Administration Admits Crypto Policy Impossible To Enforce

 MEETING WITH DCI John Deutch, AG Janet Reno,
DAG Jamie Gorelick, and FBI Director Louie Freeh

DATE:             Thursday, May 9, 1996
LOCATION:         Justice, AG Reno's office
Time:             4:30 - 5:30 p.m.

I- PURPOSE:  Purportedly to receive a "status report" from the
DCI on recent discussions-with the computer industry on the
Administration's encryption policy and to review a proposal the
DCI wants to present to industry next week on behalf of the
Administration on key escrow. If other economic agencies are not
in attendance (DoC has recommended NEC and OMB be invited), the
session will likely be used to try to convert you to the law
enforcement and intelligence communities point of view on the
encryption issue.

This meeting is in response to DoC's expressed concern about the
substance and tactics of the DCI's approach to industry.
Commerce believes that some near-term liberalization of
encryption export controls must be presented to industry, in
order to sell them on our longer-term Key Escrow proposal. While
admitting privately that export control relief will probably be
necessary at some point, the DCI rejected industry's demand in a
March industry meeting, angering industry and other agencies
(DoC, NEC, OMB, OSTP because of the lack of consultation).
Because of this treatment, industry is looking at our next
proposal to include a comprehensive response to their concerns -
- including export control relief. Failure to respond to their
concerns will lead many of companies to oppose the
Administration's key escrow policy, thereby lessening the chance
of success and creating a significant political problem with the
high tech community. The political dimension of this issue has
grown since the May 2 announcement by Sen. Dole criticizing the
Clinton Administration's encryption policy and supporting a
bipartisan bill to limit U.S.G. control of encryption (see TAB

  II. BACKGROUND See attached material for background reading:

    Tab A -- DCI Deutch draft paper on Key Escrow procedures
             that he wants to give to industry next week;
    Tab B -- draft U.S.G. background paper on the encryption
             issue prepared by NIST;
    Tab C -- CSPP Paper
    Tab D -- Dole Press Release and San Francisco Examiner
    TAB E -- 3/27/96 Memo to Secretary Brown

[NOTE: More complete background paper and talking points will be
provided at the Classified briefing on Wednesday afternoon.]

Recent Developments:

For the past several months the Administration has been engaged
XXXXXXXXXXXXXXXXXXXXXXX to explore options on encryption export
controls that both protects the national security and law
enforcement objectives, while allowing U.S. industry to maintain
its competitive position.  XXXXXXXXXXX numerous working group
meetings have taken place over the past five months, XXXXXXXXXX
side tracked at a March meeting XXXXXXXXX (see TAB E for a brief
report to Secretary Brown on the session). XXXXXXXXXXXXXXXXXXXX
Administration must agree internally on a bottom line on export
controls and how to present it to industry within the next
several weeks.

Brief Overview of Encryption Issue

Export controls on encryption have been a long-standing issue
for exporters, the intelligence community (NSA), and domestic
law enforcement. Efforts to maintain tight controls on encryption
in the "Internet age" lack credibility, threaten to impose real
costs on U.S. industry and, its competitiveness, and are
becoming a political embarrassment for the Administration.

NSA has been the lead agency in the government for encryption
policy, although much of the debate has been driven by Justice
and FBI domestic law enforcement concerns. Most encryption
exports are controlled on the State Department's Munitions List
(to the chagrin of exporters - our allies control encryption as
a commercial good).  State has de facto ceded much of its
authority to NSA, which has tried to limit the spread of
encryption through very tight export control. Growing demand for
encryption reflecting growth in electronic commerce (software
and hardware) has led NSA to try to manage the spread of
encryption overseas by promoting a "key escrow" policy, which
involves a third party holding a "key" (the encrypting
algorithm) that can be used to encrypt and decrypt messages and
which could be accessed by government under certain defined

NSA proposed in 1993 that the Government be the third party to
hold the keys. This was roundly rejected by industry and
consumers. NSA has now accepted the idea of "Trusted Third
Parties," such as banks or other fiduciary institutions, holding
the keys, which is acceptable to many consumers. Access to a key
would require a court 'order.  Law enforcement agencies like
this approach. As there could be many different key escrow
encryption systems, national and international standards would
need to be established to ensure sufficient commonalty.

Janet Reno and Louis Freeh are deeply concerned about the spread
of encryption. Pervasive use of encryption destroys the
effectiveness of wiretapping, which supplies much of the
evidence used by FBI and Justice. They support tight controls,
for domestic use and exports.  NSA is chiefly concerned with
exports.  The Vice President chairs the senior,group that set
the Administration's encryption policy; since February, 1994, it
has been supported by a working level group co-chaired by NSC
and OMB, composed of NSA, CIA, FBI, State, Commerce (BXA, NIST),
and Justice.  Last summer, the Vice .President agreed to explore
public acceptance of a key escrow policy but did not rule out
other approaches, although none seem viable at this point.

Before leaving for GSA, former Commerce Deputy Secretary Barram
served as the chief Administration liaison with industry for
encryption policy. In the past several months, DCI Deutch has
taken he lead in developing encryption policy XXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXX  He advocates a flexible approach
to key escrow, but resists (at least as an opening position) any
other export liberalizations, such as permitting longer
algorithms to be exported without a State license or excepting
additional sectors from restrictive treatment. Deutch has worked
closely with his UK counterpart to develop a common approach to
encryption policy for both exports and for electronic commerce.

The interagency working group met on April 25, 1996 to discuss
Deutch's paper. The Department of Commerce, NEC, and OMB
expressed the need for some liberalizations of export controls,
in the short term, in order to "buy" industry into key escrow
for the long term. If consensus is not reached within the next
week at lower levels, the issue for Principals will be the
tactical question of when or what to give industry in terms of
"relief' from current export controls. Economic agencies firmly
believe it would be a mistake to present industry with the key
escrow proposal without addressing liberalization of export

Industry argues for decontrol of encryption, for moving it from.
State to Commerce control, and for allowing DES (a powerful
encryption algorithm whose export is tightly controlled) to be
sold freely. The three industry sectors (hardware, software and
network services) do not always agree; hardware and network
firms are more amenable to key escrow; software firms oppose it
strongly, and are seeking legislation to achieve decontrol.
Some support Deutch's call for a "flexible key escrow only"
approach most are undecided or opposed.    The private sector
has begun pursuing a legislative strategy.    Several Senators
(Leahy, Dole, Burns) and one House member (Goodlatte) have
introduced bills that, among other things, would significantly
liberalize export controls. The bills are unlikely to move,
but their presence, along with increasing industry public
comments about

it's unhappiness with the Administration's policy and the
importance of this issue in California, is designed to pressure
the administration into modifying its policy. Lost in the
debate, but not irrelevant, is the fact that it is virtually.
impossible to enforce export control's against them when they can
be exported by phone and modem or/in someone' s pocket.

III- PARTICIPANTS -- (Principals only) Deputy of Central
Intelligence John Deutch; Attorney General Janet Reno; Deputy
Attorney General Jamie Gorelick; and FBI Director Louie Freeh

[Note: DoC has suggested-the addition of NEC (Laura Tyson or Dan
Tarullo) and OMB-(Sally Katzen) -- other players with similar
views to DoC, but CIA staff has resisted, characterizing this as
a "status report", not a large decision meeting.