|
Cryptome DVDs. Donate
$25 for two DVDs of the Cryptome collection of 47,000 files from June 1996
to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John
Young, 251 West 89th Street, New York, NY 10024. The collection includes
all files of cryptome.org, cryptome.info, jya.com, cartome.org,
eyeball-series.org and iraq-kill-maim.org, and
23,100 (updated)
pages of counter-intelligence dossiers declassified by the US Army Information
and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere
worldwide without extra cost. |
|
14 August 1999
Clinton Encryption Documents 1993-99
==============================================================
1993
April 16, 1993
Clipper Chip Initiative
September 15, 1993
The National Information Infrastructure: Agenda for Action
Action: Review of encryption technology.
November 4, 1993
Review of Federal policies on encryption technology
1994
February 4, 1994
Statement by Press Secretary Dee Dee Myers on a comprehensive
interagency review of encryption technology [document not found]
May 27, 1994
Reengineering Through Information Technology
1995
None
1996
November 15, 1996
Letter to Congressional Leaders on Encryption Export Policy
November 15, 1996
Memorandum on Encryption Export Policy
November 15, 1996
Executive Order 13026--Administration of Export Controls on Encryption
Products
1997
December 22, 1997
President appoints Steven S. Honigman as Special Advisor for procurement
of encryption technology and services.
1998
September 16, 1998
Transcript of a press briefing by Vice President Al Gore, Deputy Chief
of Staff John Podesta, Principal Associate Deputy Attorney General
Robert Litt, FBI Assistant Director Carolyn Morris, Under Secretary of
Commerce William Reinsch, Deputy Secretary of Defense Jim Hamre, and
Deputy National Security Adviser Jim Steinberg on administration updates
in encryption policy
September 16, 1998
Statement by the Press Secretary: Administration Updates Encryption
Policy
September 16, 1998
Fact sheet: Administration Updates Encryption Policy
September 25, 1998
President's Remarks at a Democratic National Committee Dinner in San Jose,
California
1999
None to August 14
1993
http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1993/4/19/6.text.1
THE WHITE HOUSE
Office of the Press Secretary
_________________________________________________________________
For Immediate Release April 16, 1993
STATEMENT BY THE PRESS SECRETARY
The President today announced a new initiative that will bring
the Federal Government together with industry in a voluntary
program to improve the security and privacy of telephone
communications while meeting the legitimate needs of law
enforcement.
The initiative will involve the creation of new products to
accelerate the development and use of advanced and secure
telecommunications networks and wireless communications links.
For too long, there has been little or no dialogue between our
private sector and the law enforcement community to resolve the
tension between economic vitality and the real challenges of
protecting Americans. Rather than use technology to accommodate
the sometimes competing interests of economic growth, privacy and
law enforcement, previous policies have pitted government against
industry and the rights of privacy against law enforcement.
Sophisticated encryption technology has been used for years to
protect electronic funds transfer. It is now being used to
protect electronic mail and computer files. While encryption
technology can help Americans protect business secrets and the
unauthorized release of personal information, it also can be used
by terrorists, drug dealers, and other criminals.
A state-of-the-art microcircuit called the "Clipper Chip" has
been developed by government engineers. The chip represents a
new approach to encryption technology. It can be used in new,
relatively inexpensive encryption devices that can be attached to
an ordinary telephone. It scrambles telephone communications
using an encryption algorithm that is more powerful than many in
commercial use today.
This new technology will help companies protect proprietary
information, protect the privacy of personal phone conversations
and prevent unauthorized release of data transmitted
electronically. At the same time this technology preserves the
ability of federal, state and local law enforcement agencies to
intercept lawfully the phone conversations of criminals.
A "key-escrow" system will be established to ensure that the
"Clipper Chip" is used to protect the privacy of law-abiding
Americans. Each device containing the chip will have two unique
"keys," numbers that will be needed by authorized government
agencies to decode messages encoded by the device. When the
device is manufactured, the two keys will be deposited separately
in two "key-escrow" data bases that will be established by the
Attorney General. Access to these keys will be limited to
government officials with legal authorization to conduct a
wiretap.
The "Clipper Chip" technology provides law enforcement with no
new authorities to access the content of the private
conversations of Americans.
To demonstrate the effectiveness of this new technology, the
Attorney General will soon purchase several thousand of the new
devices. In addition, respected experts from outside the
government will be offered access to the confidential details of
the algorithm to assess its capabilities and publicly report
their findings.
The chip is an important step in addressing the problem of
encryption's dual-edge sword: encryption helps to protect the
privacy of individuals and industry, but it also can shield
criminals and terrorists. We need the "Clipper Chip" and other
approaches that can both provide law-abiding citizens with access
to the encryption they need and prevent criminals from using it
to hide their illegal activities. In order to assess technology
trends and explore new approaches (like the key-escrow system),
the President has directed government agencies to develop a
comprehensive policy on encryption that accommodates:
the privacy of our citizens, including the need to
employ voice or data encryption for business purposes;
the ability of authorized officials to access telephone
calls and data, under proper court or other legal
order, when necessary to protect our citizens;
the effective and timely use of the most modern
technology to build the National Information
Infrastructure needed to promote economic growth and
the competitiveness of American industry in the global
marketplace; and
the need of U.S. companies to manufacture and export
high technology products.
The President has directed early and frequent consultations with
affected industries, the Congress and groups that advocate the
privacy rights of individuals as policy options are developed.
The Administration is committed to working with the private
sector to spur the development of a National Information
Infrastructure which will use new telecommunications and computer
technologies to give Americans unprecedented access to
information. This infrastructure of high-speed networks
("information superhighways") will transmit video, images, HDTV
programming, and huge data files as easily as today's telephone
system transmits voice.
Since encryption technology will play an increasingly important
role in that infrastructure, the Federal Government must act
quickly to develop consistent, comprehensive policies regarding
its use. The Administration is committed to policies that
protect all American's right to privacy while also protecting
them from those who break the law.
Further information is provided in an accompanying fact sheet.
The provisions of the President's directive to acquire the new
encryption technology are also available.
For additional details, call Mat Heyman, National Institute of
Standards and Technology, (301) 975-2758.
http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1993/9/16/17.text.1
THE NATIONAL INFORMATION INFRASTRUCTURE:
AGENDA FOR ACTION
15 September 1993
Action: Review of encryption technology. In April, the
President announced a thorough review of Federal policies on
encryption technology. In addition, Federal agencies are
working with industry to develop new technologies that
protect the privacy of citizens, while enabling law
enforcement agencies to continue to use court-authorized
wiretaps to fight terrorism, drug rings, organized crime,
and corruption. Federal agencies are working with industry
to develop encryption hardware and software that can be used
for this application.
http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1993/11/4/6.text.1
The Administration is completing a Presidentially directed
review of Federal policies on encryption technology. In addition,
Federal agencies are seeking to work more closely with industry
to develop new technologies that protect the privacy of citizens,
while enabling law enforcement agencies to continue to use
court-authorized wiretaps to fight terrorism, drug rings,
organized crime, and corruption.
1994
http://www.access.gpo.gov/nara/nara003.html
[Weekly Compilation of Presidential Documents]
From the 1994 Presidential Documents Online via GPO Access [frwais.access.gpo.gov]
[DOCID:pd07fe94_txt-36]
[Page 214-215]
Monday, February 7, 1994
Volume 30--Number 5
Pages 167-215
Week Ending Friday, February 4, 1994
________________________________________________________________________
Checklist of White House Press Releases
Released February 4
Statement by Press Secretary Dee Dee Myers on a comprehensive
interagency review of encryption technology
[Document could not be located.]
http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1994/5/27/5.text.1
THE WHITE HOUSE
Office of the Vice President
________________________________________________________________________
For Immediate Release May 27, 1994
*****************************************************
Reengineering Through Information Technology - Part I
*****************************************************
Accompanying Report of the National Performance Review
September 1993
[Excerpts]
Success in implementing electronic government also depends on
public confidence. Electronic government must protect the information it
processes and ensure individual privacy. It also must protect national
security interests, permit legitimate law enforcement activities,
enhance global competitiveness and productivity for American business
and industry, and ensure civil liberties. The government must define
uniform privacy protection practices and generally accepted principles
for information security. It also must adopt a digital signature
standard, and it must promulgate encryption standards for sensitive
information.
***
However, interoperability across these different radio systems is
difficult to achieve. Federal, state, and local law enforcement agencies
operate in different parts of the radio spectrum. Complicating this
problem is the lack of security on most systems, leaving them open to
interception and monitoring. When security is applied to the radio
systems--as isdone with many federal radio systems--interoperability
depends on having the correct encryption key to communicate.
***
*****************************************************
Reengineering through Information Technology-- Part 2
*****************************************************
********************************************************************
IT10: Develop Systems and Mechanisms to Ensure Privacy and Security
********************************************************************
3. Develop standard encryption capabilities and digital signatures for
sensitive unclassified data. (2)
The National Institute of Standards and Technology (NIST), in
coordination with OMB and with technical assistance from the National
Security Agency (NSA), should issue a final digital signature standard
by December 1994. NIST, in coordination with OMB and with technical
assistance from NSA, should also create opportunities for industry to
develop the encryption capabilities required for protection of networked
distributed systems. NIST should then make that information available to
federal managers. A high priority should also be given to finalizing and
promulgating digital encryption standards and security protocol
standards.
4. Develop generally accepted principles and practices for information
security. (2)
NIST, in coordination with OMB and with technical assistance from
NSA, should plan and coordinate the development of generally accepted
principles and practices for information security which are to be
applied in the use, protection, and design of government information and
data systems, particularly front-line systems for electronically
delivering service to citizens. Draft guidance should be issued by
September 1994. More than one set of generally accepted principles and
practices may be required for the affected communities.
***
7. Reevaluate security practices related to national security data. (2)
By December 1994, the PRD Task Force--chaired by the Information
Security Oversight Office, in cooperation with the Joint Security
Commission, and the National Advisory Group for Security
Countermeasures--should aggressively pursue a reevaluation of
information security and information systems security practices. These
groups should also examine classification and safeguard practices for
the purposes of improving security within rapidly changing technological
and threat environments. This reevaluation should be accomplished within
the context of the Presidential Review Directives on national security
information and advanced telecommunications and encryption, as well as
the Presidential Decision Directive on public encryption management.
1995
None.
1996
http://www.access.gpo.gov/nara/nara003.html
[Weekly Compilation of Presidential Documents]
From the 1996 Presidential Documents Online via GPO Access [frwais.access.gpo.gov]
[DOCID:pd18no96_txt-21]
[Page 2401]
Monday, November 18, 1996
Volume 32--Number 46
Pages 2359-2403
Week Ending Friday, November 15, 1996
Letter to Congressional Leaders on Encryption Export Policy
November 15, 1996
Dear Mr. Speaker: (Dear Mr. President:)
In order to take additional steps with respect to the national
emergency described and declared in Executive Order 12924 of August 19,
1994, and continued on August 15, 1995, and August 14, 1996,
necessitated by the expiration of the Export Administration Act (EAA) on
August 20, 1994, I hereby report to the Congress that pursuant to
section 204(b) of the International Emergency Economic Powers Act, 50
U.S.C. 1703(b) (the ``Act''), I have today exercised the authority
granted by the Act to issue an Executive order (a copy of which is
attached) to revise the provisions that apply to the administration of
the export control system maintained by Department of Commerce in the
Export Administration Regulations, 15 CFR Part 730 et seq.
The new Executive order relates to my decision to transfer certain
encryption products from the United States Munitions List administered
by the Department of State to the Commerce Control List administered by
the Department of Commerce. When I made that decision I also decided to
amend Executive Order 12981 of December 5, 1995, which sets forth
procedures for the interagency review and disposition of dual-use export
license applications, to include the Department of Justice among the
agencies that have the opportunity to review such applications with
respect to encryption products transferred to Department of Commerce
control.
Also, in issuing the new order, I provided for appropriate controls
on the export and foreign dissemination of encryption products
transferred to the Department of Commerce. Among other provisions, I
determined that the export of encryption products transferred to
Department of Commerce control could harm national security and foreign
policy interests of the United States even where comparable products are
or appear to be available from foreign sources. Accordingly, the new
order makes clear that any EAA provision dealing with issuance of
licenses or removal of controls based on foreign availability
considerations shall not apply with respect to export controls on such
encryption products. Notwithstanding this, the Secretary of Commerce
retains the discretion to consider the foreign availability of
comparable encryption products in any particular case.
Sincerely,
William J. Clinton
Note: Identical letters were sent to Newt Gingrich, Speaker of the House
of Representatives, and Albert Gore, Jr., President of the Senate.
http://www.access.gpo.gov/nara/nara003.html
[Weekly Compilation of Presidential Documents]
From the 1996 Presidential Documents Online via GPO Access [frwais.access.gpo.gov]
[DOCID:pd18no96_txt-19]
[Page 2397-2399]
Monday, November 18, 1996
Volume 32--Number 46
Pages 2359-2403
Week Ending Friday, November 15, 1996
Memorandum on Encryption Export Policy
November 15, 1996
Memorandum for the Vice President, the Secretary of State, the Secretary
of the Treasury, the Secretary of Defense, the Attorney General, the
Secretary of Commerce, United States Trade Representative, Director of
the Office of Management and Budget, Chief of Staff to the President,
Director of Central Intelligence, Director, Federal Bureau of
Investigation, Director, National Security Agency, Assistant to the
President for National Security Affairs, Assistant to the President for
Economic Policy, Assistant to the President for Science and Technology
Policy
Subject: Encryption Export Policy
Encryption products, when used outside the United States, can
jeopardize our foreign policy and national security interests. Moreover,
such products, when used by international criminal organizations, can
threaten the safety of U.S. citizens here and abroad, as well as the
safety of the citizens of other countries. The exportation of encryption
products accordingly must be controlled to further U.S. foreign policy
objectives, and promote our national security, including the protection
of the safety of U.S. citizens abroad. Nonetheless, because of the
increasingly widespread use of encryption products for the legitimate
protection of the privacy of data and communications in nonmilitary
contexts; because of the importance to U.S. economic interests of the
market for encryption products; and because, pursuant to the terms set
forth in the Executive order entitled Administration of Export Controls
on Encryption Products (the ``new Executive order'') of November 15,
1996, Commerce Department controls of the export of such dual-use
encryption products can be accomplished without compromising U.S.
foreign policy objectives and national security interests, I have
determined at this time not to
[[Page 2398]]
continue to designate such encryption products as defense articles on
the United States Munitions List.
Accordingly, under the powers vested in me by the Constitution and
the laws of the United States, I direct that:
1. Encryption products that presently are or would be designated in
Category XIII of the United States Munitions List and regulated by the
Department of State pursuant to the Arms Export Control Act (22 U.S.C.
2778 et seq.) shall be transferred to the Commerce Control List, and
regulated by the Department of Commerce under the authority conferred in
Executive Order 12924 of August 19, 1994 (as continued on August 15,
1995, and August 14, 1996), Executive Order 12981 of December 5, 1995,
and the new Executive order except that encryption products specifically
designed, developed, configured, adapted, or modified for military
applications (including command, control, and intelligence
applications), shall continue to be designated as defense articles,
shall remain on the United States Munitions List, and shall continue to
be controlled under the Arms Export Control Act. The transfer described
in this paragraph shall be effective upon the issuance of final
regulations (the ``Final Regulations'') implementing the safeguards
specified in this directive and in the new Executive order.
2. The Final Regulations shall specify that the encryption products
specified in section 1 of this memorandum shall be placed on the
Commerce Control List administered by the Department of Commerce. The
Department of Commerce shall, to the extent permitted by law, administer
the export of such encryption products, including encryption software,
pursuant to the requirements of sections 5 and 6 of the former Export
Administration Act (50 U.S.C. App. 2405 and 2406), and the regulations
thereunder, as continued in effect by Executive Order 12924 of August
19, 1994 (continued on August 15, 1995, and on August 14, 1996), except
as otherwise indicated in or modified by the new Executive order,
Executive Order 12981 of December 5, 1995, and any Executive orders and
laws cited therein.
3. The Final Regulations shall provide that encryption products
described in section 1 of this memorandum can be licensed for export
only if the requirements of the controls of both sections 5 and 6 of the
former Export Administration Act (50 U.S.C. App. 2405 and 2406), and the
regulations thereunder, as modified by the new Executive order,
Executive Order 12981 of December 5, 1995, and any Executive orders and
laws cited therein, are satisfied. Consistent with section 742.1(f) of
the current Export Administration Regulations, the Final Regulations
shall ensure that a license for such a product will be issued only if an
application can be and is approved under both section 5 and section 6.
The controls on such products will apply to all destinations.
Except for those products transferred to the Commerce Control List
prior to the effective date of the Final Regulations, exports and
reexports of encryption products shall initially be subject to case-by-
case review to ensure that export thereof would be consistent with U.S.
foreign policy objectives and national security interests, including the
safety of U.S. citizens. Consideration shall be given to more
liberalized licensing treatment of each such individual product after
interagency review is completed. The Final Regulations shall also
effectuate all other specific objectives and directives set forth in
this directive.
4. Because encryption source code can easily and mechanically be
transformed into object code, and because export of such source code is
controlled because of the code's functional capacity, rather than
because of any ``information'' such code might convey, the Final
Regulations shall specify that encryption source code shall be treated
as an encryption product, and not as technical data or technology, for
export licensing purposes.
5. All provisions in the Final Regulations regarding ``de minimis''
domestic content of items shall not apply with respect to the encryption
products described in paragraph 1 of this memorandum.
6. The Final Regulations shall, in a manner consistent with section
16(5)(C) of the EAA, 50 U.S.C. App. 2415(5)(C), provide that it will
constitute an export of encryption source code or object code software
for a person to make such software available for transfer
[[Page 2399]]
outside the United States, over radio, electromagnetic, photooptical, or
photoelectric communications facilities accessible to persons outside
the United States, including transfer from electronic bulletin boards
and Internet file transfer protocol sites, unless the party making the
software available takes precautions adequate to prevent the
unauthorized transfer of such code outside the United States.
7. Until the Final Regulations are issued, the Department of State
shall continue to have authority to administer the export of encryption
products described in section 1 of this memorandum as defense articles
designated in Category XIII of the United States Munitions List,
pursuant to the Arms Export Control Act.
8. Upon enactment of any legislation reauthorizing the
administration of export controls, the Secretary of Defense, the
Secretary of State, and the Attorney General shall reexamine whether
adequate controls on encryption products can be maintained under the
provisions of the new statute and advise the Secretary of Commerce of
their conclusions as well as any recommendations for action. If adequate
controls on encryption products cannot be maintained under a new
statute, then such products shall, where consistent with law, be
designated or redesignated as defense articles under 22 U.S.C.
2778(a)(1), to be placed on the United States Munitions List and
controlled pursuant to the terms of the Arms Export Control Act and the
International Traffic in Arms Regulations. Any disputes regarding the
decision to designate or redesignate shall be resolved by the President.
William J. Clinton
http://www.access.gpo.gov/nara/nara003.html
[Weekly Compilation of Presidential Documents]
From the 1996 Presidential Documents Online via GPO Access [frwais.access.gpo.gov]
[DOCID:pd18no96_txt-20]
[Page 2399-2400]
Monday, November 18, 1996
Volume 32--Number 46
Pages 2359-2403
Week Ending Friday, November 15, 1996
Executive Order 13026--Administration of Export Controls on Encryption
Products
November 15, 1996
By the authority vested in me as President by the Constitution and
the laws of the United States of America, including but not limited to
the International Emergency Economic Powers Act (50 U.S.C. 1701 et
seq.), and in order to take additional steps with respect to the
national emergency described and declared in Executive Order 12924 of
August 19, 1994, and continued on August 15, 1995, and on August 14,
1996, I, William J. Clinton, President of the United States of America,
have decided that the provisions set forth below shall apply to
administration of the export control system maintained by the Export
Administration Regulations, 15 CFR Part 730 et seq. (``the EAR'').
Accordingly, it is hereby ordered as follows:
Section 1. Treatment of Encryption Products. In order to provide for
appropriate controls on the export and foreign dissemination of
encryption products, export controls of encryption products that are or
would be, on this date, designated as defense articles in Category XIII
of the United States Munitions List and regulated by the United States
Department of State pursuant to the Arms Export Control Act, 22 U.S.C.
2778 et seq. (``the AECA''), but that subsequently are placed on the
Commerce Control List in the EAR, shall be subject to the following
conditions: (a) I have determined that the export of encryption products
described in this section could harm national security and foreign
policy interests even where comparable products are or appear to be
available from sources outside the United States, and that facts and
questions concerning the foreign availability of such encryption
products cannot be made subject to public disclosure or judicial review
without revealing or implicating classified information that could harm
United States national security and foreign policy interests.
Accordingly, sections 4(c) and 6(h)(2)-(4) of the Export Administration
Act of 1979 (``the EAA''), 50 U.S.C. App. 2403(c) and 2405(h)(2)-(4), as
amended and as continued in effect by Executive Order 12924 of August
19, 1994, and by notices of August 15, 1995, and August 14, 1996, all
other analogous provisions of the EAA relating to foreign availability,
and the regulations in the EAR relating to such EAA provisions, shall
not be applicable with respect to export controls on
such encryption products. Notwithstanding this, the Secretary of Commerce
(``Secretary'') may, in his discretion, consider the foreign availability
of comparable encryption products in determining whether to issue a license
in a particular case
[[Page 2400]]
or to remove controls on particular products, but is not required to issue
licenses in particular cases or to remove controls on particular products
based on such consideration;
(b) Executive Order 12981, as amended by Executive Order 13020 of
October 12, 1996, is further amended as follows:
(1) A new section 6 is added to read as follows:
``Sec. 6. Encryption Products. In conducting the license review
described in section 1 above, with respect to export controls of
encryption products that are or would be, on November 15, 1996,
designated as defense articles in Category XIII of the United States
Munitions List and regulated by the United States Department of State
pursuant to the Arms Export Control Act, 22 U.S.C. 2778 et seq., but
that subsequently are placed on the Commerce Control List in the Export
Administration Regulations, the Departments of State, Defense, Energy,
and Justice and the Arms Control and Disarmament Agency shall have the
opportunity to review any export license application submitted to the
Department of Commerce. The Department of Justice shall, with respect to
such encryption products, be a voting member of the Export
Administration Review Board described in section 5(a)(1) of this order
and of the Advisory Committee on Export Policy described in section
5(a)(2) of this order. The Department of Justice shall be a full member
of the Operating Committee of the ACEP described in section 5(a)(3) of
this order, and of any other committees and consultation groups
reviewing export controls with respect to such encryption products.''
(2) Sections 6 and 7 of Executive Order 12981 of December 5, 1995,
are renumbered as new sections 7 and 8, respectively.
(c) Because the export of encryption software, like the export of
other encryption products described in this section, must be controlled
because of such software's functional capacity, rather than because of
any possible informational value of such software, such software shall
not be considered or treated as ``technology,'' as that term is defined
in section 16 of the EAA (50 U.S.C. App. 2415) and in the EAR (61 Fed.
Reg. 12714, March 25, 1996);
(d) With respect to encryption products described in this section,
the Secretary shall take such actions, including the promulgation of
rules, regulations, and amendments thereto, as may be necessary to
control the export of assistance (including training) to foreign persons
in the same manner and to the same extent as the export of such
assistance is controlled under the AECA, as amended by section 151 of
Public Law 104-164;
(e) Appropriate controls on the export and foreign dissemination of
encryption products described in this section may include, but are not
limited to, measures that promote the use of strong encryption products
and the development of a key recovery management infrastructure; and
(f) Regulation of encryption products described in this section
shall be subject to such further conditions as the President may direct.
Sec. 2. Effective Date. The provisions described in section 1 shall
take effect as soon as any encryption products described in section 1
are placed on the Commerce Control List in the EAR.
Sec. 3. Judicial Review. This order is intended only to improve the
internal management of the executive branch and to ensure the
implementation of appropriate controls on the export and foreign
dissemination of encryption products. It is not intended to, and does
not, create any rights to administrative or judicial review, or any
other right or benefit or trust responsibility, substantive or
procedural, enforceable by a party against the United States, its
agencies or instrumentalities, its officers or employees, or any other
person.
William J. Clinton
The White House,
November 15, 1996.
[Filed with the Office of the Federal Register, 8:45 a.m., November 18,
1996]
Note: This Executive order will be published in the Federal Register on
November 19.
[[Page 2401]]
1997
http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1997/12/27/7.text.1
THE WHITE HOUSE
Office of the Press Secretary
________________________________________________________________________
For Immediate Release December 22, 1997
PRESIDENT NAMES STEVEN S. HONIGMAN
AS SPECIAL ADVISOR TO THE PRESIDENT
The President today announced the appointment of Steven S. Honigman
as Special Advisor to the President. Mr. Honigman will bring senior
level and government-wide leadership to the Administration's
procurement of encryption technology and services.
Mr. Honigman's responsibilities will include assuring that agency
procurement policies, requirements, practices and programs are
coordinated and consistent with Administration encryption policies.
He will also coordinate agency encryption pilot projects and bring
them to production, promote public-private standards development, and
maintain a dialogue with the public about these efforts. His work will
require consultation with all major Federal agencies, White House
policy offices, the Congress, market participants, foreign entities
and the private sector.
Mr. Honigman has served since June 1993 as the General Counsel of
the Navy. In that position, he has been the Department of the Navy's
chief legal officer and the principal legal advisor to the Secretary
of the Navy. As Navy General Counsel, he has been a leader in
acquisition reform and procurement-related litigation.
Mr. Honigman was born in Brooklyn, New York. He received his B.A.
degree from New York University and his J.D. degree from Yale Law
School. Mr. Honigman has practiced as a civil litigator in New York
City. His areas of specialization included international and domestic
reinsurance and insurance disputes, transactions and insolvencies.
###
1998
http://www.access.gpo.gov/nara/nara003.html
[Weekly Compilation of Presidential Documents]
From the 1998 Presidential Documents Online via GPO Access [frwais.access.gpo.gov]
[DOCID:pd21se98_txt-38]
[Page 1832]
Monday, September 21, 1998
Volume 34--Number 38
Pages 1769-1832
Week Ending Friday, September 18, 1998
________________________________________________________________________
Checklist of White House Press Releases
________________________________________________________________________
The following list contains releases of the Office of the Press
Secretary that are neither printed as items nor covered by entries in
the Digest of Other White House Announcements.
________________________________________________________________________
September 16, 1998
Transcript of a press briefing by Vice President Al Gore, Deputy Chief
of Staff John Podesta, Principal Associate Deputy Attorney General
Robert Litt, FBI Assistant Director Carolyn Morris, Under Secretary of
Commerce William Reinsch, Deputy Secretary of Defense Jim Hamre, and
Deputy National Security Adviser Jim Steinberg on administration updates
in encryption policy
http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1998/9/16/11.text.1
THE WHITE HOUSE
Office of the Press Secretary
________________________________________________________________________
For Immediate Release September 16, 1998
PRESS BRIEFING BY
THE VICE PRESIDENT,
DEPUTY CHIEF OF STAFF JOHN PODESTA,
PRINCIPAL ASSOCIATE DEPUTY ATTORNEY GENERAL ROBERT LITT,
ASSISTANT DIRECTOR OF THE FBI CAROLYN MORRIS,
UNDER SECRETARY OF COMMERCE WILLIAM REINSCH,
DEPUTY SECRETARY OF DEFENSE JOHN HAMRE,
AND DEPUTY NATIONAL SECURITY ADVISOR JIM STEINBERG
The Briefing Room
11:57 A.M. EDT
THE VICE PRESIDENT: Good morning. While my colleagues are coming
in here, let me acknowledge them. John Podesta is going to take over
the podium after I complete my statement, and he is joined by Bob Litt
of the Justice Department, Bill Reinsch of the Commerce Department --
Under Secretary for the Export Administration -- and John Hamre, Deputy
Secretary of Defense.
I also want to acknowledge Carolyn Morris of the FBI; Barbara
McNamara of the National Security Agency; John Gordon, Deputy Director
of the CIA. And you all should know that this process, the results of
-- the interim results of which I'm announcing here, is a process that
has been run principally by John Podesta and Jim Steinberg, Deputy at
the National Security Council. And I also want to thank Sally Katzen at
the NEC and David Beier on my staff for the work that they and many
others have done on this.
Some of you who have followed this issue know that it is probably
one of the single, most difficult and complex issues that you can
possibly imagine. But we've made progress, and we're here this morning
to announce an important new action that will protect our national
security and our safety, and advance our economic interests and
safeguard our basic rights and values in this new Information Age.
The Information Age has brought us the Internet, an
inter-connected global economy and the promise of connecting us all to
the same vast world of knowledge. But with that exciting promise comes
new challenges. We must make sure that in the Information Age you get
information about the rest of the world and not the other way around.
We must ensure that new technology does not mean new and sophisticated
criminal and terrorist activity which leaves law enforcement outmatched
-- we can't allow that to happen. And we must ensure that the sensitive
financial and business transactions that now cruise along the
information superhighway are 100 percent safe in cyberspace.
Balancing these needs is no simple task, to say the least. That
is why, in taking the next step toward meeting these complex goals, we
worked very closely with members of Congress from both parties, House
and Senate; with industry; with our law enforcement community and with
our national security community. And as we move forward we want to keep
working closely with all who share a stake in this issue -- especially
law enforcement -- to constantly assess and reassess the effectiveness
of our actions in this fast changing medium.
Today I'm pleased to announce a new federal policy for the
encryption and protection of electronic communication, a policy that
dramatically increases privacy and security for families and businesses
without endangering out national security.
Beginning today, American companies will be able to use encryption
programs of unlimited strength when communicating between most
countries. Health, medical, and insurance companies will be able to use
far stronger electronic protection for personal records and information.
Law enforcement will still have access to criminally-related information
under strict and appropriate legal procedures. And we will maintain our
full ability to fight terrorism and monitor terrorist activity that
poses a grave danger to American citizens.
With this new announcement, we will protect the privacy of average
Americans, because privacy is a basic value in the Information Age,
indeed in any age. We will give industry the full protection that it
needs to enable electronic commerce to grow and to thrive. And we will
give law enforcement the ability to fight 21st century crimes with 21st
century technology, so our families and businesses are safe, but on-line
outlaws are not safe.
In just a moment you will hear more of the details of this new
policy, but I want to conclude by saying that this policy does reflect
one of the greatest challenges of these new times. And to state it
broadly, it's a challenge of how we can harness powerful new technology
while protecting our oldest and most cherished values, such as privacy
and safety.
I'm grateful to those who have worked so hard to reach this
balance. And with today's announcement I believe that all families and
businesses have reason to feel safer, more secure and more confident as
we approach the 21st century.
And now I'd like to turn things over to White House Deputy Chief
of Staff John Podesta.
Q Mr. Vice President, before you go, can you tell us what you say
to Democratic lawmakers who say the President ought to resign?
THE VICE PRESIDENT: I disagree.
Q How about the release of that tape? What do you think --
THE VICE PRESIDENT: The President is going to have a press
conference shortly and I'm sure that you will not miss the opportunity
at this national security press conference with the leader of a foreign
country to raise all these questions.
Q What about the videotape, should it be released?
Q It was staged by the White House -- you know that, don't you?
MR. PODESTA: Guess what? I'm here to talk about encryption.
Okay. I can see the front row leaving here. (Laughter.) As the Vice
President noted, Jim Steinberg and I have co-chaired our process in this
matter. I volunteered for that duty because of my well-known
fascination with The X Files, which most of you know about.
As you know, this is an important and challenging issue that
affects many of our interests in our society. And over the past year
we've promoted a balanced approach to the issue, working with all
segments of our government and working with industry to find a policy
that promotes electronic commerce, preserves privacy, protects national
security and law enforcement interests, and permits U.S. industry to
secure global markets.
Recognizing the importance of moving this issue forward, last
March the Vice President asked us to intensify our dialogue with U.S.
industry, to bring industry's technical expertise to bear on this issue
with the hope of finding more innovative ways that we might assist law
enforcement. We appreciate the efforts of Congress, the law enforcement
community and particularly the industry groups.
I would note the Computer Systems Policy Project and the Americans
for Computer Privacy, who have been in an intensive dialogue with us
over the past many months to foster an environment that has allowed us
to come up with a policy which we believe has balanced the elements that
are necessary in this regard.
I think all the stakeholders in this process, on our side, as well
as on private industry's side, now have a greater appreciation of the
issues and intend to continue the dialogue, which I think we're most
pleased by. Again, I think some of the people here from industry will
be available at the stakeout later to take some comment.
Based on the ideas discussed among the various stakeholders, today
we're proposing an update to our policies that we've announced in the
past. I'm going to serve kind of as M.C. We're going to start off with
Bob Litt from the Justice Department and Carol Morris, who I asked to
join us, from the FBI, to talk about the law enforcement-FBI concerns.
Then we're going to turn to Bill Reinsch from the Commerce Department to
talk about export control and electronic commerce. And finally you'll
hear from Dr. Hamre from the Defense Department. I might ask Jim also
to join us up here.
Before I give up the floor to Bob and Carol, though, I want to
stress that encryption policy is an ongoing process. It's one of
adaptation; it's an evolutionary process. We intend to continue the
dialogue, and over the course of the next year, determine what further
updates are necessary as we work with industry to try to, again, come up
with a policy that balances national security, law enforcement, and the
real needs for privacy and security in electronic commerce.
Thank you. Let me turn it over to Bob.
MR. LITT: Thank you, John. Good afternoon. The Justice
Department and the FBI and law enforcement in general is supportive,
very supportive of today's announcement on the updating of our export
controls on encryption products, particularly with respect to those
products that allow law enforcement to obtain lawful access to the plain
text of encrypted information.
We have been very encouraged over the last few months by
industry's efforts to work with us to develop and market strong
encryption products that provide law-abiding citizens with the ability
to protect the privacy of their communications and their
electronically-stored data, while at the same time maintaining law
enforcement's ability to ensure public safety when these products, when
they become commercially available, are used in furtherance of serious
criminal activity.
Our goal is through whatever means to ensure that when we have the
lawful authority to take steps to protect public safety, we have the
ability to do so. And we have been working cooperatively with industry
for many months to develop approaches that will deal with that.
Carolyn Morris will now talk a little bit about the technical
support center that is being proposed.
MS. MORRIS: Thank you very much, Bob.
Good afternoon, ladies and gentlemen. We in federal, state, and
local law enforcement, are pleased with the administration's support to
establish a technical support center. This center will provide federal,
state, and local law enforcement with the resources and the technical
capabilities we need to fulfill our investigative responsibilities.
In light of strong, commercially available encryption products
that are being proliferated within the United States, and when such
products are used in the furtherance of serious criminal activity, this
center becomes very, very critical to solving the encryption issues that
we need to make cases. As a matter of fact, the FBI has already begun
planning activities of this critical technical support center in
anticipation of the availability of funds.
The United States federal, local and state law enforcement
community looks forward to a cooperative partnership with American
industry, the Congress and the administration to ensure that this
technical support center becomes a reality in the near future. With
this center the American people can be assured that federal, state, and
local law enforcement has the necessary resources and tools we need to
fulfill our public safety mission.
Thank you very much.
UNDER SECRETARY REINSCH: With respect to export controls, the
administration is updating its policy in three areas: Our existing
policy and some revisions there, an expansion with respect to certain
sectors, and an expansion with respect to so-called recoverable
products. And let me address each of these separately. In keeping with
the administration's reinvention initiatives, I'm going to try to do it
in plain language -- or plain English, So that those of you that speak
the vocabulary of encryption may find it to elementary, but we can go
back and do it again in another language, if you want, later on in
questions.
With respect to our existing policy, we have for two years ending
this December, permitted the export of 56-bit products after an initial
one-time review without further review by the government. What we're
announcing today is the maintenance of that window permanently. And so
56-bit products will be freed from export controls after a one-time
review, in perpetuity, not ending at the end of this year. We are,
however, removing the requirement for key recovery plans or key recovery
commitments to be provided in return for that change, which was the
initial condition that we extracted.
In addition, we are continuing to permit the export of key
recovery products -- products that contain those features -- without
restraint worldwide. We are, however, going to simplify significantly
our regulations that relate to those exports. In particular, we're
going to eliminate the need for six-month progress reports for the plans
that have been submitted, and we're going to eliminate the requirement
for any prior reporting of key recovery agent information. For those of
you that follow the regulations in detail, that means we're going to
eliminate Supplement Five of our regulations on these matters.
Now, with respect to sectors, we're making some new innovations in
four areas. Some of you may be familiar with the fact that some time
ago we announced expanded treatment of encryption products for export to
banks and financial institutions. And what we did at that time,
briefly, was to permit the export of encryption products of any length,
any bit length, with or without key recovery features to banks and
financial institutions in a list of 45 countries.
What we are announcing today is, first, that we are adding
insurance companies to the definition of financial institutions, so
insurance companies will be treated the same way under this policy as
banks and other financial institutions are now. In addition, we are
providing the same kind of treatment for exports of these encryption
products to the health and medical sector operating in the same set of
countries. We are excluding from that biochemical and pharmaceutical
producers. But the rest of the health and medical sector will be the
beneficiary of the same kind of treatment.
In addition, we are providing also this expanded treatment for
that country group to on-line merchants that are operating in those
countries. That means that for products that are like client-server
applications, like SSL, will be able to be exported to those
destinations.
All these things will take place under what we call license
exception, which means after initial one-time review to determine
whether or not your product is, in fact, what you say it is, they can
then go without any further review or intervention by the government to
those locations. In addition, there is always the option in the export
control system of coming in with an application to export these kinds of
products to other destinations beyond the ones that I'm talking about
right now, and those will be reviewed one by one on their merits.
Finally, with respect to what we have come to refer to as a class
of so-called recovery capable or recoverable products, and these are the
products that, among others, include what has become known as the
doorbell products, which are products that, among other things, will
deal with the development of local area or wide area networks and the
transmission of e-mail and other data over networks -- we are going to
permit the export of those products under a presumption of approval and
an export licensing arrangement to a list of 42 countries. And within
those countries we are going to permit that export to commercial firms
only within those countries. And both in that case and in the case of
the on-line merchants that I referred to a few minutes ago, we are going
to exclude manufacturers or distributors of munitions items, I think for
obvious reasons.
We can go into further details later, if you would like. I think
for those of you that are interested in the nitty-gritty of all this
stuff, BXA intends to post all the details, including the country lists,
on its website and we should have that up later today.
Thank you.
DEPUTY SECRETARY HAMRE: Good morning. I'm here to speak on
behalf of the national security community. I'm joined today by my
enormously capable counterparts and colleagues, Deputy Director Barbara
McNamara for the National Security Agency; and Deputy Director John
Gordon from the Central Intelligence Agency.
The national security establishment strongly supports this step
forward. We think this is a very important advance in a crucial area
for our security in the future.
We in DOD had four goals when we entered these discussions. First
was to strengthen our ability to do electronic commerce. We're the
largest company in the world. Every month we write about 10 million
paychecks. We write about 800,000 travel vouchers. One of our finance
centers disburses $45 million an hour. We are a major, major force in
business. And for that reason, we can't be efficient unless we can
become fully electronic, and electronic commerce is essential for us.
And this is an enormous step forward.
Second, we must have strong encryption and a security structure
for that in order to protect ourselves in cyberspace. Many of you know
that we have experienced a number of cyber attacks during the last year.
This will undoubtedly increase in the future. We need to have strong
encryption because we're operating over public networks; 95 percent of
all of our communications now go over public infrastructure -- public
telephone lines, telephone switches, computer systems, et cetera. To
protect ourselves in that public environment, we must have encryption
and we must have a key recovery system for ourselves.
The third goal that we had was to help protect America's
infrastructure. One of the emerging national security challenges of the
next decade is to protect this country, the homeland defense of this
country, against attack. We must have strong encryption in order to do
that, because most of this infrastructure now is being managed through
distributed computer-based management systems, and this is an important
step forward.
Finally, it is very important that the Department of Defense and
our colleagues in the national security establishment have the ability
to prosecute our national security interests overseas. Terrorists and
rogue nations are increasingly using these tools to communicate with
each other and to lay their plans. We must have the ability to deal
with that. And so this policy, it's a balanced and structured approach
to be able to deal with all four of those problems.
UNDER SECRETARY REINSCH: I apologize -- in listing my changes, I
neglected one very important item that I want to go back to, and that
is, in the sector area we are also announcing today the ability to
export strong encryption of any bit length, with or without key recovery
features, to subsidiaries of U.S. companies to all destinations in the
world with the exception of the seven terrorist nations.
MR. PODESTA: Okay, I think we're happy to take your questions
now. If you could identify whom you're addressing, because there is a
variety of expertise. And I would like to introduce one other person,
Charlotte Knepper from the NSC staff, who has been instrumental in
pulling this all together.
Q John, this is a question for you. In October '96 and other
White House statements on encryption, there has usually been a line also
addressing the domestic side, saying that all Americans remain free to
use any strength encryption. I didn't notice anything like that in
today's announcement. Are there any conditions under which the White
House would back domestic restrictions on encryption?
MR. PODESTA: We haven't changed our policy, and the previous
statements are certainly intact. We have made a number of policy
statements in the past, since this administration came into office, and
I think that you should view this as a step forward, building on the
policies that we have put before the American public in the past.
Q John, could I ask you one question about an un-encrypted matter?
MR. PODESTA: Maybe. (Laughter.)
Q Democrats on the Hill are now saying, and John Kerry is saying
that the President's actions absolutely call for some sort of
punishment. What are Democrats telling you about what they feel must be
done at this point?
MR. PODESTA: Well, I think I'm not going to stand here and take a
lot of questions, but I'm going to give special dispensation, as a
Catholic, today -- which is I'm going to return your phone calls later.
But in deference to the people up here I think we'll handle it that way.
But in specific response, I'll take one, which is that I think
that we had a number of productive meetings with Democrats on both sides
of the Hill yesterday. They view the President as a person who has led
on the issues that are important to them, and I think what they want to
do is get back to having him speak out and be a leader on the issues of
education and the health care bill of rights, on saving Social Security.
And I think they pointed at that and wanted to work with us on that.
I think with regard to the question that you posed with regard to
Senator Kerry, I think that's a matter that they are debating amongst
themselves more than they are debating with the White House. I think
it's probably presumptuous for us at this point to offer them assistance
or guidance. I mean, the President has said that what he has done was
wrong; he's apologized for it; he's asked for forgiveness. He is moving
forward. And I think that this debate is going on, on Capitol Hill, but
it's largely going on amongst members themselves.
Q We haven't heard many of them say they want to get back to the
work at hand.
MR. STEINBERG: You heard John, and I'm going to leave it there.
Let me just add a word in response, in connection with the
domestic controls issue. I think one of the lessons that we've learned
from this exercise is that -- actually, two lessons -- one, that trying
to balance the various interests and equities in this is much less of a
zero sum gain than I think some began to look at the question. That is,
you heard from Dr. Hamre and others that many of the interests involved
have common interests in making sure that we have secure and effective
means of dealing with communications and stored data.
And so we found, by looking in a very pragmatic way, that there
were ways to solve these problems without very, kind of, broad-based
solutions. In particular, I think the idea that there's no
one-size-fits-all answer to the problems of meeting the various needs
informs the decisions that we reached -- that there are a variety of
different techniques that respond to the different aspects of the
industry, the different aspects of the technology. I think that's what
made the progress possible today, is that industry, agencies and
Congress sat down together, pulled the problem apart, began to look at
its different components and began to fashion very pragmatic solutions.
And so I think we came to this discussion with a spirit of not
looking for a kind of single or simple solution to the problem but,
rather, how do you tackle and meet the various needs. And I think
that's what led to this resolve.
Q Could you talk a little more about the on-line merchants part of
it? I mean, what do you have to do to qualify as an on-line merchant?
Do you have to register or can anybody sort of set themselves up in
business?
UNDER SECRETARY REINSCH: I think the simplest way to respond to
that right now is we'll have a definition in the reg that will be very
clear as to what the criteria are for qualification. And those
definitions have already been dealt with and agreed to, so we should
have them up on the web site this afternoon.
Q A question for Bill Reinsch. How do you handle, then, 128-bit,
to which the Department has given export -- or has allowed to be
exported after going through this review? Will 128 or things above
56-bit, will they require a license or will they still have to go
through plans --
UNDER SECRETARY REINSCH: Well, with respect to the subsidiaries,
the health sector, the banks, the financial institutions, the insurance
companies, the on-line merchants, and the recoverable products as in the
universe defined -- no. In the case of all but the recoverable
products, they will all go on license exception, which means one-time
review and then out the door. With respect to recoverable products,
they will come in and go out pursuant to an export licensing
arrangement, where we'll have to do a little tailoring depending upon
the nature of the product. But there is a presumption of approval for
the 42 countries that I indicated.
And that's without reference to bit length -- 128 or more is all
covered by that. Now, if you want to export an 128-bit product that is
beyond any of those universes, then you would have to come in for an
individual license application.
Q A question for Mr. Litt. With regard to the technical support
center, when do you expect that to be in operation?
MR. LITT: I don't think we have a specific timetable yet.
Obviously, it would be helpful for us to have it up and operational as
soon as possible, but there are planning and budgetary issues that have
to be dealt with.
Q This is probably a question for Under Secretary Reinsch. The
export exceptions now are essentially going to U.S. subsidiaries --
foreign subsidiaries of U.S. companies. I was wondering, could you be a
little more specific -- what size company, what kind of company will be
allowed to export powerful crypto to its foreign subsidiaries?
UNDER SECRETARY REINSCH: That doesn't make any difference. The
universe is determined by the end user, not by the nature of the
American company. But it is not -- while part of this relates to
subsidiaries of U.S. companies, that is correct, we also intend, on a
case-by-case basis, to provide for favorable treatment for export of the
same kind of thing to strategic partners of U.S. companies -- those
foreign companies that are engaged in a closer, say, joint venture, that
kind of relationship.
Well, I think that's it.
Q What about foreign companies that have U.S. subsidiaries, like
Seaman's or -- or Chrysler -- can they get this encryption?
UNDER SECRETARY REINSCH: Well, keep in mind, there are multiple
universes here. If you're talking about the financial institutions, the
banks and the insurance companies, those aren't necessarily American
financial institutions. That's for export to any financial institution,
and for their use in any of their branches, aside from the terrorist
countries. This is true for the health sector; this is true for on-line
merchants as well. Those are not restricted to U.S. companies.
Obviously, if we're going to have a requirement for U.S. subs, it
relates to U.S. subs, and wouldn't affect the examples you've described.
Now, with respect to recoverable products, which actually is one of the
areas where the companies you mentioned would probably be looking
because they'd be looking to build a network among their various
offices, affiliates of subsidiaries, dealers if necessary, worldwide,
the recoverable provisions that I described could be exported to those
companies within the territorial universe I described -- the 42
countries.
Thank you very much.
END 12:25 P.M. EDT
September 16, 1998
Statement by the Press Secretary: Administration Updates Encryption
Policy
http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1998/9/17/3.text.1
THE WHITE HOUSE
Office of the Press Secretary
________________________________________________________________________
For Immediate Release September 16, 1998
STATEMENT BY THE PRESS SECRETARY
Administration Updates Encryption Policy
The Clinton Administration today announced a series of steps to
update its encryption policy in a way that meets the full range of
national interests: promotes electronic commerce, supports law
enforcement and national security and protects privacy. These steps are
a result of several months of intensive dialogue between the government
and U.S. industry, the law enforcement community and privacy groups
that was called for by the Vice President and supported by members of
Congress.
As the Vice President stated in a letter to Senator Daschle, the
Administration remains committed to assuring that the nation's law
enforcement community will be able to access, under strictly defined
legal procedures, the plain text of criminally related communications
and stored information. The Administration intends to support FBI's
establishment of a technical support center to help build the technical
capacity of law enforcement - Federal, State, and local - to stay
abreast of advancing communications technology.
The Administration will also strengthen its support for electronic
commerce by permitting the export of strong encryption when used to
protect sensitive financial, health, medical, and business proprietary
information in electronic form. The updated export policy will allow
U.S. companies new opportunities to sell encryption products to almost
70 percent of the world's economy, including the European Union, the
Caribbean and some Asian and South American countries. These changes in
export policy were based on input from industry groups while being
protective of national security and law enforcement interests.
The new export guidelines will permit exports to other industries
beyond financial institutions, and further streamline exports of key
recovery products and other recoverable encryption products. Exports to
those end users and destination countries not addressed by today's
announcement will continue to be reviewed on a case-by-case basis.
Very strong encryption with any key length (with or without key
recovery) will now be permitted for export, under license exception, to
several industry sectors. For example, U.S. companies will be able to
export very strong encryption for use between their headquarters and
their foreign subsidiaries worldwide except the seven terrorist
countries (Iran, Iraq, Libya, Syria, Sudan, North Korea and Cuba) to
protect their sensitive company proprietary information.
On-line merchants in 45 countries will be able to use robust U.S.
encryption products to protect their on-line electronic commerce
transactions with their customers over the Internet.
Insurance companies as well as the health and medical sectors in
those same 46 countries will be able to purchase and use robust U.S.
encryption products to secure health and insurance data among legitimate
users such as hospitals, health care professionals, patients, insurers
and their customers.
The new guidelines also allow encryption hardware and software
products with encryption strength up to 56-bit DES or equivalent to be
exported without a license, after a one time technical review, to all
users outside the seven terrorist countries. Currently, streamlined
exports of DES products are permitted for those companies that have
filed key recovery business plans. However, with the new guidelines,
key recovery business plans will no longer be required.
The Administration will continue to promote the development of key
recovery products by easing regulatory requirements. For the more than
60 companies which have submitted plans to develop and market key
recovery encryption products, the six month progress reviews will no
longer be required. Once the products are ready for market, they can be
exported, with any bit length -- without a license -- world-wide (except
to terrorist nations) after a one-time review. Furthermore, exporters
will no longer need to name or submit additional information on a key
recovery agent prior to export. These requirements will be removed from
the regulations.
Finally, industry has identified other so-called "recoverable"
products and techniques that allow for the recovery of plaintext by a
system or network administrator and that can also assist law enforcement
access, subject to strict procedures. The Administration will permit
their export for use within most foreign commercial firms, and their
wholly-owned subsidiaries, in large markets, including Western Europe,
Japan and Australia, to protect their internal business proprietary
communications.
The Administration welcomes a continued dialogue with U.S. industry
and intends to review its policy in one year to determine if additional
updates may be necessary to continue a balanced approach that protects
the public safety and national security, ensures privacy, enables
continued technology leadership by U.S. industry and promotes electronic
commerce.
# # #
September 16, 1998
Fact sheet: Administration Updates Encryption Policy
http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1998/9/17/5.text.1
THE WHITE HOUSE
Office of the Press Secretary
________________________________________________________________________
For Immediate Release September 16, 1998
FACT SHEET
Administration Updates Encryption Policy
Exports of 56-bit DES and equivalent products (hardware and software)
will be streamlined (under license exception). Requirements for key
recovery plans are eliminated.
Exports of unlimited strength encryption products (with or without key
recovery) will be streamlined (under license exception) to certain
industries. The sectors are:
Subsidiaries of U.S. Firms, worldwide (except seven terrorist
nations).
Insurance companies to the same 45 countries recently approved for
exports to banks and financial institution exports.
Health and medical organizations (including civilian government
health agencies) in the same 45 countries. Does not include
biochemical/pharmaceutical manufacturers.
On-line merchants for client-server applications, in the same 45
countries, with the purpose of securing electronic transactions
between merchants and their customers. Does not include
manufacturers and distributors of items controlled on the U.S.
munitions list.
Key Recovery products will continue to be exportable under license
exception worldwide (except seven terrorist nations). Review of
foreign key recovery agents is eliminated.
Exports of "recoverable" products will be approved to most commercial
firms, and their wholly-owned subsidiaries, in a broad range of
countries under encryption licensing arrangements. This group of
countries covers most major commercial markets including Western
Europe, Japan, and Australia. The policy does not include service
providers and manufacturers and distributors of items controlled on
the U.S. munitions list.
Exports to end users or destinations outside this policy are possible
on a case-by-case basis.
Prior to export, products are subject to a one-time product technical
review.
# # #
http://www.access.gpo.gov/nara/nara003.html
[Weekly Compilation of Presidential Documents]
From the 1998 Presidential Documents Online via GPO Access [frwais.access.gpo.gov]
[DOCID:pd05oc98_txt-5]
[Page 1897-1903]
Monday, October 5, 1998
Volume 34--Number 40
Pages 1895-1963
Week Ending Friday, October 2, 1998
Remarks at a Democratic National Committee Dinner in San Jose,
California
September 25, 1998
[Excerpt]
The securities reform legislation is now in conference and they're
arguing only over some legislative intent language that those of you who
are working the issue are very familiar with. But I think we'll be
successful there. I think we've reached a broad agreement on encryption
policy and now you just have to make sure you work with us on the
implementation of it so that the rules don't contradict the policy, but
instead reinforce them. And I think we can do that.
1999
To August 14: None.