NO. 97-16686
    
   
     _________________________________________________________________
   
    IN THE UNITED STATES COURT OF APPEALS
    FOR THE NINTH CIRCUIT
    ______________________________________
    
DANIEL J. BERNSTEIN,
Plaintiff-Appellee,

                                      V.
                                       
U.S. DEPARTMENT OF COMMERCE et al.,
Defendants-Appellants.

    ______________________________________
    
  ON APPEAL FROM THE UNITED STATES DISTRICT COURT
  FOR THE NORTHERN DISTRICT OF CALIFORNIA
  
    ______________________________________
    
    BRIEF OF MAYNARD ANDERSON;
    D. JAMES BIDZOS; NATIONAL COMPUTER SECURITYASSOCIATION;
    MARK RASCH; RSA DATA SECURITY, INC.;
    DR. EUGENE SPAFFORD; AND DR. ROSS STAPLETON-GRAY,
    AS AMICI CURIAE IN SUPPORT OF APPELLEE
    DANIEL J. BERNSTEIN
    
    ______________________________________
    
    Brian Conboy
    Michael H. Hammer
    Andrew R. D'Uva
    Gunnar D. Halley
    
    WILLKIE FARR & GALLAGHER
    Three Lafayette Centre
    1155 21st Street, N.W., Suite 600
    Washington, D.C. 20036-3384
    (202) 328-8000
    
   
     _________________________________________________________________
   
TABLE OF CONTENTS

   
   
   TABLE OF AUTHORITIES ii
    1. STATEMENT OF INTEREST
    2. SUMMARY OF ARGUMENT
    3. THE GOVERNMENT'S MERE ASSERTION OF A NATIONAL SECURITY INTEREST
       CAN JUSTIFY NEITHER A PRIOR RESTRAINT NOR A CONTENT-NEUTRAL
       RESTRICTION ON SPEECH.
    4. ALTHOUGH THE GOVERNMENT HAS A STRONG INTEREST IN PRESERVING
       NATIONAL SECURITY, THE ENCRYPTION EXPORT CONTROL REGULATIONS DO
       NOT FURTHER THIS INTEREST AND, IN FACT, MAY UNDERMINE NATIONAL
       SECURITY.
          + A. The Widespread Foreign Availability Of Strong Encryption
            Renders The EAR Ineffective.
          + B. The Print Exception Further Undermines The Government's
            Stated Position That The EAR Preserve National Security
            Interests.
          + C. The EAR Reduce The Availability And Use Of Strong
            Encryption Software Domestically, Which, In Turn, Impairs
            National Security.
         1. The EAR Reduce The Development, Availability, And Use Of
            Strong Encryption Within The United States, Making The
            Critical Infrastructure More Vulnerable To Attack.
         2. The EAR Hinder The Continued Growth Of Electronic Commerce,
            An Increasingly Important Sector Of the Economy That Is Vital
            To National Security.
    5. CONCLUSION
       
   
   
   ADDENDUM
     _________________________________________________________________
   
TABLE OF AUTHORITIES

  CASES
     * Bantam Books, Inc. v. Sullivan, 372 U.S. 58 (1963) 15
     * Bernstein v. United States Dep't. of State, 974 F. Supp. 1288
       (N.D. Cal. 1997) 13, 15, 32
     * Haig v. Agee, 453 U.S. 280 (1981) 16
     * Near v. Minnesota, 283 U.S. 697 (1931) 15, 16
     * New York Times Co. v. United States, 403 U.S. 713 (1971) 16
     * Reno v. ACLU, 117 S. Ct. 2329 (1997) 46
     * Turner Broadcasting Sys., Inc. v. FCC, 512 U.S. 622 (1994) 17
     * United States v. National Treasury Employees Union 513 U.S. 454
       (1995) 17
       
  STATUTES
     * 50 U.S.C. app. 2401 et seq. 15
       
  RULES AND REGULATIONS
     * 15 C.F.R. Sect. 730 et seq. (1997) 12, 15, 31
     * Exec. Order No. 13,010, 3 C.F.R. 198 (1996) 37
     * 61 Fed. Reg. 68,575 (1996) 31
       
  LEGISLATIVE MATERIALS
  
   143 Cong. Rec. at S10,880 (daily ed. Oct. 21, 1997) (statement of U.S.
          Senate Majority Leader Trent Lott) 29, 39
          
   Report of the Commission on Protecting and Reducing Government
          Secrecy, S. Doc. No. 105-2 (1st Sess. 1997) 16, 17
          
   Hearing on Economic Espionage Before the Senate Select Comm. on
          Intelligence and Senate Comm. on the Judiciary, Subcomm. on
          Terrorism, Tech. & Gov't Espionage
          104th Cong., 2d Sess. (Feb. 28, 1996) (statement of Louis J.
          Freeh, FBI Director), available in LEXIS,Legis Library, Cngtst
          File 40, 41
          
   Hearing on Online Security Issues Before the Senate Subcomm. on
          Science, Technology and Space,
          104th Cong., 2d Sess. (June 26, 1996) (testimony of Barbara
          Simons, USACM, IBM-Santa Teresa Laboratories), available in
          LEXIS, Legis Library, Cngtst File 27
          
   The Security & Freedom through Encryption (SAFE) Act: Hearing on H.R.
          3011 Before the House Comm. on the Judiciary
          104th Cong., 2d Sess. (Sept. 25, 1996) (testimony of Melinda
          Brown, VP and General Counsel of Lotus Development Corp.),
          available in LEXIS, Legis Library, Cngtst File 47
          
   The Security & Freedom through Encryption (SAFE) Act: Hearing on H.R.
          3011 Before the House Comm. on the Judiciary
          104th Cong., 2d Sess. (Sept. 25, 1996) (testimony of
          Congresswoman Zoe Lofgren), available in LEXIS, Legis Library,
          Cngtst File 29, 30
          
   Hearing on Encryption Control Relief for Software with Encryption
          Capabilities Before the Senate Comm. on Commerce, Science, &
          Transp.
          105th Cong., 1st Sess. (Mar. 19, 1997) (statement of Robert
          Holleyman, President, Business Software Alliance) 20
          
   The Security & Freedom through Encryption (SAFE) Act: Hearing on H.R.
          695 Before the House Courts & Intellectual Subcomm. of the
          Comm. on the Judiciary
          105th Cong., 1st Sess. (Mar. 20, 1997) (testimony of Ira
          Rubinstein, Senior Corporate Attorney, Microsoft Corp.),
          available in LEXIS, Legis Library, Cngtst File passim
          
   The Security & Freedom through Encryption (SAFE) Act: Hearing on H.R.
          695 Before the House Subcomm. on Telecomm., Trade & Consumer
          Protection of the Comm. on Commerce,
          105th Cong., 1st Sess. (Sept. 4, 1997) (testimony of George A.
          Keyworth, II, Chairman, Progress & Freedom Foundation),
          available in LEXIS, Legis Library, Cngtst File 25
          
   Hearing on Financial Privacy Before the House Subcomm. on Fin.
          Institutions & Consumer Credit Comm. on Banking
          105th Cong., 1st Sess. (Sept. 18, 1997) (testimony of Jill A.
          Lesser, Deputy Director, Law and Public Policy, America Online,
          Inc.), available in LEXIS, Legis Library, Cngtst File 45, 46
          
  OTHER AUTHORITIES
  
   Cahners Business Confidence Index Rises to 67.4 in Feb.
          Dow Jones News Service, Feb. 24, 1997, available in WL, USNEWS
          File, 2/24/97 DJNS 44, 45
          
   Dorothy E. Denning & William E. Baugh, Jr., Encryption and Evolving
          Technologies: Tools of Organized Crime and Terrorism
          (National Strategy Information Center, Washington, D.C. 1997)
          23
          
   Christopher Guly, Encryption's Future Grows More Complex,
          Financial Post, Sept. 13, 1997, at T17, available in LEXIS,
          News Library, Finpst File 46, 47
          
   Forrester Research Inc., E-Commerce Revs Up
          PC Week, Dec. 23, 1996, available in 1996 WL 14277478 45
          
   Information Security: Computer Attacks at Department of Defense Pose
          Increasing Risks
          General Accounting Office Report No. AIMD-96-84 (May 22, 1996)
          40
          
   Is Our Country Vulnerable to Cyberattack?
          (ABC World News Tonight, Oct. 22, 1997), available in LEXIS,
          News Library, ABCNew File 38
          
   Marcia MacLeod, Hitting at the Code of American Misconduct
          The Times of London, Oct. 29, 1997, available in 1997 WL
          9239456 28
          
   Memorandum from Ray Pollari, Acting Deputy Assistant Secretary of
          Defense to the Acting Assistant Secretary of Defense of Apr.
          30, 1993
          reprinted in The Electronic Privacy Papers at 627 21
          
   Alfred J. Menezes et al., Handbook of Applied Cryptography (1997) 23
          
   Benedict Monroe & Chia Swee Hon, Singapore-Information Technology
          Services,
          IT Market IS970710.300 (July 1, 1997) 27 , 28
          
   National Research Council, Cryptography's Role in Securing the
          Information Society
          (Kenneth W. Dam & Herbert S. Lin eds. 1996) passim
          
   National Research Council, Finding Common Ground: U.S. Export Controls
          in a Changed Global Environment (1991) 25
          
   New Technology for Aberdeen Means Letter Sorting at the Speed of
          Light,
          Origin Universal News Services Limited, May 28, 1997,available
          in LEXIS, News Library, Curnws File 32
          
   Remarks of President William J. Clinton at Defense Conversion Ceremony
          at California State University, Monterey Bay, California (Sept.
          4, 1995)
          available in LEXIS, News Library, Script File 42
          
   Remarks of President William J. Clinton at Panel Discussion in
          Columbus, Ohio(Oct. 20, 1995)
          available in LEXIS, News Library, Script File 42
          
   Remarks of William J. Clinton at the Knoxville Auditorium Coliseum
          (Oct. 10, 1996)
          available in LEXIS, News Library, Script File 43
          
   Remarks of Albert Gore at the National Urban League Annual Conference,
          Washington, D.C.
          (Aug. 6, 1997), available in LEXIS, News Library, Script File
          43
          
   Report of the President's Commission on Critical Infrastructure
          Protection
          Critical Foundations: Protecting America's Infrastructures
          (Oct. 1997) 38
          
   Bruce Schneier & David Banisar, The Electronic Privacy Papers (1997)
          21
          
   Barbara Starr, 'Legal' Espionage Hits U.S. High-Technology Targets
          Jane's Defence Weekly, Sept. 17, 1997, available in LEXIS, News
          Library, Jandef File 40, 41
          
   Trusted Information Systems Worldwide Survey of Cryptographic Products
          (Jan. 17, 1997) 19
          
   United States Dep't of Commerce & National Security Agency, A Study of
          the International Market for Computer Software with Encryption,
          
          reprinted in part in The Electronic Privacy Papers at 629
          passim
          
   Miles Weiss, Microsoft in Pursuit of Internet Talent, Austin
          American-Statesman, May 26, 1997, 
          available in 1997 WL 2824975 45
          
   
     _________________________________________________________________
   
   
   
   Maynard Anderson, D. James Bidzos, National Computer Security
   Association, Mark Rasch, RSA Data Security, Inc., Dr. Eugene Spafford,
   and Dr. Ross Stapleton-Gray hereby respectfully submit this Brief
   Amici Curiae in support of Appellee Daniel J. Bernstein. Pursuant to
   Federal Rule of Appellate Procedure 29, Appellants and Appellee have
   consented to the filing of this Brief Amici Curiae. The letters
   indicating this consent are being filed simultaneously with the Clerk
   of the Court.
   
I. STATEMENT OF INTEREST

   
   
   Amici curiae Maynard Anderson, D. James Bidzos, National Computer
   Security Association, Mark Rasch, RSA Data Security, Inc., Dr. Eugene
   Spafford, and Dr. Ross Stapleton-Gray are a group of individuals and
   organizations united in their view that the Export Administration
   Regulations ("EAR") at issue in this case constitute an
   unconstitutional prior restraint on plaintiff's speech, and that the
   Court should affirm the District Court's decision. Amici as a group
   bring to the core issue in the case particular knowledge of the
   effects which the regulations can have in the real worlds of national
   security, law enforcement, and electronic commerce. As professionals
   working in fields which utilize or are related to encryption
   technology and computer science, they all have a direct and
   substantial interest in this matter. They believe that while there
   are, quite clearly, legitimate governmental interests at stake here,
   the Government must be required to demonstrate and justify the need
   for these constraints in theory, as well as in fact, and that it
   failed to do so in the District Court.
   
   Amici believe that the way the Court resolves the constitutional
   issues posed by the EAR can have important implications for academic
   freedom and scientific advancement, social welfare, national security,
   and international commerce in a global communications environment that
   is moving beyond all of history's previous information technologies.
   
   Maynard Anderson is currently the President and Managing Director of
   Arcadia Group Worldwide, Inc. As a long-time former government
   official in the national security field, Mr. Anderson is concerned
   that the EAR may not be serving the best interests of U.S. national
   security. Currently, Mr. Anderson is engaged in advising U.S.
   companies on a variety of security matters, including the export of
   cryptographic systems. His freedom to assist foreign clients with
   technical matters of encryption and related technologies is burdened
   by the EAR.
   
   As Acting Deputy Under Secretary of Defense for Security Policy, Mr.
   Anderson was responsible for providing staff advice and assistance to
   the Under Secretary of Defense for Policy and the Secretary of Defense
   in the development of overall defense policy for international
   security programs, national disclosure policy, special access
   programs, and NATO security. This position involved him in emergency
   planning and preparedness, crisis management, and special and
   sensitive activities. He chaired the committee which determines what
   classified weapons systems the U.S. will share with foreign countries.
   
   
   Formerly, Mr. Anderson served as the Assistant Deputy Under Secretary
   of Defense (Counterintelligence and Security) with responsibilities
   for the management of Department of Defense ("DoD") investigative,
   security, and counterintelligence programs. He served as the focal
   point for such policy matters within the DoD and oversaw worldwide DoD
   counterintelligence activities.
   
   As Director for Security Plans and Programs, Office of the Deputy
   Undersecretary of Defense for Policy, he had responsibilities for
   reviewing and formulating policies that govern DoD security practices
   and programs and served as the United States Representative to the
   NATO Security Committee.
   
   Mr. Anderson has received two Presidential Rank Awards of Meritorious
   Executive and the DoD Distinguished Civilian Service Award for
   exceptional contributions to the national security.
   
   Mr. Anderson has lectured and written extensively on various aspects
   of strategic planning, counterintelligence, security concepts,
   philosophies, and disciplines, as well as national security issues. He
   was a lecturer and seminar leader at the 1996 Nobel Peace Prize Forum
   and an advisor to the Commission on Protecting and Reducing Government
   Secrecy chaired by Senator Daniel Patrick Moynihan.
   
   D. James Bidzos is the President and Chief Executive Officer of RSA
   Data Security, Inc. Under his leadership, RSA has become the worldwide
   de facto standard for encryption. RSA encryption is included in such
   products as Netscape Navigator, Lotus Notes, Novell Netware, Intuit's
   Quicken, and Microsoft Windows 95. Moreover, products from IBM, AT&T,
   Lotus, Sun, DEC, Novell, Netscape, Spyglass, and over three hundred
   others incorporate RSA's technology. Over 100 million copies of RSA's
   software are in use today. The EAR burden the First Amendment rights
   of Mr. Bidzos and RSA in a manner similar to the way in which Mr.
   Bernstein's rights are burdened by restricting the export of RSA's
   encryption software to foreign countries. Moreover, their freedom to
   discuss technical matters of encryption and related technologies with
   foreign customers-- which is critical to their livelihood -- is
   restricted by the EAR.
   
   After a 1996 merger between Security Dynamics and RSA, the Security
   Dynamics Board of Directors elected Mr. Bidzos as a director and
   executive vice president of the company. In early 1995, Mr. Bidzos
   founded VeriSign and currently serves as Chairman of the Board.
   VeriSign is the world's leading provider of products and services that
   allow for the identification of parties on the other end of an
   electronic transaction or session on the Internet.
   
   Mr. Bidzos is a member of the Board of Directors of the Electronic
   Privacy Information Center ("EPIC"), an organization which seeks to
   protect individual rights to privacy in cyberspace. Mr. Bidzos has
   testified on several occasions before the U.S. House of
   Representatives and the U.S. Senate on behalf of the U.S. computer
   industry, and has given hundreds of talks and speeches around the
   world.
   
   National Computer Security Association ("NCSA"): NCSA is an
   independent organization with over 3,000 corporate members that
   strives to improve security and confidence in global computing through
   awareness and the continuous certification of products, systems, and
   people. NCSA promotes continuous improvement of commercial digital
   security by applying the NCSA Risk Framework and NCSA Continuous
   Certification model to certification, research, and related
   activities. NCSA services include security-related research,
   conferences, publications, professional membership, vendor and user
   based consortia, and certification.
   
   NCSA currently hosts and manages six vendor-oriented consortia
   including CPC -- The Cryptography Product Consortium -- whose
   membership includes most worldwide vendors of cryptographic security
   products. Other NCSA security product-related consortia include: AVPD
   -- The Anti-Virus Product Developer's Consortium, whose membership
   includes essentially all vendors of anti-virus products; the Firewall
   Product Developer's Consortium, whose membership includes essentially
   all vendors of Internet Firewalls; ISPSec -- the Internet Service
   Provider Security Consortium, which has essentially all large
   (backbone) ISPs as members; SIFT -- Secure Internet Filtering
   Technologies Consortium; and BPC -- The Biometric Product Consortium.
   
   Additionally, NCSA currently hosts two significant
   corporate-end-user-oriented consortia: FISC -- The Financial
   Information Security Consortium -- which has mainly medium and large
   banks as members; and Medisec -- The Medical Information Security
   Consortium.
   
   NCSA is concerned about the national security implications of the weak
   domestic infrastructure that results from the lack of available strong
   encryption products, and believes that the security and First
   Amendment rights of its members are compromised by the EAR.
   
   Mark Rasch is Director of Information Security Law and Policy in the
   Center for Information Protection at Science Applications
   International Corporation in McLean, Virginia. He is interested in
   this case on multiple levels. Mr. Rasch advises banks, insurance
   companies, and Fortune 100 companies both domestically and abroad
   concerning computer security, information protection, digital
   signatures, electronic commerce, encryption, and export control
   issues. His ability to provide technical assistance to foreign clients
   is burdened by the EAR. Finally, as a U.S. citizen, Mr. Rasch has a
   strong interest in the maintenance of the U.S. national security. Mr.
   Rasch has been an adjunct faculty member at the Washington College of
   Law at the American University and at the Columbus School of Law at
   Catholic University where he has taught courses in white collar crime
   and evidence law. He has also been an adjunct faculty member at the
   American University School of Justice, Law and Society where he has
   taught courses in criminal law, criminal procedure and constitutional
   law.
   
   Mr. Rasch previously held several positions at the Department of
   Justice ("DoJ") where he focused his efforts on areas of export
   control and espionage in the DoJ Internal Security Section of the
   Criminal Division. He was involved in the investigation, prosecution,
   and export of high technology articles from the U.S. to the Middle
   East and to the former Soviet Union. He participated in the
   Government's efforts in foreign counter-intelligence and foreign
   intelligence surveillance cases. He also helped secure wiretap
   authority for the Government in intelligence and national security
   matters.
   
   Mr. Rasch also served as a trial attorney with the Fraud Section of
   the DoJ Criminal Division and was responsible for investigations and
   prosecutions of "white collar" criminal offense cases, including the
   prosecution of Lyndon H. LaRouche, Jr. in Massachusetts and in
   Virginia. From 1984 through 1991, Mr. Rasch became the de facto head
   of DoJ's computer crimes unit, where he was responsible for the U.S.
   investigation of the KGB's efforts to steal U.S. secrets in the
   "Cuckoo's Egg" case and the prosecution of Robert Morris (the
   "Internet Worm" case). During his tenure, Mr. Rasch helped to
   formulate the Government's encryption and computer crime policies.
   
   Dr. Eugene Spafford is a Professor of Computer Sciences at Purdue
   University. He is the founder and director of the COAST Laboratory at
   Purdue -- the world's largest academic research center dedicated to
   issues of applied information security and computer crime prevention.
   Dr. Spafford has authored over 100 articles, reports, and books on his
   research, including co-authoring three highly-regarded books on topics
   in computer and network security: (1) Computer Viruses; (2) Practical
   Unix and Internet Security; and (3) Web Security and Commerce.
   
   Dr. Spafford is an internationally recognized expert on issues of
   network security, security response, and computer crime. He has
   chaired the International Federation for Information Processing
   ("IFIP") working group on network security and serves on the editorial
   boards of several major computer security journals,
   
   Dr. Spafford is a Senior Member of the Institute of Electrical and
   Electronics Engineers, Inc. ("IEEE") and IEEE Computer Society, and is
   a Fellow-designee in the Association for Computing Machinery ("ACM");
   the IEEE Computer Society and the ACM are the two largest and oldest
   computer science and engineering professional technical societies.
   
   Dr. Spafford is currently a member of the Defense Science Study Group
   and is a member of the Information Security Technology and Science
   Study Group of the Federal Infosec Research Council which is engaged
   in information security research. He has served in an advisory,
   teaching, or consulting capacity on information security and computer
   crime with several U.S. government agencies and their contractors,
   including the FBI, the National Security Agency, U.S. Attorney's
   Office, the Secret Service, the Department of Energy, and the U.S. Air
   Force. He also has been an advisor to several Fortune 500 firms and to
   state and national law enforcement agencies worldwide.
   
   The application of the EAR would have a similar effect on Dr. Spafford
   as it would on Dr. Bernstein by restricting his rights, under the
   First Amendment, to discuss and share technical information with
   colleagues abroad concerning encryption -- an issue of considerable
   importance to his career. It would also restrict the ability of
   Professor Spafford and his students to deploy and experiment with some
   research prototypes developed in their laboratory, thus adversely
   affecting the conduct and quality of his research efforts.
   Additionally, it may impact his ability to teach about issues of
   encryption in a laboratory setting involving his students and faculty
   colleagues who are not U.S. citizens; historically, this has been a
   significant percentage of the graduate student population at many U.S.
   universities.
   
   Dr. Ross Stapleton-Gray is the President and founder of TeleDiplomacy,
   Inc., a consultancy on issues of diplomacy and international relations
   in the Information Age. TeleDiplomacy works with both governments and
   the private sector to explore new means for collaboration through the
   Internet. Dr. Stapleton-Gray is the Director of TeleDiplomacy's
   Electronic Embassy program which serves as a resource of and for the
   Washington, D.C. foreign embassy community.
   
   Prior to joining TeleDiplomacy, Dr. Stapleton-Gray served six years as
   an officer of the Central Intelligence Agency, both as an analyst of
   information technologies worldwide, and as a planning officer on
   detail to the Intelligence Community Management Staff. In the latter
   position, he represented the Staff to the White House's Information
   Infrastructure Task Force, where he advocated greater use of the
   growing Global Information Infrastructure by the foreign affairs
   agencies. He is the author of, inter alia, "U.S. Cryptography Policy:
   Strategic Hamlets," published in the January 1996 edition of
   Telecommunications. Dr. Stapleton-Gray will be affected by the
   outcome of this case. The application of the EAR to Dr. Stapleton-Gray
   and his clients may restrict opportunities to provide Internet and
   computer-based communications assistance. Moreover, the application of
   the EAR would have a similar effect on Dr. Stapleton-Gray as it would
   have on Dr. Bernstein by restricting the ability of Dr. Stapleton-Gray
   to discuss and share technical information concerning encryption with
   colleagues abroad.
   
II. SUMMARY OF ARGUMENT

   
   
    Although the Government has a strong interest in preserving national
   security, its Export Administration Regulations on encryption ("EAR")
   do not further this interest, and, in fact, may undermine it. The EAR
   are designed to prevent the foreign availability and use of "strong"
   (i.e., greater than 40-bit key length) encryption. Notwithstanding
   the existence of the EAR, however, strong encryption products already
   are used and widely available outside the United States. Thus, the EAR
   do little, if anything, to prevent foreign intelligence and law
   enforcement targets from obtaining and using strong encryption
   capabilities in their efforts to deny U.S. access to their
   communications. On this basis alone, the Government's attempt to
   justify the EAR as a direct and material means of preventing a threat
   to national security must fail.
   
   Moreover, even if strong encryption were not already available to
   foreign entities, the Government's effort to prevent such availability
   through the use of the EAR is significantly undermined by the print
   exception to the EAR.(1) Nothing in the EAR prohibits a printed
   version of the encryption source code from export and, once abroad,
   conversion into electronic source code either manually or by automated
   means. As the District Court opinion (ER 544-78) described it, the
   print exception "undermines the stated purpose of the regulations."
   Id. at 568.
   
   Ironically, by weakening the U.S. technology industry in international
   markets, the EAR may actually increase the development and use of
   strong encryption products abroad. Companies seeking to develop strong
   encryption will be attracted to countries with little or no encryption
   export controls because products developed in such countries may be
   exported to a wider potential international market than
   U.S.-manufactured products. Consequently, the EAR impose disadvantages
   on the U.S. encryption industry relative to worldwide competition.
   
   Not only do the EAR fail to limit the availability and use of strong
   encryption abroad, they indirectly reduce the development,
   availability, and use of strong integrated encryption domestically.
   This occurs because it is significantly less costly for a U.S. vendor
   to develop, produce, market, support, and maintain a single version of
   a product with integrated encryption than it is to perform those
   functions for multiple versions. The EAR's prohibition on foreign
   sales of strong encryption technology creates strong economic
   incentives for U.S. vendors to develop products with weakened
   integrated encryption capabilities that can be sold both domestically
   and abroad. This, in turn, reduces the overall strength of encryption
   available to protect the security of domestic electronic
   communications.
   
   The reduction in the availability and use of strong domestic
   encryption creates a tangible national security risk for two reasons.
   First, the increasing role of computer-controlled networks in
   maintaining the nation's key assets, such as power, water, finance,
   communications, emergency, and other critical infrastructure systems,
   increases the nation's vulnerability to computer-based attack. The EAR
   diminish the availability and use of strong encryption domestically,
   thereby heightening the risk of successful computer-based attacks on
   the U.S. infrastructure. Second, by reducing the availability and use
   of strong encryption domestically, the EAR will hinder the continued
   growth of electronic commerce, an increasingly important sector of the
   economy that is vital to the health and security of the nation.
   
   For the foregoing reasons, the EAR cannot withstand any applicable
   First Amendment analysis.(2) Amici strongly endorse the position of
   Appelleethat the regulations constitute an impermissible prior
   restraint on speech. However, even assuming arguendo that the
   regulations should be judged under the intermediate scrutiny standard,
   the regulations are still constitutionally infirm. Because the
   regulations do not further the important government interest of
   preserving national security, and, in fact, serve to undermine this
   interest, the regulations must fail even under an intermediate
   scrutiny standard.
   
  III.THE GOVERNMENT'S MERE ASSERTION OF A NATIONAL SECURITY INTEREST CAN
  JUSTIFY NEITHER A PRIOR RESTRAINT NOR A CONTENT-NEUTRAL RESTRICTION ON
  SPEECH.
  
   
   
   The Government, through the EAR,(3) restrained Professor Daniel
   Bernstein from publishing his academic research regarding cryptography
   and his computer source code for cryptography software. As the
   District Court concluded, the Government's restriction constitutes a
   prior restraint on speech. ER at 570-71. It is a fundamental principle
   of First Amendment jurisprudence that "any system of prior restraints
   of expression comes to [the court] bearing a heavy presumption against
   its constitutional validity." Bantam Books, Inc. v. Sullivan, 372 U.S.
   58, 70 (1963) (citations omitted). This heavy constitutional
   presumption against prior restraints on speech is subject only to what
   the Supreme Court has described as "exceptional cases." Near v.
   Minnesota, 283 U.S. 697, 713, 716 (1931). The Government therefore
   "'carries a heavy burden of showing justification for the imposition
   of such a restraint.'" New York Times Co. v. United States, 403 U.S.
   713, 714 (1971) (percuriam) (citations omitted).
   
   The Government cannot meet this burden with a mere assertion that the
   prior restraint is justified "in the name of 'national security.'" Id.
   at 718-19 (Black, J. and Douglas, J., concurring). Rather, a prior
   restraint must be supported by "governmental allegation and proof that
   publication must inevitably, directly, and immediately" cause harm.
   Id. at 726-27 (Brennan, J., concurring) (emphasis added). The Court
   determines the weight of asserted national security interests by
   examining the Government's factual justifications. See Haig v. Agee,
   453 U.S. 280, 308-309 (1981); see also id. at 284-85 nn.4-7 (citing,
   inter alia, affidavits of CIA Deputy Director for Operations). The
   Government has overstated the national security imperative in the
   past.(4) Thus, the bare assertion of a national security interest,
   without more, cannot overcome the presumption against prior restraints
   on speech.
   
   Even assuming arguendo that the regulations in this case do not
   constitute a prior restraint on speech, for the EAR's restrictions on
   First Amendment freedoms to survive constitutional scrutiny, the
   Government must do more than simply state the harm which might result
   from the restricted speech. United States v. National Treasury
   Employees Union, 513 U.S. 454, 475 (1995). Rather, the Government
   "must demonstrate that the recited harms are real, not merely
   conjectural, and that the regulation will in fact alleviate these
   harms in a direct and material way." Turner Broadcasting Sys., Inc. v.
   FCC, 512 U.S. 622, 664 (1994) (emphasis added).
   
   Therefore, the Court in this case must examine critically the validity
   of the Government's asserted interest, rather than accept at face
   value the claim that the encryption export controls are necessary to
   protect national security. The requisite critical analysis in this
   case will show, as demonstrated below, that the EAR do not further the
   preservation of national security concerns in a direct and material
   fashion and, in fact, they serve to undermine it. As such, Appellants'
   "national security" justification in this case is insufficient to
   overcome the constitutional infirmities presented by the regulations.
   
  IV. ALTHOUGH THE GOVERNMENT HAS A STRONG INTEREST IN PRESERVING NATIONAL
  SECURITY, THE ENCRYPTION EXPORT CONTROL REGULATIONS DO NOT FURTHER THIS
  INTEREST AND, IN FACT, MAY UNDERMINE NATIONAL SECURITY.
  
   
   
   Appellants assert a strong interest in protecting national security
   and state that the export restrictions are necessary to achieve that
   goal. Appellants' Br. at 4, 5, 8. The first of these assertions is
   self evident: national security is clearly an important and legitimate
   federal concern. However, Appellants' assertion that the encryption
   export restrictionsfurther the Government's stated goal of preserving
   national security does not withstand analysis. This is so for three
   primary reasons:
    1. strong encryption already is widely available outside the United
       States, allowing foreigners to obtain and use strong encryption
       despite the EAR;
    2. the print exception to the EAR makes strong encryption freely
       available to all foreigners, and notably to those foreigners who
       assertedly pose the greatest threat to national security; and
    3. the EAR reduce the availability and use of strong integrated
       encryption software domestically and this, in turn, diminishes
       national security.
       
    A. The Widespread Foreign Availability Of Strong Encryption Renders The EAR
    Ineffective.
    
   
   
   The EAR are designed to prevent the foreign availability and use of
   strong encryption that could deny U.S. access to vital foreign
   intelligence information and thereby compromise U.S. national
   security. Id. However, the fact that strong encryption products
   already are widely available outside the United States renders the
   export controls ineffective in accomplishing that goal.
   
   Nearly 600 foreign encryption products are available from over 28
   foreign nations, with some products originating in Iran and Russia.
   Trusted Information Systems Worldwide Survey of Cryptographic
   Products (Jan. 17, 1997)
   .
   Moreover, 229 of the foreign encryption products employ the Data
   Encryption Standard algorithm (using a 56-bit key length). Id.
   Worldwide, nearly 1,400 encryption products of varying strengths are
   produced and distributed to at least 68 countries. Id. "The survey
   results show that cryptography is indeed widespread throughout the
   world." Id.
   
   Many of these foreign encryption products are comparable in strength
   to strong U.S. encryption products. See id.; see also National
   Research Council, Cryptography's Role in Securing the Information
   Society 130-31 (Kenneth W. Dam & Herbert S. Lin eds. 1996) ("NRC
   Report") ("The committee has no reason to believe that the stand-alone
   security-specific products with encryption capabilities made by U.S.
   vendors are on average better [than foreign products] at providing
   security.") (footnote omitted). The Business Software Alliance
   identified at least six foreign software companies in Germany,
   Belgium, Switzerland, the U.K., Ireland, and Australia that have
   developed add-on products allowing any person with a Web browser to
   download software from the Internet and upgrade their encryption key
   length from 40 to 128-bits (a strong encryption level currently
   restricted from export by the EAR). See Hearing on Encryption Control
   Relief for Software with Encryption Capabilities Before the Senate
   Comm. on Commerce, Science, & Transp., 105th Cong., 1st Sess. (Mar.
   19, 1997) (statement of Robert Holleyman, President, Business Software
   Alliance) . As of June
   1996, there were 217 foreign programs and products available abroad
   which employ the Data Encryption Standard algorithm with its 56-bit
   key length (which would be restricted by the U.S. controls). The
   Security & Freedom through Encryption (SAFE) Act: Hearing on H.R. 695
   Before the House Courts & Intellectual Subcomm. of the Comm. on the
   Judiciary, 105th Cong., 1st Sess. (Mar. 20, 1997) (testimony of Ira
   Rubinstein, Senior Corporate Attorney, Microsoft Corp.), available in
   LEXIS, Legis Library, Cngtst File ("Mar. 20, 1997 House Testimony of
   Ira Rubinstein"). Moreover, a memorandum for the Acting Assistant
   Secretary of Defense confirmed four years ago that strong encryption
   was widely available to foreign users in both hardware and software
   form and that "DES software could be downloaded anywhere in the
   world." Bruce Schneier & David Banisar, The Electronic Privacy Papers
   326 (1997) ("The Electronic Privacy Papers"). The memorandum stated:
   
   The national security community is especially interested in preventing
   the spread of high quality encipherment routines overseas, and argues
   that more extensive use here at home will inevitably result in such a
   proliferation. Actually, it is too late.
   
   Memorandum from Ray Pollari, Acting Deputy Assistant Secretary of
   Defense to the Acting Assistant Secretary of Defense of Apr. 30, 1993,
   reprinted in The Electronic Privacy Papers at 627.
   
   The Government asserts a continued need for the application of
   encryption export controls even if comparable products are available
   from sources outside the United States. See Appellants' Br. at 12-13
   ("[T]he President specifically determined that 'the export of
   encryption products . . . could harm national security and foreign
   policy interests even where comparable products are or appear to be
   available from sources outside the United States . . . .'") (emphasis
   added) (citing 61 Fed. Reg. 58,767 (1996)). The Government does not
   attempt to support this conclusory assertion. Rather, it claims that
   such support cannot be articulated publicly or be made subject to
   judicial review "without revealing or implicating" classified
   information which could harm United States national security and
   foreign policy interests. Id. at 13 (emphasis added). This claim bears
   scrutiny. The NRC Report notes that thirteen of the committee's
   sixteen members were fully cleared for review of classified
   information and received "classified briefings on material relevant to
   the subject of [their] study." See NRC Report at xiv. After
   considering the classified information, the cleared members of the
   committee nonetheless concluded that "debate over national
   cryptography policy can be carried out in a reasonable manner on an
   unclassified basis" and that "[c]lassified material, while important
   to operational matters in specific cases, is not essential to the big
   picture [of U.S. encryption policy] . . . ." Id. at 298. Seen in this
   light, the Government's circular explanation for its policy, and its
   refusal to recite any facts which allegedly support this policy, is
   particularly suspect, and certainly insufficient to justify a prior
   restraint on speech or even to meet the Turner standard.
   
   Strong stand-alone encryption products not only are widely available
   abroad, they also are commonly used by the entities in whose
   communications the U.S. intelligence community is interested. See,
   e.g., id. at 129 ("some foreign targets of interest to the U.S.
   Government today use encryption that is for all practical purposes
   unbreakable"). For example, the "Cali [drug] cartel is reputed to be
   using sophisticated encryption to conceal their telephone
   communications" and to "scrambl[e] transmissions from computer
   modems." Dorothy E. Denning & William E. Baugh, Jr., Encryption and
   Evolving Technologies: Tools of Organized Crime and Terrorism 8
   (National Strategy Information Center, Washington, D.C. 1997) (citing
   P.N. Grabosky and Russell G. Smith, Crime in the Digital Age:
   Controlling Telecommunications and Cyberspace Illegalities, 1997). The
   Italian Mafia downloads copies of PGP, a powerful software-based
   encryption tool, off the Internet. Id. at 9 (citing Joshua Cooper
   Ramo, Crime Online, Time Digital, Sept. 23, 1996, at 28-32). Dutch
   criminal organizations encrypt their communications and computers with
   PGP and IDEA (a patented 128-bit Swiss block cipher algorithm(5)). See
   id. at 7.
   
   There is ample evidence that encryption products are used and widely
   available overseas, and that these products contain strong technology
   comparable in quality and strength to the technology restricted for
   export from the United States. As such, the control of strong
   U.S.-manufactured encryption products from export to worldwide markets
   does little, if anything, to prevent foreign intelligence targets from
   obtaining and using equivalent encryption capabilities in efforts to
   deny U.S. access to foreign intelligence information.
   
   Ironically, the EAR may actually increase the development of strong
   encryption products abroad, an effect directly counter to their stated
   purpose. This can occur because companies seeking to compete in the
   international sale of encryption software will be attracted to
   countries with few or no encryption export controls since production
   in such countries offers a wider possible market to which encryption
   products may be sold:
   
   [T]he emergence of strong foreign competition in a number of
   high-technology areas appear[s] in close temporal proximity to the
   enforcement of strong export controls in these areas for U.S. vendors.
   While the correlation does not prove that export controls necessarily
   influenced or stimulated the growth of foreign competition, the
   history suggests that they may have had some causal relationship. 
   
   NRC Report at 155 n.52.(6) Because the overhead costs to enter the
   software development industry are low,(7) competitive entry is
   encouraged by even marginal disadvantages to existing companies.
   Export controls can impose such disadvantages on the U.S. encryption
   software industry relative to worldwide competition. See id. (citing
   National Research Council, Finding Common Ground: U.S. Export Controls
   in a Changed Global Environment 23 (1991)).(8) The likelihood is
   significant that countries will continue toseize upon the EAR as a
   catalyst for the increased production of their own strong encryption
   technology, and that such technology, if developed, will be sold
   widely in other countries. As a result of the EAR, the U.S. software
   industry's heretofore unquestionable dominance in international
   markets may suffer significantly, with substantial consequences for
   the U.S. economy as a whole.
   
   Put simply, the growing international demand for strong easy-to-use
   encryption capabilities ensures a supplier market. The EAR preclude
   U.S. vendors from participating in this market. Nevertheless, even if
   there is not current widespread foreign use of products with strong
   integrated encryption capabilities,(9) this phenomenon is temporally
   limited. Recognizing the supply vacuum, foreign nations are
   increasingly interested in promoting the strength of their domestic
   software industries relative to U.S. industry by encouraging the
   development of software integrated with strong encryption. See, e.g.,
   Hearing on Online Security Issues Before The Senate Subcomm. on
   Science, Technology and Space, 104th Cong., 2d Sess. (June 26, 1996)
   (testimony of Barbara Simons, USACM, IBM-Santa Teresa Laboratories),
   available in LEXIS, Legis Library, Cngtst File (noting that the
   Singapore National Computer Board, a governmental entity, funded a
   project of approximately $42 million which includes the development of
   strong encryption and described the desired product as having "the
   ability to bypass U.S. export restrictions"); see also Benedict Monroe
   & Chia Swee Hon, Singapore Information Technology Services, IT Market
   IS 970710.300 July 1, 1997, at 4 (stating the international dominance
   of the U.S. software industry, explaining the "acute demand" worldwide
   for encryption products and noting that "[e]ncryption systems are the
   key to the safe development of banking and commerce on-line. U.S.
   regulations prohibiting the export of certain strong encryption
   software have given German companies, for instance, a monopoly on this
   niche market in Singapore as in the rest of the world"); Marcia
   MacLeod, Hitting at the Code of American Misconduct, The Times of
   London, Oct. 29, 1997, available in 1997 WL 9239456 (reporting that
   the European Commission has called for European software companies to
   develop strong integrated encryption products for electronic
   commerce); see also NRC Report at 302 (noting that "foreign vendors
   may well attempt to step into the vacuum [caused by the EAR]").
   
   The mundane ease with which strong integrated encryption can be used
   suggests that the increased foreign availability of foreign-produced
   products integrated with strong encryption will inevitably increase
   still further the foreign use of strong encryption. Moreover, as noted
   above, those entities in whose communications the U.S. intelligence
   community is most interested already use strong stand-alone encryption
   products abroad.
   
   Amici who are authorities on U.S. national security recognize that the
   foreign availability of strong encryption undermines Appellants'
   justification for the EAR. For example, Dr. Ross Stapleton-Gray, who
   analyzed worldwide information technologies as part of his duties at
   the Central Intelligence Agency, confirms that despite U.S. export
   controls, strong encryption is available worldwide. Mark Rasch, who
   headed the computer crimes project for the U.S. Department of Justice
   after serving in the Justice Department's Export Control Unit and
   Espionage Unit, recognizes that the United States export control laws
   do nothing to prevent strong encryption from being available to and
   used by the potential targets of U.S. foreign intelligence. Echoing
   these sentiments, U.S. Senate Majority Leader Trent Lott has stated:
   
   While we are restricting our own international commerce, foreign
   companies are now manufacturing and selling stronger, more desirable
   encryption systems, including the top-end 128-bit systems, anywhere in
   the world they want . . . . Today there are hundreds of suppliers of
   strong encryption in the world marketplace. Strong encryption can be
   easily downloaded off the Internet. Even if Congress wanted to police
   or eliminate encryption altogether, I am not sure that is doable.
   
   143 Cong. Rec. at S10,880 (daily ed. Oct. 21, 1997). In recent
   testimony, Congresswoman Zoe Lofgren concurred:
   
   [I]t is time for the government to recognize that superior encryption
   products are still widely available and being sold by overseas
   competitors, and that the current controls only hurt American
   industry, without furthering law enforcement and national security
   goals.
   
   The Security & Freedom through Encryption (SAFE) Act: Hearing on H.R.
   3011 Before the House Comm. on the Judiciary, 104th Cong., 2d Sess.
   (Sept. 25, 1996), available in LEXIS, Legis Library, Cngtst File.
   
   In short, the purpose of the EAR is severely misaligned with the
   actual circumstances in the global marketplace. The EAR do not prevent
   the use or widespread foreign availability of strong encryption
   technology. Stated another way, the existence of such controls fails
   to achieve the Government's national security goal and, in fact,
   undermines it by encouraging the development of strong encryption
   abroad.
   
    B. The Print Exception Further Undermines The Government's Stated Position
    That The EAR Preserve National Security Interests.
    
   
   
   Appellants assert that encryption source code is subject to the EAR
   because source code can be readily converted into object code.
   Appellants' Br. at 25-27. Specifically, the Government notes that
   someone "given encryption source code on a floppy disk or other
   electronic medium can load the source code into his computer, convert
   it into object code [using a compiler], and execute the program
   without reading the source code or understanding the sequence of
   computer instructions [the source code] contains." Id. at 27 (footnote
   omitted).
   
   At the same time, however, the EAR "print exception" allows the export
   of encryption source code on paper (as opposed to electronic form).
   Specifically, this exception provides that "[a] printed book or other
   printed material setting forth encryption source code is not itself
   subject to the EAR (see Sect. 734.3(b)(2))." 15 C.F.R. Sect. 734.3 (1997).(10)
   
   
   The Government has adopted this print exception notwithstanding the
   fact that nothing in the EAR would prohibit source code written on
   paper from being converted into computer-readable source code by hand
   (e.g., by retyping the source code into a computer from a printed
   listing) or by automated processes. For example, written documents can
   be converted to electronic form using scanning technology, a
   well-developed process for which software is widely available on the
   retail market.(11) This process is widely used, for example, by the
   U.S. Postal Service to sort mail automatically by "reading" printed
   ZIP codes, and by financial institutions to "read" automatically
   routing and account numbers off printed checks.(12)
   
   Similarly, nothing in the EAR prohibits a printed version of the
   source code for encryption software employing strong encryption from
   being mailed to a foreign country. Once received, the printed version
   could be converted to electronic source code manually or by automated
   means.
   
   While the Government acknowledged at oral argument before the District
   Court that encryption codes in printed form could be converted into a
   functioning encryption product, it defended the distinctive treatment
   of printed and electronic source code on the basis that converting the
   print version to working software requires a good deal of skill. ER
   568. The District Court was understandably "confounded by this
   explanation:"
   
   Defendants claim that encryption poses unique and serious threats to
   national security, yet the printed matter exception belies this
   rationale by making encryption freely available to only those
   foreigners who are technologically sophisticated . . . . This seems to
   defeat the very purpose of the regulation since those who likely pose
   a greater threat to national security are likely more willing to
   expend the time and resources in that effort and will not be prevented
   by the regulation.
   
   Id. In other words, it is highly probable that terrorists and other
   criminals, as well as foreign intelligence agents, have or can obtain
   the skills to convert printed source code to executable encryption
   software.
   
   Thus, even if strong encryption were not already available to foreign
   entities, the Government's effort to prevent such availability through
   the use of the EAR is undermined by the print exception. Seen in this
   light, the District Court properly concluded that the print exception
   "undermines the stated purpose of the regulations," and therefore
   exacerbates their constitutional infirmity. Id.
   
    C. The EAR Reduce The Availability And Use Of Strong Encryption Software
    Domestically, Which, In Turn, Impairs National Security.
    
   
   
   While the EAR fail to limit the availability and use of strong
   encryption abroad, they indirectly reduce the development,
   availability, and use of strong integrated encryption domestically.
   This has two effects, both of which impair national security:
    1. increased vulnerability of the critical U.S. infrastructure to
       sabotage; and
    2. impaired development of electronic commerce, an increasingly
       important component of the U.S. economy.
       
    1. The EAR Reduce The Development, Availability, And Use Of Strong
    Encryption Within The United States, Making The Critical Infrastructure
    More Vulnerable To Attack.
    
   
   
   The larger market of products integrated with strong encryption
   capabilities is restricted domestically due to the EAR. The Federal
   Bureau of Investigation concedes that the encryption export controls
   reduce the domestic availability and use of strong integrated
   encryption: "'the use of export controls may well have slowed the
   speed, proliferation, and volume of encryption products sold in the
   U.S.'" NRC Report at 138 n.29 (citing written statement, "FBI Input to
   the NRC's National Cryptographic Study Committee," received Dec. 1,
   1995).
   
   Fundamentally, the reduced domestic availability and use of strong
   integrated encryption is a result of the fact that it is significantly
   less costly and less administratively burdensome for a U.S. vendor to
   develop, produce, market, support, and maintain a single version of a
   product with integrated encryption than it is to perform those
   functions for multiple versions. Id. at 136. Thus, the prohibition on
   sales of strong encryption technology in foreign markets creates
   strong economic incentives for U.S. vendors to develop products with
   weaker integrated encryption capabilities that can be sold both
   domestically and abroad. The incentive to develop a single software
   version is particularly strong because "[t]he domestic software
   industry makes approximately one-half of its revenues through exports,
   and customers are increasingly demanding uniform capabilities;
   therefore, most mass-market software and hardware is designed to offer
   the same [low strength] encryption capabilities both domestically and
   abroad." Mar. 20, 1997 House Testimony of Ira Rubinstein.
   
   The "lowest common denominator" incentive created by the export
   restrictions ultimately reduces the availability of strong integrated
   encryption in the U.S. Moreover, the EAR appear to deter actual usage
   of and reliance on strong encryption protections due to the additional
   complexities and difficulties involved in using a stand-alone product
   as opposed to encryption capabilities integrated into the application,
   operating system, or network software itself. The consequences may be
   particularly significant because the strength of integrated encryption
   software currently available in the U.S. (and suitable for export)
   already is insufficient: "[T]he ability to undertake brute-force
   cryptanalysis on messages encrypted with a 40-bit key [has] led to a
   widespread perception that such key sizes are inadequate for
   meaningful information security." NRC Report at 123; see also United
   States Dep't of Commerce & National Security Agency, A Study of the
   International Market for Computer Software with Encryption, reprinted
   in part in The Electronic Privacy Papers at 632 ("Study of
   International Market for Computer Software with Encryption") ("In many
   countries surveyed, exportable U.S. encryption products are perceived
   to be of unsatisfactory quality.").
   
   The Cryptography Report by the National Research Council offers
   concrete examples of the reduction in the level of integrated
   encryption strength domestically resulting from the EAR. For instance:
   
   
   The Microsoft Corporation . . . received permission to ship Windows NT
   Version 4, a product that incorporates a cryptographic applications
   programming interface approved by the U.S. government for commodity
   jurisdiction to the CCL. However, this product is being shipped
   worldwide with a cryptographic module that provides encryption
   capabilities using 40-bit RC4. While domestic users may replace the
   default module with one providing stronger encryption capabilities,
   many will not, and the result is a weaker encryption capability for
   those users.
   
   NRC Report at 135 (footnote omitted). Another instance involves an
   unnamed "major U.S. software vendor" which:
   
   distributes its major product in modular form in such a way that the
   end user can assemble a system configuration in accordance with local
   needs. However, since the full range of USML export controls on
   encryption is applied to modular products into which cryptographic
   modules may be inserted, this vendor has not been able to find a
   sensible business approach to distributing the product in such a way
   that it would qualify for liberal export consideration. The result has
   been that the encryption capabilities provided to domestic users of
   this product are much less than they would otherwise be in the absence
   of export controls. 
   
   Id.
   
   The reduction in the development, availability, and use of strong
   integrated encryption software domestically creates a national
   security risk. The increasing role of computer-controlled networks in
   maintaining the nation's power, water, finance, communications,
   emergency systems, and other mission-critical infrastructure systems
   -- as well as the Government's heavy reliance upon this infrastructure
   -- increases the nation's vulnerability to computer-based attack:
   
   Certain national infrastructures are so vital that their incapacity or
   destruction would have a debilitating impact on the defense or
   economic security of the United States. These critical infrastructures
   include telecommunications, electrical power systems, gas and oil
   storage and transportation, banking and finance, transportation, water
   supply systems, emergency services . . . and continuity of government.
   Threats to these critical infrastructures fall into two categories:
   physical threats to tangible property . . . and threats of electronic,
   radio-frequency, or computer-based attacks on the information or
   communications components that control critical infrastructures
   ("cyber threats").
   
   Exec. Order No. 13,010, 3 C.F.R. 198 (1996).
   
   A recent report by the President's Commission on Critical
   Infrastructure Protection cautioned that "the nation is so dependent
   on our infrastructures that we must view them through a national
   security lens" and that the "owners and operators of our critical
   infrastructures are now on the front lines of our security effort [and
   are] most vulnerable to cyber attacks." Report of the President's
   Commission on Critical Infrastructure Protection, Critical
   Foundations: Protecting America's Infrastructures, Oct. 1997, at vii.
   "Potential cyber threats" include attacks on databases, networks,
   services such as emergency 911, and the Internet itself, all of which
   are vulnerable. Id. at 15-16. The "basic attack tools -- computer,
   modem, telephone, and user-friendly hacker software -- are common
   across the spectrum and widely available." Id. at 15. Robert Marsh,
   Chairman of the President's Commission, recently expressed concern
   that "[a] serious threat is sure to evolve if we don't take steps now
   to protect these systems in the future." Is Our Country Vulnerable to
   Cyberattack? (ABC World News Tonight, Oct. 22, 1997), available in
   LEXIS, News Library, ABCNews File.
   
   Attacks on the U.S. infrastructure can have serious consequences for
   the effectiveness of critical government and private sector functions.
   For example, the Government's military and intelligence efforts rely
   heavily on the use of these private infrastructure systems rendering
   their protection a matter of national security. Over 95% of U.S.
   military and intelligence community voice and data communications are
   carried over private facilities owned by public carriers. NRC Report
   at 36 (citing Joint Security Commission, Redefining Security: A Report
   to the Secretary of Defense and the Director of Central Intelligence,
   Feb. 28, 1994, at Ch. 8). Threats to the underlying infrastructure
   systems endanger the continued efficient operation of the national
   security functions reliant thereon:
   
   [E]ncryption technology . . . has so many beneficial purposes. It
   prevents hackers and espionage agents from stealing valuable
   information, or worse, from breaking into our own computer networks.
   It prevents them from disrupting our power supply, our financial
   markets, and our air traffic control system. This is scary and
   precisely why we want this technology to be more available.
   
   143 Cong. Rec. at S10,880 (daily ed. Oct. 21, 1997) (statement of U.S.
   Senate Majority Leader Trent Lott).
   
   These threats are not hypothetical. Computer attacks on critical
   infrastructure networks already have occurred. For example, domestic
   terrorists were accused of planting programs in Public Switched
   Telephone Network elements across the country designed to shut down
   major telephone switching hubs. See NRC Report at 35 (citing National
   Communications System, The Electronic Intrusion Threat to National
   Security and Emergency Preparedness Telecommunications: An Awareness
   Document 2-5 (2d ed. 1994)). In 1994, before U.S. banks were permitted
   to use strong encryption in their international financial
   transactions, an international group of criminals moved $12 million
   from Citicorp customer accounts by penetrating the Citicorp electronic
   transfer system. See id. at 23.
   
   The threat from computer-based attack is not limited to the U.S.
   infrastructure. The Department of Defense experienced as many as
   250,000 attacks on its information systems in 1995. Information
   Security: Computer Attacks at Department of Defense Pose Increasing
   Risks, General Accounting Office Report No. AIMD-96-84 (May 22, 1996).
   "There is mounting evidence that attacks on Defense computer systems
   pose a serious threat to national security." Id. at Ch. 0:3.3.
   
   FBI Director Freeh testified that FBI investigations reflect 23
   countries engaged in economic espionage activities against the United
   States. Hearing on Economic Espionage Before the Senate Select Comm.
   on Intelligence and Senate Comm. on the Judiciary, Subcomm. on
   Terrorism, Tech. & Gov't Espionage, 104th Cong., 2d Sess. (Feb. 28,
   1996) (statement of Louis J. Freeh, FBI Director), available in LEXIS,
   Legis Library, Cngtst File. According to an annual report to Congress
   on foreign economic collection and industrial espionage, "the U.S.
   counterintelligence community has specifically identified 'suspicious
   collection and acquisition activities' of foreign entities from at
   least 23 countries," and that "technological advances are making
   corporate spying and theft easier and cheaper." Barbara Starr, 'Legal'
   Espionage Hits U.S. High-Technology Targets, Jane's Defence Weekly,
   Sept. 17, 1997, at 8, available in LEXIS, News Library, Janedef File.
   The National Counterintelligence Center concluded that "'specialized
   technical operations (including computer intrusions,
   telecommunications targeting and intercept, and private-sector
   encryption weaknesses) account for the largest portion of economic and
   industrial information lost by U.S. corporations.'" NRC Report at 31
   (quoting NACIC Annual Report to Congress on Foreign Economic
   Collection and Industrial Espionage, July 1995).
   
   The availability and use of strong integrated encryption capabilities
   domestically would diminish the threat of successful computer-based
   attacks. By contrast, weak encryption capabilities heighten the risk
   of attacks to the U.S. infrastructure and the likelihood that such
   attacks will prove particularly damaging. Because the export controls
   diminish the availability and use of strong integrated encryption
   software domestically, they actually introduce vulnerabilities to
   national security.
   
    2. The EAR Hinder The Continued Growth Of Electronic Commerce, An
    Increasingly Important Sector Of the Economy That Is Vital To National
    Security.
    
   
   
   The national security of the United States depends today, in large
   part, on the continued overall strength of its economy including the
   leadership of U.S. technology-sensitive industries such as
   telecommunications and computer hardware and software. President
   Clinton repeatedly has emphasized the dependence of the national
   security on the economy. See Remarks of President William J. Clinton
   at Defense Conversion Ceremony at California State University,
   Monterey Bay, California (Sept. 4, 1995), available in LEXIS, News
   Library, Script File ("our national security in the 21st century
   depends upon our agreeing to . . . grow our economy"); see also
   Remarks of President William J. Clinton at Panel Discussion in
   Columbus, Ohio (Oct. 20, 1995) available in LEXIS, News Library,
   Script File ("economic polic[y] . . . is a big part of what national
   security means in the 21st century just like it meant defense policy
   and weapons policy during the Cold War" and noting that he created an
   "Economic Policy Council within the White House and a President's
   Economic Advisor, like the President's National Security Advisor" to
   oversee the Government's economic policy). The National Research
   Council has noted that:
   
   information technology is one of a few high-technology areas . . .
   that play a special role in the economic health of the nation, and
   that leadership in this area is one important factor underlying U.S.
   economic strength in the world today . . . . The economic dimension of
   . . . national security itself may well depend critically on a few key
   industries that are significant to military capabilities, the
   industrial base, and the overall economic health of the nation.
   
   NRC Report at 39. The U.S. Government found that promoting development
   of telecommunications and computer hardware/software products is
   critical to national security, noting that, among other reasons, these
   industries are of "'strategic interest to the United States [because
   they] . . . are responsible for the leading-edge technologies critical
   to maintaining U.S. economic security.'" Id. at n.8 (citing National
   Counterintelligence Center, Annual Report to Congress on Foreign
   Economic Collection and Industrial Espionage 15 (July 1995)); see also
   Remarks of William J. Clinton at the Knoxville Auditorium Coliseum
   (Oct. 10, 1996), available in LEXIS, News Library, Script File (noting
   that the Internet "has to be repaired and upgraded to meet all our . .
   . national security needs"); see also Remarks of Albert Gore at the
   National Urban League Annual Conference, Washington, D.C. (Aug. 6,
   1997), available in LEXIS, News Library, Script File ("we are entering
   a new economy . . . driven by information and technology").
   
   The means by which commerce is conducted world-wide is evolving; we
   are entering an era of electronic commerce, or "e-commerce," where
   commerce will increasingly rely on the availability of sophisticated
   computer facilities to communicate with each other. Developing the
   infrastructure necessary to support this electronic commerce is
   critical to the health of the U.S. economy generally which, in turn,
   has serious national security implications.
   
   The trend toward interconnection of computer networks to support
   commerce can be observed at many levels. Consumers recognize the
   nearly-ubiquitous "Internet addresses" now featured in television,
   radio, and print advertisements and know that "surfing the Internet"
   requires a networked computer. Businesses are expanding their markets
   by opening "electronic storefronts" on the Internet to serve consumers
   located around the world.(13) Forty percent of surveyed businesses
   indicated that the Internet would be their medium of choice for
   marketing their products. Cahners Business Confidence Index Rises to
   67.4 in Feb., Dow Jones News Service, Feb. 24, 1997, available in WL,
   USNEWS File, 2/24/97 DJNS; see also Miles Weiss, Microsoft in Pursuit
   of Internet Talent, Austin American-Statesman, May 26, 1997, available
   in 1997 WL 2824975. Companies, whether large or small, are creating
   the infrastructure for electronic commerce by building interconnected
   networks that link their offices with suppliers and customers
   globally. A recent report shows that "electronic commerce will
   represent $66 billion in U.S.-related Internet revenues by the year
   2000." Forrester Research Inc., E-Commerce Revs Up, PC Week, Dec. 23,
   1996, available in 1996 WL 14277478. Indeed, even Government
   institutions are using the Internet to make vast amounts of
   information available.(14)
   
   Yet the evolution toward electronic commerce has not changed the
   essence of the commercial transaction and the need to address
   traditional commercial issues. For example, businesses engaged in
   electronic transactions must be certain that orders received are from
   valid customers and that satisfactory payment arrangements are in
   place. Similarly, consumers will be reluctant to engage in electronic
   commerce if they believe that the information submitted to perform
   transactions may not be secure. See Hearing on Financial Privacy
   Before the House Subcomm. on Fin. Institutions & Consumer Credit Comm.
   on Banking, 105th Cong., 1st Sess. (Sept. 18, 1997) (testimony of Jill
   A. Lesser, Deputy Director, Law and Public Policy, America Online,
   Inc.), available in LEXIS, Legis Library, Cngtst File (noting that
   without a secure environment for consumers, "it will be difficult, if
   not impossible, for the Internet to reach its full potential as a mass
   medium").
   
   Strong encryption is therefore required to secure the systems on which
   electronic commerce will occur and to protect the proprietary and
   private information that will be carried on those systems. In the
   absence of such security, trust in the electronic systems will not
   evolve, and the development of electronic commerce will be retarded.
   Notwithstanding that "[a]bout 40 million people used the Internet at
   the time of trial [of Reno v. ACLU], a number that is expected to
   mushroom to 200 million by 1999," Reno v. ACLU, 117 S. Ct. 2329, 2334
   (1997), "[s]ecurity isn't as strong as it needs to be on the Internet
   for electronic commerce to move ahead." Jim Lewis, Director of
   Strategic Trade and Foreign Policy, Bureau of Export Administration,
   U.S. Department of Commerce , quoted in Christopher Guly, Encryption's
   Future Grows More Complex, Financial Post, Sept. 13, 1997, at T17.
   According to executives from leading U.S. software vendors, strong
   encryption is required. "Without encryption, businesses and
   individuals will not entrust their valuable proprietary information,
   creative content, electronic commerce, and sensitive personal
   information to . . . electronic networks." The Security & Freedom
   through Encryption (SAFE) Act: Hearing on H.R. 3011 Before the House
   Comm. on the Judiciary, 104th Cong., 2d Sess. (Sept. 25, 1996)
   (testimony of Melinda Brown, VP and General Counsel, Lotus Development
   Corp.), available in LEXIS, Legis Library, Cngtst File. "Electronic
   banking and commerce will not happen 'on-line' without strong
   encryption." Mar. 20, 1997 House Testimony of Ira Rubinstein.
   
   The Government has acknowledged that the development of electronic
   commerce is linked to the protection afforded by strong encryption:
   "[t]he market for encryption in distributed computation, databases,
   and electronic mail is beginning to expand exponentially as the U.S.
   and other countries develop and popularize electronic commerce, public
   networks and distributed processing." See Study of International
   Market for Computer Software with Encryption at ES-2, reprinted in The
   Electronic Privacy Papers at 630. The increased dependence on
   information technologies for e-commerce should correspond to a
   greater demand for strong integrated encryption capabilities. Id.,
   reprinted in The Electronic Privacy Papers at 631. The National
   Research Council has noted that "[i]n a future world of electronic
   commerce, connections among nonfinancial institutions may become as
   important as the banking networks are today," emphasizing the growing
   importance of strong encryption capabilities. NRC Report at 123. The
   Department of Commerce and the NSA noted that "civil use of
   software-based encryption will significantly increase in the next five
   years, with corporate customers dominating this new marketplace." See
   Study of International Market for Computer Software with Encryption
   at III-2.
   
   However, because the EAR diminish the domestic use and availability of
   strong encryption, the lack of consumer confidence in the security of
   e-commerce may dampen its dynamism. The resulting absence of critical
   mass interest in e-commerce significantly reduces the incentives for
   U.S. businesses to invest in the integrated infrastructure required
   for its development. The consequent harm to the health of the U.S.
   economy is self-evident. Bearing in mind the economy's importance to
   national security, it becomes apparent that far from preserving
   national security, the EAR actually undermine it.
   
V. CONCLUSION

   
   
   As the foregoing discussion demonstrates, the EAR cannot withstand any
   First Amendment analysis. Amici strongly endorse the position of
   Appelleethat the EAR constitute an impermissible prior restraint on
   speech. Even applying arguendo the lower standard of scrutiny urged by
   Appellants, the EAR fail to overcome their constitutional infirmity.
   Appellants state that a content-neutral government regulation may be
   sustained under the First Amendment only if, among other things, it
   "furthers an important or substantial government interest."
   Appellants' Br. at 30 (citations omitted). As demonstrated herein,
   because the EAR do not further the important government interest of
   preserving national security in a direct and material way, and, in
   fact, serve to undermine this interest, they must fail constitutional
   scrutiny even under Appellants' own legal analysis.
   
   Amici thus respectfully urge this Court to affirm the District Court's
   decision. Elimination of the EAR would have little or no effect on the
   foreign availability and use of strong encryption because, as noted,
   strong encryption already is used and widely available abroad even
   with the regulations in place. However, elimination of the regulations
   will provide incentives for U.S. vendors to increase the development,
   deployment, and use of strong encryption domestically. This, in turn,
   will enhance the security of the nation's key assets including
   domestic infrastructure systems that are critical to the nation's
   military, law enforcement, and economic interests, thereby promoting
   the important and legitimate goal of protecting the national security.
   
   
   Respectfully submitted,
   
   Maynard Anderson; D. James Bidzos;
   National Computer Security Association;
   Mark Rasch; RSA Data Security, Inc.;
   Dr. Eugene Spafford; and Dr. Ross
   Stapleton-Gray
   
   __/s/_______________
   
   Brian Conboy
   Michael H. Hammer
   Andrew R. D'Uva
   Gunnar D. Halley
   
   WILLKIE FARR & GALLAGHER
   Three Lafayette Centre
   1155 21st Street, N.W.
   Suite 600
   Washington, D.C. 20036-3384
   (202) 328-8000
   
   THEIR ATTORNEYS
   
   November 10, 1997
     _________________________________________________________________
   
CERTIFICATE OF COMPLIANCE

   
   
   Pursuant to Rule 32(e)(4), I hereby certify that: (1) this brief is
   double-spaced; (2) the brief is printed using a 14 Point Times New
   Roman font; and (3) the word processing program used to prepare the
   brief reports that the brief is 9,343 words long.
   
   _____/s/_______________
   
   Brian Conboy
   
CERTIFICATE OF SERVICE

   
   
   I hereby certify that on November 10, 1997, I have filed and served
   the BRIEF OF MAYNARD ANDERSON; D. JAMES BIDZOS; NATIONAL COMPUTER
   SECURITY ASSOCIATION; MARK RASCH; RSA DATA SECURITY, INC.; DR. EUGENE
   SPAFFORD; AND DR. ROSS STAPLETON-GRAY, AS AMICI CURIAE IN SUPPORT OF
   APPELLEE DANIEL J. BERNSTEIN by: causing copies to be delivered to
   counsel in the manner specified below.
   
  BY HAND:
  
   Frank W. Hunger
          Assistant Attorney General
          
   Michael J. Yamaguchi
          United States Attorney
          
   Stephen W. Preston
          Deputy Assistant Attorney General
          
   Douglas N. Letter
          
   Scott R. McIntosh
          Attorneys, Appellate Staff
          
   
   
   
   Civil Division, Room 9550
   Department of Justice
   601 D Street, N.W.
   Washington, DC 20530-0001
   
   Counsel for Appellants
   
   Robert Corn-Revere
   Hogan & Hartson, L.L.P.
   555 Thirteenth Street, N.W.
   Washington, DC 20004
   
   Counsel for Appellee
   
  BY FEDERAL EXPRESS
  
   
   
   Cindy A. Cohn
   McGlashan & Sarrail
   177 Bovet Road, Sixth Floor
   San Mateo, CA 94402
   
   Counsel for Appellee
   
   Lee Tien
   1452 Curtis Street
   Berkeley, CA 94702
   
   Counsel for Appellee
   
   Elizabeth Pritzker
   First Amendment Project
   1736 Franklin, 8th Floor
   Oakland, CA 94612
   
   Counsel for Appellee
   
   _________/s/_______________
   
   Brian Conboy
     _________________________________________________________________
   
    NO. 97-16686
    
   
     _________________________________________________________________
   
    IN THE UNITED STATES COURT OF APPEALS
    FOR THE NINTH CIRCUIT
    ______________________________________
    
DANIEL J. BERNSTEIN,
Plaintiff-Appellee,

                                      V.
                                       
U.S. DEPARTMENT OF COMMERCE et al.,
Defendants-Appellants.

    ______________________________________
    
  ON APPEAL FROM THE UNITED STATES DISTRICT COURT
  FOR THE NORTHERN DISTRICT OF CALIFORNIA
  
    ______________________________________
    
                                   ADDENDUM
                                       
    ______________________________________
    
    Brian Conboy
    Michael H. Hammer
    Andrew R. D'Uva
    Gunnar D. Halley
    
    WILLKIE FARR & GALLAGHER
    Three Lafayette Centre
    1155 21st Street, N.W., Suite 600
    Washington, D.C. 20036-3384
    (202) 328-8000
    
   
     _________________________________________________________________
   
ADDENDUM

   Trusted Information Systems Worldwide Survey of Cryptographic Products
          
          (Jan. 17, 1997)
          
          (relevant pages)
          
   Hearing on Encryption Control Relief for Software with Encryption
          Capabilities Before The Senate Comm. on Commerce, Science, &
          Transp
          105th Cong., 1st Sess. (Mar. 19, 1997) (statement of Robert
          Holleyman, President, Business Software Alliance)
          
   Bruce Schneier & David Banisar, The Electronic Privacy Papers (1997)
          (relevant pages)
          
   Alfred J. Menezes et al., Handbook of Applied Cryptography (1997)
          (relevant pages)
          
   Benedict Monroe & Chia Swee Hon, Singapore-Information Technology
          Services,
          IT Market IS970710.300 (July 1, 1997) (relevant pages)
          
   Report of the President's Commission on Critical Infrastructure
          Protection, Critical Foundations: Protecting America's
          Infrastructures 
          (Oct. 1997) (relevant pages)
          
   Department of Commerce & National Security Agency Study, A Study of
          the International Market for Computer Software with Encryption
          (released Jan. 11, 1996) (relevant pages)
          
   
     _________________________________________________________________
   
Footnotes

   
   
   (1) See 15 C.F.R. Sect. 734.3 (1997).
   
   (2) Amici will not burden the Court by repeating herein the thorough
   legal analysis and cited authority as set forth in the brief of
   Appellee Daniel Bernstein.
   
   (3) The regulations are administered by the Department of Commerce, 15
   C.F.R. Sect. 730 et seq. implementing the Export Administration Act of
   1979, 50 U.S.C. app. 2401 et seq.,which controls "dual use" items that
   can be used for both military and civilian purposes.
   
   (4) For example, millions of documents have been classified
   unnecessarily under the rubric of "national security interest,"
   including weather reports produced by an aide to General Eisenhower
   during World War II which remained classified thirty years after the
   fact. See Report of the Commission on Protecting and Reducing
   Government Secrecy, S. Doc. No. 105-2, at 49-52 (1st Sess. 1997)
   (Commission formed pursuant to Pub. L. No. 103-236).
   
   (5) The Massey-Lai patent (5,214,703) is held by Ascom Tech AG. See
   Alfred J. Menezes et al., Handbook of Applied Cryptography 640 (1997).
   
   
   (6) Citing Charles Ferguson, "High Technology Product Life Cycles,
   Export Controls, and International Markets," in Working Papers of the
   National Research Council Report Balancing the National Interest, U.S.
   National Security Export Controls and Global Economic Competition,
   National Academy Press, Washington, D.C., 1987.
   
   (7) "Unlike, say, nuclear weapons, which require amounts of
   difficult-to-obtain materials to build, computer software design has
   virtually no 'barriers to entry.'" The Security & Freedom through
   Encryption (SAFE) Act: Hearing on H.R. 695 Before the House Subcomm.
   on Telecomm., Trade & Consumer Protection of the Comm. on Commerce,
   105th Cong., 1st Sess. (Sept. 4, 1997) (testimony of George A.
   Keyworth, II, Chairman, Progress & Freedom Foundation), available in
   LEXIS, Legis Library, Cngtst File.
   
   (8) Export restrictions, generally, can impose economic harm on the
   relevant industry of the exporting nation. See, e.g., National
   Research Council, Finding Common Ground: U.S. Export Controls in a
   Changed Global Environment 22 (1991) ("Unilateral embargoes on exports
   [of technologies for commercial aircraft and jet engines] to numerous
   countries not only make sales impossible but actually encourage
   foreign competitors to develop relationships with the airlines of the
   embargoed countries. By the time the U.S. controls are lifted, those
   foreign competitors may have established a competitive advantage.").
   
   (9) Integration means software that incorporates easy-to-use
   encryption capabilities as part of its larger function. Current
   examples include Microsoft Outlook Express (electronic mail) and
   Netscape Communicator. These programs automatically employ encryption
   when necessary, automating and simplifying the encryption/decryption
   process so that it is as transparent as possible to the user. For
   example, in order to send an encrypted message using an electronic
   mail program containing integrated encryption software, the user
   simply selects the "encrypt message" option of the electronic mail
   program. The message is automatically decrypted by the recipient's
   electronic mail program when the proper password is supplied.
   
   By contrast, stand-alone encryption software is designed primarily to
   encrypt and decrypt information. Using this type of software to add
   functional encryption capabilities to other software applications,
   such as electronic mail, typically requires multiple steps. For
   example, in order to encrypt an electronic mail message using
   stand-alone encryption software, the user creates a message, then
   launches the stand-alone encryption software application and generates
   an encrypted version of the message using the stand-alone encryption
   software before using the electronic mail application to actually
   transmit the encrypted file. The recipient must then reverse the steps
   in order to read the message. Hence, integrated encryption is much
   simpler to use than stand-alone encryption.
   
   (10) The Government has stated that it reserves the right to control
   scannable source code in printed form. However, such reservation is
   not contained in the export control regulations and, in any event, the
   Government has not sought to control print source code. 61 Fed. Reg.
   68,575 (1996).
   
   (11) This software is called "optical character recognition" or "OCR"
   and is widely used, for example, to permit the recipient of a
   facsimile to convert the document to a machine readable, electronic
   form that can be edited further.
   
   (12) This technology is also used outside the United States. See,
   e.g., New Technology for Aberdeen Means Letter Sorting at the Speed of
   Light, Origin Universal News Services Limited, May 28, 1997, available
   in LEXIS, News Library, Curnws File (describing use of post office
   scanning technology in Scotland and the United Kingdom).
   
   (13) It is now possible, for example, to purchase books from a
   "virtual bookstore" on the Internet (e.g., ),
   place brokerage orders for immediate execution (e.g.,
   www.fidelity.com), make travel reservations and purchase tickets
   (e.g., expedia.msn.com), receive nearly instantaneous multimedia
   news updates (e.g., cnn.com).
   
   (14) For example, it is now possible to search via the Internet many
   databases at the Library of Congress (), the
   White House (www.whitehouse.gov) and the Federal Bureau of
   Investigation ().
     _________________________________________________________________