Nevada Businesses Must Start Encrypting E-Mail By Oct. 1st 178
dtothes writes "Baseline is reporting the state of Nevada has a statute about to go in effect on October 1, 2008 that will force businesses to encrypt all personally identifiable information transmitted over the Internet. They speak with a Nevada legal expert who says the problem is that the statute is written so broadly that the law could potentially open up a ton of unintentional liability and allow for the interpretation of things like password-protected documents to be considered sufficiently encrypted. Quoting: 'Beyond the infrastructure impact, the statute itself looks like Swiss cheese. Bryce K. Earl, a Las Vegas-based attorney, ... has been following the issue closely and believes there are some problems with the statute as it is on the books right now, namely the broad definition of encryption, the lack of coordination with industry standards and the unclear nature of penalties both criminal and civil.'"
Just ROT-13 twice (Score:5, Funny)
I approve... (Score:4, Funny)
I just hope they do more than password protecting the word docs...
Re:Force Encryption eh (Score:2, Funny)
Re:Force Encryption eh (Score:5, Funny)
I have developed a system by which each character is taken and broken up into a pattern of ones and zeros. The exact pattern is determined by looking up the character in a table. The receiver has to unscramble this pattern of ones and zeros by looking the pattern up in a similar table and then regenerating the character.
I call this system ASCII and I believe that it is a simple type of encryption, albeit with a very public public key, and no private key.
How about this? (Score:2, Funny)
Can I start a lawsuit to sue some company that does NOT do this, go to a jury by trial, but then do a terribly bad job of defending my position and set precedent that the defendant does not need to encrypt this stuff before a 'real' lawsuit comes about and sets precedent the other way?
Re:I wonder . . . (Score:5, Funny)
You could always put the password into a text file, zip it, and password-protect the zip with their old password before you e-mailed it to them.
Encryption Conniption (Score:4, Funny)
It was later found that the reason for this delay was a system-wide shutdown & widespread panic as they couldn't figure out how to encrypt or decrypt any of their correspondence properly.
Re:Force Encryption eh (Score:3, Funny)
0101011101101000011000010111010000111111
Re:And if you don't have an IT department? (Score:4, Funny)
p.s. seems to me that the lawyer who wrote this article ought to know the difference between "affect" and "effect"...
"Think about all the hotels, resorts, golf courses, pawn shops, nightclubs, check cashing, ski lodges and small businesses this is going to effect."
Obviously they're being very optimistic about the economic impact...
Re:Force Encryption eh (Score:5, Funny)
I use ROT26. It must be twice as secure at ROT13.
This is a good idea (Score:3, Funny)
Personally identifiable information should be encrypted.
Sincerely,
xz'Kxv!y{Ycut="xgq'^e;
Re:I approve... (Score:1, Funny)
Dear John,
Don't worry we won't let your secrets out, but you should be more careful where you email your requests to. We will not be able to accomodate you on your request to dress up for church with our hair in a bun and wearing glasses while engaging in an act with a donkey dressed as a moose. Perhaps you meant your email to go to a Hacienda of a different name in Boy's Town?
--This message encrypted for your protection. Please don't forget to use your protection.
Re:I wonder . . . (Score:4, Funny)
You could always put the password into a text file, zip it, and password-protect the zip with their old password before you e-mailed it to them.
Duh. Obviously that wouldn't work, since they don't know their old password. You'd have to password protect the password with their new password!
Re:And if you don't have an IT department? (Score:4, Funny)
Obligatory (with slight variation) (Score:3, Funny)
Your government advocates a
(X) technical (X) legislative ( ) market-based ( ) vigilante
approach to fighting identity theft. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop identity theft for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
(X) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from identity thieves
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) identity thieves don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of identity theft
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Dishonesty on the part of identity thieves themselves
( ) Bandwidth costs that are unaffected by client filtering
(X) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
(X) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about your legislature:
( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're stupid people for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Re:How about http web traffic? (Score:3, Funny)
Actually it's a red herring with a bicycle.
Re:And if you don't have an IT department? (Score:3, Funny)
Obviously, you either have never been to Nevada or have very poor business sense.
A lawn mowing business would never succeed in Nevada.
Re:Just ROT-13 twice (Score:4, Funny)
Re:Obligatory (with slight variation) (Score:3, Funny)
Asshats are an eternal problem, second only to the Dutch.
Re:Just ROT-13 twice (Score:5, Funny)
This is irresponsible advice. There are known-plaintext attacks on reduced-round variants of ROT13. Always use the full 16 rounds to be sure you're actually getting the security that double ROT-13 promises.
Estbay encryptionyay orfay ureaucratsbay isyay... (Score:3, Funny)
...Igpay Atinlay!
Seriously...show me one governmental agency that does ANYTHING with technology well and I'll accept governmental agencies telling me what the rules are regarding said technology.