The law applies to stored email on any portable device - and the devices I listed, which are VERY common in business use, do NOT offer "whole-disk" encryption. How do you propose to handle that except through a ban at the server from transferring email to any device except a thin client? There's no such thing as "Trucrypt for the iPhone." There's no such thng as "Bitlocker for the iPad".
Words have meaning. Specifically, "to the extent technically feasible", means that since it is not "technically feasible" to provide encryption on those devices, there is no penalty for failing to do so.
Let's step through this real, slow-like for you. You posed the question:
"How are you going to send your email - USPS?"
as if TLS or PGP doesn't exist. Then you state:
TLS doesn't encrypt your stored email. Want to try again?
But the law doesn't apply to stored email, in general.
So any email containing personal info on a laptop or a smartphone, iPad or other device MUST be encrypted.
Yes, so in these instances, PI in stored email does need to be encrypted, the easiest method being a whole disk encryption solution, such as TrueCrypt or BitLocker.
So given that TLS, PGP, and whole disk encryption addresses the instances where PI in email needs to be encrypted, please tell me how your original question -
TLS doesn't encrypt your stored email. Want to try again?
The law doesn't applied to stored email; once again, the text of the friggin law:
(3)Encryption of all transmitted records and files containing personal information that will
travel across public networks, and encryption of all data containing personal information to be
transmitted wirelessly.
You're being as moronic as the blog writer.
The friggin law states: "Personal information, a Massachusetts resident's first name and last name or first initial and
last name in combination with any one or more of the following data elements that relate to
such resident: (a) Social Security number; (b) driver's license number or state-issued
identification card number; or (c) financial account number, or credit or debit card number,"
Yet you moronically state:
Do you, to the extent technically feasible, encrypt all PI records and files that are transmitted across public networks, and that are to be transmitted wirelessly?
How are you going to send your email - USPS?
How would a normal email fit the criteria of PI? Email containing PI can be encrypted via TLS, PGP, etc.
In the end it doesn't matter - the law is unconstitutionally vague because its definition of "Financial account" can be made to cover anything, including a laundry stub, your slashdot account, or anything esle."
Huh? How could a slashdot account be considered a financial account? Do you babble just for the sake of babbling?
think the GP's problem, and mine as well, is that the type of information that they're demanding be secured is simply stupid. Yes, encrypt account numbers. Yes, encrypt passwords. No (reasonable) person is disagreeing with that.
But names? Addresses? This is all publicly accessible information.
You don't understand the law.
The law defines Personal information as: "a Massachusetts resident's first name and last name or first initial and
last name in combination with any one or more of the following data elements that relate to
such resident: (a) Social Security number; (b) driver's license number or state-issued
identification card number; or (c) financial account number, or credit or debit card number"
Here's the thing. and this may sound weak....but the officers playing the machine may be valid. Think about it. If the perp decided to rewire or something so that the could stash their drugs or whatever, then maybe, them playing wasn't so off. yes, it may seem weird and out of place, but hey, if I was an officer, I'd be looking at one thing if the video game system was up front and out there. I'd be looking at it as the prime place. I hang out with a lot of Enginneers and whatnot at college, and they've rewired a lot of stuff, so that one wire can control a video game system. so theoretically, though these officers were caught, they might have been on to something.
So let me understand this correctly: they needed to see if there was a stash in the Wii, turned it on, didn't find any stash, and needed to keep playing it for 9 fucking hours just to be sure? "Well your honor, maybe the stash compartment only opens upon completing a perfect game in Wii Bowling -- we had to be sure." Really?
But I would swear i remember seeing one of those hanging on the wall of my great-uncle's barn 35 or so years ago; the barn is in Extreme Rural Tennessee, so you could imagine my surprise.
I hate to tell you this, but that was just a horse dildo. Funny, the things age does to memory: one minute you're looking at a horse dildo, the next minute, you're convinced that ancient instruments are hanging out in rural Tennessee.
they should take away his voice-syntho box, and replace it with one of these ping-pong gizmo widgets and tell him that it's his new mouth. I'm betting that Stevie has a working prototype by XMas 2K10 of something that makes this look like a Newton to his iPhone. So to speak.
The answer depends on how many hours you like wasting on the troubleshooting of an issue not knowing that it's just a stupid cable failing you. Add the cost of new cables into the cost of any of your projects; why would management notice or care otherwise?
I once wrote a program that did a weekly dictionary attack (using a standard *nix cracking utility) on the site's passwd file, and then sent out a notice (containing the password, so that it *had* to be changed) to the offending users
Good thing you showed them good security practices by sending out passwords in the clear. I don't follow how the notice made sure that they "*had*" to change the password; it would seem that ignoring the notice would work just as well.
Or even worse than soaking up resources, suggesting new software once a week, like apple software updater. It always suggests that I need iTunes, and it always selects it by default.
If I'd wanted iTunes, I would have downloaded iTunes and not gone to the extra hassle of trying to fine Quicktime without iTunes. I don't know how it is now, but when I downloaded, it was a hassle to find these two separated.
Apple has resolved this issue. Now they try to install Safari in addition to Quicktime and Itunes.
Wouldn't you prefer never to have existed if you knew you would be subjected to mental retardation, health complications, and a short lifespan?
It depends -- for how long would I get to suck on Palin's tah-tah's? I mean, theoretically, that's a perk you could probably -ahem- milk for a few years, no?
That apparently was an effective ad. Effective ads don't have to make you want to buy the product, simply remember the ad. Like those damn "Head On" ads that everyone hates, yet can't ignore.
I have no idea what the fuck a "head on" ad is. You were saying?
Slashdot Mirror
Words have meaning. Specifically, "to the extent technically feasible", means that since it is not "technically feasible" to provide encryption on those devices, there is no penalty for failing to do so.
as if TLS or PGP doesn't exist. Then you state:
But the law doesn't apply to stored email, in general.
Yes, so in these instances, PI in stored email does need to be encrypted, the easiest method being a whole disk encryption solution, such as TrueCrypt or BitLocker.
So given that TLS, PGP, and whole disk encryption addresses the instances where PI in email needs to be encrypted, please tell me how your original question -
- makes the least bit of sense.
The law doesn't applied to stored email; once again, the text of the friggin law: (3)Encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly.
How would a normal email fit the criteria of PI? Email containing PI can be encrypted via TLS, PGP, etc.
Huh? How could a slashdot account be considered a financial account? Do you babble just for the sake of babbling?
You don't understand the law. The law defines Personal information as: "a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number"
"Hi, I heard you got cancer. Here, have a car that doesn't work."
"The vulnerability requires that an attacker knows the name of the file they want to access, according to the company."
Good thing no one knows to look for: "%USERPROFILE%\My Documents\Quicken\qdata.qdf"
So let me understand this correctly: they needed to see if there was a stash in the Wii, turned it on, didn't find any stash, and needed to keep playing it for 9 fucking hours just to be sure? "Well your honor, maybe the stash compartment only opens upon completing a perfect game in Wii Bowling -- we had to be sure." Really?
I hate to tell you this, but that was just a horse dildo. Funny, the things age does to memory: one minute you're looking at a horse dildo, the next minute, you're convinced that ancient instruments are hanging out in rural Tennessee.
they should take away his voice-syntho box, and replace it with one of these ping-pong gizmo widgets and tell him that it's his new mouth. I'm betting that Stevie has a working prototype by XMas 2K10 of something that makes this look like a Newton to his iPhone. So to speak.
Are you telling me that they plan on sinking balls for the next eight years?
The answer depends on how many hours you like wasting on the troubleshooting of an issue not knowing that it's just a stupid cable failing you. Add the cost of new cables into the cost of any of your projects; why would management notice or care otherwise?
So your answer to "I only like Granny Smith apples" is "Great, grow some Red Delicious apples". You are absolutely a genius.
And considering that marijuana has no such effect, your point is waving bye-bye to you.
I asked law enforcement, and they agreed with me.
Maybe you should stop taking your morning coffee with cream and FAIL?
I'm not following your logic. Tobacco and alcohol seem to be getting taxed just fine, and marijuana isn't any easier to process than either of them.
What a thrilling story! His reflexes were so swift that he actually had enough time to flip a switch?! Inconceivable!
Good thing you showed them good security practices by sending out passwords in the clear. I don't follow how the notice made sure that they "*had*" to change the password; it would seem that ignoring the notice would work just as well.
Mozilla has issued eight patches for its Firefox Web browser, three of which fix problems classified as critical.
Man, you really showed them.
Apple has resolved this issue. Now they try to install Safari in addition to Quicktime and Itunes.
It depends -- for how long would I get to suck on Palin's tah-tah's? I mean, theoretically, that's a perk you could probably -ahem- milk for a few years, no?
I have no idea what the fuck a "head on" ad is. You were saying?
(Nate Dogg is about to make some bodies turn cold.)
is not code.
No we don't.
not "from each according to his ability, to each according to his need."
No one said we should.
Thank you for displaying your incredible lack of comprehension skills.