[Public Papers of the Presidents of the United States: WILLIAM J. CLINTON (1999, Book II)]
[September 16, 1999]
[Pages 1551-1552]
[From the U.S. Government Publishing Office www.gpo.gov]



Message to the Congress Transmitting Proposed Legislation on Security of 
Electronic Information
September 16, 1999

To the Congress of the United States:
    I am pleased to transmit for your early consideration and speedy 
enactment a legislative proposal entitled the ``Cyberspace Electronic 
Security Act of 1999'' (CESA). Also transmitted herewith is a section-
by-section analysis.
    There is little question that continuing advances in technology are 
changing forever the way in which people live, the way they communicate 
with each other, and the manner in which they work and conduct commerce. 
In just a few years, the Internet has shown the world a glimpse of what 
is attainable in the information age. As a result, the demand for more 
and better access to information and electronic commerce continues to 
grow--among not just individuals and consumers, but also among 
financial, medical, and educational institutions, manufacturers and 
merchants, and State and local governments. This increased reliance on 
information and communications raises important privacy issues because 
Americans want assurance that their sensitive personal and business 
information is protected from unauthorized access as it resides on and 
traverses national and international communications networks. For 
Americans to trust this new electronic environment, and for the promise 
of electronic commerce and the global information infrastructure to be 
fully realized, information systems must provide methods to protect the 
data and communications of legitimate users. Encryption can address this 
need because encryption can be used to protect the confidentiality of 
both stored data and communications. Therefore, my Administration 
continues to support the development, adoption, and use of robust 
encryption by legitimate users.
    At the same time, however, the same encryption products that help 
facilitate confidential communications between law-abiding citizens also 
pose a significant and undeniable public safety risk when used to 
facilitate and mask illegal and criminal activity. Although cryptography 
has many legitimate and important uses, it is also increasingly used as 
a means to promote criminal activity, such as drug trafficking, 
terrorism, white collar crime, and the distribution of child 
pornography.
    The advent and eventual widespread use of encryption poses 
significant and heretofore unseen challenges to law enforcement and 
public safety. Under existing statutory and constitutional law, law 
enforcement is provided with different means to collect evidence of 
illegal activity in such forms as communications or stored data on 
computers. These means are rendered wholly insufficient when encryption 
is utilized to scramble the information in such a manner that law 
enforcement, acting pursuant to lawful authority, cannot decipher the 
evidence in a timely manner, if at all. In the context of law 
enforcement operations, time is of the essence and may mean the 
difference between success and catastrophic failure.
    A sound and effective public policy must support the development and 
use of encryption for

[[Page 1552]]

legitimate purposes but allow access to plaintext by law enforcement 
when encryption is utilized by criminals. This requires an approach that 
properly balances critical privacy interest with the need to preserve 
public safety. As is explained more fully in the sectional analysis that 
accompanies this proposed legislation, the CESA provides such a balance 
by simultaneously creating significant new privacy protections for 
lawful users of encryption, while assisting law enforcement's efforts to 
preserve existing and constitutionally supported means of responding to 
criminal activity.
    The CESA establishes limitations on government use and disclosure of 
decryption keys obtained by court process and provides special 
protections for decryption keys stored with third party ``recovery 
agents.'' CESA authorizes a recovery agent to disclose stored recovery 
information to the government, or to use stored recovery information on 
behalf of the government, in a narrow range of circumstances (e.g., 
pursuant to a search warrant or in accordance with a court order under 
the Act). In addition, CESA would authorize appropriations for the 
Technical Support Center in the Federal Bureau of Investigation, which 
will serve as a centralized technical resource for Federal, State, and 
local law enforcement in responding to the increasing use of encryption 
by criminals.
    I look forward to working with the Congress on this important 
national issue.

                                                      William J. Clinton

The White House,

September 16, 1999.