If you are not in Mass., make no special effort to attract Mass. customers, do not advertise in Mass., and do only a small fraction of your business with Mass. residents, you are ok.
If you have no business presence in Mass. you are probably ok anyway because you are outside their jurisdiction.
> Does Mass. suppose that the entire nation or the entire world must comply > with such a law? Or does this only apply to those who store data inside Mass.?
It has nothing to do with where the data is stored. It applies to transactions occuring in Mass. or with Mass. residents. It will, of course, be difficult for the state to enforce it against entities with no business nexus in the state.
> Further, do the rights of people within Mass. not equal the rights of > people who live outside of Mass.?
This law applies to Mass. businesses regardless of who they are doing business with.
> Or will this devolve into the old dry county types of laws in which a > commercial airliner must be wary of whether a county underneath them allows > serving of drinks even though they are flying at 600 mph.?
I suppose that if you are collecting social security numbers on an airliner at 600mph you will have to encrypt them as you fly over Mass.
> And when companies move all their data to India?
The law applies to anyone doing business in Mass or with a Mass resident. It doesn't care if you store your data on the Moon. It's the location of the transaction that matters, not the location of the disk drive.
> I am not wild about regs, but the problem is that companies really do not > care.
No, the problem is that the companies' _customers_ really do not care. If they did the companies would be falling over themselves trying to offer better security than their competitors. When was the last time that you decided not to do business with a company because you were not satisfied with their security?
Postgresql and Mysql both support encryption. However, you can bet the the Oracle and Microsoft salesmen are already spreading FUD to the effect that the state will view the use of Free Software as evidence that you don't take security seriously.
> The last couple versions of SQL Server have allowed encryption down to the > field level. I would be surprised if Oracle and other competitors weren't > offering similar functionality.
...Vikingpower means the 850s. There was major construction in the 1950s but development started over 1100 years ago and there has been a continous line since about 1250.
> If anything, the entitlement mentality seems to be coming from the other > side: site owners who think that because they operate a site, that people > who visit the site "owe" them something.
I see it from both sides. The site operators act as if they believe that you have entered their "store" and agreed to their conditions when in fact you have merely sent them a GET request which they are not obligated to honor, and the users seem to think that Web pages are billboards in a public place.
> The readership consumes content, and in return gives you the eyeballs that > you sell to the advertisers.
Do they have to be human, or will any kind do? For the right price I;m sure I could arrange for Countryside Hides to ship you a truckload of cow eyeballs.
> The specific contect I choose to receive or block at my end is my own damn > business.
And the specific content that the site operator chooses to send is his business.
Arstechnica publishes a URL. You look up the corresponding IP and send it a GET. They choose to send you a page. That page includes URLs pointing to other pages on other sites. You choose not to request all of those pages. They finds that out. Some site operators would then choose to send you no more pages. Arstechnica evidently choose to make a fools of themselves by whining about it. These guys choose the even more foolish route of telling their users not to discuss (on the site) the possibility of not downloading every URL on a page.
> It's like being banned from walking down the street because I chose not to > look at the billboards!
No it isn't. It's like a store putting up a billboard offering free samples to everyone who comes in and then complaining when you walk in, take the sample, and walk out without reading the ads he has plastered on the walls. There are any number of ways that he could have made receipt of the samples conditional on looking at the ads. They can whine about you not looking and you can ignore the whining.
These people have a right to control what gets put up on their site, you have the right to request pages from them, and they have the right to send them or not as they see fit. No one is being banned from anything public. Whining and/or deleting posts from one's own Web site may be foolish, but is neither illegal nor wrong.
> Canvas tag. Get ready, because it's coming. And you better believe some > publishers are going to integrate content. Block the tag? no content for you.
No, download it and then not display it. If the ad filter can figure out that it is an ad it can arrange for me not to see it. I'd rather not download it as that wastes both my bandwith and the site's, but but I can do so and then throw it away.
To get past filters they are going to have to make the ads look (to the filters) like content. This means, among other things, serving them from the site itself rather than from ad servers, burning up the site's bandwidth. Hopefully, they just won't bother.
> Gmail's security sucks and it's customer service is non-existent.
If you want customer service become a customer. Users of free accounts are not customers. A business's customers are the people who pay them money: advertisers, in Google's case.
> Google encourages people to trust gmail with their most sensitive personal > data. I think their negligence and lack of response regarding their own > products' defects borders on criminal.
You got what you paid for.
For email (Webmail and POP/IMAP) and Usenet I suggest Newsguy. It's an actual business, not an advertising agency.
Slashdot Mirror
If you are not in Mass., make no special effort to attract Mass. customers, do not advertise in Mass., and do only a small fraction of your business with Mass. residents, you are ok.
If you have no business presence in Mass. you are probably ok anyway because you are outside their jurisdiction.
> I just suppose that the article summarizes the law correctly...
What a silly supposition. It is a _Slashdot_ summary. Of course it isn't correct.
> Does Mass. suppose that the entire nation or the entire world must comply
> with such a law? Or does this only apply to those who store data inside Mass.?
It has nothing to do with where the data is stored. It applies to transactions occuring in Mass. or with Mass. residents. It will, of course, be difficult for the state to enforce it against entities with no business nexus in the state.
> Further, do the rights of people within Mass. not equal the rights of
> people who live outside of Mass.?
This law applies to Mass. businesses regardless of who they are doing business with.
> Or will this devolve into the old dry county types of laws in which a
> commercial airliner must be wary of whether a county underneath them allows
> serving of drinks even though they are flying at 600 mph.?
I suppose that if you are collecting social security numbers on an airliner at 600mph you will have to encrypt them as you fly over Mass.
> And when companies move all their data to India?
The law applies to anyone doing business in Mass or with a Mass resident. It doesn't care if you store your data on the Moon. It's the location of the transaction that matters, not the location of the disk drive.
> I am not wild about regs, but the problem is that companies really do not
> care.
No, the problem is that the companies' _customers_ really do not care. If they did the companies would be falling over themselves trying to offer better security than their competitors. When was the last time that you decided not to do business with a company because you were not satisfied with their security?
> Why would it rule out open source databases?
Postgresql and Mysql both support encryption. However, you can bet the the Oracle and Microsoft salesmen are already spreading FUD to the effect that the state will view the use of Free Software as evidence that you don't take security seriously.
> This "Written Information Security Plan"-Thing (yes, I read TFA) sounds like
> an unnecessary and useless PITA though...
How else is the state to know exactly what information you have on your customers so that they sieze it when they want it?
> ...why the hell would you be subject to MA law?
You wouldn't be. The transaction you describe takes place entirely in California and therefor is subject only to California law.
> But first they must justify why they need my evening phone number, my date of
> birth, my marital status etc. etc.
So demand that they justify it and don't give them the information unless they do. You can live without their products and services.
> The last couple versions of SQL Server have allowed encryption down to the
> field level. I would be surprised if Oracle and other competitors weren't
> offering similar functionality.
Postgresql and Mysql do.
> Government's "solution" to all problems great and small is to put everyone at
> gunpoint.
It's the only solution they have. Violence and the threat of violence is what government is all about.
> We may as well be dealing with mobsters.
You are.
> Couldn't we have gotten along with a 64 bit address? 1.8e19 addresses seem
> like enough for a long time, too.
That's what they said about 32 bit addresses.
> Except the US effectively controls IPV4, DNS...
How?
> What, in Europe they don't have abductions?
No. In Europe the aliens make crop circles.
...Vikingpower means the 850s. There was major construction in the 1950s but development started over 1100 years ago and there has been a continous line since about 1250.
> There are times as a dev when you need to close the door and have no
> distractions for a few hours straight.
Yes. It's really hard to get a good nap in a cube farm.
> If anything, the entitlement mentality seems to be coming from the other
> side: site owners who think that because they operate a site, that people
> who visit the site "owe" them something.
I see it from both sides. The site operators act as if they believe that you have entered their "store" and agreed to their conditions when in fact you have merely sent them a GET request which they are not obligated to honor, and the users seem to think that Web pages are billboards in a public place.
> I help site by being part of site community.
How does that bring them any revenue?
> The readership consumes content, and in return gives you the eyeballs that
> you sell to the advertisers.
Do they have to be human, or will any kind do? For the right price I;m sure I could arrange for Countryside Hides to ship you a truckload of cow eyeballs.
> The specific contect I choose to receive or block at my end is my own damn
> business.
And the specific content that the site operator chooses to send is his business.
Arstechnica publishes a URL. You look up the corresponding IP and send it a GET. They choose to send you a page. That page includes URLs pointing to other pages on other sites. You choose not to request all of those pages. They finds that out. Some site operators would then choose to send you no more pages. Arstechnica evidently choose to make a fools of themselves by whining about it. These guys choose the even more foolish route of telling their users not to discuss (on the site) the possibility of not downloading every URL on a page.
> It's like being banned from walking down the street because I chose not to
> look at the billboards!
No it isn't. It's like a store putting up a billboard offering free samples to everyone who comes in and then complaining when you walk in, take the sample, and walk out without reading the ads he has plastered on the walls. There are any number of ways that he could have made receipt of the samples conditional on looking at the ads. They can whine about you not looking and you can ignore the whining.
These people have a right to control what gets put up on their site, you have the right to request pages from them, and they have the right to send them or not as they see fit. No one is being banned from anything public. Whining and/or deleting posts from one's own Web site may be foolish, but is neither illegal nor wrong.
> Canvas tag. Get ready, because it's coming. And you better believe some
> publishers are going to integrate content. Block the tag? no content for you.
No, download it and then not display it. If the ad filter can figure out that it is an ad it can arrange for me not to see it. I'd rather not download it as that wastes both my bandwith and the site's, but but I can do so and then throw it away.
To get past filters they are going to have to make the ads look (to the filters) like content. This means, among other things, serving them from the site itself rather than from ad servers, burning up the site's bandwidth. Hopefully, they just won't bother.
> Who are the customers of a site such as this; the users, or the advertisers?
Who pays them money?
> Gmail's security sucks and it's customer service is non-existent.
If you want customer service become a customer. Users of free accounts are not customers. A business's customers are the people who pay them money: advertisers, in Google's case.
> Google encourages people to trust gmail with their most sensitive personal
> data. I think their negligence and lack of response regarding their own
> products' defects borders on criminal.
You got what you paid for.
For email (Webmail and POP/IMAP) and Usenet I suggest Newsguy. It's an actual business, not an advertising agency.
MBA-ese for "take the blame"?
> Judging by the content of recruiters e-mails that I get...
And, as we all know, there is no more reliable source of information than recruiters.