http://www.thebiggertruth.com/2009/07/encryption-or-else-its-about-time/ Welcome to the bigger truth! I'll try to add some context around "how" or "why" things might mean more than meets the eye. Fri, 03 Feb 2012 06:42:49 +0000 hourly 1 http://wordpress.org/?v=3.2.1 http://www.thebiggertruth.com/2009/07/encryption-or-else-its-about-time/comment-page-1/#comment-5 Steve Reichwein Thu, 23 Jul 2009 17:28:45 +0000 http://www.thebiggertruth.com/2009/07/encryption-or-else-its-about-time/#comment-5 I agree that this is a good first step. However, it shows the backward thinking and application by government. The lawmakers appear to be very brick-and-mortar centric, e.g. if a local bank is transmitting data, it must be encrypted. Ten years ago, identity theft was a rare occurrence and a nightmare to unravel. Yes, it's still a nightmare for anybody victimized, but now the public awareness and cost-of-business has changed the game: companies must reduce losses and the public (hopefully) is choosing service providers more wisely. The business and technology communities will respond much faster and better than the government ever will. The well intentioned, but poorly written, MA law is a perfect case in point. I agree that this is a good first step. However, it shows the backward thinking and application by government. The lawmakers appear to be very brick-and-mortar centric, e.g. if a local bank is transmitting data, it must be encrypted.
Ten years ago, identity theft was a rare occurrence and a nightmare to unravel. Yes, it’s still a nightmare for anybody victimized, but now the public awareness and cost-of-business has changed the game: companies must reduce losses and the public (hopefully) is choosing service providers more wisely.
The business and technology communities will respond much faster and better than the government ever will. The well intentioned, but poorly written, MA law is a perfect case in point.

]]> http://www.thebiggertruth.com/2009/07/encryption-or-else-its-about-time/comment-page-1/#comment-4 Louis Gray (Emulex) Wed, 22 Jul 2009 21:51:46 +0000 http://www.thebiggertruth.com/2009/07/encryption-or-else-its-about-time/#comment-4 Massachusetts' decision highlights this critical trend that people have a need to protect more and more data. As we move forward, with the efforts in Massachusetts, combined with similar laws in Nevada on encryption on data at rest, on disclosure in California, and movement at the federal level with the recent HITECK act that has given HIPPA some real teeth, a good way to look at this is by our focusing on data in use. Data only really needs to be in an unencrypted form while in use, and should be encrypted everywhere else. Massachusetts’ decision highlights this critical trend that people have a need to protect more and more data.
As we move forward, with the efforts in Massachusetts, combined with similar laws in Nevada on encryption on data at rest, on disclosure in California, and movement at the federal level with the recent HITECK act that has given HIPPA some real teeth, a good way to look at this is by our focusing on data in use.
Data only really needs to be in an unencrypted form while in use, and should be encrypted everywhere else.

]]> http://www.thebiggertruth.com/2009/07/encryption-or-else-its-about-time/comment-page-1/#comment-3 joseph martins Wed, 22 Jul 2009 20:39:51 +0000 http://www.thebiggertruth.com/2009/07/encryption-or-else-its-about-time/#comment-3 There are many possible interpretations of the new laws, Steve. Can an attorney successfully argue that tape is not "an electronic transmission...to a person outside of the secure system of the business"? In fact, the transportation of tape off-site is not electronic, it's physical. The electronic transmission of the data to tape occurs before the tape leaves the facility. By the time it's on tape, electronic transmission is no longer a factor. And if a fax - a combination of electronic and physical transmission - is permissible, then why not tape? Mincing words, I know, but we all know that cases are won and lost in court based on wording and semantics. Legislators will need to be more clear about that. There are many possible interpretations of the new laws, Steve.
Can an attorney successfully argue that tape is not “an electronic transmission…to a person outside of the secure system of the business”? In fact, the transportation of tape off-site is not electronic, it’s physical. The electronic transmission of the data to tape occurs before the tape leaves the facility. By the time it’s on tape, electronic transmission is no longer a factor. And if a fax – a combination of electronic and physical transmission – is permissible, then why not tape?
Mincing words, I know, but we all know that cases are won and lost in court based on wording and semantics. Legislators will need to be more clear about that.

]]> http://www.thebiggertruth.com/2009/07/encryption-or-else-its-about-time/comment-page-1/#comment-2 Stephen Foskett Wed, 22 Jul 2009 19:54:37 +0000 http://www.thebiggertruth.com/2009/07/encryption-or-else-its-about-time/#comment-2 Steve, A prominent Massachusetts company is currently wringing their hands, trying to figure out how to respond to this encryption mandate with regard to offsite tape storage. This is a huge deal, and lots of folks haven't figured out how to deal with it yet. I'll be covering that in another blog post (tomorrow?). As for enforcement, I agree it's weird. The Massachusetts AG gets to enforce it, and I can't see how they would go after, say, Bank of America or someone else outside the state! Stephen Steve,
A prominent Massachusetts company is currently wringing their hands, trying to figure out how to respond to this encryption mandate with regard to offsite tape storage. This is a huge deal, and lots of folks haven’t figured out how to deal with it yet. I’ll be covering that in another blog post (tomorrow?).
As for enforcement, I agree it’s weird. The Massachusetts AG gets to enforce it, and I can’t see how they would go after, say, Bank of America or someone else outside the state!
Stephen

]]>