cannot be sure if a particular disclosure is subject to licensing so he would be forced to file a commodity jurisdiction request. In those instances where he is reasonably sure, he would have to register, for a fee, and apply for one of the specific licenses described in Parts 123-25. In either case, he would have to petition the government or risk violating the law. Thus, there is no question that ITAR s controls on cryptography amount to a licensing scheme.

Any licensing scheme--whether content-based or content-neutral--must provide at least definite and reasonable time restraints within which the licensor must decide whether to issue a license and expeditious judicial review if the license is denied. FW/PBS. Inc. v. City of Dallas, 493 U.S. at 215, 227-29. If the licensing scheme is also content-based or vests excessive discretion in the licensor, then the regulations are presumptively invalid, and the government has the additional burden of going to court and proving its case. Id. In this case, the government would  have to do more than assert general national security concerns. The government would have to establish that a particular disclosure would cause "direct, immediate, and irreparable harm." New York Times Co. v. United States, 403 U.S. 713, 730 (Stewart, J., concurring).

The plaintiff has argued that these regulations are content-based and vest excessive discretion in administrative officials. Pl.'s First Br. at 14, 19-23; Pl.'s Second Br. (Corrected) at

5

22-28. This Court, however, does not need to reach those issues because ITAR does not set any reasonable time limits and does not provide expeditious judicial review.5 Outside of constitutional challenges, 2778(h) of the Arms Export Control Act ("AECA") bars judicial review of agency decisions. Karn v. U.S. Dept. of State, 925 U.S. 1, 7-9 (D.D.C. 1996)(appeal docketed).

The government argues that the restrictions, at least on cryptographic software, are properly analyzed as content-neutral regulations under intermediate scrutiny. But this ignores the Supreme Court's rulings in Lakewood and FW/PBS and the fact that ITAR is a licensing scheme. Following Lakewood and FW/PBS, the proper inquiry regarding content in a licensing case is not whether intermediate or strict scrutiny applies, but whether two or all three of the Freedman safeguards are required. Since the regulations fail to provide any of the three Freedman safeguards, they are unconstitutional.

III. The Regulations are Substantially Overbroad Because They Reach Protected Expression that is Unrelated to the Government's Interest.

Assuming that there is a clear distinction between cryptographic software and technical data and that the decision in United States v. Edler Industries, 579 F.2d 516 (9th Cir. 1978), cured any overbreadth problems with the regulation of technical data, there is still substantial overbreadth in the ITAR.6 The exemptions that are presumably available for technical data do not apply to whatever is labeled "cryptographic software." See Lowell Decl. at 9 n.3.

Thus, the regulations apply to software that a person wants to place in the public domain.

_______________________

5 The lack of reasonable and specific time restraints has adversely effected three of the declarants. See Pl. s Ex. K, Bernstein Decl. ¶¶ 17-41; Pl.'s Ex. O. Johnson Decl. ¶¶ 26-31; Pl.'s Ex. M. Miller Decl. ¶¶ 26-44.

6   As noted, this assumption was rejected by the Justice Department' s Office of Legal Counsel in 1984, seven years after Edler, in a memorandum reviewing a proposed draft of the ITAR substantially similar to the present version., See Pl.'s Ex E, OLC Memorandum dated July 5, 1984.

6



See Pl.'s Ex. C, Demberger Decl. and attached letters. They also apply to cryptographic software that is already available overseas. And because the same software has to be used between persons who want keep their communications confidential, the regulations limit what people will say and send over the internet. See Pl.'s Ex. Q, Bishop Decl. ¶¶ 10-13.

There is no satisfactory reason why controls on cryptographic software that is already available on the internet at overseas sites or has nothing to do with military applications threatens the national security interests of the United States. Granted that the export overseas of some cryptographic software would pose a threat to national security, the case cannot be made for the broad controls under ITAR.

IV. The Regulations are Impermissibly Vague such that They Do Not Provide Persons of Ordinary Intelligence Adequate Notice of the Law.

The undue discretion vested in the officials that administer the ITAR is inherent in the way the regulations have been drafted. The plaintiff has argued that vagueness problems are caused by the lack of clarity in the definitions of "software," "export," "general principles" and "public domain" themselves and the circularity of the definitions of "defense article.'' 'technical data" and 'defense service." Pl.'s First Br. at 17-23; Pl.'S Second Br. at 8-13, 32-35. Taken as a whole, the regulations are a circular maze and allow government officials to make distinctions based on the medium of the information, e.g., regulation of the disk but not the book APPLIED CRYPTOGRAPHY, and the manner of disclosure, e.g., regulation of the domestic postings to the internet, that appear nowhere in the regulations.

The regulations must be understandable to persons "of common intelligence." Connally v. General Construction Co., 269 U.S. 385. 391 ( 1926). This is not the case here. As part of its findings, the National Research Council noted the uncertainty regarding the definitions in the ITAR, in particular, the definitions of "export" and "technical data." See Pl.'s Ex. B2. NRC Report at 4-16, 4-30-31.

7

The circularity of the categorical terms, "defense article," "technical data" and "defense service," are not just confusing in their own right. They determine the scope of the other provisions, in particular, the public domain exemption:

What about technical data related to cryptography? Even if cryptographic software requires a license . . ., isn't cryptographic technical data exempt from controls if it is "information in the public domain?" This Argument suffers from two flaws. First, technical data related to cryptography is covered by Category XIII(k). Thus, exports of cryptographic technical data require a license under Part 123 [license requirements for unclassified defense articles]. In effect, Category XIII(k) trumps Section 125.1(a)[license requirements for technical data].

Second, even if software were considered information for purposes of Section 125.1(a), Part 124, which controls exports of defense services. recaptures any technical data that might escape control by virtue of the public domain exemption. . . .

. . . Does this mean the [public domain] exemption is entirely empty? No. Presumably, the exemption still applies to general scientific, mathematical, or engineering principles and basic marketing information. But even these types of information are exempt only to the extent that they do not cross over into Category XIII(b) defense articles [i.e.. cryptographic software] or Category XIII(k) related technical data or defense services.

Ira. S. Rubenstein, Export Controls on Encryption Software in COPING WITH U.S. EXPORT CONTROLS, PLI Commercial Law Series No. A-705 at 14-15 (1994) (second emphasis added).

Thus, the regulations are not sufficiently clear to meet the requirements of the First Amendment.

Respectfully submitted,

[Signature]

GINO J. SCARSELLI (0062327)
664 Allison Dr.
Richmond Hts., OH 44143-2904
(216)291-8601

RAYMOND VASVARI (0055538)
1300 Bank One Center
600 Superior Ave. East
Cleveland,OH 44114-2650
(216)522-1925

KEVIN FRANCIS O'NEILL (0010481)
Professor of Law
Cleveland-Marshall College of Law
1801 Euclid Ave.
Cleveland, OH 44115
(216)687-2286

8

CERTIFICATE OF SERVICE

The undersigned hereby certifies that a copy of the foregoing was served on November 6, 1996, upon Anthony J. Coppolino, Department of Justice, Civil Division Room 1084, 901 E Street, N.W., Washington, D.C. 20530 by express mail.

Respectfully submitted,

[Signature]

Gino J. Scarselli (0062327)
664 Allison Drive
Richmond Hts., OH 44143
Tel. 216-291-8601
Fax 216-291-8601

Attorney for the Plaintiff