Back

Bernstein v. the U.S. Department of State (2014)

121 points2 yearsbritannica.com
josh26002 years ago

We all owe djb a great deal of gratitude for this hard-won freedom. This is one of the greatest victories in hacker history. I hope to never see this stricken from the law of the land.

Code is speech.

JasonFruit2 years ago

Unfortunately, it's not the law of the land --- it's a judicial opinion, written in water and subject to change without notice. (Which is how judicial opinion should be; this is just a good opinion that ought to be codified by the legislature.)

bombcar2 years ago

Too much of US law is actually judicial opinion - there should be some requirement that if a law is overturned/interpreted, that the legislature has to fix the original law (example: the Affordable Care act still insists it's not a tax even though it was ruled a tax).

throw0101a2 years ago

> Too much of US law is actually judicial opinion

This is by 'design':

* https://en.wikipedia.org/wiki/Common_law

Not sure if it's possible to convert things:

* https://en.wikipedia.org/wiki/Civil_law_(legal_system)

+1
sandworm1012 years ago
+1
Teever2 years ago
mkovach2 years ago

We also owe a bit to Peter Junger (https://web.archive.org/web/20061012211535/http://samsara.la...).

He did quite a bit of work (and had a similar lawsuit) that code was speech.

He use to attend the Linux Users Groups meeting I was part of. Amazing person and really friggin' smart. Also, he was pretty good with Tex.

Zamicol2 years ago
zeruch2 years ago

Absolutely, we owe Zimmerman.

ur-whale2 years ago

Interesting to note that both he and Bernstein no longer live on US soil.

Lukineus2 years ago

> Code is speech.

Not all code. From the linked article:

> However, the court cautioned that not all software could be considered expressive, and thus not all source code would necessarily be protected.

formerkrogemp2 years ago

No, code will be deemed whatever fits the idealogy of the judiciary. Legal reasoning is secondary except for show nowadays given the partisan majority of the supreme court. Specious and convenient reasoning abound.

CameronNemo2 years ago

The Myth of the Rule of Law - John Hasnas

formerkrogemp2 years ago

Thank for the interesting book suggestion. You made my day.

twright2 years ago

The full opinion[1] is a good read to see the full reasoning how source code is free speech. The key conclusion:

> Thus, cryptographers use source code to express their scientific ideas in much the same way that mathematicians use equations or economists use graphs. [...] In light of these considerations, we conclude that encryption software, in its source code form and as employed by those in the field of cryptography, must be viewed as expressive for First Amendment purposes, and thus is entitled to the protections of the prior restraint doctrine. [4233-4234]

and then they proceed to dismantle the US's understanding on source code. Lot's of material I would never normally think about.

[1]: https://archive.epic.org/crypto/export_controls/bernstein_de...

john5672 years ago

We should all learn from this and understand that if we don't fight for and uphold our liberties they will be taken away from us. Every fight matters and if it wasn't for the US constitution this might have gone down very differently.

slim2 years ago

since then Daniel Bernstein lives in Germany

hi own archive on the case :

https://cr.yp.to/export.html

krylon2 years ago

I thought he lived in the Netherlands. Doesn't he work at a Dutch university now?

Zamicol2 years ago

I think you're thinking of Zimmermann: https://philzimmermann.com/EN/contact/index.html

krylon2 years ago

No, I was just behind the times. Bernstein used to work at the university of Eindhoven, now he's at the university of Bochum, which is indeed a German city.

Datagenerator2 years ago

Thank you for keeping records, has this been archived to the Internet Archive as well?

hericium2 years ago

web.archive.org is fine.

That .ph link is a tracking infected garbage, requiring JS.

+1
pabs32 years ago
roastedpeacock2 years ago

This wonders the question, what restrictions on including cryptography in either open-source or commercial products exist in the U.S today?

Bit of a different topic but I hope a landmark case tears down the DMCA nonsense in the U.S and other countries at some point.

1970-01-012 years ago

See https://cryptome.org/bxa-bernstein.htm for more pushing and shoving history between the US and Bernstein.

shmde2 years ago

The article feels too technical for a non-technical person. Can anyone please give a brief "Explain me like I am 5". Thanks.

AceJohnny22 years ago

US prevented publication online of encryption code on grounds of "encryption is munitions according to International Arms Treaty (enforced by US gov, natch)". Dan J Bernstein ("djb", a famous figure in encryption circles, later creating (?) Elliptic Curve Cryptography) with help from the EFF sued.

In 1999, Judge voted that, no, encryption code was "scientific expression" and thus protected by the freedoms granted by First Amendment.

There was a fair bit more back-and-forth including shifting positions by the government under various administrations, but in effect this is the case that opened the gates to better public encryption.

gonzo2 years ago

djb didn’t invent elliptic curve cryptography. Elliptic curve cryptography was introduced in 1985 by Victor Miller and Neal Koblitz who both independently developed the idea of using elliptic curves as the basis of a group for the discrete logarithm problem.

px432 years ago

He did basically run the Manhattan Project for searching for ideal curves, brute forcing millions of them and testing their properties, out of which came Curve25519, which is pretty much the curve used by anyone who knows what they're doing.

https://en.wikipedia.org/wiki/Curve25519

I saw him give a really awesome talk about the process of finding Curve25519 around the time he published it, and I think the story is a lot more interesting than people realize.

+1
zahllos2 years ago
kzrdude2 years ago

Which talk is that? This one seems interesting but it only has slides and (bad) audio https://cr.yp.to/talks.html#2016.03.09

dsr_2 years ago

https://en.wikipedia.org/wiki/NaCl_%28software%29

An awful lot of things are built on NaCl, which is probably what djb is most famous for.

pmoriarty2 years ago

"Dan J Bernstein ("djb", a famous figure in encryption circles..."

Before DJB became famous in encryption circles, he was famous for writing qmail (an SMTP mail server that was a more secure and simpler alternative to the ubiquitous sendmail).

pjz2 years ago

...and daemontools. and djbdns. He was quirky about licensing for a long time, but I think has gotten over that.

kapilvt2 years ago

And djbdns which I have fond memories of in comparison to bind nightmares

smugma2 years ago

The article gets the technical details wrong. It mentions two parties sharing private keys.

cout2 years ago

Isn't that what you would expect in a private key encryption system? (in contrast to a public key encryption system like most of us are used to using)

px432 years ago

From the article:

> His software converted a one-way “hash function” (one that takes an input string of arbitrary length and compresses it into a finite, usually shorter, string; the function has many uses in cryptography) into a private-key encryption system (one that can be decoded only by whoever holds the private “key,” or pass code). The functionality of the software depended on two people’s having exchanged their private keys.

I get what you're saying, that would typically mean encrypt with private key, and decryption with public key, like how signature algorithms work, but still, there is no cryptosystem that makes it okay to start exchanging your private keys with random parties you're communicating with, by the very definition of "private key".

woobilicious2 years ago

The use of "private-key encryption system" here is referring to symmetrical ciphers, It's an odd use of "private-key" that's for sure.

yencabulator2 years ago

In private-key encryption, the parties share a private key.

In public-key encryption, they share public keys.

rasengan2 years ago

djb gave us the best encryption cyphers, the most secure email, the best DNS and, as the article notes, free speech.

He deserves to be recognized as a gift, a wonder, to the world.

kzrdude2 years ago

Yes, he deserves engineering prizes.

In one of his talks he shows the OpenSSH 6.5 changelog - a release in which they adopt both "his" 25519 curve and chacha20-poly1305 as new features.

lurquer2 years ago

I could have sworn it was Berenstain v. US…

Weird.