News

The White House Briefing Room


September 16, 1999

PRESS BRIEFING BY DEPUTY NATIONAL SECURITY ADVISOR JIM STEINBERG, ATTORNEY GENERAL JANET RENO, DEPUTY SECRETARY OF DEFENSE JOHN HAMRE, UNDER SECRETARY OF COMMERCE BILL REINSCH, AND CHIEF COUNSELOR FOR PRIVACY AT OMB PETER SWIRE



                              THE WHITE HOUSE

                       Office of the Press Secretary
_____________________________________________________________
For Immediate Release                                          September
16, 1999


                             PRESS BRIEFING BY
              DEPUTY NATIONAL SECURITY ADVISOR JIM STEINBERG,
                       ATTORNEY GENERAL JANET RENO,
                  DEPUTY SECRETARY OF DEFENSE JOHN HAMRE,
                 UNDER SECRETARY OF COMMERCE BILL REINSCH,
            AND CHIEF COUNSELOR FOR PRIVACY AT OMB PETER SWIRE


                                       The Briefing Room


3:25 P.M. EDT


          MR. STEINBERG:  Anybody left?  We're all here.  The question is,
is there anybody left there?  Or is everybody battening down the hatches
for the hurricane?

          Good afternoon.  As you all know, we're here today to talk about
encryption.  I want to begin by acknowledging and thanking some of my
colleagues who are with us today:  the Attorney General, Janet Reno;
Secretary Daley; Deputy Secretary of Defense John Hamre; and Peter Swire,
who is the Chief Counselor for Privacy at OMB.

          I also want to thank John Podesta, who has been my co-chair in
working this interagency process over the last several years; Barbara
McNamara, the Deputy Director of NSA, who's made an important contribution
to the work that we're going to be discussing today; Bill Reinsch, Under
Secretary of Commerce; Sally Katzen from OMB.  And I want to pay particular
thanks to Charlotte Knepper and Bruce McConnell, who are the two staff
people who really made this all possible, and have done an extraordinary
amount of work on an extraordinarily difficult and technically complex
subject.

          We're here today to announce a series of actions that will bring
new balance to the four pillars on which our encryption policy rests:
national security, public safety, privacy and commerce.  For two years,
John Podesta and I have chaired a high-level interagency process to fashion
policies to achieve these goals.

          A year ago today, the Vice President announced significant new
steps we were taking to balance these competing tasks, and called for a
review of our policy in a year.  Since then, we have worked closely with
members of Congress from both parties; with industry groups like the
Computer Systems Policy Project and Americans for Computer Privacy; with
members of our law enforcement community; and with our national security
community.

          We've found that there's no one-size-fits-all solution to the
issue of encryption; that there are a variety of different solutions that
respond to the different aspects of this challenge.  By taking a pragmatic
approach, we've crafted a new strategy that allows industry to compete
effectively with foreign competitors, while protection our national
defense, security and law enforcement interests.

          This strategy is outlined in a report to the President, authored
by Secretary Cohen, Attorney General Reno, Secretary Daley and OMB Director
Jack Lew, and a copy of that report we are releasing to you today.

          There are three parts to the strategy that we are launching.
First, the federal government is taking new steps to protect our vital
national security systems from unauthorized access.  We will be securing
our own systems with encryption and other security tools, and we will be
partnering with the private sector to develop more tools to protect our
nation's communication infrastructure.  In doing so, we hope to serve as a
model for the private sector.  In a moment, Deputy Secretary Hamre will
describe this effort in more detail.

          Second, we are launching a new framework for export controls that
will allow American companies to export encryption hardware and software
more broadly, while still protecting our vital national security needs.  We
will implement this new framework by December 15th, after we have had an
opportunity to consult with U.S. industry, the public and Congress.
Secretary Daley will discuss these changes in detail in a moment.

          Finally, we are taking new steps to ensure the public safety by
helping our law enforcement community stay one step ahead of the growing
sophistication of encryption technology.  Given the growing use of
encryption among criminal elements, we must update law enforcement's legal
tools to ensure that it can lawfully access information during
investigations.  Today, we will be submitting ne legislation to the
Congress called the Cyberspace Electronic Security Act, that will provide a
legal framework for both privacy protections and legal access to encryption
keys.  The Attorney General will describe our effort in this area in more
detail.

          Finally, we will hear from Peter Swire, who will speak more
specifically about how all of the steps we are taking today will address
America's concerns for privacy.

          Before I turn to my colleagues, let me say a word about the
pending encryption decontrol legislation in Congress.  We believe that the
new strategy we are presenting today provides a more balanced approach to
the issue than the proposals that are now before Congress.  We look forward
to working with Congress to implement a solution that meets the needs of
all those involved.

          However, the President will not sign any encryption legislation
that does not protect national security and law enforcement interests.
With that, let me turn to Deputy Secretary Hamre.

          DEPUTY SECRETARY HAMRE:  Good afternoon.  I have a little
prepared speech to give, but I got thrown off here; I was just handed a
wire clipping that basically says that the White House threw national
security and law enforcement overboard in order to give a concession to the
high-tech industry.  I've got to tell you, that's just completely wrong.

          The national security establishment -- the Department of Defense,
the intelligence community, strongly supports this strategy.  Indeed, we
created the first draft of the strategy and presented it to our colleagues
in the interagency process.

          We in the Defense Department did it because I think we feel the
problem more intensely than does anyone else in the United States.  We are
the largest single entity that operates in cyberspace.  No one is as large
as we are.  We are just as vulnerable in cyberspace as is anybody, and we
strongly need the sorts of protections that come with strong encryption and
a key infrastructure that we're calling for in this strategy.

          We also have a responsibility to provide to the President and to
senior decision-makers timely information so that they can protect this
country.  And for that reason we needed a very integrated approach, and
these three pillars, which you've heard about -- we can answer any further
questions -- are absolutely essential if we're going to be able to protect
this country in the future.  We strongly agree with this and think it's
exactly the right thing to do.

          This is a balanced program, but I've got to tell you it's going
to require significant investment on the part of the Department of Defense
and the intelligence community to put all the pieces in place.  We will
have to develop new tools to be able to do our job.  We will resource that
appropriately in the budget that we prepare that will be submitted next
January.

          All three elements of this strategy are essential, and I may
highlight, it's very crucial that the law enforcement element of this is
essential for national security.  You cannot distinguish in cyberspace
whether an attack comes inside the United States or from outside the United
States.  And only the law enforcement community is allowed to act inside
the United States.  We must have that part of this strategy enacted, and we
ask for help in doing that from the Congress.

          I, too, would like to say that there continues to be pressure for
legislation in the Congress that would strip away any controls over
encryption products.  One of the bills is called the Safe Act.  The only
person who would be safe, if that were passed, would be spies, who would be
free to export anything of national security interest without any
surveillance at all.  We cannot support that, and the Department would ask
the President to veto it, if it were passed.

          We strongly support this strategy.  The entire establishment --
national security establishment was instrumental in crafting it.  We would
ask the Congress for its help.  And I'd also like to thank my colleagues,
who were so instrumental in helping us work through these problems, and for
our colleagues that worked out the fine details when we went to finalize
the strategy.

          SECRETARY DALEY:  We can all welcome today's update of our
encryption policy.  It is a good example of government process that has
worked.  The agencies involved, from national security, law enforcement,
and commerce, all had a common objective: to provide the tools to keep our
nation safe, while taking technological advances and market changes into
account.

          This may have taken a little longer than some would have liked,
but in our opinion, this outcome is a sound one.  This new update continues
to provide the balanced encryption policy that the President wants, and is
a policy that will continue to protect our national security, while letting
us take advantage of the substantial promise of electronic commerce.

          In saying that, I want to be clear that the Commerce Department
supports all three parts of this program: the export control liberalization
is balanced by the additional tools for law enforcement, and additional
resources being devoted to improving the privacy and security of government
information systems.  Today's update continues the three fundamental
principles of our policy: one-time technical review, post-export reporting,
and the ability to deny exports to governments and military end-users.

          First, the new regulations will permit any encryption product, or
software, with a key length of 64 bits, to be exported under a license
exception to commercial firms and other non-government end-users in any
country except for the seven state supporters of terrorism.  This means
that exporters will be able to ship freely, once Commerce has reviewed
their products and classified them.

          We've decided that encryption exports which we previously allowed
only for a company's internal use can now be used for external purposes,
such as communication with other firms, supply chains, and customers.  This
step will be very helpful in building electronic commerce.  Additionally,
telecommunication and Internet service providers will now be able to use
any encryption commodity or software to provide services to commercial
firms and non-government end-users.

          Second, retail products with key lengths over 64 bits, those that
do not require substantial support are sold in tangible form, or have been
specifically designed for individual customer use -- may be exported under
a license exception to all end-users, including governments, except in the
seven state supporters of terrorism.  These regulatory changes basically
open the entire commercial sector as a market for strong U.S. encryption
products.  Exports to governments can be approved under a license.

          Third, the new regulations will also implement our international
commitments for encryption controls.  Last year, the Wassenaar Arrangement
-- 33 countries which have common controls and exports, includes encryption
-- made a number of changes to modernize the multilateral encryption
controls.  Among these changes, the U.S. will decontrol exports of 56 bits,
DES and equivalent products, including tool kits and chips, to all users
and destinations except the seven state supporters of terrorism, after a
technical review.  In addition, exports with key lengths of 64 bits or
less, including chips, that fall under the -- arrangements definition of
mass market loss will be decontrolled.

          As I mentioned, post-export reporting is a fundamental part of
our new export policy.  Reporting will now be required for any export to a
non-U.S. entity of any product above 64 bits.  Reporting helps ensure
compliance with our regulations, and also allows us to reduce licensing
requirements.  When we draft our regulations, we intend to consult with
industry to ensure that the reporting requirements will be streamlined to
reflect business models and practices and will be based on what companies
normally collect.  We hope to have their implementing regulations published
in the Federal Register before December 15th.  This approach will provide
the framework for U.S. industry to construct a new global network for
electronic commerce while maintaining reasonable national security
safeguards.

          ATTORNEY GENERAL RENO:  The President, today, is transmitting to
the Congress a legislative proposal entitled, the Cyberspace Electronic
Security Act of 1999, better known as CESA.  The Department of Justice
developed this legislation with the assistance of numerous agencies within
the government.  Legislation would support the use of encryption by
legitimate citizens to protect their privacy and address the growing use of
encryption by criminals using it to hide evidence.

          In brief, the advent and eventual widespread use of encryption
poses significant challenges to law enforcement and to public safety.
Under existing law, investigators have a variety of legal tools to collect
evidence of crime in such forms as communications restored data on
computers. These tools are rendered useless when encryption is used to
scramble the evidence so that law enforcement cannot decode it in a timely
manner.

          If, at all, when stopping a terrorist attack or seeking to
recover a kidnapped child, encountering encryption may mean the difference
between success and catastrophic failures.  At the same time, encryption is
critically important for protecting our privacy and our security, and the
administration, the Department of Justice and the FBI strongly support the
use of encryption by our law-abiding citizens for these purposes.

          CESA, therefore, balances the needs of privacy and public safety
that establishes significant new protections for the privacy of persons who
use encryption legally.  But it also assists law enforcement efforts to
maintain its current ability to obtain useable evidence as encryption
becomes more common.

          CESA contains a number of key provisions.  First it provides
special protections for decryption keys stored with third-party recovery
agents, and it establishes limitations on government use and disclosure of
decryption keys obtained by court processes.  These new provisions
significantly protect privacy.

          However, CESA does not limit in any way an individual's choice
about whether to use a recovery agent.  A person may use a recovery agent,
or not, as he or she chooses.

          CESA also authorizes appropriations for the Technical Support
Center in the FBI, a center which will serve as a centralized technical
source for federal, state and local law enforcement in responding to
increasing use of encryption by criminals.  Law enforcement throughout our
nation will depend upon this center to find ways to obtain useable evidence
under existing law despite the use of encryption by criminals and
terrorists.

          Finally, CESA protects the confidentiality of government
techniques used to obtain useable evidence such as techniques developed by
the Technical Support Center, and ensures that industry proprietary
information can be protected in criminal trials.  Open disclosure of law
enforcement techniques, for example, can jeopardize future investigations
and severely hamper law enforcement.

          I believe that in adopting this policy the administration has
fundamentally altered the encryption debate.  The administration is working
towards a number of important goals, ensuring that American industry
remains competitive, that our citizens have the strongest protection
available for their data and their communications, and that law enforcement
maintains its ability to protect public safety from criminals and
terrorists.

          Of course, we continue to be concerned that criminals and
terrorists will benefit from the widespread use of strong encryption which
will allow them to cloak their communications and other evidence of illicit
activities from authorized law enforcement investigations.  We must
recognize that the policy the administration is announcing today will
result in greater availability of encryption, which will mean that more
terrorists and criminals will use encryption.  We must deal responsibly
with that result by attempting to assist law enforcement in its efforts to
protect public safety through the passage of CESA.

          That said, this legislation does not provide any new authority
for law enforcement to be able to obtain useable evidence from criminals.
Instead, we will continue to operate under our existing authorities and
attempt to meet the threat of the criminal use of encryption.  We are
hopeful that these existing authorities will prove sufficient.

          In conclusion, we must have a balanced policy that reflects the
needs of privacy, electronic commerce, national security and public safety.
Today's announcement substantially relaxes export controls, allowing
American industry to compete fairly in the international marketplace, while
maintaining those minimal controls that are essential for national
security.  At the same time, by transmitting CESA to Congress and urging
its enactment, the President is addressing the needs of public safety.
Thus, the administration is taking a substantial step, a very substantial
step to address the needs of all stakeholders.

          MR. SWIRE:  My name is Peter Swire.  I'm the Chief Counsel for
Privacy at OMB.  I'm here to underscore that today's announcement reflects
the Clinton administration's full support for the use of encryption and
other new technologies to provide privacy and security to law-abiding
citizens in the digital age.
          The encryption measures announced today properly balance all of
the competing interests, including privacy, electronic commerce, and public
safety.  Encryption itself is a privacy and security enhancing technology.
Especially for open networks such as the Internet, encryption is needed to
make sure that the intended recipients can read a message, but that hackers
and other third parties cannot.  Today's announcement will broaden the use
of strong mass marketing encryption for individuals and businesses.

          In the part of today's announcement that updates the rules for
law enforcement, the Cyberspace Electronic Security Act retains all of the
existing legal protections for information in a home or business.  It goes
beyond current law and provides new privacy protections for individuals and
businesses who choose to store key information with an outside company.

          Think of your bank ATM card.  What would it be like if you forgot
your password and could not obtain access to the money in your account.
That is precisely what can happen with strong encryption.  If you lose the
password, then all that encrypted material is scrambled forever and lost.
Because encryption has become so unbreakable, prudent people need backups.
Under CESA, if you decide to give your key or password to an outside
company, then law enforcement has to meet strict new, judicially supervised
standards to get that information.  With this proposed legislation, it
would be a civil and criminal violation for the company to release the
information improperly, and also a violation for law enforcement officers
to try to get that information without a court order.

          Similarly, for added security and to prevent misuse of your
private key information, if this proposal becomes law there would be
restrictions on selling information regarding encryption customers to other
private parties.

          With that said, I want to be clear about what CESA does not do.
CESA is technology neutral and does not regulate the hardware or software
used for encryption.  CESA does not require anyone to use key escrow, nor
does it regulate how key escrow might develop in the private sector.  The
only effect of CESA on key escrow is to provide privacy assurances for
those who freely choose to give their backups of their key information to
others.  Some information stored outside of your home deserves to be
carefully protected.

          In sum, the announcement today shows the commitment of the
administration to real protections for privacy in the information age,
while balancing with the important other public interests we have all been
discussing.

          Q    Ms. Reno, you said that just a moment ago that you hoped
that this legislation will give existing authorities -- that the existing
authorities will be sufficient in getting access to the decryption keys.
It seems to me there's a big space between hope and will.

          ATTORNEY GENERAL RENO:  Based on our experience, our
conversations with industry, with all concerned, we think the existing
authorities will be sufficient.  And we look forward to working with
industry in that effort.

          Q    Mr. Hamre, you've testified on the Hill, and others in the
administration, many times, opposing the Safe Act.  At those times, you
laid out the exact scenarios that the Attorney General says will now come
to pass, and said they were unspeakable dangers that should be avoided.
Now, this policy is called a "balanced" policy.  What's shifted in the last
few months?

          DEPUTY SECRETARY HAMRE:  Well, maybe you should go back and look
at the testimony, because what was objectionable to us in the Safe Act and
in the Protect Act, these two bills, was that it stripped away the things
that are essential for national security: a meaningful technical review of
encryption products before they're exported, and reporting about where they
have gone and how they've been installed after the fact.  That was
essential, if we're going to be able to protect the country.  And that was
stripped away by the Protect Act and the Safe Act.  So they're very
different.

          Q    Will the policy include end-user reporting for where a
mass-market product is sold?

          DEPUTY SECRETARY HAMRE:  We're still in the final stages of
working through the details.  I can defer to Secretary Daley, or to Under
Secretary Reinsch to talk about the specifics.  We will promulgate those
regulations later here, within weeks.  And then you'll see it at that time.

          We are going to try very much to follow the industry norms for
software, for example, between mass-market and non-mass-market products.

          Q    What is the big push behind this?  Is it the market, and is
it these corporations putting pressure on the administration?

          DEPUTY SECRETARY HAMRE:  No.  When you raised the question
earlier, you talked about the big push for relaxation.  We don't -- first
of all, that's only taking --

          Q    Isn't it relaxation?

          DEPUTY SECRETARY HAMRE:  Actually, I don't think so.  I think
it's a very different approach to the export problem.  The path that we
were on before was a very complex path.  There were certain countries that
were allowed, certain countries weren't.  Certain sectors were allowed,
certain sectors weren't.  Certain strength levels and above one strength
level, it had a different set of rules than others.

          Certain trading partners were allowed and certain trading
partners weren't.  It was enormously complex, and in that kind of
environment, lots of mistakes are made and, frankly, security risks abound
in that sort of an environment.  We decided we needed to promote a very
different approach with very, very simple rules that everyone could
understand and give us a chance -- we're still going to have to do a lot of
work -- we in the national security establishment, to live in this kind of
an environment.  It's going to take a good deal of research, we'll have to
develop new tools and techniques.  This is part of the job.  But we were
going to have to do that anyway, and we think this is going to be a much
better process for us.  It's not a relaxation, it's really a very different
approach.

          Q    Have you talked to Chairman Spence or Chairman Goss about
this yet?  If so, what kind of reaction did you get?

          DEPUTY SECRETARY HAMRE:  I have spoken with both Chairman Goss
and Chairman Spence.  Both of them were very strong in agreeing with us in
our request to protect us from legislation that would have really stripped
away any national security protection against strong encryption.  Both of
them support what we're doing, both of them have very specific questions
that we're going to need to answer.  They, too, want to know a lot of the
details that the rest of you are interested in.

          We believe that we will be able to demonstrate to them we can
protect the country with this new framework.  But let me again emphasize --
all three parts of this framework are essential.  We must have a strong
commitment to security products, security infrastructure.  We need to buy
that.  We have to have a new regime for export control, and we also need to
have stronger tools for law enforcement.

          Q    Where are the stronger tools?  I mean, Ms. Reno's saying in
her comments this legislation does not provide any new authority for law
enforcement.  We've got some extra funding; where are the stronger tools?

          ATTORNEY GENERAL RENO:  The stronger tools lie in the technical
support center, because what we're trying to do is not create a new
authority, we're trying to match technology to the existing authority, and
we think after conversation with industry and the working relationship that
we've developed with them that, through this technical support center, we
will be able to do so.

          Q    Beyond the extra funding, is there anything specific you can
point to in here that's new?

          ATTORNEY GENERAL RENO:  One, for example, is the protection of
methods used so that as we will not have to reveal them in one matter and
be prevented, therefore, from using them in the next matter that comes
along.

          Q    Ms. Reno, would you describe this as a relaxing of
restrictions, and if so, how can you possibly support it after having
opposed it all this time?
          ATTORNEY GENERAL RENO:  What we did, approximately a year ago, is
to meet with industry.  We talked to them in a very full and frank way.  We
said, together, let's look at it.  They sympathized with our law
enforcement responsibilities and they said if we can work together, they
suggested the concept of a Technical Support Center, we can, I think,
according to the people that were there, address the problem.  In the
interim, we have had the opportunity to have those discussions, to expand
on that dialogue, and I think we will be able to.

          Q    How closely was the Vice President involved in this effort?
Did he meet with you regularly, receive draft reports, that sort of thing?

          ATTORNEY GENERAL RENO:  I would have to let his office speak for
it, but I can remember approximately two meetings with the Vice President.

          Q    Would you consider this a relaxing of restrictions on
encryption?

          ATTORNEY GENERAL RENO:  No.

          Q    Mr. Daley, why the decision to maintain export licenses for
government sales, assuming that a lot of governments still own
telecommunication companies and high-tech agencies?

          SECRETARY DALEY:  We want to make sure that the foreign policy
considerations are taken into impact, as we move forward.

          DEPUTY SECRETARY HAMRE:  Because we insisted on it.

          SECRETARY DALEY:  That was a simpler answer.

          Q    How does this comply with Wassenaar?

          UNDER SECRETARY REINSCH:  What the Wassenaar partners decided to
do last December was set up certain rules that said in some cases,
encryption was decontrolled, and in other cases, it had to be controlled
via the national laws and systems of each of the individual partners.  This
action is consistent with that because we are decontrolling, that is,
removing from our system lower-level encryption consistent with the
Wassenaar levels which are 56 or 64 bits, depending upon what you're
talking about.

          Above that level, we are preventing the encryption to be exported
following a technical review and subject to a license exception, which is a
process that we use that's consistent with international licensing regimes
and the Wassenaar standards.

          Q    So below 64, you don't need a technical review?

          UNDER SECRETARY REINSCH:  No, I didn't say that.  Technical
reviews are required, but it's a one-time technical review.  When we
reviewed the product once, we don't need to review it every time.  And for
the low-level products, which are primarily the older products, many of
those reviews have already been conducted, and I don't think that we're
necessarily going to have to do that all over again.

          Q    So what's the difference in the technical review between the
higher encryption products and the lower --

          UNDER SECRETARY REINSCH:  I don't think there's a difference in
the review.  I'm saying there are some cases where we've already done it,
and this is a very fast-moving sector, and there are new products every
week, and we're going to have to review each of the products as they come
up and as people want to export them.

          Q    What do you look for in a technical review?

          UNDER SECRETARY REINSCH:  There's a number of things that we look
for.  I think the main one that I mentioned in this forum is that Secretary
Daley said we are putting products essentially into two categories:  retail
products, and he provided a definition of what that was, and essentially
custom products, if you will, the other kind of product.  One of the most
important elements of the technical review is simply deciding which it is,
because there are differences in the way it's going to be treated, and it's
not immediately obvious simply from looking at the external product which,
in the case of software, is just a diskette, what it is.

          So one of the purposes of the review is to study it, to examine
it, and to find out into which category it falls.

          Q    In other words, if it's in a box that you get at CompUSA,
you can pretty much assume that it's like a retail thing?

          UNDER SECRETARY REINSCH:  You can make that assumption, but it's
going to be more complicated than that.  One of the things we're going to
do in our consultation process with industry is to discuss that definition
and try to get a better handle on exactly what constitutes a retail product
and what does not.

          We're trying to get out your sort of shrink-wrapped products, but
one of the things we've learned in the process of learning more about the
market over the last year is that these products take many different forms.
They're marketed in many different ways, and we want to make sure we have a
clear understanding from industry as to what those different models are
before we finish drafting the regulation.

          Q    Does law enforcement and the intelligence community believe
that it can, if it needs to, say, decode a terrorist message that's
encrypted in something higher than 64-bit?  And if not, then how could you
support this?

          ATTORNEY GENERAL RENO:  I'm obviously not going to tell you how I
think I can obtain evidence under existing authorities, but I -- we have
carefully looked at this, and think that it is going to be possible.

          DEPUTY SECRETARY HAMRE:  But we are going to have a fairly

significant research and development program that lies ahead of us.  This
is a very complex environment; it's going to change every day.  It's going
to take us a fair amount of effort to stay ahead of the problem.

          Q    Mr. Hamre or perhaps Mr. Reinsch, can you tell us, what's
the main point of a post-export review?  If the company's sent something
out, why do you care where it's gone if it's already out of the country?
What do you hope to learn from that?

          DEPUTY SECRETARY HAMRE:  Again, we need to have some
understanding of the environment, both technically and operationally, so
that we're able then to undertake the research and development it takes to
develop the tools for us to be able to stay ahead of the problem.

          Q    -- cost to do this encryption at the Defense Department?

          DEPUTY SECRETARY HAMRE:  We're just in the process of building
our budget.  Some parts of the budget, of which you may be interested, I
can't discuss.

          Q     Were the President's Export Council Subcommittee on
Encryption, which came up with a list of recommendations, I guess it was at
the beginning of this month -- were taken into consideration?
          SECRETARY DALEY:  We have a meeting next week.

          Q    Mr. Daley, will there be a time deadline for the technical
review?

          SECRETARY DALEY:  We hope to complete them, probably, within a
month of when they're submitted.

          DEPUTY SECRETARY HAMRE:  But did you ask about when this
regulation comes out, or the normal technical review?

          SECRETARY DALEY:  Technical review.

          Q    The technical review of each of --

          DEPUTY SECRETARY HAMRE:  Can I just say, we obviously don't --
we're not interested in a lengthy process.  But it does require good
insights.  And this does mean that companies have to come in with more than
just a brochure.  I mean, too much of what we get is simply marketing
proposals, not real technical information.

          Q    What else are you looking for in the technical review, aside
from the distinction between commercial product and non-mass-market
product?

          SECRETARY DALEY:  That will be developed over the next number of
weeks.

          Q    What sort of reaction have you gotten to the CESA
legislation?  And when information about that legislation was first
revealed, there was a provision allowing for a delayed notice of a court
order, along for a search.  And why was that taken out?

          ATTORNEY GENERAL RENO:  That was an original draft.  We have had
further discussion, and feel like, that under existing authorities, with
the technical support center funded by the existing authorities, that we
can address the issue, and ensure our abilities to continue our law
enforcement responsibilities.

          MR. LEAVY:  Okay, thank you.  Appreciate it.

                 END                        4:00 P.M. EDT