[Congressional Record (Bound Edition), Volume 145 (1999), Part 15]
[Senate]
[Page 21860]
[From the U.S. Government Publishing Office, www.gpo.gov]





REPORT OF DRAFT LEGISLATION ENTITLED: ``CYBERSPACE ELECTRONIC SECURITY 
        ACT OF 1999'' (CESA)--MESSAGE FROM THE PRESIDENT--PM #57

  The PRESIDING OFFICER laid before the Senate the following message 
from the President of the United States which was referred to the 
Committee on the Judiciary.

To the Congress of the United States:
  I am pleased to transmit for your early consideration and speedy 
enactment a legislative proposal entitled the ``Cyberspace Electronic 
Security Act of 1999'' (CESA). Also transmitted herewith is a section-
by-section analysis.
  There is little question that continuing advances in technology are 
changing forever the way in which people live, the way they communicate 
with each other, and the manner in which they work and conduct 
commerce. In just a few years, the Internet has shown the world a 
glimpse of what is attainable in the information age. As a result, the 
demand for more and better access to information and electronic 
commerce continues to grow--among not just individuals and consumers, 
but also among financial, medical, and educational institutions, 
manufacturers and merchants, and State and local governments. This 
increased reliance on information and communications raises important 
privacy issues because Americans want assurance that their sensitive 
personal and business information is protected from unauthorized access 
as it resides on and traverses national and international 
communications networks. For Americans to trust this new electronic 
environment, and for the promise of electronic commerce and the global 
information infrastructure to be fully realized, information systems 
must provide methods to protect the data and communications of 
legitimate users. Encryption can address this need because encryption 
can be used to protect the confidentiality of both stored data and 
communications. Therefore, my Administration continues to support the 
development, adoption, and use of robust encryption by legitimate 
users.
  At the same time, however, the same encryption products that help 
facilitate confidential communications between law-abiding citizens 
also pose a significant and undeniable public safety risk when used to 
facilitate and mask illegal and criminal activity. Although 
cryptography has many legitimate and important uses, it is also 
increasingly used as a means to promote criminal activity, such as drug 
trafficking, terrorism, white collar crime, and the distribution of 
child pornography.
  The advent and eventual widespread use of encryption poses 
significant and heretofore unseen challenges to law enforcement and 
public safety. Under existing statutory and constitutional law, law 
enforcement is provided with different means to collect evidence of 
illegal activity in such forms as communications or stored data on 
computers. These means are rendered wholly insufficient when encryption 
is utilized to scramble the information in such a manner that law 
enforcement, acting pursuant to lawful authority, cannot decipher the 
evidence in a timely manner, if at all. In the context of law 
enforcement operations, time is of the essence and may mean the 
difference between success and catastrophic failure.
  A sound and effective public policy must support the development and 
use of encryption for legitimate purposes but allow access to plaintext 
by law enforcement when encryption is utilized by criminals. This 
requires an approach that properly balances critical privacy interests 
with the need to preserve public safety. As is explained more fully in 
the sectional analysis that accompanies this proposed legislation, the 
CESA provides such a balance by simultaneously creating significant new 
privacy protections for lawful users of encryption, while assisting law 
enforcement's efforts to preserve existing and constitutionally 
supported means of responding to criminal activity.
  The CESA establishes limitations on government use and disclosure of 
decryption keys obtained by court process and provides special 
protections for decryption keys stored with third party ``recovery 
agents.'' CESA authorizes a recovery agent to disclose stored recovery 
information to the government, or to use stored recovery information on 
behalf of the government, in a narrow range of circumstances (e.g., 
pursuant to a search warrant or in accordance with a court order under 
the Act). In addition, CESA would authorize appropriations for the 
Technical Support Center in the Federal Bureau of Investigation, which 
will serve as a centralized technical resource for Federal, State, and 
local law enforcement in responding to the increasing use of encryption 
by criminals.
  I look forward to working with the Congress on this important 
national issue.
                                                  William J. Clinton.  
  The White House, September 16, 1999.

                          ____________________