Dear Mr. Speaker:

Enclosed for your review and consideration is a legislative proposal entitled the "Cyberspace Electronic Security Act of 1999" (CESA). A detailed section-by-section analysis follows the text of the proposal. An identical copy has been provided to the President of the United States Senate.

There is little question that continuing advances in technology are changing forever the way in which people live, the way they communicate with each other, and the manner in which they work and conduct commerce. In just a few years, the Internet has shown the world a glimpse of what is attainable in the information age. As a result, the demand for more and better access to information and electronic commerce continues to grow - among not just individuals and consumers, but also among financial, medical and educational institutions, manufacturers and merchants, and state and local governments.

This increased reliance on information and communications raises important privacy issues, because Americans want assurance that their sensitive personal and business data is protected from unauthorized access as it resides on and traverses national and international communications networks. For Americans to trust this new electronic environment, and for the promise of electronic commerce and the global information infrastructure to be fully realized, information systems must provide methods to protect the data and communications of legitimate users. Encryption can address this need, because encryption can be used to protect the confidentiality of both stored data and communications. Therefore, the Administration continues to support the development, adoption, and use of robust encryption by legitimate users.

At the same time, however, the same encryption products that help facilitate confidential communications between law-abiding citizens also pose a significant and undeniable public safety risk when used to facilitate and mask illegal and criminal activity. While cryptography has many legitimate and important uses, it is also increasingly used as a means to promote criminal activity, such as drug trafficking, terrorism, white collar crime, and the distribution of child pornography.

In brief, the advent and eventual widespread use of encryption poses significant and heretofore unseen challenges to law enforcement and public safety. While under existing law, both statutory and constitutional in nature, law enforcement is provided with different means to collect evidence of illegal activity - in the form of communications, stored data on computers, etc. - these means are rendered wholly insufficient when encryption is utilized to scramble the information in such a manner that law enforcement, acting pursuant to lawful authority, cannot decipher the evidence in a timely manner, if at all. In the context of law enforcement operations, for example, stopping a terrorist attack or seeking to recover a kidnaped child, time is of the essence and may mean the difference between success and catastrophic failure. While existing means of obtaining evidence would remain applicable in a fully-encrypted world, the failure to provide law enforcement with the necessary ability to obtain the plaintext or "readable" version of the evidence makes existing authorities useless.

A sound and effective public policy must support the development and use of encryption for legitimate purposes but allow access to plaintext by law enforcement when encryption is utilized by criminals. This requires an approach which properly balances critical privacy interests with the need to preserve public safety. As is explained more fully below, CESA provides such a balance by simultaneously creating significant new privacy protections for lawful users of encryption, while allowing law enforcement to preserve existing and constitutionally supported means of responding to criminal activity.

CESA first addresses the need for greater privacy protections for lawful users of encryption. Because the security of any encryption system depends on the security of the keys that can be used to decrypt data, clear procedures are needed to ensure that these keys are protected by "recovery agents" who are in the business of storing keys on behalf of others, as well as by law enforcement agencies that may obtain decryption keys pursuant to lawful authority in order to investigate criminal activity. Therefore, when a person stores a decryption key or other "recovery information" with a recovery agent, CESA creates significant new protections. It explicitly prohibits the recovery agent from disclosing such information or using it to decrypt data except under limited circumstances, such as with the consent of the person who stored the key or under a court order. The Act also regulates how government agencies must handle decryption keys they obtain (see below), and promotes privacy and security by prohibiting a recovery agent from selling or otherwise disclosing its customer lists to other parties.

CESA also provides mechanisms to allow law enforcement to keep pace with technology and lawfully obtain, in certain specific and narrow instances, access to information which has been encrypted in furtherance of criminal activity. While decryption keys must be protected from improper disclosure, CESA recognizes that law enforcement agencies may need access to decryption keys during the course of investigations. The Act, therefore, authorizes a recovery agent to disclose "stored recovery information" - stored decryption keys - to the government, or to use stored recovery information on behalf of the government, in a narrow range of circumstances, for example, pursuant to a search warrant or in accordance with a court order under the Act. Such a court order must be based on a finding that, among other things, there is no constitutionally protected expectation of privacy in the plaintext of encrypted data or the privacy interest created by such expectation has been overcome by consent, warrant, order, or other authority. By incorporating these specific privacy protections, CESA reflects a careful and essential balancing of the interests of public safety and privacy.

CESA recognizes that law enforcement personnel may need to obtain the plaintext of encrypted evidence when a decryption key for the data is not held by, or is not obtained from, a recovery agent. For example, a child pornographer may encrypt the illegal material he keeps on his computer, and may not store the key with a recovery agent, so that if law enforcement officers conduct a judicially authorized search, the most critical evidence - the child pornography itself - will be unreadable and unusable as evidence. The Act therefore sets forth procedures for a mechanism for government access to essential evidence - through a search warrant with the possibility of delayed notice. To obtain such a warrant, the government must meet the standards specified by the Constitution and the Federal Rules of Criminal Procedure, including establishing probable cause to the court. In addition, to delay notice, the government must prove that it has good cause to do so. Once lawfully obtained from the court, the search warrant may authorize, depending upon the circumstances of the criminal activity, the search and seizure of decryption keys or the installation of a recovery device that allows plaintext to be obtained even if attempts were made to protect it through encryption. However, when executing a warrant using these procedures, in order to protect privacy, the government must take care to minimize its intrusion into the privacy of the subject of the warrant.

While CESA recognizes the need for law enforcement access to decryption keys, it also imposes limitations on the government's use and disclosure of decryption keys obtained through compulsory process. For example, the government is required to destroy the keys when their use is completed and after any statutory period for retention of records has expired. These limitations reflect CESA's balancing of the need for privacy against the need for law enforcement access in appropriate circumstances to decryption keys.

Historically, our nation has sought the proper balance between protecting the rights of individuals and the need of law enforcement to protect public safety. Although the emerging technological advances of the current information revolution are, in many ways, unlike any before, the challenge of striking the proper balance remains the same. The Administration fully supports the development and use of encryption products in order to protect the confidentiality of the communications and data of law-abiding citizens. However, in so doing public policy must reflect the pressing and undeniable need to afford law enforcement the means to sustain the ability to collect evidence of criminal activity, even when encryption is utilized. Failure to adequately address this need provides criminals with a safe-haven not available before. CESA establishes new protections for individuals and limits the ability of government to obtain plaintext to specific circumstances, while at the same time providing law enforcement the ability, with a proper factual showing, to respond to criminals who utilize encryption. We believe that CESA strikes the appropriate balance in this regard and look forward to working with you and the Congress on this issue of significant national importance.

The Office of Management and Budget has advised that there is no objection from the standpoint of the Administration's program to the presentation of this proposal and that its enactment would be in accord with the program of the President. Please let us know if we may be of additional assistance in connection with this or any other matter.

Free Speech | Data Privacy | Government Surveillance | Cryptography | Domain Names | International | Bandwidth | Security | Internet Standards, Technology and Policy Project | Terrorism | Authentication | Right to Know | Spam

Our Mission / Get Involved / Staff / Publications / Links / Search CDT / Jobs / Action! Previous Headlines | Legislative Tracking | CDT's Privacy Policy