This is historical material, "frozen in time." The web site is no longer updated and links to external web sites and some internal pages will not work.
White House Chief of Staff John Podesta, in a speech today at the
National Press Club, proposed important new measures to assure the
security and trust of Americans in cyberspace. His speech emphasized
the themes of updating law enforcement authorities for the Internet age,
harmonizing the rules that apply to different technologies such as
telephones and e-mail, and balancing important values. He proposed
legislation that would give law enforcement important new tools to
pursue criminals through cyberspace while also boosting citizens'
fundamental rights to privacy in the electronic age. Mr. Podesta also
announced new rules that will update encryption export controls.
A FRAMEWORK FOR SECURITY AND TRUST IN CYBERSPACE
Private sector leadership. As emphasized at the White House
Cyber Security Summit in February, the private sector, which owns and
operates most of the computers that Americans rely upon, has the
responsibility to lead in computer and network security.
Government as a model citizen. The federal government will
continue to make itself a model for information security and privacy
practices.
Public-private partnership. The federal government will
continue to work in partnership with the private sector to build
security and trust in online activities, as set forth in the National
Plan for Information Systems Protection issued earlier this year.
Preserving fundamental values, even as technology changes. These
values include protecting public safety, privacy and civil liberties;
improving the quality of life for all Americans, such as through the
promotion of electronic commerce and elimination of the digital divide;
and furthering the educational and free speech potential of the
Internet.
UPDATING TELEPHONE-ERA LAWS FOR THE INTERNET AGE
In certain specific instances, laws written for the telephone era
will need to be updated for the Internet age. Key provisions of the
legislation:
Modernize outdated telephone-era language. Current law uses
outmoded terms such as "phone lines" and hardware "devices." The
proposed legislation would apply to other forms of electronic
communication and apply equally to hardware and software.
Harmonize the standards for intercepting electronic, wire, and
cable communications. Current law has widely varying rules for when law
enforcement can intercept a communication, depending on whether an
individual uses e-mail, a phone call, or a cable modem. The proposal
would raise the legal standard for intercepting e-mails to the
longstanding and strict rules that apply to intercepting telephone
calls. For the first time, court orders authorizing interceptions of
e-mails could be applied for only after high-level approval and only for
serious crimes. Violations of these rules would lead to suppression of
evidence in court. At the same time, the rules that apply to the
growing use of cable modems would also be harmonized to the telephone
standard, while preserving the current, especially strict rules limiting
government access to cable television viewing records.
Create a balanced updating for "trap and trace" orders. "Trap
and trace" orders allow law enforcement to identify who is calling or
using an electronic means to contact an individual. The proposal would
allow law enforcement to respond more effectively to computer attacks by
stating that only one such order is needed to trace a call or Internet
session back to its source through multiple carriers. (Just as today,
such an order could not be used to intercept the contents of
communications protected by the wiretap statute.) Tracing would be
permitted without prior approval by a court in an emergency, such as
when a computer system is actually under attack. On the other hand, to
assure that such orders are issued only when appropriate, federal and
state judges for the first time would independently review the factual
basis for issuing such orders.
Strengthen the computer hacking law. The Computer Fraud and
Abuse Act should be strengthened to take account of the full range of
damages caused by computer attacks. Multiple small attacks should also
be treated as one large attack. To match the punishment to the crime,
mandatory jail time should be eliminated for less serious attacks.
Violations of the Act could result in civil or criminal forfeiture.
Improve sanctions against illegal wiretapping. The proposal
would increase penalties for violations of wiretapping laws. Illegally
intercepted communications could be used in court, but only to prove the
guilt or innocence of a person accused of illegal wiretapping activity.
Juvenile offenders. For serious computer attacks, federal
prosecutors should have jurisdiction over juvenile offenders. In such
cases, offenders would still be treated as juveniles.
UPDATING ENCRYPTION EXPORT POLICY
Today, the Administration is updating its policy for encryption exports
to the European Union and other key trading partners to assure continued
competitiveness of U.S. industry in international markets.
--License exception. Under the new policy, U.S. companies can export
under license exception (i.e., without a license) any encryption product
to any end user in the 15 nations of the European Union as well as
Australia, Norway, Czech Republic, Hungary, Poland, Japan, New Zealand
and Switzerland. Previous distinctions between government and
non-government end users are removed for these countries. Further, U.S.
exporters will be permitted to ship their products to these nations
immediately after submitting a commodity classification request to the
Department of Commerce, instead of waiting for a completed technical
review or incurring a 30-day delay.