Nevada Businesses Must Start Encrypting E-Mail By Oct. 1st

← Back to Stories (view on slashdot.org)

Nevada Businesses Must Start Encrypting E-Mail By Oct. 1st

Posted by Soulskill on Monday September 22, 2008 @07:53AM from the wouldn't-bet-on-it dept.

dtothes writes "Baseline is reporting the state of Nevada has a statute about to go in effect on October 1, 2008 that will force businesses to encrypt all personally identifiable information transmitted over the Internet. They speak with a Nevada legal expert who says the problem is that the statute is written so broadly that the law could potentially open up a ton of unintentional liability and allow for the interpretation of things like password-protected documents to be considered sufficiently encrypted. Quoting: 'Beyond the infrastructure impact, the statute itself looks like Swiss cheese. Bryce K. Earl, a Las Vegas-based attorney, ... has been following the issue closely and believes there are some problems with the statute as it is on the books right now, namely the broad definition of encryption, the lack of coordination with industry standards and the unclear nature of penalties both criminal and civil.'"

7 of 178 comments (clear)

Min score:

Reason:

Sort:

Just ROT-13 twice by Anonymous Coward · 2008-09-22 07:57 · Score: 5, Funny

If they are not clear on the definition of encryption, just ROT-13 your messages twice and specify that's the type of encryption you use. You then have to ROT-13 it twice again to decrypt.
1. Re:Just ROT-13 twice by Beryllium+Sphere(tm) · 2008-09-22 09:59 · Score: 4, Funny
  
  This is irresponsible advice. There are known-plaintext attacks on reduced-round variants of ROT13. Always use the full 16 rounds to be sure you're actually getting the security that double ROT-13 promises.
I approve... by elzbal · 2008-09-22 08:00 · Score: 4, Funny

... the encryption of my customer records at Nevada's brothels.

I just hope they do more than password protecting the word docs...
Re:Force Encryption eh by Angostura · 2008-09-22 08:06 · Score: 4, Funny

I have developed a system by which each character is taken and broken up into a pattern of ones and zeros. The exact pattern is determined by looking up the character in a table. The receiver has to unscramble this pattern of ones and zeros by looking the pattern up in a similar table and then regenerating the character.
I call this system ASCII and I believe that it is a simple type of encryption, albeit with a very public public key, and no private key.
Re:I wonder . . . by clone53421 · 2008-09-22 08:06 · Score: 4, Funny

You could always put the password into a text file, zip it, and password-protect the zip with their old password before you e-mailed it to them.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Re:Force Encryption eh by LordEd · 2008-09-22 08:16 · Score: 4, Funny

I use ROT26. It must be twice as secure at ROT13.
Re:I wonder . . . by morgan_greywolf · 2008-09-22 08:44 · Score: 4, Funny

You could always put the password into a text file, zip it, and password-protect the zip with their old password before you e-mailed it to them.
Duh. Obviously that wouldn't work, since they don't know their old password. You'd have to password protect the password with their new password!

--
My blog