Dissenting:
Bernstein was not entitled to bring a facial First Amendment challenge to the EAR, and the district court improperly granted an injunction on the basis of a facial challenge. I therefore respectfully dissent.
The basic error which sets the majority and the district court adrift is the failure to fully recognize that the basic function of encryption source code is to act as a method of controlling computers. As defined in the EAR regulations, encryption source code is “[a] precise set of operating instructions to a computer, that when compiled, allows for the execution of an encryption function on a computer.” 15 C.F.R. pt. 722. Software engineers generally do not create software in object code-the series of binary digits (l’s and 0’s)-which tells a computer what to do because it would be enormously difficult, cumbersome and time-consuming. Instead, software engineers use high-level computer programming languages such as “C” or “Basic” to create source code as a short*1148hand method for telling the computer to perform a desired function. In this respect, lines of source code are the building blocks or the tools used to create an encryption machine. See e.g., Patrick Ian Ross, Bernstein v. United States Department of State, 13 Berkeley Tech. L. J. 405, 410-11 (1998) (“[E]lectronic source code that is ready to compile merely needs a few keystrokes to generate object code-the equivalent of flipping an ‘on’ switch. Code used for this purpose can fairly easily be characterized as.‘essentially functional.’”); Pamela Samuelson et al., A Manifesto Concerning Legal Protection of Computer Programs, 94 Colum. L. Rev. 2308, 2315-30 (1994) (“[Pjrograms are, in fact, machines (entities that bring about useful results, i.e., behavior) that have been constructed in the medium of text (source code and object code).”). Encryption source code, once compiled, works to make computer communication and transactions secret; it creates a lockbox of sorts around a message that can only be unlocked by someone with a key. It is the function or task that encryption source code performs which creates its value in most cases. This functional aspect of encryption source code contains no expression; it is merely the tool used to build the encryption machine.
This is not to say that this very same source code is not used expressively in some cases. Academics, such as Bernstein, seek to convey and discuss their ideas concerning computer encryption. As noted by the majority, Bernstein must actually use his source code textually in order to discuss or teach cryptology. In such circumstances, source code serves to express Bernstein’s scientific methods and ideas.
While it is conceptually difficult to categorize encryption source code under our First Amendment framework, I am still inevitably led to conclude that encryption source code is more like conduct than speech. Encryption source code is a building tool. Academics and computer programmers can convey this source code to each other in order to reveal the encryption machine they have built. But, the ultimate purpose of encryption code is, as its name suggests, to perform the function of encrypting messages. Thus, while encryption source code may occasionally be used in an expressive manner, it is inherently a functional device.
We are not the first to examine the nature of encryption source code in terms of First Amendment protection. Judge Gwin of the United States District Court for the Northern District of Ohio also explored the function versus expression conundrum of encryption source code at some length in Junger v. Daley, 8 F.Supp.2d 708 (N.D.Ohio 1998). Junger, like Bernstein, is a professor, albeit a law professor, who wished to publish in various forms his work on computers, including a textbook, Computers and the Law. The book was determined by the Government to be subject to export without a license, but his software programs were determined to come within the licensing provisions of the EAR. In the course of rejecting Junger’s claims, the court said:
Like much computer software, encryption source code is inherently functional; it is designed to enable a computer to do a designated task. Encryption source code does not merely explain a cryptographic theory or describe how the software functions. More than describing encryption, the software carries out the function of encryption. The software is essential to carry out the function of encryption. In doing this function, the encryption software is indistinguishable from dedicated computer hardware that does encryption.
In the overwhelming majority of circumstances, encryption source code is exported to transfer functions, not to communicate ideas. In exporting functioning capability, encryption source code is like other encryption devices. For the broad majority of persons receiving such source code, the value comes from the function the source code does.
*1149Id. at 716. The Junger decision thus adds considerable support for the propositions that encryption source code cannot be categorized as pure speech and that the functional aspects of encryption source code cannot be easily ignored or put aside.
Both the district court and the majority hold that because source code can be used expressively in some circumstances, Bernstein was entitled to bring a facial challenge to the EAR. Such an approach ignores the basic tenet that facial challenges are inappropriate “unless, at a minimum, the challenged statute ‘is directed narrowly and specifically at expression or conduct commonly associated with expression.’” Roulette v. City of Seattle, 97 F.3d 300, 305 (9th Cir.1996) (quoting City of Lakewood v. Plain Dealer Publishing Co., 486 U.S. 750, 760, 108 S.Ct. 2138, 100 L.Ed.2d 771 (1988)). That encryption source code may on occasion be used expressively does not mean that its export is “conduct commonly associated with expression” or that the EAR regulations are directed at expressive conduct. See id. at 303 (“The fact that sitting can possibly be expressive, however, isn’t enough to sustain plaintiffs’ facial challenge.”); see also Junger, 8 F.Supp.2d at 718 (“[T]he prior restraint doctrine is not implicated simply because an activity may on occasion be expressive.”).
The activity or conduct at issue here is the export of encryption source code. As I noted above, the basic nature of encryption source code lies in its functional capacity as a method to build an encryption device. Export of encryption source code is not conduct commonly associated with expression. Rather, it is conduct that is normally associated with providing other persons with the means to make their computer messages secret. The overwhelming majority of people do not want to talk about the source code and are not interested in any recondite message that may be contained in encryption source code. Only a few people can actually understand what a line of source code would direct a computer to do. Most people simply want to use the encryption source code to protect their computer communications. Export of encryption source code simply does not fall within the bounds of conduct commonly associated with expression such as picketing or handbilling. See Roulette, 97 F.3d at 303-04.
Further, the EAR regulates the export of encryption technology generally, whether it is software or hardware. See 15 C.F.R. § 742.15; Junger, 8 F.Supp.2d at 718 (“The Export Regulations do not single out encryption software.”). These regulations are directed at preventing the functional capacity of any encryption device, including its source code, from being exported without a government license. The EAR is not specifically directed towards stifling the expressive nature of source code or Bernstein’s academic discussions about cryptography. This is demonstrated by the fact that the regulations do not object to publication in printed form of learned articles containing source code. See 15 C.F.R. § 734.3. Thus, the EAR is generally directed at non-expressive conduct-the export of source code as a tool to make messages secret and impervious to government eavesdropping capabilities.
Because this is a law of general application focused at conduct, Bernstein is not entitled to bring a facial challenge. The district court’s injunction based upon the finding of a facial prior restraint is thus impermissible. This is not to say that Bernstein’s activities would not be entitled to First Amendment protection, but that the legal path chosen to get that protection must be the correct one. We should be careful to “entertain[ ] facial freedom-of-expression challenges only against statutes that, ‘by their terms,’ sought to regulate ‘spoken words,’ or patently ‘expressive or communicative conduct.’ ” Roulette, 97 F.3d at 303 (citing Broadrick v. Oklahoma, 413 U.S. 601, 612-13, 93 S.Ct. 2908, 37 L.Ed.2d 830 (1973)). Bernstein may very well have a claim under an as-applied First Amendment analysis; however, such a claim must be left to the district court’s *1150determination in the first instance. Here, the district court did not rule on Bernstein’s as-applied claims. I would therefore vacate the district court’s injunction and remand for consideration of Bernstein’s as-applied challenges to the EAR. Accordingly, I respectfully dissent.