[Weekly Compilation of Presidential Documents Volume 35, Number 37 (Monday, September 20, 1999)]
[Pages 1760-1761]
[Online from the Government Publishing Office, www.gpo.gov]

<R04>
Message to the Congress Transmitting the Proposed ``Cyberspace 
Electronic Security Act of 1999''

September 16, 1999

To the Congress of the United States:

    I am pleased to transmit for your early consideration and speedy 
enactment a legislative proposal entitled the ``Cyberspace Electronic 
Security Act of 1999'' (CESA). Also transmitted herewith is a section-
by-section analysis.
    There is little question that continuing advances in technology are 
changing forever the way in which people live, the way they communicate 
with each other, and the manner in which they work and conduct commerce. 
In just a few years, the Internet has shown the world a glimpse of what 
is attainable in the information age. As a result, the demand for more 
and better access to information and electronic commerce continues to 
grow--among not just individuals and consumers, but also among 
financial, medical, and educational institutions, manufacturers and 
merchants, and State and local governments. This increased reliance on 
information and communications raises important privacy issues because 
Americans want assurance that their sensitive personal and business 
information is protected from unauthorized access as it resides on and 
traverses national and international communications networks. For 
Americans to trust this new electronic environment, and for the promise 
of electronic commerce and the global information infrastructure to be 
fully realized, information systems must provide methods to protect the 
data and communications of legitimate users. Encryption can address this 
need because encryption can be used to protect the confidentiality of 
both stored data

[[Page 1761]]

and communications. Therefore, my Administration continues to support 
the development, adoption, and use of robust encryption by legitimate 
users.
    At the same time, however, the same encryption products that help 
facilitate confidential communications between law-
abiding citizens also pose a significant and undeniable public safety 
risk when used to facilitate and mask illegal and criminal activity. 
Although cryptography has many legitimate and important uses, it is also 
increasingly used as a means to promote criminal activity, such as drug 
trafficking, terrorism, white collar crime, and the distribution of 
child pornography.
    The advent and eventual widespread use of encryption poses 
significant and heretofore unseen challenges to law enforcement and 
public safety. Under existing statutory and constitutional law, law 
enforcement is provided with different means to collect evidence of 
illegal activity in such forms as communications or stored data on 
computers. These means are rendered wholly insufficient when encryption 
is utilized to scramble the information in such a manner that law 
enforcement, acting pursuant to lawful authority, cannot decipher the 
evidence in a timely manner, if at all. In the context of law 
enforcement operations, time is of the essence and may mean the 
difference between success and catastrophic failure.
    A sound and effective public policy must support the development and 
use of encryption for legitimate purposes but allow access to plaintext 
by law enforcement when encryption is utilized by criminals. This 
requires an approach that properly balances critical privacy interest 
with the need to preserve public safety. As is explained more fully in 
the sectional analysis that accompanies this proposed legislation, the 
CESA provides such a balance by simultaneously creating significant new 
privacy protections for lawful users of encryption, while assisting law 
enforcement's efforts to preserve existing and constitutionally 
supported means of responding to criminal activity.
    The CESA establishes limitations on government use and disclosure of 
decryption keys obtained by court process and provides special 
protections for decryption keys stored with third party ``recovery 
agents.'' CESA authorizes a recovery agent to disclose stored recovery 
information to the government, or to use stored recovery information on 
behalf of the government, in a narrow range of circumstances (e.g., 
pursuant to a search warrant or in accordance with a court order under 
the Act). In addition, CESA would authorize appropriations for the 
Technical Support Center in the Federal Bureau of Investigation, which 
will serve as a centralized technical resource for Federal, State, and 
local law enforcement in responding to the increasing use of encryption 
by criminals.
    I look forward to working with the Congress on this important 
national issue.
                                            William J. Clinton
The White House,
September 16, 1999.