THE WHITE HOUSE|
Office of the Press Secretary
(Camp David, Maryland)
For Immediate Release
July 18, 2000
As prepared for delivery
REMARKS BY THE PRESIDENT'S CHIEF OF STAFF JOHN D. PODESTA
ON ELECTRONIC PRIVACY TO NATIONAL PRESS CLUB
July 17, 2000
White House aides have been known to write kiss and tell books.
I'm slightly embarrassed to say that the only book I've ever written was
Protecting Electronic Messaging, not exactly up there with All Too
But today I want to return to some of the topics from that
not-quite best-selling book - particularly the issue of how to protect
privacy and civil liberties, while also protecting public safety in an
To understand what these themes mean today, I need to give you a
little bit of history. More than a hundred and fifty years ago, not too
far from here, Samuel Morse sent the first telegraph message. With the
touch of a finger, he shattered barriers of time and space, opening up a
world of possibility that wasn't even imagined just a few years before.
Morse's invention set in motion a technological revolution that would
forever change the way man would communicate.
In the 21st Century, this great revolution in communication
technology continues. From small towns to big cities, the Internet is
bringing millions of people closer together, giving them new ways to
find information and to stay in touch. When it was invented thirty
years ago, there were just two computers exchanging very simple
messages. Now there are almost 50 million households online, all with
the same access to a remarkable reservoir of information from
Shakespeare's first sonnet to medical research to the photos just taken
The Internet, like Morse's telegraph, brings with it new
possibilities. It also brings new challenges to our most fundamental
values and the need for new laws and new protections to maintain them.
Because we are so interconnected, more people now have easier access to
our most personal information -- from bank statements to our medical
history. International narcotics traffickers can communicate with each
other via computer messages. Hackers can destroy cyber-property by
defacing homepages and maliciously manipulating private information.
That's why we have to make sure the Internet is used to the benefit of
people not to their detriment.
Over the last seven and a half years, our Administration has worked
to build a framework for trust and security in this new world of
electronic networks. We've taken action to ensure that what should be
private stays private, including the medical and financial records of
our citizens. And to combat cyber-terrorism, we've introduced new
legislation, increased law enforcement efforts, and coordinated
public-private partnerships to build security and trust in online
This February, in his Cyber Security Summit, the President
emphasized the primary role and responsibility of the private sector in
ensuring computer and network security. As you know, most computers and
networks that we rely on every day are owned and operated by the private
sector. It's only right that they, not the government -- take a leading
role in making security a standard part of the Internet.
The private sector is also taking a leading role in electronic
messages and commerce. Our Administration has already moved to
liberalize export controls on encryption, allowing more companies to
export the technology to more end users. And we've done so while
maintaining a framework necessary to protect our national security.
Today we are announcing significant new updates to our export
controls. Under our new policy, American companies can export any
encryption product to any end user in the European Union and eight other
trading partners. We're also speeding up the time-to-market, by
eliminating the thirty-day waiting period when exporting encryption
goods to these countries.
While the private sector has a key role the government also needs
to protect its own systems from security risks, such as hacker attacks
and computer viruses. Our Administration has already taken action to
ensure that cyber security measures are included as part of all
government computer systems. But good security needs to be updated
constantly and it costs money. We've proposed $90 million to help
detect computer attacks, to conduct research on security technology, to
hire and train more security experts, and to create an internal expert
review team for non-defense agencies. Unfortunately, the Congress still
refuses to appropriate one dime to put these initiatives in place. It's
time they picked up the pace and provided the protections that are
essential to America's cyber security.
Implementing strong encryption is only one step in building a
framework of cyber-security and trust. We also need to keep our laws
consistent with the latest advances by updating our existing
communications privacy laws for the Internet age. At the heart of the
issue is the Fourth Amendment, which protects the right of the people to
be secure in their persons, houses, papers, and effects, against
unreasonable searches and seizures.
In 1787, a person's most important papers and effects -- like
diaries and letters -- were almost undoubtedly in their home or place of
business. These papers were protected by the requirement of a warrant
before the state could enter and search. But over time, with advances
in technology, people no longer relied solely on paper and pen to
communicate with one another. By the turn of the 20th Century, people
started using the telephone for personal calls and business
transactions. By the 1980s, Americans began using e-mail. Looking
ahead, even more of our papers and effects, like word processing
software and files, will be kept outside of the home. These advances in
technology have forced an ongoing debate in Congress and in the Courts
over the application of the Fourth Amendment.
This debate is not a new one. In the 1928 Olmstead case, the
Supreme Court found that warrantless wiretaps were not protected by
Fourth Amendment. Louis Brandeis in his fiery dissent in defense of
privacy rights argued that, there is, in essence, no difference between
the sealed letter and private telephone message. Wiretaps of phones,
Brandeis argued, invaded the privacy of people on both ends of the line
-- the same privacy the framers intended to protect with the Fourth
Forty years later the Court embraced Brandeis and ruled in Katz vs.
the United States that an individual's phone conversation was protected
by the Fourth Amendment. Later that year, Congress responded to the
Court's decision by passing new legislation with strict standards for
Title III of the 1968 Crime Control and Safe Streets Act required a
court order and high-level Justice Department approval for all phone
wiretaps. It only allowed wiretaps in the most serious crimes, such as
espionage, treason, and crimes of violence.
Title III remained relatively untouched until the 1980s, when
cellular telephone service, e-mail, and other computer-to-computer
communication began to put new demands on the 1968 law. By 1984, Title
III simply did not protect the conversations of the 7,000 Americans who
were using cellular phones, and the 400,000 who were logging onto
In response, under the leadership of Senator Leahy and
Representative Kastenmeier, Congress once again updated its laws to keep
pace with changing technology. ECPA, the Electronic Communications
Privacy Act, put in place many of the protections the courts had given
to phone conversations two decades earlier.
Today, ECPA like its predecessors has, in many ways, become
outdated by new advances in computer technology and electronic
communication. Since its passage in 1986, we've seen a communications
revolution with the explosion of the cell phone and the development and
use of the World Wide Web. Today there are more 95 million cell phone
users, and more than 50 million households online in the United States.
More than 1.4 billion e-mails change hands each and every day. Computer
users today send e-mail from their home phone lines through Internet
Service Providers, and they download files and e-mails onto shared
servers at work. A growing number of Americans B 2.2 million today log
on to the Internet and send e-mail through cable modems -- a means of
connection that wasn't even considered when ECPA was written.
ECPA was not devised to address many of the issues related to these
newer, faster means of electronic communication. It doesn't extend the
stringent Title III protections to the capture of e-mail that you send
to your friends or business partners. It doesn't include other
important protections for electronic communications like the scope of
the crimes covered ... the need for Justice Department approval, and a
statutory suppression rule for government violations.
What does all this mean? It means that data transmitted over
networks is not afforded the full privacy protection we give to
traditional phone calls.
Basically, the same communication, if sent different ways through a
phone call, or a dial-up modem -- is subject to different and
inconsistent privacy standards. Considering the extent to which our
electronic correspondence contains our most sensitive thoughts and
information -- shouldn't they count, as Louis Brandeis foreshadowed more
than seventy years ago, as the papers and effects mentioned in the
It's time to adopt legislative protections that map these important
privacy principles onto the latest technology. It's time to update and
harmonize our existing laws to give all forms of technology the same
legislative protections as our telephone conversations. I would like to
discuss several legislative proposals that the Administration is
forwarding to the Hill today that would make this happen. Congress is
already considering proposals in this area, and I believe together we
can work to get them done this year.
First, current statutes set standards that only apply to wiretaps
traditional hardware devices not to software programs that can conduct
the same surveillance. Such telephone-era laws should be clearly
updated to apply to the Internet era where hardware and software can be
interchangeable. Our proposed legislation does that: It would amend
statutes using outmoded language and that are hardware-specific, so that
they are technologically neutral. In other words, the legislation would
apply equal standards to both hardware and software surveillance.
Second, we need to achieve parity in the way the laws apply to
different forms of communication. The current law sets stricter
standards for law enforcement access to wire communications such as
telephone calls, than for electronic communications such as e-mail. The
market should play the central role in picking technological winners and
losers, not Congress or the regulators.
Our proposed legislation would harmonize the legal standards that
apply to law enforcement's access to e-mails, telephone calls, and cable
services. For more than 30 years, federal law under Title III has set a
tough, but workable standard for when law enforcement officers can
listen to the contents of phone calls. Today, the same legal
protections should apply equally to electronic communication.
At the same time, we propose to change the standards that apply to
cable services. Under the current Cable Act, even where there is clear
proof of serious crimes, law enforcement cannot gain access to
subscriber records, unless the customer can first contest the issue in
court. With our proposal, we would retain the underlying purpose of the
Cable Act to keep confidential the list of shows that a customer has
watched. But, when cable systems are used to access the Internet, we
believe the rules should be the tough, but sensible standard we also
support for e-mails and telephone calls.
Third, we need to seek a better balance amongst the sometimes
competing goals of the protection of public safety the achievement of
economic growth and digital opportunity and the preservation of privacy
and civil liberties. That's a challenge that our forefathers grappled
with when they wrote the Constitution, and one that our government and
courts have struggled with ever since. Our aim should be to enhance law
enforcement's ability to address unlawful conduct, but also to enhance
privacy and civil liberties on the Internet.
For example, we need to update current law governs when law
enforcement can track the identity of those with whom we communicate.
Our trap and trace rules come from the era of the traditional telephone
network, when one company offered nationwide phone service.
Today, we are proposing ways to make these "trap and trace" rules
more effective for law enforcement, while also assuring privacy and
civil liberties. We believe that a state or federal court should be
able to issue an order to trace a communication to its source
irrespective of whether that communication has been channeled through
various telephone or Internet providers. We also believe that there
should be greater judicial oversight of trap and trace authorities.
Federal law should make clear that such orders should only be
issued after a judicial officer has determined that the proper factual
showing has been made. These are steps that will protect our public
safety while preserving our civil liberties.
Fourth, and finally, in response to what we have learned about
hacking attacks, we must update the Computer Fraud and Abuse Act. The
Act should be strengthened to take account of the full range of damages
caused by computer attacks. Small attacks -- with under $5,000 damage
-- should be treated as a misdemeanor and not as a felony as proposed by
some in Congress. However, multiple small attacks should be treated as
one large attack and punished accordingly. And we should match
punishments to the crime, by eliminating mandatory jail time for less
Let me conclude by quoting Thomas Jefferson, who said, "America's
institutions must move forward hand-in-hand with the progress of the
human mind." Today, the progress of the human mind is racing forward at
an extraordinary pace. Technological discoveries are opening up new
worlds of possibility -- but they are also challenging our privacy in
ways we never imagined. As in any era of great progress, we must work
to ensure that our democracy and our laws keep pace with our advances --
and that we protect our privacy and civil liberties, and not just the
law enforcement mechanisms that we've instituted to preserve them.
# # #