Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Crypto :: whthsecr.txt

Press briefing from the White House on Encryption.




From pyrot@hotmail.com Wed Sep 16 21:35:24 1998
Newsgroups: alt.2600
Subject: press briefing about encryption, edited for content, from the WhiteHouse 1/4
From: pyrot@hotmail.com
Date: Thu, 17 Sep 1998 04:35:24 GMT

THE WHITE HOUSE

                     Office of the Press Secretary
________________________________________________________________________
=46or Immediate Release                                 September 16,
1998

     =20
                          PRESS BRIEFING BY=20
                          THE VICE PRESIDENT,
                 DEPUTY CHIEF OF STAFF JOHN PODESTA,      =20
        PRINCIPAL ASSOCIATE DEPUTY ATTORNEY GENERAL ROBERT LITT,     =20
             ASSISTANT DIRECTOR OF THE FBI CAROLYN MORRIS,
              UNDER SECRETARY OF COMMERCE WILLIAM REINSCH,

              DEPUTY SECRETARY OF DEFENSE JOHN HAMRE,      =20
          AND DEPUTY NATIONAL SECURITY ADVISOR JIM STEINBERG      =20
                                       =20
     =20
                         The Briefing Room  =20


11:57 A.M. EDT
     =20
     =20
      THE VICE PRESIDENT:  Good morning.  While my colleagues are
coming
in here, let me acknowledge them.  John Podesta is going to take over
the podium after I complete my statement, and he is joined by Bob Litt
of the Justice Department, Bill Reinsch of the Commerce Department --
Under Secretary for the Export Administration -- and John Hamre,
Deputy
Secretary of Defense.

      I also want to acknowledge Carolyn Morris of the FBI; Barbara
McNamara of the National Security Agency; John Gordon, Deputy Director
of the CIA.  And you all should know that this process, the results of
-- the interim results of which I'm announcing here, is a process that
has been run principally by John Podesta and Jim Steinberg, Deputy at
the National Security Council.  And I also want to thank Sally Katzen
at
the NEC and David Beier on my staff for the work that they and many
others have done on this.

      Some of you who have followed this issue know that it is
probably
one of the single, most difficult and complex issues that you can
possibly imagine.  But we've made progress, and we're here this
morning
to announce an important new action that will protect our national
security and our safety, and advance our economic interests and
safeguard our basic rights and values in this new Information Age.
     =20
      The Information Age has brought us the Internet, an
inter-connected global economy and the promise of connecting us all to
the same vast world of knowledge.  But with that exciting promise
comes
new challenges.  We must make sure that in the Information Age you get
information about the rest of the world and not the other way around.
We must ensure that new technology does not mean new and sophisticated
criminal and terrorist activity which leaves law enforcement
outmatched
-- we can't allow that to happen.  And we must ensure that the
sensitive
financial and business transactions that now cruise along the
information superhighway are 100 percent safe in cyberspace.
     =20
      Balancing these needs is no simple task, to say the least.  That
is why, in taking the next step toward meeting these complex goals, we
worked very closely with members of Congress from both parties, House
and Senate; with industry; with our law enforcement community and with
our national security community.  And as we move forward we want to
keep
working closely with all who share a stake in this issue -- especially
law enforcement -- to constantly assess and reassess the effectiveness
of our actions in this fast changing medium.
     =20
      Today I'm pleased to announce a new federal policy for the
encryption and protection of electronic communication, a policy that
dramatically increases privacy and security for families and
businesses
without endangering out national security.

      Beginning today, American companies will be able to use
encryption
programs of unlimited strength when communicating between most
countries.  Health, medical, and insurance companies will be able to
use
far stronger electronic protection for personal records and
information.
Law enforcement will still have access to criminally-related
information
under strict and appropriate legal procedures.  And we will maintain
our
full ability to fight terrorism and monitor terrorist activity that
poses a grave danger to American citizens.

      With this new announcement, we will protect the privacy of
average
Americans, because privacy is a basic value in the Information Age,
indeed in any age.  We will give industry the full protection that it
needs to enable electronic commerce to grow and to thrive.  And we
will
give law enforcement the ability to fight 21st century crimes with
21st
century technology, so our families and businesses are safe, but
on-line
outlaws are not safe.

      In just a moment you will hear more of the details of this new
policy, but I want to conclude by saying that this policy does reflect
one of the greatest challenges of these new times.  And to state it
broadly, it's a challenge of how we can harness powerful new
technology
while protecting our oldest and most cherished values, such as privacy
and safety.
     =20
      I'm grateful to those who have worked so hard to reach this
balance.  And with today's announcement I believe that all families
and
businesses have reason to feel safer, more secure and more confident
as
we approach the 21st century.
     =20
      And now I'd like to turn things over to White House Deputy Chief
of Staff John Podesta.

.......questions from the press corp about the Lewinsky Cigar
thing......*LOL*

to continue.......


read next 2/4

PyroTech
"...flame me not for I mean no harm!"

From pyrot@hotmail.com Wed Sep 16 21:35:57 1998
Newsgroups: alt.2600
Subject: press briefing about encryption 2/4
From: pyrot@hotmail.com
Date: Thu, 17 Sep 1998 04:35:57 GMT

MR. PODESTA:  Guess what?  I'm here to talk about encryption.
Okay.  I can see the front row leaving here.  (Laughter.)  As the Vice
President noted, Jim Steinberg and I have co-chaired our process in
this
matter.  I volunteered for that duty because of my well-known
fascination with The X Files, which most of you know about.
     =20
      As you know, this is an important and challenging issue that
affects many of our interests in our society.  And over the past year
we've promoted a balanced approach to the issue, working with all
segments of our government and working with industry to find a policy
that promotes electronic commerce, preserves privacy, protects
national
security and law enforcement interests, and permits U.S. industry to
secure global markets.
     =20
      Recognizing the importance of moving this issue forward, last
March the Vice President asked us to intensify our dialogue with U.S.
industry, to bring industry's technical expertise to bear on this
issue
with the hope of finding more innovative ways that we might assist law
enforcement.  We appreciate the efforts of Congress, the law
enforcement
community and particularly the industry groups.
     =20
      I would note the Computer Systems Policy Project and the
Americans
for Computer Privacy, who have been in an intensive dialogue with us
over the past many months to foster an environment that has allowed us
to come up with a policy which we believe has balanced the elements
that
are necessary in this regard.

      I think all the stakeholders in this process, on our side, as
well
as on private industry's side, now have a greater appreciation of the
issues and intend to continue the dialogue, which I think we're most
pleased by.  Again, I think some of the people here from industry will
be available at the stakeout later to take some comment.

      Based on the ideas discussed among the various stakeholders,
today
we're proposing an update to our policies that we've announced in the
past.  I'm going to serve kind of as M.C.  We're going to start off
with
Bob Litt from the Justice Department and Carol Morris, who I asked to
join us, from the FBI, to talk about the law enforcement-FBI concerns.
Then we're going to turn to Bill Reinsch from the Commerce Department
to
talk about export control and electronic commerce.  And finally you'll
hear from Dr. Hamre from the Defense Department.  I might ask Jim also
to join us up here.

      Before I give up the floor to Bob and Carol, though, I want to
stress that encryption policy is an ongoing process.  It's one of
adaptation; it's an evolutionary process.  We intend to continue the
dialogue, and over the course of the next year, determine what further
updates are necessary as we work with industry to try to, again, come
up
with a policy that balances national security, law enforcement, and
the
real needs for privacy and security in electronic commerce.

      Thank you.  Let me turn it over to Bob.=20

      MR. LITT:  Thank you, John.  Good afternoon.  The Justice
Department and the FBI and law enforcement in general is supportive,
very supportive of today's announcement on the updating of our export
controls on encryption products, particularly with respect to those
products that allow law enforcement to obtain lawful access to the
plain
text of encrypted information.

      We have been very encouraged over the last few months by
industry's efforts to work with us to develop and market strong
encryption products that provide law-abiding citizens with the ability
to protect the privacy of their communications and their
electronically-stored data, while at the same time maintaining law
enforcement's ability to ensure public safety when these products,
when
they become commercially available, are used in furtherance of serious
criminal activity.
     =20
      Our goal is through whatever means to ensure that when we have
the
lawful authority to take steps to protect public safety, we have the
ability to do so.  And we have been working cooperatively with
industry
for many months to develop approaches that will deal with that.
     =20
      Carolyn Morris will now talk a little bit about the technical
support center that is being proposed.
     =20
      MS. MORRIS:  Thank you very much, Bob. =20
     =20
      Good afternoon, ladies and gentlemen.  We in federal, state, and
local law enforcement, are pleased with the administration's support
to
establish a technical support center.  This center will provide
federal,
state, and local law enforcement with the resources and the technical
capabilities we need to fulfill our investigative responsibilities.
     =20
      In light of strong, commercially available encryption products
that are being proliferated within the United States, and when such
products are used in the furtherance of serious criminal activity,
this
center becomes very, very critical to solving the encryption issues
that
we need to make cases.  As a matter of fact, the FBI has already begun
planning activities of this critical technical support center in
anticipation of the availability of funds.
     =20
      The United States federal, local and state law enforcement
community looks forward to a cooperative partnership with American
industry, the Congress and the administration to ensure that this
technical support center becomes a reality in the near future.  With
this center the American people can be assured that federal, state,
and
local law enforcement has the necessary resources and tools we need to
fulfill our public safety mission.

      Thank you very much.=20

      UNDER SECRETARY REINSCH:  With respect to export controls, the
administration is updating its policy in three areas:  Our existing
policy and some revisions there, an expansion with respect to certain
sectors, and an expansion with respect to so-called recoverable
products.  And let me address each of these separately.  In keeping
with
the administration's reinvention initiatives, I'm going to try to do
it
in plain language -- or plain English, So that those of you that speak
the vocabulary of encryption may find it to elementary, but we can go
back and do it again in another language, if you want, later on in
questions.

      With respect to our existing policy, we have for two years
ending
this December, permitted the export of 56-bit products after an
initial
one-time review without further review by the government.  What we're
announcing today is the maintenance of that window permanently.  And
so
56-bit products will be freed from export controls after a one-time
review, in perpetuity, not ending at the end of this year.  We are,
however, removing the requirement for key recovery plans or key
recovery
commitments to be provided in return for that change, which was the
initial condition that we extracted.

      In addition, we are continuing to permit the export of key
recovery products -- products that contain those features -- without
restraint worldwide.  We are, however, going to simplify significantly
our regulations that relate to those exports.  In particular, we're
going to eliminate the need for six-month progress reports for the
plans
that have been submitted, and we're going to eliminate the requirement
for any prior reporting of key recovery agent information.  For those
of
you that follow the regulations in detail, that means we're going to
eliminate Supplement Five of our regulations on these matters.

      Now, with respect to sectors, we're making some new innovations
in
four areas.  Some of you may be familiar with the fact that some time
ago we announced expanded treatment of encryption products for export
to
banks and financial institutions.  And what we did at that time,
briefly, was to permit the export of encryption products of any
length,
any bit length, with or without key recovery features to banks and
financial institutions in a list of 45 countries.
     =20
      What we are announcing today is, first, that we are adding
insurance companies to the definition of financial institutions, so
insurance companies will be treated the same way under this policy as
banks and other financial institutions are now.  In addition, we are
providing the same kind of treatment for exports of these encryption
products to the health and medical sector operating in the same set of
countries.  We are excluding from that biochemical and pharmaceutical
producers.  But the rest of the health and medical sector will be the
beneficiary of the same kind of treatment.
     =20
      In addition, we are providing also this expanded treatment for
that country group to on-line merchants that are operating in those
countries.  That means that for products that are like client-server
applications, like SSL, will be able to be exported to those
destinations.
     =20
      All these things will take place under what we call license
exception, which means after initial one-time review to determine
whether or not your product is, in fact, what you say it is, they can
then go without any further review or intervention by the government
to
those locations.  In addition, there is always the option in the
export
control system of coming in with an application to export these kinds
of
products to other destinations beyond the ones that I'm talking about
right now, and those will be reviewed one by one on their merits.
     =20
      Finally, with respect to what we have come to refer to as a
class
of so-called recovery capable or recoverable products, and these are
the
products that, among others, include what has become known as the
doorbell products, which are products that, among other things, will
deal with the development of local area or wide area networks and the
transmission of e-mail and other data over networks -- we are going to
permit the export of those products under a presumption of approval
and
an export licensing arrangement to a list of 42 countries.  And within
those countries we are going to permit that export to commercial firms
only within those countries.  And both in that case and in the case of
the on-line merchants that I referred to a few minutes ago, we are
going
to exclude manufacturers or distributors of munitions items, I think
for
obvious reasons.
     =20
      We can go into further details later, if you would like.  I
think
for those of you that are interested in the nitty-gritty of all this
stuff, BXA intends to post all the details, including the country
lists,
on its website and we should have that up later today.
     =20
      Thank you.
     =20
     =20
read next 3/4

PyroTech
"...flame me not for I mean no harm!"

From pyrot@hotmail.com Wed Sep 16 21:36:34 1998
Newsgroups: alt.2600
Subject: press briefing about encryption 3/4
From: pyrot@hotmail.com
Date: Thu, 17 Sep 1998 04:36:34 GMT

DEPUTY SECRETARY HAMRE:  Good morning.  I'm here to speak on
behalf of the national security community.  I'm joined today by my
enormously capable counterparts and colleagues, Deputy Director
Barbara
McNamara for the National Security Agency; and Deputy Director John
Gordon from the Central Intelligence Agency.
     =20
      The national security establishment strongly supports this step
forward.  We think this is a very important advance in a crucial area
for our security in the future.

      We in DOD had four goals when we entered these discussions.
=46irst
was to strengthen our ability to do electronic commerce.  We're the
largest company in the world.  Every month we write about 10 million
paychecks.  We write about 800,000 travel vouchers.  One of our
finance
centers disburses $45 million an hour.  We are a major, major force in
business.  And for that reason, we can't be efficient unless we can
become fully electronic, and electronic commerce is essential for us.
And this is an enormous step forward.

      Second, we must have strong encryption and a security structure
for that in order to protect ourselves in cyberspace.  Many of you
know
that we have experienced a number of cyber attacks during the last
year.
This will undoubtedly increase in the future.  We need to have strong
encryption because we're operating over public networks; 95 percent of
all of our communications now go over public infrastructure -- public
telephone lines, telephone switches, computer systems, et cetera.  To
protect ourselves in that public environment, we must have encryption
and we must have a key recovery system for ourselves.

      The third goal that we had was to help protect America's
infrastructure.  One of the emerging national security challenges of
the
next decade is to protect this country, the homeland defense of this
country, against attack.  We must have strong encryption in order to
do
that, because most of this infrastructure now is being managed through
distributed computer-based management systems, and this is an
important
step forward.

      Finally, it is very important that the Department of Defense and
our colleagues in the national security establishment have the ability
to prosecute our national security interests overseas.  Terrorists and
rogue nations are increasingly using these tools to communicate with
each other and to lay their plans.  We must have the ability to deal
with that.  And so this policy, it's a balanced and structured
approach
to be able to deal with all four of those problems.

      UNDER SECRETARY REINSCH:  I apologize -- in listing my changes,
I
neglected one very important item that I want to go back to, and that
is, in the sector area we are also announcing today the ability to
export strong encryption of any bit length, with or without key
recovery
features, to subsidiaries of U.S. companies to all destinations in the
world with the exception of the seven terrorist nations.

      MR. PODESTA:  Okay, I think we're happy to take your questions
now.  If you could identify whom you're addressing, because there is a
variety of expertise.  And I would like to introduce one other person,
Charlotte Knepper from the NSC staff, who has been instrumental in
pulling this all together.

      Q John, this is a question for you.  In October '96 and other
White House statements on encryption, there has usually been a line
also
addressing the domestic side, saying that all Americans remain free to
use any strength encryption.  I didn't notice anything like that in
today's announcement.  Are there any conditions under which the White
House would back domestic restrictions on encryption?

      MR. PODESTA:  We haven't changed our policy, and the previous
statements are certainly intact.  We have made a number of policy
statements in the past, since this administration came into office,
and
I think that you should view this as a step forward, building on the
policies that we have put before the American public in the past.
     =20
      Q John, could I ask you one question about an un-encrypted
matter?
     =20
      MR. PODESTA:  Maybe.  (Laughter.)
     =20
      Q Democrats on the Hill are now saying, and John Kerry is saying
that the President's actions absolutely call for some sort of
punishment.  What are Democrats telling you about what they feel must
be
done at this point?
     =20
      MR. PODESTA:  Well, I think I'm not going to stand here and take
a
lot of questions, but I'm going to give special dispensation, as a
Catholic, today -- which is I'm going to return your phone calls
later.
But in deference to the people up here I think we'll handle it that
way.
     =20
      But in specific response, I'll take one, which is that I think
that we had a number of productive meetings with Democrats on both
sides
of the Hill yesterday.  They view the President as a person who has
led
on the issues that are important to them, and I think what they want
to
do is get back to having him speak out and be a leader on the issues
of
education and the health care bill of rights, on saving Social
Security.
And I think they pointed at that and wanted to work with us on that.
     =20
      I think with regard to the question that you posed with regard
to
Senator Kerry, I think that's a matter that they are debating amongst
themselves more than they are debating with the White House.  I think
it's probably presumptuous for us at this point to offer them
assistance
or guidance.  I mean, the President has said that what he has done was
wrong; he's apologized for it; he's asked for forgiveness.  He is
moving
forward.  And I think that this debate is going on, on Capitol Hill,
but
it's largely going on amongst members themselves.
     =20
      Q We haven't heard many of them say they want to get back to the
work at hand.
     =20
      read next 4/4
PyroTech
"...flame me not for I mean no harm!"

From pyrot@hotmail.com Wed Sep 16 21:37:03 1998
Newsgroups: alt.2600
Subject: press briefing about encryption  4/4
From: pyrot@hotmail.com
Date: Thu, 17 Sep 1998 04:37:03 GMT

MR. STEINBERG:  You heard John, and I'm going to leave it there.
     =20
      Let me just add a word in response, in connection with the
domestic controls issue.  I think one of the lessons that we've
learned
from this exercise is that -- actually, two lessons -- one, that
trying
to balance the various interests and equities in this is much less of
a
zero sum gain than I think some began to look at the question.  That
is,
you heard from Dr. Hamre and others that many of the interests
involved
have common interests in making sure that we have secure and effective
means of dealing with communications and stored data.
     =20
      And so we found, by looking in a very pragmatic way, that there
were ways to solve these problems without very, kind of, broad-based
solutions.  In particular, I think the idea that there's no
one-size-fits-all answer to the problems of meeting the various needs
informs the decisions that we reached -- that there are a variety of
different techniques that respond to the different aspects of the
industry, the different aspects of the technology.  I think that's
what
made the progress possible today, is that industry, agencies and
Congress sat down together, pulled the problem apart, began to look at
its different components and began to fashion very pragmatic
solutions.
     =20
      And so I think we came to this discussion with a spirit of not
looking for a kind of single or simple solution to the problem but,
rather, how do you tackle and meet the various needs.  And I think
that's what led to this resolve.
     =20
      Q Could you talk a little more about the on-line merchants part
of
it?  I mean, what do you have to do to qualify as an on-line merchant?
Do you have to register or can anybody sort of set themselves up in
business?
     =20
      UNDER SECRETARY REINSCH:  I think the simplest way to respond to
that right now is we'll have a definition in the reg that will be very
clear as to what the criteria are for qualification.  And those
definitions have already been dealt with and agreed to, so we should
have them up on the web site this afternoon.
     =20
      Q A question for Bill Reinsch.  How do you handle, then,
128-bit,
to which the Department has given export -- or has allowed to be
exported after going through this review?  Will 128 or things above
56-bit, will they require a license or will they still have to go
through plans --
     =20
      UNDER SECRETARY REINSCH:  Well, with respect to the
subsidiaries,
the health sector, the banks, the financial institutions, the
insurance
companies, the on-line merchants, and the recoverable products as in
the
universe defined -- no.  In the case of all but the recoverable
products, they will all go on license exception, which means one-time
review and then out the door.  With respect to recoverable products,
they will come in and go out pursuant to an export licensing
arrangement, where we'll have to do a little tailoring depending upon
the nature of the product.  But there is a presumption of approval for
the 42 countries that I indicated.

      And that's without reference to bit length -- 128 or more is all
covered by that.  Now, if you want to export an 128-bit product that
is
beyond any of those universes, then you would have to come in for an
individual license application.

      Q A question for Mr. Litt.  With regard to the technical support
center, when do you expect that to be in operation?

      MR. LITT:  I don't think we have a specific timetable yet.
Obviously, it would be helpful for us to have it up and operational as
soon as possible, but there are planning and budgetary issues that
have
to be dealt with.

      Q This is probably a question for Under Secretary Reinsch.  The
export exceptions now are essentially going to U.S. subsidiaries --
foreign subsidiaries of U.S. companies.  I was wondering, could you be
a
little more specific -- what size company, what kind of company will
be
allowed to export powerful crypto to its foreign subsidiaries?

      UNDER SECRETARY REINSCH:  That doesn't make any difference.  The
universe is determined by the end user, not by the nature of the
American company.  But it is not -- while part of this relates to
subsidiaries of U.S. companies, that is correct, we also intend, on a
case-by-case basis, to provide for favorable treatment for export of
the
same kind of thing to strategic partners of U.S. companies -- those
foreign companies that are engaged in a closer, say, joint venture,
that
kind of relationship.
     =20
      Well, I think that's it.
     =20
      Q What about foreign companies that have U.S. subsidiaries, like
Seaman's or -- or Chrysler -- can they get this encryption?
     =20
      UNDER SECRETARY REINSCH:  Well, keep in mind, there are multiple
universes here.  If you're talking about the financial institutions,
the
banks and the insurance companies, those aren't necessarily American
financial institutions.  That's for export to any financial
institution,
and for their use in any of their branches, aside from the terrorist
countries.  This is true for the health sector; this is true for
on-line
merchants as well.  Those are not restricted to U.S. companies.
     =20
      Obviously, if we're going to have a requirement for U.S. subs,
it
relates to U.S. subs, and wouldn't affect the examples you've
described.
Now, with respect to recoverable products, which actually is one of
the
areas where the companies you mentioned would probably be looking
because they'd be looking to build a network among their various
offices, affiliates of subsidiaries, dealers if necessary, worldwide,
the recoverable provisions that I described could be exported to those
companies within the territorial universe I described -- the 42
countries.
     =20
      Thank you very much.=20

             END                          12:25 P.M. EDT



thought someof you may find it interesting


PyroTech
"...flame me not for I mean no harm!"



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH