We all owe djb a great deal of gratitude for this hard-won freedom. This is one of the greatest victories in hacker history. I hope to never see this stricken from the law of the land.
Code is speech.
The full opinion[1] is a good read to see the full reasoning how source code is free speech. The key conclusion:
> Thus, cryptographers use source code to express their scientific ideas in much the same way that mathematicians use equations or economists use graphs. [...] In light of these considerations, we conclude that encryption software, in its source code form and as employed by those in the field of cryptography, must be viewed as expressive for First Amendment purposes, and thus is entitled to the protections of the prior restraint doctrine. [4233-4234]
and then they proceed to dismantle the US's understanding on source code. Lot's of material I would never normally think about.
[1]: https://archive.epic.org/crypto/export_controls/bernstein_de...
We should all learn from this and understand that if we don't fight for and uphold our liberties they will be taken away from us. Every fight matters and if it wasn't for the US constitution this might have gone down very differently.
since then Daniel Bernstein lives in Germany
hi own archive on the case :
I thought he lived in the Netherlands. Doesn't he work at a Dutch university now?
I think you're thinking of Zimmermann: https://philzimmermann.com/EN/contact/index.html
No, I was just behind the times. Bernstein used to work at the university of Eindhoven, now he's at the university of Bochum, which is indeed a German city.
Thank you for keeping records, has this been archived to the Internet Archive as well?
web.archive.org is fine.
That .ph link is a tracking infected garbage, requiring JS.
Seeing any content from the original site requires JS to click on a page made to look like Cloudflare's with Google's recaptcha. Later there's mail.ru tracking among others.
curl this link and tell me that you see any text from the original website.
This wonders the question, what restrictions on including cryptography in either open-source or commercial products exist in the U.S today?
Bit of a different topic but I hope a landmark case tears down the DMCA nonsense in the U.S and other countries at some point.
See https://cryptome.org/bxa-bernstein.htm for more pushing and shoving history between the US and Bernstein.
The article feels too technical for a non-technical person. Can anyone please give a brief "Explain me like I am 5". Thanks.
US prevented publication online of encryption code on grounds of "encryption is munitions according to International Arms Treaty (enforced by US gov, natch)". Dan J Bernstein ("djb", a famous figure in encryption circles, later creating (?) Elliptic Curve Cryptography) with help from the EFF sued.
In 1999, Judge voted that, no, encryption code was "scientific expression" and thus protected by the freedoms granted by First Amendment.
There was a fair bit more back-and-forth including shifting positions by the government under various administrations, but in effect this is the case that opened the gates to better public encryption.
djb didn’t invent elliptic curve cryptography. Elliptic curve cryptography was introduced in 1985 by Victor Miller and Neal Koblitz who both independently developed the idea of using elliptic curves as the basis of a group for the discrete logarithm problem.
He did basically run the Manhattan Project for searching for ideal curves, brute forcing millions of them and testing their properties, out of which came Curve25519, which is pretty much the curve used by anyone who knows what they're doing.
https://en.wikipedia.org/wiki/Curve25519
I saw him give a really awesome talk about the process of finding Curve25519 around the time he published it, and I think the story is a lot more interesting than people realize.
A great comment from someone very knowledgeable in the field.
Which talk is that? This one seems interesting but it only has slides and (bad) audio https://cr.yp.to/talks.html#2016.03.09
https://en.wikipedia.org/wiki/NaCl_%28software%29
An awful lot of things are built on NaCl, which is probably what djb is most famous for.
"Dan J Bernstein ("djb", a famous figure in encryption circles..."
Before DJB became famous in encryption circles, he was famous for writing qmail (an SMTP mail server that was a more secure and simpler alternative to the ubiquitous sendmail).
...and daemontools. and djbdns. He was quirky about licensing for a long time, but I think has gotten over that.
And djbdns which I have fond memories of in comparison to bind nightmares
The article gets the technical details wrong. It mentions two parties sharing private keys.
Isn't that what you would expect in a private key encryption system? (in contrast to a public key encryption system like most of us are used to using)
From the article:
> His software converted a one-way “hash function” (one that takes an input string of arbitrary length and compresses it into a finite, usually shorter, string; the function has many uses in cryptography) into a private-key encryption system (one that can be decoded only by whoever holds the private “key,” or pass code). The functionality of the software depended on two people’s having exchanged their private keys.
I get what you're saying, that would typically mean encrypt with private key, and decryption with public key, like how signature algorithms work, but still, there is no cryptosystem that makes it okay to start exchanging your private keys with random parties you're communicating with, by the very definition of "private key".
The use of "private-key encryption system" here is referring to symmetrical ciphers, It's an odd use of "private-key" that's for sure.
In private-key encryption, the parties share a private key.
In public-key encryption, they share public keys.
djb gave us the best encryption cyphers, the most secure email, the best DNS and, as the article notes, free speech.
He deserves to be recognized as a gift, a wonder, to the world.
Yes, he deserves engineering prizes.
In one of his talks he shows the OpenSSH 6.5 changelog - a release in which they adopt both "his" 25519 curve and chacha20-poly1305 as new features.
I could have sworn it was Berenstain v. US…
Weird.
Unfortunately, it's not the law of the land --- it's a judicial opinion, written in water and subject to change without notice. (Which is how judicial opinion should be; this is just a good opinion that ought to be codified by the legislature.)
Too much of US law is actually judicial opinion - there should be some requirement that if a law is overturned/interpreted, that the legislature has to fix the original law (example: the Affordable Care act still insists it's not a tax even though it was ruled a tax).
> Too much of US law is actually judicial opinion
This is by 'design':
* https://en.wikipedia.org/wiki/Common_law
Not sure if it's possible to convert things:
* https://en.wikipedia.org/wiki/Civil_law_(legal_system)
The amusing thing is that most states in the USA actually incorporate all English law, usually prior to about 1600. So all those English statutes from say, 1100, like the Magna Carta, are still on the law books in the USA.
Here is Illinois:
(5 ILCS 50/1) (from Ch. 1, par. 801) Sec. 1. That the common law of England, so far as the same is applicable and of a general nature, and all statutes or acts of the British parliament made in aid of, and to supply the defects of the common law, prior to the fourth year of James the First, excepting the second section of the sixth chapter of 43d Elizabeth, the eighth chapter of 13th Elizabeth, and ninth chapter of 37th Henry Eighth, and which are of a general nature and not local to that kingdom, shall be the rule of decision, and shall be considered as of full force until repealed by legislative authority.
I feel that this whole attitude is coming from the latest Roe V Wade issue, but remember all Roe v Wade decision would be to send the power to regulate the issue of abortion back to the states.
If there is a legislative will to do something at federal level, then in an alternate system of civil law too there wouldn't be a statute allowing abortion.
In fact, without Supreme Court's Roe v Wade's 1970s decision, abortion would be pretty much illegal in the US (as it was, right before the 1970s decision).
We also owe a bit to Peter Junger (https://web.archive.org/web/20061012211535/http://samsara.la...).
He did quite a bit of work (and had a similar lawsuit) that code was speech.
He use to attend the Linux Users Groups meeting I was part of. Amazing person and really friggin' smart. Also, he was pretty good with Tex.
And Phil Zimmermann. https://en.wikipedia.org/wiki/Phil_Zimmermann#Arms_Export_Co...
Absolutely, we owe Zimmerman.
Interesting to note that both he and Bernstein no longer live on US soil.
> Code is speech.
Not all code. From the linked article:
> However, the court cautioned that not all software could be considered expressive, and thus not all source code would necessarily be protected.
No, code will be deemed whatever fits the idealogy of the judiciary. Legal reasoning is secondary except for show nowadays given the partisan majority of the supreme court. Specious and convenient reasoning abound.
The Myth of the Rule of Law - John Hasnas
Thank for the interesting book suggestion. You made my day.