News

The White House Briefing Room


September 16, 1998

PRESS BRIEFING BY THE VICE PRESIDENT, DEPUTY CHIEF OF STAFF JOHN PODESTA, PRINCIPAL ASSOCIATE DEPUTY ATTORNEY GENERAL ROBERT LITT, ASSISTANT DIRECTOR OF THE FBI CAROLYN MORRIS, UNDER SECRETARY OF COMMERCE WILLIAM REINSCH,


	     


                           THE WHITE HOUSE

                    Office of the Press Secretary
______________________________________________________________
For Immediate Release                      September 16, 1998     

	     
                         PRESS BRIEFING BY 
                         THE VICE PRESIDENT,
                DEPUTY CHIEF OF STAFF JOHN PODESTA,		     
      PRINCIPAL ASSOCIATE DEPUTY ATTORNEY GENERAL ROBERT LITT,	     
            ASSISTANT DIRECTOR OF THE FBI CAROLYN MORRIS,
UNDER SECRETARY OF COMMERCE WILLIAM 
                             REINSCH,	     			     

              DEPUTY SECRETARY OF DEFENSE JOHN HAMRE,		     
AND DEPUTY NATIONAL SECURITY ADVISOR JIM 
STEINBERG    	  
                                  	     


	     
                         The Briefing Room   


11:57 A.M. EDT
	     
	     
	     THE VICE PRESIDENT:  Good morning.  While my colleagues 
are coming in here, let me acknowledge them.  John Podesta is going 
to take over the podium after I complete my statement, and he is 
joined by Bob Litt of the Justice Department, Bill Reinsch of the 
Commerce Department -- Under Secretary for the Export Administration 
-- and John Hamre, Deputy Secretary of Defense.  

	     I also want to acknowledge Carolyn Morris of the FBI; 
Barbara McNamara of the National Security Agency; John Gordon, Deputy 
Director of the CIA.  And you all should know that this process, the 
results of -- the interim results of which I'm announcing here, is a 
process that has been run principally by John Podesta and Jim 
Steinberg, Deputy at the National Security Council.  And I also want 
to thank Sally Katzen at the NEC and David Beier on my staff for the 
work that they and many others have done on this.

	     Some of you who have followed this issue know that it is 
probably one of the single, most difficult and complex issues that 
you can possibly imagine.  But we've made progress, and we're here 
this morning to announce an important new action that will protect 
our national security and our safety, and advance our economic 
interests and safeguard our basic rights and values in this new 
Information Age.  
	     
	     The Information Age has brought us the Internet, an 
inter-connected global economy and the promise of connecting us all 
to the same vast world of knowledge.  But with that exciting promise 
comes new challenges.  We must make sure that in the Information Age 
you get information about the rest of the world and not the other way 
around.  We must ensure that new technology does not mean new and 
sophisticated criminal and terrorist activity which leaves law 
enforcement outmatched -- we can't allow that to happen.  And we must 
ensure that the sensitive financial and business transactions that 
now cruise along the information superhighway are 100 percent safe in 
cyberspace.
	     
	     Balancing these needs is no simple task, to say the 
least.  That is why, in taking the next step toward meeting these 
complex goals, we worked very closely with members of Congress from 
both parties, House and Senate; with industry; with our law 
enforcement community and with our national security community.  And 
as we move forward we want to keep working closely with all who share 
a stake in this issue -- especially law enforcement -- to constantly 
assess and reassess the effectiveness of our actions in this fast 
changing medium.
	     

	     Today I'm pleased to announce a new federal policy for 
the encryption and protection of electronic communication, a policy 
that dramatically increases privacy and security for families and 
businesses without endangering out national security.

	     Beginning today, American companies will be able to use 
encryption programs of unlimited strength when communicating between 
most countries.  Health, medical, and insurance companies will be 
able to use far stronger electronic protection for personal records 
and information.  Law enforcement will still have access to 
criminally-related information under strict and appropriate legal 
procedures.  And we will maintain our full ability to fight terrorism 
and monitor terrorist activity that poses a grave danger to American 
citizens.

	     With this new announcement, we will protect the privacy 
of average Americans, because privacy is a basic value in the 
Information Age, indeed in any age.  We will give industry the full 
protection that it needs to enable electronic commerce to grow and to 
thrive.  And we will give law enforcement the ability to fight 21st 
century crimes with 21st century technology, so our families and 
businesses are safe, but on-line outlaws are not safe.

	     In just a moment you will hear more of the details of 
this new policy, but I want to conclude by saying that this policy 
does reflect one of the greatest challenges of these new times.  And 
to state it broadly, it's a challenge of how we can harness powerful 
new technology while protecting our oldest and most cherished values, 
such as privacy and safety.
	     
	     I'm grateful to those who have worked so hard to reach 
this balance.  And with today's announcement I believe that all 
families and businesses have reason to feel safer, more secure and 
more confident as we approach the 21st century. 
	     
	     And now I'd like to turn things over to White House 
Deputy Chief of Staff John Podesta.
	     
	     Q	  Mr. Vice President, before you go, can you tell us 
what you say to Democratic lawmakers who say the President ought to 
resign?
	     
	     THE VICE PRESIDENT:  I disagree.
	     
	     Q	  How about the release of that tape?  What do you 
think --
	     
	     THE VICE PRESIDENT:  The President is going to have a 
press conference shortly and I'm sure that you will not miss the 
opportunity at this national security press conference with the 
leader of a foreign country to raise all these questions.
	     
	     Q	  What about the videotape, should it be released?
	     
	     Q	  It was staged by the White House -- you know that, 
don't you?
	     
	     MR. PODESTA:  Guess what?  I'm here to talk about 
encryption.  Okay.  I can see the front row leaving here.  
(Laughter.)  As the Vice President noted, Jim Steinberg and I have 
co-chaired our process in this matter.  I volunteered for that duty 
because of my well-known fascination with The X Files, which most of 
you know about.
	     
	     As you know, this is an important and challenging issue 
that affects many of our interests in our society.  And over the past 
year we've promoted a balanced approach to the issue, working with 
all segments of our government and working with industry to find a 
policy that promotes electronic commerce, preserves privacy, protects 
national security and law enforcement interests, and permits U.S. 
industry to secure global markets.
	     
	     Recognizing the importance of moving this issue forward, 
last March the Vice President asked us to intensify our dialogue with 
U.S. industry, to bring industry's technical expertise to bear on 
this issue with the hope of finding more innovative ways that we 
might assist law enforcement.  We appreciate the efforts of Congress, 
the law enforcement community and particularly the industry groups. 
	     
	     I would note the Computer Systems Policy Project and the 
Americans for Computer Privacy, who have been in an intensive 
dialogue with us over the past many months to foster an environment 
that has allowed us to come up with a policy which we believe has 
balanced the elements that are necessary in this regard.

	     I think all the stakeholders in this process, on our 
side, as well as on private industry's side, now have a greater 
appreciation of the issues and intend to continue the dialogue, which 
I think we're most pleased by.  Again, I think some of the people 
here from industry will be available at the stakeout later to take 
some comment.

	     Based on the ideas discussed among the various 
stakeholders, today we're proposing an update to our policies that 
we've announced in the past.  I'm going to serve kind of as M.C.  
We're going to start off with Bob Litt from the Justice Department 
and Carol Morris, who I asked to join us, from the FBI, to talk about 
the law enforcement-FBI concerns.  Then we're going to turn to Bill 
Reinsch from the Commerce Department to talk about export control and 
electronic commerce.  And finally you'll hear from Dr. Hamre from the 
Defense Department.  I might ask Jim also to join us up here.

	     Before I give up the floor to Bob and Carol, though, I 
want to stress that encryption policy is an ongoing process.  It's 
one of adaptation; it's an evolutionary process.  We intend to 
continue the dialogue, and over the course of the next year, 
determine what further updates are necessary as we work with industry 
to try to, again, come up with a policy that balances national 
security, law enforcement, and the real needs for privacy and 
security in electronic commerce.

	     Thank you.  Let me turn it over to Bob. 

	     MR. LITT:  Thank you, John.  Good afternoon.  The 
Justice Department and the FBI and law enforcement in general is 
supportive, very supportive of today's announcement on the updating
of our export controls on encryption products, particularly with 
respect to those products that allow law enforcement to obtain lawful 
access to the plain text of encrypted information.

	     We have been very encouraged over the last few months by 
industry's efforts to work with us to develop and market strong 
encryption products that provide law-abiding citizens with the 
ability to protect the privacy of their communications and their 
electronically-stored data, while at the same time maintaining law 
enforcement's ability to ensure public safety when these products, 
when they become commercially available, are used in furtherance of 
serious criminal activity.  
	     
	     Our goal is through whatever means to ensure that when 
we have the lawful authority to take steps to protect public safety, 
we have the ability to do so.  And we have been working cooperatively 
with industry for many months to develop approaches that will deal 
with that. 
	     
	     Carolyn Morris will now talk a little bit about the 
technical support center that is being proposed.
	     
	     MS. MORRIS:  Thank you very much, Bob.  
	     
	     Good afternoon, ladies and gentlemen.  We in federal, 
state, and local law enforcement, are pleased with the 
administration's support to establish a technical support center.  
This center will provide federal, state, and local law enforcement 
with the resources and the technical capabilities we need to fulfill 
our investigative responsibilities. 
	     
	     In light of strong, commercially available encryption 
products that are being proliferated within the United States, and 
when such products are used in the furtherance of serious criminal 
activity, this center becomes very, very critical to solving the 
encryption issues that we need to make cases.  As a matter of fact, 
the FBI has already begun planning activities of this critical 
technical support center in anticipation of the availability of 
funds.  
	     
	     The United States federal, local and state law 
enforcement community looks forward to a cooperative partnership with 
American industry, the Congress and the administration to ensure that 
this technical support center becomes a reality in the near future.  
With this center the American people can be assured that federal, 
state, and local law enforcement has the necessary resources and 
tools we need to fulfill our public safety mission.  

	     Thank you very much. 

	     UNDER SECRETARY REINSCH:  With respect to export 
controls, the administration is updating its policy in three areas: 
Our existing policy and some revisions there, an expansion with 
respect to certain sectors, and an expansion with respect to 
so-called recoverable products.  And let me address each of these 
separately.  In keeping with the administration's reinvention 
initiatives, I'm going to try to do it in plain language -- or plain 
English, So that those of you that speak the vocabulary of encryption 
may find it to elementary, but we can go back and do it again in 
another language, if you want, later on in questions. 

	     With respect to our existing policy, we have for two 
years ending this December, permitted the export of 56-bit products 
after an initial one-time review without further review by the 
government.  What we're announcing today is the maintenance of that 
window permanently.  And so 56-bit products will be freed from export 
controls after a one-time review, in perpetuity, not ending at the 
end of this year.  We are, however, removing the requirement for key 
recovery plans or key recovery commitments to be provided in return 
for that change, which was the initial condition that we extracted.

	     In addition, we are continuing to permit the export of 
key recovery products -- products that contain those features -- 
without restraint worldwide.  We are, however, going to simplify 
significantly our regulations that relate to those exports.  In 
particular, we're going to eliminate the need for six-month progress 
reports for the plans that have been submitted, and we're going to 
eliminate the requirement for any prior reporting of key recovery 
agent information.  For those of you that follow the regulations in 
detail, that means we're going to eliminate Supplement Five of our 
regulations on these matters.

	     Now, with respect to sectors, we're making some new 
innovations in four areas.  Some of you may be familiar with the fact 
that some time ago we announced expanded treatment of encryption 
products for export to banks and financial institutions.  And what we 
did at that time, briefly, was to permit the export of encryption 
products of any length, any bit length, with or without key recovery 
features to banks and financial institutions in a list of 45 
countries.
	     
	     What we are announcing today is, first, that we are 
adding insurance companies to the definition of financial 
institutions, so insurance companies will be treated the same way 
under this policy as banks and other financial institutions are now.  
In addition, we are providing the same kind of treatment for exports 
of these encryption products to the health and medical sector 
operating in the same set of countries.  We are excluding from that 
biochemical and pharmaceutical producers.  But the rest of the health 
and medical sector will be the beneficiary of the same kind of 
treatment.
	     
	     In addition, we are providing also this expanded 
treatment for that country group to on-line merchants that are 
operating in those countries.  That means that for products that are 
like client-server applications, like SSL, will be able to be 
exported to those destinations. 
	     
	     All these things will take place under what we call 
license exception, which means after initial one-time review to 
determine whether or not your product is, in fact, what you say it 
is, they can then go without any further review or intervention by 
the government to those locations.  In addition, there is always the 
option in the export control system of coming in with an application 
to export these kinds of products to other destinations beyond the 
ones that I'm talking about right now, and those will be reviewed one 
by one on their merits. 
	     
	     Finally, with respect to what we have come to refer to 
as a class of so-called recovery capable or recoverable products, and 
these are the products that, among others, include what has become 
known as the doorbell products, which are products that, among other 
things, will deal with the development of local area or wide area 
networks and the transmission of e-mail and other data over networks 
-- we are going to permit the export of those products under a 
presumption of approval and an export licensing arrangement to a list 
of 42 countries.  And within those countries we are going to permit 
that export to commercial firms only within those countries.  And 
both in that case and in the case of the on-line merchants that I 
referred to a few minutes ago, we are going to exclude manufacturers 
or distributors of munitions items, I think for obvious reasons.
	     
	     We can go into further details later, if you would like.  
I think for those of you that are interested in the nitty-gritty of 
all this stuff, BXA intends to post all the details, including the 
country lists, on its website and we should have that up later today.
	     
	     Thank you.
	     
	     DEPUTY SECRETARY HAMRE:  Good morning.  I'm here to 
speak on behalf of the national security community.  I'm joined today 
by my enormously capable counterparts and colleagues, Deputy Director 
Barbara McNamara for the National Security Agency; and Deputy 
Director John Gordon from the Central Intelligence Agency.
	     
	     The national security establishment strongly supports 
this step forward.  We think this is a very important advance in a 
crucial area for our security in the future.  

	     We in DOD had four goals when we entered these 
discussions.  First was to strengthen our ability to do electronic 
commerce.  We're the largest company in the world.  Every month we 
write about 10 million paychecks.  We write about 800,000 travel 
vouchers.  One of our finance centers disburses $45 million an hour.  
We are a major, major force in business.  And for that reason, we 
can't be efficient unless we can become fully electronic, and 
electronic commerce is essential for us.  And this is an enormous 
step forward.

	     Second, we must have strong encryption and a security 
structure for that in order to protect ourselves in cyberspace.  Many 
of you know that we have experienced a number of cyber attacks during 
the last year.  This will undoubtedly increase in the future.  We 
need to have strong encryption because we're operating over public 
networks; 95 percent of all of our communications now go over public 
infrastructure -- public telephone lines, telephone switches, 
computer systems, et cetera.  To protect ourselves in that public 
environment, we must have encryption and we must have a key recovery 
system for ourselves.

	     The third goal that we had was to help protect America's 
infrastructure.  One of the emerging national security challenges of 
the next decade is to protect this country, the homeland defense of 
this country, against attack.  We must have strong encryption in 
order to do that, because most of this infrastructure now is being 
managed through distributed computer-based management systems, and 
this is an important step forward.

	     Finally, it is very important that the Department of 
Defense and our colleagues in the national security establishment 
have the ability to prosecute our national security interests 
overseas.  Terrorists and rogue nations are increasingly using these 
tools to communicate with each other and to lay their plans.  We must 
have the ability to deal with that.  And so this policy, it's a 
balanced and structured approach to be able to deal with all four of 
those problems. 

	     UNDER SECRETARY REINSCH:  I apologize -- in listing my 
changes, I neglected one very important item that I want to go back 
to, and that is, in the sector area we are also announcing today the 
ability to export strong encryption of any bit length, with or 
without key recovery features, to subsidiaries of U.S. companies to 
all destinations in the world with the exception of the seven 
terrorist nations.

	     MR. PODESTA:  Okay, I think we're happy to take your 
questions now.  If you could identify whom you're addressing, because 
there is a variety of expertise.  And I would like to introduce one 
other person, Charlotte Knepper from the NSC staff, who has been 
instrumental in pulling this all together.

	     Q	  John, this is a question for you.  In October '96 
and other White House statements on encryption, there has usually 
been a line also addressing the domestic side, saying that all 
Americans remain free to use any strength encryption.  I didn't 
notice anything like that in today's announcement.  Are there any 
conditions under which the White House would back domestic 
restrictions on encryption? 

	     MR. PODESTA:  We haven't changed our policy, and the 
previous statements are certainly intact.  We have made a number of 
policy statements in the past, since this administration came into 
office, and I think that you should view this as a step forward, 
building on the policies that we have put before the American public 
in the past.
	     
	     Q	  John, could I ask you one question about an 
un-encrypted matter?
	     
	     MR. PODESTA:  Maybe.  (Laughter.)
	     
	     Q	  Democrats on the Hill are now saying, and John 
Kerry is saying that the President's actions absolutely call for some 
sort of punishment.  What are Democrats telling you about what they 
feel must be done at this point?
	     
	     MR. PODESTA:  Well, I think I'm not going to stand here 
and take a lot of questions, but I'm going to give special 
dispensation, as a Catholic, today -- which is I'm going to return 
your phone calls later.  But in deference to the people up here I 
think we'll handle it that way. 
	     
	     But in specific response, I'll take one, which is that I 
think that we had a number of productive meetings with Democrats on 
both sides of the Hill yesterday.  They view the President as a 
person who has led on the issues that are important to them, and I 
think what they want to do is get back to having him speak out and be 
a leader on the issues of education and the health care bill of 
rights, on saving Social Security.  And I think they pointed at that 
and wanted to work with us on that.
	     
	     I think with regard to the question that you posed with 
regard to Senator Kerry, I think that's a matter that they are 
debating amongst themselves more than they are debating with the 
White House.  I think it's probably presumptuous for us at this point 
to offer them assistance or guidance.  I mean, the President has said 
that what he has done was wrong; he's apologized for it; he's asked 
for forgiveness.  He is moving forward.  And I think that this debate 
is going on, on Capitol Hill, but it's largely going on amongst 
members themselves.
	     
	     Q	  We haven't heard many of them say they want to get 
back to the work at hand.  
	     
	     MR. STEINBERG:  You heard John, and I'm going to leave 
it there.
	     
	     Let me just add a word in response, in connection with 
the domestic controls issue.  I think one of the lessons that we've 
learned from this exercise is that -- actually, two lessons -- one, 
that trying to balance the various interests and equities in this is 
much less of a zero sum gain than I think some began to look at the 
question.  That is, you heard from Dr. Hamre and others that many of 
the interests involved have common interests in making sure that we 
have secure and effective means of dealing with communications and 
stored data.  
	     
	     And so we found, by looking in a very pragmatic way, 
that there were ways to solve these problems without very, kind of, 
broad-based solutions.  In particular, I think the idea that there's 
no one-size-fits-all answer to the problems of meeting the various 
needs informs the decisions that we reached -- that there are a 
variety of different techniques that respond to the different aspects 
of the industry, the different aspects of the technology.  I think 
that's what made the progress possible today, is that industry, 
agencies and Congress sat down together, pulled the problem apart, 
began to look at its different components and began to fashion very 
pragmatic solutions.
	     
	     And so I think we came to this discussion with a spirit 
of not looking for a kind of single or simple solution to the problem 
but, rather, how do you tackle and meet the various needs.  And I 
think that's what led to this resolve.
	     
	     Q	  Could you talk a little more about the on-line 
merchants part of it?  I mean, what do you have to do to qualify as 
an on-line merchant?  Do you have to register or can anybody sort of 
set themselves up in business?
	     
	     UNDER SECRETARY REINSCH:  I think the simplest way to 
respond to that right now is we'll have a definition in the reg that 
will be very clear as to what the criteria are for qualification.  
And those definitions have already been dealt with and agreed to, so 
we should have them up on the web site this afternoon.
	     
	     Q	  A question for Bill Reinsch.  How do you handle, 
then, 128-bit, to which the Department has given export -- or has  
allowed to be exported after going through this review?  Will 128 or 
things above 56-bit, will they require a license or will they still 
have to go through plans --
	     
	     UNDER SECRETARY REINSCH:  Well, with respect to the 
subsidiaries, the health sector, the banks, the financial 
institutions, the insurance companies, the on-line merchants, and the 
recoverable products as in the universe defined -- no.  In the case 
of all but the recoverable products, they will all go on license 
exception, which means one-time review and then out the door.  With 
respect to recoverable products, they will come in and go out 
pursuant to an export licensing arrangement, where we'll have to do a 
little tailoring depending upon the nature of the product.  But there 
is a presumption of approval for the 42 countries that I indicated.

	     And that's without reference to bit length -- 128 or 
more is all covered by that.  Now, if you want to export an 128-bit 
product that is beyond any of those universes, then you would have to 
come in for an individual license application.

	     Q	  A question for Mr. Litt.  With regard to the 
technical support center, when do you expect that to be in operation?

	     MR. LITT:  I don't think we have a specific timetable 
yet.  Obviously, it would be helpful for us to have it up and 
operational as soon as possible, but there are planning and budgetary 
issues that have to be dealt with. 

	     Q	  This is probably a question for Under Secretary 
Reinsch.  The export exceptions now are essentially going to U.S. 
subsidiaries -- foreign subsidiaries of U.S. companies.  I was 
wondering, could you be a little more specific -- what size company, 
what kind of company will be allowed to export powerful crypto to its 
foreign subsidiaries? 

	     UNDER SECRETARY REINSCH:  That doesn't make any 
difference.  The universe is determined by the end user, not by the 
nature of the American company.  But it is not -- while part of this 
relates to subsidiaries of U.S. companies, that is correct, we also 
intend, on a case-by-case basis, to provide for favorable treatment 
for export of the same kind of thing to strategic partners of U.S. 
companies -- those foreign companies that are engaged in a closer, 
say, joint venture, that kind of relationship.
	     
	     Well, I think that's it.
	     
	     Q	  What about foreign companies that have U.S. 
subsidiaries, like Seaman's or -- or Chrysler -- can they get this 
encryption?
	     
	     UNDER SECRETARY REINSCH:  Well, keep in mind, there are 
multiple universes here.  If you're talking about the financial 
institutions, the banks and the insurance companies, those aren't 
necessarily American financial institutions.  That's for export	   to 
any financial institution, and for their use in any of their 
branches, aside from the terrorist countries.  This is true for the 
health sector; this is true for on-line merchants as well.  Those are 
not restricted to U.S. companies.
	     
	     Obviously, if we're going to have a requirement for U.S. 
subs, it relates to U.S. subs, and wouldn't affect the examples 
you've described.  Now, with respect to recoverable products, which 
actually is one of the areas where the companies you mentioned would 
probably be looking because they'd be looking to build a network 

among their various offices, affiliates of subsidiaries, dealers if 
necessary, worldwide, the recoverable provisions that I described 
could be exported to those companies within the territorial universe 
I described -- the 42 countries.  
	     
	     Thank you very much. 

             END                          12:25 P.M. EDT



Return to the main page
Return to the Briefing Room
The White House Help Desk


To comment on this service: feedback@www.whitehouse.gov