THE WHITE HOUSE
Office of the Press Secretary
______________________________________________________________
For Immediate Release September 16, 1998
PRESS BRIEFING BY
THE VICE PRESIDENT,
DEPUTY CHIEF OF STAFF JOHN PODESTA,
PRINCIPAL ASSOCIATE DEPUTY ATTORNEY GENERAL ROBERT LITT,
ASSISTANT DIRECTOR OF THE FBI CAROLYN MORRIS,
UNDER SECRETARY OF COMMERCE WILLIAM
REINSCH,
DEPUTY SECRETARY OF DEFENSE JOHN HAMRE,
AND DEPUTY NATIONAL SECURITY ADVISOR JIM
STEINBERG
The Briefing Room
11:57 A.M. EDT
THE VICE PRESIDENT: Good morning. While my colleagues
are coming in here, let me acknowledge them. John Podesta is going
to take over the podium after I complete my statement, and he is
joined by Bob Litt of the Justice Department, Bill Reinsch of the
Commerce Department -- Under Secretary for the Export Administration
-- and John Hamre, Deputy Secretary of Defense.
I also want to acknowledge Carolyn Morris of the FBI;
Barbara McNamara of the National Security Agency; John Gordon, Deputy
Director of the CIA. And you all should know that this process, the
results of -- the interim results of which I'm announcing here, is a
process that has been run principally by John Podesta and Jim
Steinberg, Deputy at the National Security Council. And I also want
to thank Sally Katzen at the NEC and David Beier on my staff for the
work that they and many others have done on this.
Some of you who have followed this issue know that it is
probably one of the single, most difficult and complex issues that
you can possibly imagine. But we've made progress, and we're here
this morning to announce an important new action that will protect
our national security and our safety, and advance our economic
interests and safeguard our basic rights and values in this new
Information Age.
The Information Age has brought us the Internet, an
inter-connected global economy and the promise of connecting us all
to the same vast world of knowledge. But with that exciting promise
comes new challenges. We must make sure that in the Information Age
you get information about the rest of the world and not the other way
around. We must ensure that new technology does not mean new and
sophisticated criminal and terrorist activity which leaves law
enforcement outmatched -- we can't allow that to happen. And we must
ensure that the sensitive financial and business transactions that
now cruise along the information superhighway are 100 percent safe in
cyberspace.
Balancing these needs is no simple task, to say the
least. That is why, in taking the next step toward meeting these
complex goals, we worked very closely with members of Congress from
both parties, House and Senate; with industry; with our law
enforcement community and with our national security community. And
as we move forward we want to keep working closely with all who share
a stake in this issue -- especially law enforcement -- to constantly
assess and reassess the effectiveness of our actions in this fast
changing medium.
Today I'm pleased to announce a new federal policy for
the encryption and protection of electronic communication, a policy
that dramatically increases privacy and security for families and
businesses without endangering out national security.
Beginning today, American companies will be able to use
encryption programs of unlimited strength when communicating between
most countries. Health, medical, and insurance companies will be
able to use far stronger electronic protection for personal records
and information. Law enforcement will still have access to
criminally-related information under strict and appropriate legal
procedures. And we will maintain our full ability to fight terrorism
and monitor terrorist activity that poses a grave danger to American
citizens.
With this new announcement, we will protect the privacy
of average Americans, because privacy is a basic value in the
Information Age, indeed in any age. We will give industry the full
protection that it needs to enable electronic commerce to grow and to
thrive. And we will give law enforcement the ability to fight 21st
century crimes with 21st century technology, so our families and
businesses are safe, but on-line outlaws are not safe.
In just a moment you will hear more of the details of
this new policy, but I want to conclude by saying that this policy
does reflect one of the greatest challenges of these new times. And
to state it broadly, it's a challenge of how we can harness powerful
new technology while protecting our oldest and most cherished values,
such as privacy and safety.
I'm grateful to those who have worked so hard to reach
this balance. And with today's announcement I believe that all
families and businesses have reason to feel safer, more secure and
more confident as we approach the 21st century.
And now I'd like to turn things over to White House
Deputy Chief of Staff John Podesta.
Q Mr. Vice President, before you go, can you tell us
what you say to Democratic lawmakers who say the President ought to
resign?
THE VICE PRESIDENT: I disagree.
Q How about the release of that tape? What do you
think --
THE VICE PRESIDENT: The President is going to have a
press conference shortly and I'm sure that you will not miss the
opportunity at this national security press conference with the
leader of a foreign country to raise all these questions.
Q What about the videotape, should it be released?
Q It was staged by the White House -- you know that,
don't you?
MR. PODESTA: Guess what? I'm here to talk about
encryption. Okay. I can see the front row leaving here.
(Laughter.) As the Vice President noted, Jim Steinberg and I have
co-chaired our process in this matter. I volunteered for that duty
because of my well-known fascination with The X Files, which most of
you know about.
As you know, this is an important and challenging issue
that affects many of our interests in our society. And over the past
year we've promoted a balanced approach to the issue, working with
all segments of our government and working with industry to find a
policy that promotes electronic commerce, preserves privacy, protects
national security and law enforcement interests, and permits U.S.
industry to secure global markets.
Recognizing the importance of moving this issue forward,
last March the Vice President asked us to intensify our dialogue with
U.S. industry, to bring industry's technical expertise to bear on
this issue with the hope of finding more innovative ways that we
might assist law enforcement. We appreciate the efforts of Congress,
the law enforcement community and particularly the industry groups.
I would note the Computer Systems Policy Project and the
Americans for Computer Privacy, who have been in an intensive
dialogue with us over the past many months to foster an environment
that has allowed us to come up with a policy which we believe has
balanced the elements that are necessary in this regard.
I think all the stakeholders in this process, on our
side, as well as on private industry's side, now have a greater
appreciation of the issues and intend to continue the dialogue, which
I think we're most pleased by. Again, I think some of the people
here from industry will be available at the stakeout later to take
some comment.
Based on the ideas discussed among the various
stakeholders, today we're proposing an update to our policies that
we've announced in the past. I'm going to serve kind of as M.C.
We're going to start off with Bob Litt from the Justice Department
and Carol Morris, who I asked to join us, from the FBI, to talk about
the law enforcement-FBI concerns. Then we're going to turn to Bill
Reinsch from the Commerce Department to talk about export control and
electronic commerce. And finally you'll hear from Dr. Hamre from the
Defense Department. I might ask Jim also to join us up here.
Before I give up the floor to Bob and Carol, though, I
want to stress that encryption policy is an ongoing process. It's
one of adaptation; it's an evolutionary process. We intend to
continue the dialogue, and over the course of the next year,
determine what further updates are necessary as we work with industry
to try to, again, come up with a policy that balances national
security, law enforcement, and the real needs for privacy and
security in electronic commerce.
Thank you. Let me turn it over to Bob.
MR. LITT: Thank you, John. Good afternoon. The
Justice Department and the FBI and law enforcement in general is
supportive, very supportive of today's announcement on the updating
of our export controls on encryption products, particularly with
respect to those products that allow law enforcement to obtain lawful
access to the plain text of encrypted information.
We have been very encouraged over the last few months by
industry's efforts to work with us to develop and market strong
encryption products that provide law-abiding citizens with the
ability to protect the privacy of their communications and their
electronically-stored data, while at the same time maintaining law
enforcement's ability to ensure public safety when these products,
when they become commercially available, are used in furtherance of
serious criminal activity.
Our goal is through whatever means to ensure that when
we have the lawful authority to take steps to protect public safety,
we have the ability to do so. And we have been working cooperatively
with industry for many months to develop approaches that will deal
with that.
Carolyn Morris will now talk a little bit about the
technical support center that is being proposed.
MS. MORRIS: Thank you very much, Bob.
Good afternoon, ladies and gentlemen. We in federal,
state, and local law enforcement, are pleased with the
administration's support to establish a technical support center.
This center will provide federal, state, and local law enforcement
with the resources and the technical capabilities we need to fulfill
our investigative responsibilities.
In light of strong, commercially available encryption
products that are being proliferated within the United States, and
when such products are used in the furtherance of serious criminal
activity, this center becomes very, very critical to solving the
encryption issues that we need to make cases. As a matter of fact,
the FBI has already begun planning activities of this critical
technical support center in anticipation of the availability of
funds.
The United States federal, local and state law
enforcement community looks forward to a cooperative partnership with
American industry, the Congress and the administration to ensure that
this technical support center becomes a reality in the near future.
With this center the American people can be assured that federal,
state, and local law enforcement has the necessary resources and
tools we need to fulfill our public safety mission.
Thank you very much.
UNDER SECRETARY REINSCH: With respect to export
controls, the administration is updating its policy in three areas:
Our existing policy and some revisions there, an expansion with
respect to certain sectors, and an expansion with respect to
so-called recoverable products. And let me address each of these
separately. In keeping with the administration's reinvention
initiatives, I'm going to try to do it in plain language -- or plain
English, So that those of you that speak the vocabulary of encryption
may find it to elementary, but we can go back and do it again in
another language, if you want, later on in questions.
With respect to our existing policy, we have for two
years ending this December, permitted the export of 56-bit products
after an initial one-time review without further review by the
government. What we're announcing today is the maintenance of that
window permanently. And so 56-bit products will be freed from export
controls after a one-time review, in perpetuity, not ending at the
end of this year. We are, however, removing the requirement for key
recovery plans or key recovery commitments to be provided in return
for that change, which was the initial condition that we extracted.
In addition, we are continuing to permit the export of
key recovery products -- products that contain those features --
without restraint worldwide. We are, however, going to simplify
significantly our regulations that relate to those exports. In
particular, we're going to eliminate the need for six-month progress
reports for the plans that have been submitted, and we're going to
eliminate the requirement for any prior reporting of key recovery
agent information. For those of you that follow the regulations in
detail, that means we're going to eliminate Supplement Five of our
regulations on these matters.
Now, with respect to sectors, we're making some new
innovations in four areas. Some of you may be familiar with the fact
that some time ago we announced expanded treatment of encryption
products for export to banks and financial institutions. And what we
did at that time, briefly, was to permit the export of encryption
products of any length, any bit length, with or without key recovery
features to banks and financial institutions in a list of 45
countries.
What we are announcing today is, first, that we are
adding insurance companies to the definition of financial
institutions, so insurance companies will be treated the same way
under this policy as banks and other financial institutions are now.
In addition, we are providing the same kind of treatment for exports
of these encryption products to the health and medical sector
operating in the same set of countries. We are excluding from that
biochemical and pharmaceutical producers. But the rest of the health
and medical sector will be the beneficiary of the same kind of
treatment.
In addition, we are providing also this expanded
treatment for that country group to on-line merchants that are
operating in those countries. That means that for products that are
like client-server applications, like SSL, will be able to be
exported to those destinations.
All these things will take place under what we call
license exception, which means after initial one-time review to
determine whether or not your product is, in fact, what you say it
is, they can then go without any further review or intervention by
the government to those locations. In addition, there is always the
option in the export control system of coming in with an application
to export these kinds of products to other destinations beyond the
ones that I'm talking about right now, and those will be reviewed one
by one on their merits.
Finally, with respect to what we have come to refer to
as a class of so-called recovery capable or recoverable products, and
these are the products that, among others, include what has become
known as the doorbell products, which are products that, among other
things, will deal with the development of local area or wide area
networks and the transmission of e-mail and other data over networks
-- we are going to permit the export of those products under a
presumption of approval and an export licensing arrangement to a list
of 42 countries. And within those countries we are going to permit
that export to commercial firms only within those countries. And
both in that case and in the case of the on-line merchants that I
referred to a few minutes ago, we are going to exclude manufacturers
or distributors of munitions items, I think for obvious reasons.
We can go into further details later, if you would like.
I think for those of you that are interested in the nitty-gritty of
all this stuff, BXA intends to post all the details, including the
country lists, on its website and we should have that up later today.
Thank you.
DEPUTY SECRETARY HAMRE: Good morning. I'm here to
speak on behalf of the national security community. I'm joined today
by my enormously capable counterparts and colleagues, Deputy Director
Barbara McNamara for the National Security Agency; and Deputy
Director John Gordon from the Central Intelligence Agency.
The national security establishment strongly supports
this step forward. We think this is a very important advance in a
crucial area for our security in the future.
We in DOD had four goals when we entered these
discussions. First was to strengthen our ability to do electronic
commerce. We're the largest company in the world. Every month we
write about 10 million paychecks. We write about 800,000 travel
vouchers. One of our finance centers disburses $45 million an hour.
We are a major, major force in business. And for that reason, we
can't be efficient unless we can become fully electronic, and
electronic commerce is essential for us. And this is an enormous
step forward.
Second, we must have strong encryption and a security
structure for that in order to protect ourselves in cyberspace. Many
of you know that we have experienced a number of cyber attacks during
the last year. This will undoubtedly increase in the future. We
need to have strong encryption because we're operating over public
networks; 95 percent of all of our communications now go over public
infrastructure -- public telephone lines, telephone switches,
computer systems, et cetera. To protect ourselves in that public
environment, we must have encryption and we must have a key recovery
system for ourselves.
The third goal that we had was to help protect America's
infrastructure. One of the emerging national security challenges of
the next decade is to protect this country, the homeland defense of
this country, against attack. We must have strong encryption in
order to do that, because most of this infrastructure now is being
managed through distributed computer-based management systems, and
this is an important step forward.
Finally, it is very important that the Department of
Defense and our colleagues in the national security establishment
have the ability to prosecute our national security interests
overseas. Terrorists and rogue nations are increasingly using these
tools to communicate with each other and to lay their plans. We must
have the ability to deal with that. And so this policy, it's a
balanced and structured approach to be able to deal with all four of
those problems.
UNDER SECRETARY REINSCH: I apologize -- in listing my
changes, I neglected one very important item that I want to go back
to, and that is, in the sector area we are also announcing today the
ability to export strong encryption of any bit length, with or
without key recovery features, to subsidiaries of U.S. companies to
all destinations in the world with the exception of the seven
terrorist nations.
MR. PODESTA: Okay, I think we're happy to take your
questions now. If you could identify whom you're addressing, because
there is a variety of expertise. And I would like to introduce one
other person, Charlotte Knepper from the NSC staff, who has been
instrumental in pulling this all together.
Q John, this is a question for you. In October '96
and other White House statements on encryption, there has usually
been a line also addressing the domestic side, saying that all
Americans remain free to use any strength encryption. I didn't
notice anything like that in today's announcement. Are there any
conditions under which the White House would back domestic
restrictions on encryption?
MR. PODESTA: We haven't changed our policy, and the
previous statements are certainly intact. We have made a number of
policy statements in the past, since this administration came into
office, and I think that you should view this as a step forward,
building on the policies that we have put before the American public
in the past.
Q John, could I ask you one question about an
un-encrypted matter?
MR. PODESTA: Maybe. (Laughter.)
Q Democrats on the Hill are now saying, and John
Kerry is saying that the President's actions absolutely call for some
sort of punishment. What are Democrats telling you about what they
feel must be done at this point?
MR. PODESTA: Well, I think I'm not going to stand here
and take a lot of questions, but I'm going to give special
dispensation, as a Catholic, today -- which is I'm going to return
your phone calls later. But in deference to the people up here I
think we'll handle it that way.
But in specific response, I'll take one, which is that I
think that we had a number of productive meetings with Democrats on
both sides of the Hill yesterday. They view the President as a
person who has led on the issues that are important to them, and I
think what they want to do is get back to having him speak out and be
a leader on the issues of education and the health care bill of
rights, on saving Social Security. And I think they pointed at that
and wanted to work with us on that.
I think with regard to the question that you posed with
regard to Senator Kerry, I think that's a matter that they are
debating amongst themselves more than they are debating with the
White House. I think it's probably presumptuous for us at this point
to offer them assistance or guidance. I mean, the President has said
that what he has done was wrong; he's apologized for it; he's asked
for forgiveness. He is moving forward. And I think that this debate
is going on, on Capitol Hill, but it's largely going on amongst
members themselves.
Q We haven't heard many of them say they want to get
back to the work at hand.
MR. STEINBERG: You heard John, and I'm going to leave
it there.
Let me just add a word in response, in connection with
the domestic controls issue. I think one of the lessons that we've
learned from this exercise is that -- actually, two lessons -- one,
that trying to balance the various interests and equities in this is
much less of a zero sum gain than I think some began to look at the
question. That is, you heard from Dr. Hamre and others that many of
the interests involved have common interests in making sure that we
have secure and effective means of dealing with communications and
stored data.
And so we found, by looking in a very pragmatic way,
that there were ways to solve these problems without very, kind of,
broad-based solutions. In particular, I think the idea that there's
no one-size-fits-all answer to the problems of meeting the various
needs informs the decisions that we reached -- that there are a
variety of different techniques that respond to the different aspects
of the industry, the different aspects of the technology. I think
that's what made the progress possible today, is that industry,
agencies and Congress sat down together, pulled the problem apart,
began to look at its different components and began to fashion very
pragmatic solutions.
And so I think we came to this discussion with a spirit
of not looking for a kind of single or simple solution to the problem
but, rather, how do you tackle and meet the various needs. And I
think that's what led to this resolve.
Q Could you talk a little more about the on-line
merchants part of it? I mean, what do you have to do to qualify as
an on-line merchant? Do you have to register or can anybody sort of
set themselves up in business?
UNDER SECRETARY REINSCH: I think the simplest way to
respond to that right now is we'll have a definition in the reg that
will be very clear as to what the criteria are for qualification.
And those definitions have already been dealt with and agreed to, so
we should have them up on the web site this afternoon.
Q A question for Bill Reinsch. How do you handle,
then, 128-bit, to which the Department has given export -- or has
allowed to be exported after going through this review? Will 128 or
things above 56-bit, will they require a license or will they still
have to go through plans --
UNDER SECRETARY REINSCH: Well, with respect to the
subsidiaries, the health sector, the banks, the financial
institutions, the insurance companies, the on-line merchants, and the
recoverable products as in the universe defined -- no. In the case
of all but the recoverable products, they will all go on license
exception, which means one-time review and then out the door. With
respect to recoverable products, they will come in and go out
pursuant to an export licensing arrangement, where we'll have to do a
little tailoring depending upon the nature of the product. But there
is a presumption of approval for the 42 countries that I indicated.
And that's without reference to bit length -- 128 or
more is all covered by that. Now, if you want to export an 128-bit
product that is beyond any of those universes, then you would have to
come in for an individual license application.
Q A question for Mr. Litt. With regard to the
technical support center, when do you expect that to be in operation?
MR. LITT: I don't think we have a specific timetable
yet. Obviously, it would be helpful for us to have it up and
operational as soon as possible, but there are planning and budgetary
issues that have to be dealt with.
Q This is probably a question for Under Secretary
Reinsch. The export exceptions now are essentially going to U.S.
subsidiaries -- foreign subsidiaries of U.S. companies. I was
wondering, could you be a little more specific -- what size company,
what kind of company will be allowed to export powerful crypto to its
foreign subsidiaries?
UNDER SECRETARY REINSCH: That doesn't make any
difference. The universe is determined by the end user, not by the
nature of the American company. But it is not -- while part of this
relates to subsidiaries of U.S. companies, that is correct, we also
intend, on a case-by-case basis, to provide for favorable treatment
for export of the same kind of thing to strategic partners of U.S.
companies -- those foreign companies that are engaged in a closer,
say, joint venture, that kind of relationship.
Well, I think that's it.
Q What about foreign companies that have U.S.
subsidiaries, like Seaman's or -- or Chrysler -- can they get this
encryption?
UNDER SECRETARY REINSCH: Well, keep in mind, there are
multiple universes here. If you're talking about the financial
institutions, the banks and the insurance companies, those aren't
necessarily American financial institutions. That's for export to
any financial institution, and for their use in any of their
branches, aside from the terrorist countries. This is true for the
health sector; this is true for on-line merchants as well. Those are
not restricted to U.S. companies.
Obviously, if we're going to have a requirement for U.S.
subs, it relates to U.S. subs, and wouldn't affect the examples
you've described. Now, with respect to recoverable products, which
actually is one of the areas where the companies you mentioned would
probably be looking because they'd be looking to build a network
among their various offices, affiliates of subsidiaries, dealers if
necessary, worldwide, the recoverable provisions that I described
could be exported to those companies within the territorial universe
I described -- the 42 countries.
Thank you very much.
END 12:25 P.M. EDT
Return to the main page
Return to the Briefing Room
The White House Help Desk