Slashdot Mirror
New State Laws Could Make Encryption Widespread
New laws that took effect in Nevada on Oct. 1 and will kick in on Jan. 1 in Massachusetts may effectively mandate encryption for companies' hard drives, portable devices, and data transmissions. The laws will be binding on any organization that maintains personal information about residents of the two states. (Washington and Michigan are considering similar legislation.) Nevada's law deals mostly with transmitted information and Massachusetts's emphasizes stored information. Between them the two laws should put more of a dent into lax security practices than widespread laws requiring customer notification of data breaches have done. (Such laws are on the books in 40 states and by one estimate have reduced identity theft by 2%.) Here are a couple of legal takes on the impact of the new laws.
It seems like the Democrats are doing the same thing the republicans did after 9/11. Just as after 9/11 the Republicans pushed Security to an extremist state, Democrats are using the financial crisis to push down all those heave regulations down our mouth...
BS, this is state level law, not Congress, way to troll. Besides these laws were passed way before the meltdown, these are their enactment dates.
"There are no facts, only interpretations." --Friedrich Nietzsche.
Assuming here that the above poster is being funny, I'll clear this up for those this might actually cause some concern.
Morrison & Foerster is a internationally recognized and prestigious law firm established in 1883, that has been going by the nickname MoFo since 1973. More on the linked wikipedia article for those still interested or skeptical.
Of blankness, I know nothing.
It's not just personal data on the laptop.
I work for a fairly small company, and while we don't have any person data off our server, and in fact don't really have any personal data beyond names, addresses and email accounts...
Which is why, of course, we have Truecrypt with boot-time encryption on all laptops, so that if they get stolen we don't have to run around like chickens with our heads cut off trying to figure out every single login that needs to be changed.
For those people worried about forgetting password: Burn three or four TrueCrypt 'recovery CD' and write the password on them. In fact, write the password everywhere...just don't carry it around in the laptop bag.
Seriously, half these 'data thefts' are random laptop thieves stealing random laptop that just happen to include absurdly dangerous amounts of data on them. They aren't targeted attacks, and the thief is probably wiping them before boot. But companies have to act like they have all your data because said companies are morons who can't spend a tiny amount of time setting up free software that would stop that from happening.
People often worry about computer security in entirely the wrong direction, worrying about changing internal company-only passwords every month, and then completely ignoring actual outside risks like someone snatching a laptop bag off someone's arm.
If corporations are people, aren't stockholders guilty of slavery?
Right. Especially for laptops, which tend to have slower hard drives in the first place.
I installed TrueCrypt on my moderately old laptop, an Intel 1.6Ghz, and the only speed different I notice is that, for some reason, hibernation and unhibernation is twice as slow. I suspect this is some sort of bug. Other than that, I forget it's there except when I boot up.
TrueCrypt, by default, uses AES, which was designed for speed on modern processors. (Or, rather, was designed to use exactly the mathematical operations that CPU manufacturers optimize for in order to make games run faster, so as CPUs keep speeding those operations up AES gets faster.)
Ha, I just checked to see if that hibernation thing is a bug, and it turns out that not only is it, but it's been fixed in 6.0 and I should just upgrade instead of whining about it.
If corporations are people, aren't stockholders guilty of slavery?