Comments of Mr. Peter Swire At White House Press Briefing on Encryption September 16, 1999
White House
Office of the Press Secretary
The Briefing Room
MR. SWIRE: My name is Peter Swire. I'm the Chief Counsel for Privacy at OMB. I'm here to underscore that today's announcement reflects the Clinton administration's full support for the use of encryption and other new technologies to provide privacy and security to law-abiding citizens in the digital age. The encryption measures announced today properly balance all of the competing interests, including privacy, electronic commerce, and public safety. Encryption itself is a privacy and security enhancing technology. Especially for open networks such as the Internet, encryption is needed to make sure that the intended recipients can read a message, but that hackers and other third parties cannot. Today's announcement will broaden the use of strong mass marketing encryption for individuals and businesses.
In the part of today's announcement that updates the rules for law enforcement, the Cyberspace Electronic Security Act retains all of the existing legal protections for information in a home or business. It goes beyond current law and provides new privacy protections for individuals and businesses who choose to store key information with an outside company.
Think of your bank ATM card. What would it be like if you forgot your password and could not obtain access to the money in your account. That is precisely what can happen with strong encryption. If you lose the password, then all that encrypted material is scrambled forever and lost. Because encryption has become so unbreakable, prudent people need backups. Under CESA, if you decide to give your key or password to an outside company, then law enforcement has to meet strict new, judicially supervised standards to get that information. With this proposed legislation, it would be a civil and criminal violation for the company to release the information improperly, and also a violation for law enforcement officers to try to get that information without a court order.
Similarly, for added security and to prevent misuse of your private key information, if this proposal becomes law there would be restrictions on selling information regarding encryption customers to other private parties.
With that said, I want to be clear about what CESA does not do. CESA is technology neutral and does not regulate the hardware or software used for encryption. CESA does not require anyone to use key escrow, nor does it regulate how key escrow might develop in the private sector. The only effect of CESA on key escrow is to provide privacy assurances for those who freely choose to give their backups of their key information to others. Some information stored outside of your home deserves to be carefully protected.
In sum, the announcement today shows the commitment of the administration to real protections for privacy in the information age, while balancing with the important other public interests we have all been discussing.