Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New State Laws Could Make Encryption Widespread

kdawson posted more than 5 years ago | from the squeamish-ossifrages dept.

Encryption 155

New laws that took effect in Nevada on Oct. 1 and will kick in on Jan. 1 in Massachusetts may effectively mandate encryption for companies' hard drives, portable devices, and data transmissions. The laws will be binding on any organization that maintains personal information about residents of the two states. (Washington and Michigan are considering similar legislation.) Nevada's law deals mostly with transmitted information and Massachusetts's emphasizes stored information. Between them the two laws should put more of a dent into lax security practices than widespread laws requiring customer notification of data breaches have done. (Such laws are on the books in 40 states and by one estimate have reduced identity theft by 2%.) Here are a couple of legal takes on the impact of the new laws.

cancel ×

155 comments

Okay whew (4, Funny)

Anonymous Coward | more than 5 years ago | (#25413371)

Only laptops. I was worried that we would have to encrypt our entire database.

mofo.com? (2, Funny)

Anonymous Coward | more than 5 years ago | (#25413395)

What kind of n00b do you think I am? Like I'm really going to click through a link to mofo.com [mofo.com] .

Jesus.

Re:mofo.com? (5, Informative)

hajihill (755023) | more than 5 years ago | (#25414325)

Assuming here that the above poster is being funny, I'll clear this up for those this might actually cause some concern.

Morrison & Foerster [wikipedia.org] is a internationally recognized and prestigious law firm established in 1883, that has been going by the nickname MoFo since 1973. More on the linked wikipedia article for those still interested or skeptical.

Bad news (0)

Anonymous Coward | more than 5 years ago | (#25413407)

Information wants to be free. This is information prosion at the hands of the State.

Re:Bad news (3, Interesting)

MindKata (957167) | more than 5 years ago | (#25414041)

"Information wants to be free."

I don't know about free. Anything but free. This is government admiting they expect widespread monitoring of communications. For example, in the case of the UK, that means all business data will be scanned along with peoples emails, so it makes sense that governments and companies with international offices, are going to be worried their internal email documents are going to be intercepted.

How exactly will this work ? (5, Insightful)

OeLeWaPpErKe (412765) | more than 5 years ago | (#25413453)

Forcing idiots to encrypt sensitive files will ...

force idiots to encrypt files (not the ones they should encrypt, obviously) using the password "password" ...

and

lose half the data, believing they encrypted it

and

send the data to half their family, especially anyone claiming to be a hacker, with the subject line "can you tell me the password for this file", who'll put it online on wikileaks (who'll happily -and proudly- publish extremely private information on anyone they don't like [wikileaks.org] , laws and privacy be damned)

Well at least, when the honeymoon's over and it's time for Barack O. to publish his email correspondance he can claim to have "encrypted it" and then send a random string, telling the judge the password has something to do with a very dark hole where apparently many claim the sun does not shine.

Re:How exactly will this work ? (1, Offtopic)

Nitage (1010087) | more than 5 years ago | (#25413869)

To be fair, Sarah Palin's email wouldn't have been published if she hadn't been conducting government business off the record.

Re:How exactly will this work ? (3, Insightful)

OeLeWaPpErKe (412765) | more than 5 years ago | (#25413967)

There's only one real question to ask. If someone publishes Obama's email. And there are some private "let's barbecue some white guy" jokes in there, along with an email of some secretary asking to pay a certain bill or not. You know "state business".

And it would have been published whole ... I have to cover my ears just thinking about it.

So : it's NOT acceptable behavior. Sending the emails anonymously to the the police and keeping them 100% out of public view would be the very last line I would find tolerable on govt. official's private email addresses. But even that still involves a crime.

Re:How exactly will this work ? (0)

Anonymous Coward | more than 5 years ago | (#25414109)

That's not taking the actual idea behind the laws into account(that we're supposed to protect this type of data) and you miss the fact that WITHOUT encryption, everything you just mentioned is EVEN EASIER to do.

Ironic... or just interesting (5, Insightful)

i_want_you_to_throw_ (559379) | more than 5 years ago | (#25413459)

How interesting and ironic that not that long ago (1991) possessing encryption tools was considered as munitions!

It used to be that Philip Zimmermann was getting hassled for his creation of PGP.

Boy we've come a long way. Check out the Wikipedia entry on PGP if you can [wikipedia.org]

Re:Ironic... or just interesting (2, Informative)

IchNiSan (526249) | more than 5 years ago | (#25414401)

s/possessing/exporting/g

Re:Ironic... or just interesting (1)

paco verde (561678) | more than 5 years ago | (#25414751)

From the "Early History" section of the Wikipedia entry on PGP:

"PGP encryption no longer meets the definition of a non-exportable weapon, and can be exported internationally except to 7 specific countries and a named list of groups and individuals."

Which are the 7 specific countries?

I think I can guess a few pretty easily, but I'd like to know them all for sure, since my organization is planning on rolling out encryption for some of our sensitive mailing lists. Don't want to get our subscribers in trouble, you know ;)

-- Glenn

Re:Ironic... or just interesting (2, Informative)

NeoSkandranon (515696) | more than 5 years ago | (#25415099)

Cuba, Iran, North Korea, Sudan, Syria off the top of my head. Not sure what the other(s) may be or if any of those are off the list.

Re:Ironic... or just interesting (3, Informative)

paco verde (561678) | more than 5 years ago | (#25415127)

Apologies for replying to my own post, but I found the list in this PDF document [rsa.com] :

Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, Syria, and Talisman-controlled (sic) (Taliban-controlled?) areas of Afghanistan as of January 2000.

(Although there are nine -- counting "Talisman-controlled areas of Afghanistan" -- listed, not 7.)

-- Glenn

Company laptops will be enctypted... (5, Insightful)

sakdoctor (1087155) | more than 5 years ago | (#25413485)

but clueless users will write the password on a post it note, and probably burn a plaintext CD copy to leave lying around.
Government agencies will be worse.

Re:Company laptops will be enctypted... (1)

TooMuchToDo (882796) | more than 5 years ago | (#25414059)

What you can't solve with technology, solve with policy. Burn unencrypted data to CD because your convenience is more important than security? That's a firin'.

Re:Company laptops will be enctypted... (1)

hansraj (458504) | more than 5 years ago | (#25414557)

1. Make use of encryption common
2. Once people are familiar with it, hopefully all softwares dealing with data support encryption by default.
3. ???
4. Profit (for people like me who can't use encryption in for example pidgin because the other person can't be bothered to install the plugin).

Re:Company laptops will be enctypted... (1)

megamerican (1073936) | more than 5 years ago | (#25414821)

This also won't stop people working for government agencies to simply sell the information.

It is very doubtful that so many people happen to lose laptops or other materials. How easy is it to sell a laptop and claim you lost it or that it was stolen? When do you ever hear about these "lost" laptops with a lot of personal data being returned? Never.

The best solution would be to encrypt the files and don't trust the low level employee's with the key.

Re:Company laptops will be enctypted... (2, Insightful)

Gonarat (177568) | more than 5 years ago | (#25415141)

Encrypting laptops won't stop an employee from selling the laptop and data if that is what they want to do. All they have to do is give the purchaser the password when they sell the machine. All the purchaser needs to do is fire up the laptop and enter the password to get the data. Our work laptops are encrypted, and all i have to do at home to use the machine is enter my logon password twice -- once for access to the encrypted partition of the hard drive, and once to log on to Windows XP. I don't even have to be online to use the machine (unless I need to access systems at work, then I have to connect via VPN).

What laptop encryption WILL do is protect any sensitive information if the laptop is stolen. Without the password, the hard drive can still be formatted and the machine used and/or sold, but the data will not be accessed or sold. Of course, all bets are off if the password is on a sticky, written on the laptop, or kept on a business card in the bag. Too many times strong passwords are required without teaching users how to create one that can be remembered. A strong password written on a post-it note and stuck to the lappy is worse than useless.

Legacy Systems? (1, Interesting)

jellomizer (103300) | more than 5 years ago | (#25413487)

There are still people running legacy systems that do not support encryption. Nor is it fast, easy, cheap, to get them to do so.
Also I could see huge problems later on when the only IT guy who knows the key is fired, hit by the obligatory train, or quits. Forcing encryption isn't the answer but penalties and legal repercussions if your data stolen is more appropriate.
While it is not the right time to politically say this. It is a case where they don't really need government intervention as most companies will regulate themseles on this front especially if they don't have immunity to legal problems if something goes wrong.

It seems like the Democrats are doing the same thing the republicans did after 9/11. Just as after 9/11 the Republicans pushed Security to an extremist state, Democrats are using the financial crisis to push down all those heave regulations down our mouth. Jast as 7 years ago. They went those Damn Democrats were to soft on security and look what happened, now the democrats are going, Those damn republicans they were so soft on regulating companies and look what happened.
Same old Same old... Sigh....

Re:Legacy Systems? (1)

EncryptedSoldier (1278816) | more than 5 years ago | (#25413611)

welcome to the beginning of the end, my friend.

Re:Legacy Systems? (-1, Troll)

Ethanol-fueled (1125189) | more than 5 years ago | (#25413673)

Democrats are using the financial crisis to push down all those heave regulations down our mouth

No, it's so that gov't officials will be legally obligated to hide all of their shady dealings.

oversight comittee: "So, mister congressman, why can't we see the data on your hard drive which details your arms sales to Iran?"

congressman: "I, uh, forgot the key."

Re:Legacy Systems? (1)

Takumi2501 (728347) | more than 5 years ago | (#25413715)

But what stops them from doing this now?

Re:Legacy Systems? (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25413701)

I call BS. "Legacy systems that do not support encryption"? What does that even mean? Are these systems non-Turing-complete? Can they not run GnuPG? Is your claim that current cryptographic software is too resource-intensive to run on older systems? WTF?

Re:Legacy Systems? (2, Interesting)

yttrstein (891553) | more than 5 years ago | (#25413755)

What currently operational (and I mean operational, I dont mean just turned on and sitting in a corner gathering dust with a little yellow light peering from between paddle switches) legacy operating system can you in no way compile OpenSSL on?

Re:Legacy Systems? (3, Informative)

Tony Hoyle (11698) | more than 5 years ago | (#25414829)

You'd probably have trouble on AS/400 unless they've done a version that copes with all the nasty EBCDIC issues porting to that platform (and the fact that it doesn't use directories in any meaningful sense, and what there is of its filesystem is completely alien to the average PC user).

There are lots of those in operational use that have been doing mundane work for years.. and nobody is going to change them in a hurry, because replacement is very expensive and you don't get a better system at the end of it.

Hell, I'd hesitate to compile OpenSSL on quite mainstream OSs like HPUX (although probably someone has already gone through the pain of doing it I'm sure).

Re:Legacy Systems? (1)

FirstTimeCaller (521493) | more than 5 years ago | (#25415139)

You'd probably have trouble on AS/400...

That's a good point. I can't tell you how many times I've almost left my AS/400 on an airplane!

Re:Legacy Systems? (4, Informative)

Sebilrazen (870600) | more than 5 years ago | (#25413843)

It seems like the Democrats are doing the same thing the republicans did after 9/11. Just as after 9/11 the Republicans pushed Security to an extremist state, Democrats are using the financial crisis to push down all those heave regulations down our mouth...

BS, this is state level law, not Congress, way to troll. Besides these laws were passed way before the meltdown, these are their enactment dates.

Re:Legacy Systems? (1)

jellomizer (103300) | more than 5 years ago | (#25414607)

They Have Democrats and Republicans for state Government too..

Re:Legacy Systems? (4, Insightful)

Beryllium Sphere(tm) (193358) | more than 5 years ago | (#25414147)

>Also I could see huge problems later on when the only IT guy who knows the key is fired, hit by the obligatory train, or quits.

If you're covered by the credit card industry's Data Security Standard, you're already required to use encryption and you're required to use it competently, with a key management infrastructure.

Corporate crypto deployments have been using some form of key escrow for many years. Availability is as much part of security as confidentiality is.

Re:Legacy Systems? (1)

Timothy Brownawell (627747) | more than 5 years ago | (#25414167)

There are still people running legacy systems that do not support encryption. Nor is it fast, easy, cheap, to get them to do so.

I don't think most legacy systems are portable, so they shouldn't be a problem.

Also I could see huge problems later on when the only IT guy who knows the key is fired, hit by the obligatory train, or quits.

And then you learn why you shouldn't do that. Write it down and put it in a safe, or have at least 3-4 people who know it.

Forcing encryption isn't the answer but penalties and legal repercussions if your data stolen is more appropriate. While it is not the right time to politically say this. It is a case where they don't really need government intervention as most companies will regulate themseles on this front especially if they don't have immunity to legal problems if something goes wrong.

Really? This only works if the company can (and does) truly repair any damage caused by a data leak. If the damage is more than the company is worth, or is something that can't be repaired, or the company can litigate people into submission, then there are "negative externalities" and ordinary market forces don't work so well.

It seems like the Democrats are doing the same thing the republicans did after 9/11. Just as after 9/11 the Republicans pushed Security to an extremist state, Democrats are using the financial crisis to push down all those heave regulations down our mouth. Jast as 7 years ago. They went those Damn Democrats were to soft on security and look what happened, now the democrats are going, Those damn republicans they were so soft on regulating companies and look what happened.

WTF?

Re:Legacy Systems? (0)

Anonymous Coward | more than 5 years ago | (#25414327)

Your a bunch of sheep.

What about my bunch of sheep?

You're sig reads liek youd been drinking wen you rote it. Pleese fix. Mine eyes is bleating.

Re:Legacy Systems? (1)

dcollins (135727) | more than 5 years ago | (#25414371)

"It is a case where they don't really need government intervention as most companies will regulate themseles on this front especially if they don't have immunity to legal problems if something goes wrong."

The evidence does not back up your theory.

The "legal problems" in question are too big and strike too rarely for companies to deal with them. When they come, they are disastrous and unmanageable. See: Enron and Arthur Anderson. See: Mortgage lending crisis.

Re:Legacy Systems? (1)

internic (453511) | more than 5 years ago | (#25414457)

While it is not the right time to politically say this. It is a case where they don't really need government intervention as most companies will regulate themseles on this front especially if they don't have immunity to legal problems if something goes wrong.

Government can mandate certain actions to protect privacy, or they can pass laws forcing disclosure and establishing civil claims that can be filed by the injured, but either way government is going to be involved.

I can appreciate the merits of the latter system, but I have to say that I'm sort of skeptical about how well it will work in practice. I think that sort of thing works somewhat well where it concerns transactions between two businesses that are large enough to have a legal staff that can file suit and recoup losses, but individuals generally can't do that. They can be involved in class action lawsuits, but the supposed plaintiffs never seem to really see any significant compensation for their damages in those suits, and it's not even always clear to me that the awards are large enough to serve as a strong deterrent.

I imagine that the optimal solution is a hybrid, that establishes some basic minimum requirements (.e.g, something like that data must be held in a physically secured location and cannot be transported or transmitted from that location except if encrypted in a way consistent with NIST recommendations) but leaves a lot up to the company, while also establishing stringent transparency requirements and civil liability.

Before RMS spoke about it most of you were for Cloud Computing now you are against it. Your a bunch of sheep.

You know, if you're going to have an idiotic trolling sig, you could at least spell it right.

Re:Legacy Systems? (1)

cts5678 (1383735) | more than 5 years ago | (#25414515)

Uh, legacy systems running on laptops accessing personal data locally? How many of those do you think? Yeah, self-regulation works great. Gee, why don't we do self-regulation on everything like Wall Street and mortgages and stuff like that?

nannystate tag? (1)

ShadowRangerRIT (1301549) | more than 5 years ago | (#25413499)

Given that this does not affect personal computers, only corporate data stored about private individuals, how does this warrant a nannystate tag?

Re:nannystate tag? (3, Insightful)

jellomizer (103300) | more than 5 years ago | (#25413635)

As many people in the election on both sides has stated There are a lot of small business out there, more that do not focus on IT in general. Excessive restrictions and regulations are just as bad as none. You can't hold the hands of every company. You need to let them mess up from time to time. Encrytion is a good thing however forcing it isn't even for companies. As many of the small business are an employee of one and it is their own personal PC.

Re:nannystate tag? (2, Interesting)

peragrin (659227) | more than 5 years ago | (#25413983)

a laptop is stolen weekly with 10000 credit card numbers on it. Yet the companies only respond to it when it affects their bottom line. This has to be law as it will take another decade before most companies even think about it.

Re:nannystate tag? (2, Insightful)

jandrese (485) | more than 5 years ago | (#25414079)

As long as the restrictions are reasonably commonsense, I don't think small businesses should be exempt. In the end it doesn't matter if my personal information ends up on the black market via a small business or a large business with lax security, either way I'm screwed.

Simple solutions that would solve 95% of the data leaks (especially the big ones):
1. Never store customer data on machines that must travel outside of the company. 2. Regardless of #1, all laptops have full disk encryption where possible, and extra safeguards (could be a sticker on the top that says NO PERSONAL DATA) against storing such data on those machines otherwise.

Getting people to practice proper database security is harder, and may not be practical to legislate. I'm not sure. Still, the vast majority of publicized personal information thefts have been the result of stolen laptops with personal information left unencrypted. It is simply not acceptable to carry around unencrypted personal data like that, no matter how small your company is, not with effective and cheap disk encryptors available.

Re:nannystate tag? (4, Informative)

DavidTC (10147) | more than 5 years ago | (#25415065)

It's not just personal data on the laptop.

I work for a fairly small company, and while we don't have any person data off our server, and in fact don't really have any personal data beyond names, addresses and email accounts...

...we have logins to our CC processor and whatnot that could trivially be used to steal quite a lot of CC numbers. In addition to probably breaking into our bank account and draining. In addition to getting into our servers and installing backdoors.

Which is why, of course, we have Truecrypt with boot-time encryption on all laptops, so that if they get stolen we don't have to run around like chickens with our heads cut off trying to figure out every single login that needs to be changed.

For those people worried about forgetting password: Burn three or four TrueCrypt 'recovery CD' and write the password on them. In fact, write the password everywhere...just don't carry it around in the laptop bag.

Seriously, half these 'data thefts' are random laptop thieves stealing random laptop that just happen to include absurdly dangerous amounts of data on them. They aren't targeted attacks, and the thief is probably wiping them before boot. But companies have to act like they have all your data because said companies are morons who can't spend a tiny amount of time setting up free software that would stop that from happening.

People often worry about computer security in entirely the wrong direction, worrying about changing internal company-only passwords every month, and then completely ignoring actual outside risks like someone snatching a laptop bag off someone's arm.

Re:nannystate tag? (1)

plague3106 (71849) | more than 5 years ago | (#25414121)

No, a company does NOT have the right to mess up when it's ME that will be hit hard with the consequences.

Re:nannystate tag? (2, Insightful)

Just Some Guy (3352) | more than 5 years ago | (#25414249)

You can't hold the hands of every company. You need to let them mess up from time to time. Encrytion is a good thing however forcing it isn't even for companies.

Lead reduction is a good thing however forcing it isn't even for companies.

Proper document shredding is a good thing however forcing it isn't even for companies.

Proper hazardous waste disposal is a good thing however forcing it isn't even for companies.

There are a lot of things that are inconvenient that we, as a society, have decided that our citizens must do. In each of the above cases, including yours, the regulations exist to enforce real, tangible protections. These aren't hypothetical problems that only give legislators something to gripe about, but actual problems that would otherwise directly affect other parties.

As many of the small business are an employee of one and it is their own personal PC.

Install TrueCrypt and be done with it. This isn't something for a small business to panic over.

Re:nannystate tag? (1)

Chris Pimlott (16212) | more than 5 years ago | (#25414353)

Proper hazardous waste disposal is a good thing however forcing it isn't even for companies.

Are you saying it should be legal to dump hazardous waste?

Re:nannystate tag? (1)

pjt33 (739471) | more than 5 years ago | (#25414489)

No. He's demonstrating that "measure X has more of an impact on some companies than others" isn't a sufficient reason not to implement measure X.

Re:nannystate tag? (1)

supernova_hq (1014429) | more than 5 years ago | (#25414759)

Did you not even RTFS? They mention that this is applicable to companies who deal with peoples' personal information. If you run a one-man company that handles personal information and can't afford to implement even basic encryption and security systems, I would classify you in the same department and one-man machining companies that don't implement basic safety procedures!

If your company can't handle the requirements for handling personal information, then you shouldn't be handling personal information. Period.

What happens if someone is crossing the US border? (2, Interesting)

apathy maybe (922212) | more than 5 years ago | (#25413531)

Or if they are in the UK.

Let's say that this (good) idea is properly implemented (rather then just pretend implemented), and all the laptops have full disk encryption in place.

Now someone with one of these laptops travels outside the US, and then flies back in and is asked to boot up the laptop. They will do so of course, and then, suddenly, there is no point to having the encryption, at that point. Sure it's still useful for cases where the laptop gets left on a train or something (assuming that they also require a password when opening a closed laptop, something that should be the case anyway), but it doesn't stop over-zealous and possibly corrupt government agents from looking over the info anyway.

It is even worse if such a laptop goes with someone who knows the password to the UK...

-----

Over all though? Great idea, and anything that opens more people up to the idea of encryption and the need for it is probably good as well. The more people who can prevent the govt. from looking at their data, the better. (And see a previous comment in a different story about hiding data to prevent the govt. from forcing you to hand over your keys.)

Re:What happens if someone is crossing the US bord (1)

FLEB (312391) | more than 5 years ago | (#25414713)

Why use full-disk, then? I imagine that having a bootable computer with reasonable apps would be enough to pacify most security personnel. For most cursory inspections, what ain't mounted ain't there.

Re:What happens if someone is crossing the US bord (1)

Zerth (26112) | more than 5 years ago | (#25415157)

Yes mister DHS, I'd love to decrypt this file for you! However, it is in the "Customer Records" folder, so I'm not allowed to know the key. Yes, it is probably full of goat-porn and cocaine receipts, but that's the law...

Oh Lord (2, Interesting)

TheHawke (237817) | more than 5 years ago | (#25413533)

Here comes the flood of complaints that their systems are slow, not responsive or too busy.

We have gunfights with our encryption client almost on a daily basis, being a resource hog and all that.

"nanny state"? (2, Interesting)

Garse Janacek (554329) | more than 5 years ago | (#25413555)

Okay, why is this already tagged "nanny state"? Is it somehow a fascist imposition on the free market to make companies protect the personal data of their customers? Aren't slashdot articles run all the time criticizing how lax many corporations (including financial companies that should know better) are with their customers' data?

Re:"nanny state"? (2, Insightful)

dlcarrol (712729) | more than 5 years ago | (#25413731)

Yes, it is. The answer is to create penalties for losing personal data just like there could be penalties for losing my car at a mechanic's shop. The answer is not to force every mechanic to build a bank vault around his parking lot, and it is stupid to think that this will do anything except a) make nearly every business a "criminal" with spotty, whimsical enforcement or b) shut things down and so be repealed el fasto

Re:"nanny state"? (1)

pahoran (893196) | more than 5 years ago | (#25413895)

Oops. I should have encrypted the tag when I submitted it.

Re:"nanny state"? (2, Insightful)

CSMatt (1175471) | more than 5 years ago | (#25414817)

No amount of fines in the world will get my personal data back. Once it's out there, it cannot be retracted. At least if the mechanic loses my car I can sue and use the money to invest in a new car. No one can use the car to impersonate me or make copies of the car to allow others to do the same. The car is just an object. It way have sentimental value, but I can ultimately live without that particular car. Personal data breaches, however, can adversely affect people for life. Data can be copied and distributed infinitely, and a lot of the time it can't be as easily replaced or changed. Trying to sue the company for a breach when that won't stop the data from spreading is about as effective as the RIAA/MPAA's prosecution of those who leak music/movies.

Re:"nanny state"? (1)

dlcarrol (712729) | more than 5 years ago | (#25414899)

I see your assertion and raise you a "no amount of fines will keep your personal data from becoming available."

We can try all day, but there are too many holes. It's better policy and practice to make sure the responsible parties are punished for whichever hole they don't plug, rather than trying (and failing) to make everyone plug every hole.

Re:"nanny state"? (3, Insightful)

Aladrin (926209) | more than 5 years ago | (#25413751)

In a word: Yes.

Making laws to tell them exactly what to do is stupid. What if there's a better way, and encryption isn't needed? They still have to do the encryption now.

Other posts have been more reasonable: Harsher penalties for failing to protect the data.

It might even be different if this was a 100% fix. It's not. Now the thief just needs 1 more step, instead. The password/key. Even without it, it's not impossible to crack encryption. It's just very hard, if done right. (And next to useless if done wrong.)

So yes, the 'nannystate' tag is accurate.

Re:"nanny state"? (1)

supernova_hq (1014429) | more than 5 years ago | (#25414789)

What if a company thinks or claims there's a better way, and encryption isn't needed?

There, fixed that for you.

Re:"nanny state"? (1)

Garse Janacek (554329) | more than 5 years ago | (#25415019)

But the same objections could be raised to physical safety laws, or due diligence laws of any kind. With safety regulations, you don't just increase the penalties for accidents, and you don't avoid making explicit requirements because "what if there's a better way?" -- if the technology improves, so can the regulations, but it shouldn't just be a matter of whatever the company thinks is good enough.

Now the thief just needs 1 more step, instead.

Anything any company might conceivably do, with or without legislative requirements, would just add "one more step". That is not in itself an objection to taking this specific step.

The password/key. Even without it, it's not impossible to crack encryption. It's just very hard, if done right. (And next to useless if done wrong.)

False. If encryption is done right, it is impossible to crack. The point of failure is not the encryption itself, it's the key, as you mention. If you disagree on this point, and can provide evidence, the entire computer security industry would be very interested. Any effective way to break standard encryption schemes, even if it was "just very hard", would be a Very Big Deal in the field (I Am A Theoretical Computer Scientist).

You are partially right about badly done encryption being much less effective (though not necessarily "next to useless" unless you know that most people who might obtain the data have enough proficiency and resources to extract the data because of it). But that's beside the point -- you might as well object to a law requiring top secret documents to be locked up, because there exist locks that are easy to pick.

About time! (1)

EncryptedSoldier (1278816) | more than 5 years ago | (#25413563)

This should have been done a long time ago! The fact that credit cards and ssns are just floating around is stupid. But will this really solve the whole identity theft issue? I don't really believe it will change the situation too much. Generally when there is a security breach the company notifies everyone, putting them on alert. It's the morons who see a popup that says "your pc is infected get winantivirus2008 to fix it" and actually pay for malware that are the most at risk. And what about when you go to a restaurant and pay with a credit card and the server writes down the numbers before handing it back to you. That is where the real danger lies.

Only 2% reduction? (4, Insightful)

NoNeeeed (157503) | more than 5 years ago | (#25413565)

I'm not surprised it has made so little difference.

As we know, technical solutions are rarely enough to protect data. Human processes and policies can be much more important.

Personally I prefer the UK approach, the Data Protection Act [wikipedia.org] . No doubt it is flawed, and sadly not enforced as rigorously as it should be, but the concept is better. Rather than mandate specific technological approaches, it imposes a set of general requirements on any organisation that holds personal data:

  • Data may only be used for the specific purposes for which it was collected.
  • Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). It is an offence for Other Parties to obtain this personal data without authorisation.
  • Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).
  • Personal information may be kept for no longer than is necessary.
  • Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.
  • Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner.
  • Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).

The DPA is one of the few generally excellent pieces of legislation in the UK. It's just a shame that the Information Commisioner's Office that enforces it isn't as active as it could be. But it gives you quite a bit of power to take on companies yourself.

Re:Only 2% reduction? (0)

Anonymous Coward | more than 5 years ago | (#25414051)

or other overriding legitimate reason to share the information (for example, the prevention or detection of crime).

Of course, the first time through I read this as "or other overriding legitimate reason to share the information (for example, the prevention of detection of crime)."

Re:Only 2% reduction? (2, Informative)

MrMr (219533) | more than 5 years ago | (#25414225)

The DPA is one of the few generally excellent pieces of legislation in the UK
Ironic that it is just the local implementation of the 1995 EC data protection directive...

Re:Only 2% reduction? (1)

NoNeeeed (157503) | more than 5 years ago | (#25414421)

Yep :)
It's still a good thing, whoever came up with it.
Yay for the EU (sometimes).

Why so expensive (3, Interesting)

LordKronos (470910) | more than 5 years ago | (#25413581)

The Massachusetts government estimates that a business with 10 employees will need to spend $3,000 up front, plus an additional $500 a month in order to comply. Security executives at larger firms said they expect to spend a similar amount per employee.

It sounds to me like all you need to do is encrypt the hard drive and require a password, but if so, why so much? It seems $300 per person is probably on the expensive end for the software, but I'll let that one slide. However, $50 per person per month just to maintain the system? What is this cost for? What is there to maintain? The only thing I can think of is dealing with forgotten passwords, which will require restoring the system and losing whatever was on the laptop and not backed up. $600 per employee per year seems high for this.

Re:Why so expensive (3, Insightful)

Aladrin (926209) | more than 5 years ago | (#25413807)

Encrypting something isn't instantaneous, especially if new software has to be researched, bought, and installed. In addition, you're paying 2 employees for the time the system is getting the software installed. This goes for laptops, pc, servers, etc. The downtime for servers is also going to cost money in its own ways.

If you think dealing with encryption won't waste $50/mo of each employees productivity, you're mistaken. Plus the passwords thing you mentioned... That could do it on average, too.

No, I think the estimates are low, if anything.

Re:Why so expensive (1)

LordKronos (470910) | more than 5 years ago | (#25413977)

What downtime for servers? This law is just about encrypting data on portable devices, as far as I can tell. And how does encryption reduce a user's productivity? Yeah, it takes time to decrypt files, but not that much time. Especially considering most users will be dealing with relatively small files (for the most part, a couple MB at worst). I really can't see the 50 per month cost

Re:Why so expensive (0)

Anonymous Coward | more than 5 years ago | (#25414293)

What do you do when a user forgets their password?

Re:Why so expensive (1)

Kent Recal (714863) | more than 5 years ago | (#25414049)

If you think dealing with encryption won't waste $50/mo of each employees productivity, you're mistaken

Bullshit. Encryption can and should be transparent to the employee. He enters his password, as he always does, and doesn't even need to know that his data is encrypted. Yes, encryption puts a small burden on the admin. But usually only once or, at worst, once per workstation. So, where exactly are $50/month wasted per employee here?

Re:Why so expensive (1)

Aladrin (926209) | more than 5 years ago | (#25414091)

What magical encryption do you have that doesn't slow the system at all?

Re:Why so expensive (2, Informative)

Timothy Brownawell (627747) | more than 5 years ago | (#25414409)

What magical encryption do you have that doesn't slow the system at all?

It's not the encryption, it's having a system with a processor made in the last 5 years. Spinning plates of rust are already insanely slow, adding symmetric encryption on top of that won't make a difference.

Re:Why so expensive (1)

owlstead (636356) | more than 5 years ago | (#25415077)

There are some IDE controllers that can do encryption/decryption on the fly, using a password from the BIOS. I think some Lenovo systems sport such chips.

I'm waiting for the first company to standardize AES and SHA1/SHA2 within their x86 processors. VIA already has this, but I'm not sure it is ready for standardization in their form.

Then the time would be minimal for any protocol that uses the hardware encryption.

Re:Why so expensive (1)

Kent Recal (714863) | more than 5 years ago | (#25415163)

What kind of CPU are you using that you can even measure a slowdown?
Anything above 1GHZ should be able to perform transparent encryption without breaking a sweat.

For reference: My Athlon64 3500+, which is a few years old now, encrypts AES-256 at roughly 80MB/s.
Most harddrives can't even burst at that rate, much less sustain it. Furthermore, for full-disk encryption you'll often use a less CPU intensive algorithm such as blowfish.

Thus, unless your CPU is completely saturated by something else (very unlikely in an office scenario), there is absolutely no difference in latency or throughput, whether you run with encryption on or off.

Re:Why so expensive (1)

IchNiSan (526249) | more than 5 years ago | (#25414851)

Bullshit. At my former place of employment, we had several mechanical engineers that did lots of CAD, among other things. After we were acquired by a large company, they mandated that all portable machines have full disk encryption.

The laptops these engineers used to work while traveling performed wonderfully prior to the encryption, and after the encryption they were painfully slow while running the CAD software.

I know users exaggerate, so I went and witnessed it for myself, it was painful. I do not recall what software/configurations were used, as at that point it wasn't my problem, and I really had my hands full integrating email and WAN.

Bottom line is that there is a loss of performance, sure it may only be relevant to the most intensive applications, but those applications are what makes the company money, so causing an engineer to waste more time could really hurt.

Re:Why so expensive (2, Insightful)

Timothy Brownawell (627747) | more than 5 years ago | (#25414529)

If you think dealing with encryption won't waste $50/mo of each employees productivity, you're mistaken.

My work laptop has full-disc encryption. The only time I notice is when it asks for a boot password or when I have to change the password every couple months. This is completely negligible compared to, say, the time to boot Windows and open all the horribly bloated (and network-aware, so they also take time to connect to the server) applications I have to use.

Re:Why so expensive (2, Interesting)

Beryllium Sphere(tm) (193358) | more than 5 years ago | (#25414185)

Someone here must have been through an enterprise-wide encryption rollout. What did yours cost?

Re:Why so expensive (0)

Anonymous Coward | more than 5 years ago | (#25414977)

The cost is to comply with the regulations which is more than encrypting laptops. The regulations require businesses to create a "Comprehensive information security program" which we all say DUH "everybody has a policy that defines what sensitive data is and an education program to train all employees about how to keep personal information secure" right?? If all companies or even most companies did, we wouldn't have seen these regs hit the law books.

Corruption opportunity (4, Insightful)

Verteiron (224042) | more than 5 years ago | (#25413619)

Why do I have a sneaking suspicion that specific software will be endorsed and/or required to meet this new requirement? Probably whichever one spends the most money to "demonstrate" its capabilities to the lawmakers by treating them all to free vacations in the Bahamas. How much do you want to bet that a free solution like Truecrypt just won't meet the "standards" set by this new law?

Re:Corruption opportunity (0)

Anonymous Coward | more than 5 years ago | (#25414093)

Utimaco SafeGuard, popped out of my head as the first choice on Windows?

Re:Corruption opportunity (2, Informative)

Amazing Quantum Man (458715) | more than 5 years ago | (#25414217)

I suspect that they'll just spec FIPS 140-2 [nist.gov] certification for the crypto app.

Re:Corruption opportunity (1)

boxxertrumps (1124859) | more than 5 years ago | (#25414967)

20$

You know why encryption isn't used more often? (1)

yttrstein (891553) | more than 5 years ago | (#25413659)

openssl des3 -d -salt -in file.des3 -out file.txt -k horsefeathers

That's why. That's why your mother doesn't use it, and it's also why CEOs don't do it. It's too cryptic, if you'll pardon the expression.

Re:You know why encryption isn't used more often? (2, Funny)

Dr_Barnowl (709838) | more than 5 years ago | (#25414495)

click-click

click

<password><enter>

Damn, that was cryptic. Oh, wait.

TrueCrypt file volume. I now have a nice safe drive U:

Full disk encryption just prompts you for the password or smartcard+PIN at boot time.

Corporate interest (3, Interesting)

crow (16139) | more than 5 years ago | (#25413665)

I wonder if Massachusetts concern about encrypting stored data has anything to do with EMC being headquartered in the state. Considering that EMC owns RSA (the company), a law like this would probably benefit EMC. Also, Massachusetts is home to TJX, famous for having had a major data breach.

[Note: I work for EMC, but have no inside knowledge related to this topic.]

If it don't encrypt, (0)

Anonymous Coward | more than 5 years ago | (#25413669)

"If it don't encrypt, you must acquit" (c) Johnny Cochran

Umm Good? (1)

Irvu (248207) | more than 5 years ago | (#25413679)

Seriously, its about damn time that states required companies with our personal data to do something smart with it. Yes I don't like business being forced to act at the whim of a government but in this case, with so much of our data out there and being transmitted to third parties controls are important.

Law Enforcement will Complain (4, Insightful)

CodeBuster (516420) | more than 5 years ago | (#25413689)

It amuses me to see how government always wants to have its cake and eat it too. I agree that widespread use of strong encryption and good security practices is of great benefit to society, but some Senator or law enforcement agency is bound to complain that their ability to wiretap or access encrypted data is being compromised by these better private security measures. Strong encryption and good security are two edged swords, they help us and they help our enemies as well, there is no way around that. Personally, I don't have a problem with that. I would rather live in a society were encryption is used, privacy is paramount, and some criminals and evil doers are a bit harder to catch, not a bad trade-off IMHO. However, there will doubtless be howls of indignation from the law enforcement community, which contains more than its fair share of self-righteous authoritarian pricks, about how criminals are getting away with crimes and going unpunished. I suppose that my response to them would be to make better use of the tools and laws that we already have instead of depending upon ever more egregious invasions of our collective personal privacy and abridgements of our Constitutional rights merely to prevent some drug addict from getting his fix or some high school students from posting pictures of themselves on MySpace or Facebook.

Re:Law Enforcement will Complain (0)

Anonymous Coward | more than 5 years ago | (#25414165)

I imagine that there will be amendments to the legislation that business and gov entities use encryption software that can create master keys or certs that can decrypt any information stored on the devices under the control of said entities. These keys and/or certs will be held in escrow by either said entities, or even by law enforcement itself. You can be sure that our ever evolving police state will not be hampered by this legislation for long.

Mandate != Reality (4, Insightful)

Gothmolly (148874) | more than 5 years ago | (#25413699)

Just because a state mandates something, does not mean it automatically happens. Look at speeding, look at drug laws, look at overtime rules for P/T and F/T employees, look at many other unenforced business regulations.

This stuff is like when a judge ordered a server's RAM chips removed and stored as evidence, as they were a 'data storage device'. Government typically sucks at anything like this.

Am I the only one... (2, Funny)

scrod98 (609124) | more than 5 years ago | (#25413829)

...who thought that the link to MOFO.com would be some kind of Samuel L. Jackson fan site and not a law office?

Re:Am I the only one... (1)

Amazing Quantum Man (458715) | more than 5 years ago | (#25414281)

Yes, you are.

If you read Groklaw, you know all about the MoFos (They're Novell's lawyers).

You Un-American *tards! (-1, Troll)

jackie_147 (1353655) | more than 5 years ago | (#25413961)

Since Obama has essentially "clinched" the presidency (according to all major media accounts) expect more gov't interference in business, not to mention personal, life. Adoption of the UN's "millenium development goals" passed w/a mere voice vote, and most lawmakers who voted for it...didn't even know what was in it. That's just *brilliant*. This is our tax money at work, people. God *bless* it all, I say. It only gets better.

Re:You Un-American *tards! (3, Funny)

Dr_Barnowl (709838) | more than 5 years ago | (#25414625)

Millenium Development Goals :

  • End Poverty and Hunger
  • Universal Education
  • Gender Equality
  • Child Health
  • Maternal Health
  • Combat HIV/AIDS
  • Environmental Sustainability
  • Global Partnership

Yes, you're right, that is un-American.

Encryption is a good start, but... (1)

gmuslera (3436) | more than 5 years ago | (#25414289)

as was discussed yesterday, could be pointless [slashdot.org] , as good part of the breach could go thru social engineering and trojans that could defeat several kinds of encryption schemes.

If you want to force users to be safe, educate and give them tools to be safe, be the information in their HDs encrypted or not.

Wonder how this combines with the tendency of US government to monitor ISPs to detect terrorism, IP violation or whatever excuse is hot in that moment. The encryption needed is a backdoored one or we could have a conflict in the future here?

Massachusetts long arm (2, Insightful)

russotto (537200) | more than 5 years ago | (#25414451)

Any lawyers reading want to comment on Massachusetts's attempt to impose this regulation on any business (even one without a presence in Massachusetts) storing information about Massachusetts residents? My take on this is that they are WAY overstepping the boundaries of what state laws can do, but IANAL.

Re:Massachusetts long arm (1)

lwsimon (724555) | more than 5 years ago | (#25415063)

Somewhat recently, New York City sent a bunch of LEOs to gun stores in the South and tried to execute "straw man" purchase. Then I believe the NYC DA's office filed charges.

Those suits didn't get thrown out, though it did trigger legislation preventing it from happening again.

I'd think this would fall under the same thing. If they can show (or pretend) that it impacts residents of the states, they can prosecute. It may or may not be thrown out.

IANAL.

Nevada wouldn't know encryption if it bit them (1)

44BSD (701309) | more than 5 years ago | (#25414563)

Nevada's legal definition of encryption sucks, and covers just about any technology that obstructs a bad guy's access to data. That includes such cryptographic wonders as, say, passwords or 2-factor auth.

The weaknesses of this law have been pointed out repeatedly -- for example by Schneier in a crypto-gram from probably 2004 (this is from memory), and by various bloggers interested in data breach legislation.

I am sure MA could not do a worse job, but Nevada did an absolutely terrible one.

Perhaps a opportunity for IPV6 (1)

decep (137319) | more than 5 years ago | (#25414637)

Encrypting drives and portable devices are certainly doable as there are generally a finite number of devices. Data transmissions are a little more difficult because of the sheer number of possible endpoints.

If someone were to create a standards compliant Opportunistic Encryption scheme for IPV6, this could be a boon for adoption. FreeSWAN was certainly ahead of its time.

Protecting SSNs won't stop identity theft (4, Insightful)

Jimmy_B (129296) | more than 5 years ago | (#25414879)

Encryption is good for protecting trade secrets, but useless for protecting social security numbers. Thieves who want to steal credit card or social security numbers can choose from tens of thousands of possible targets, at least one of which will be insecure. We need to stop pretending that social security numbers are useful as identification or authentication, because using an SSN to identify yourself requires disclosing it. We need to switch to a system of public-key cryptography, and put the blame for identity theft where it belongs: on the banks, who somehow decided that a few readily-discoverable numbers and a few easily-forged documents were all that's needed to take a loan in your name.

big flash could make caring/sharing widespread (0)

Anonymous Coward | more than 5 years ago | (#25414939)

could happen. you can 'play' along if you're so inclined.

greed, fear & ego are unprecedented evile's primary weapons. those, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' life0cidal hired goons' agenda. most of yOUR dwindling resources are being squandered on the 'wars', & continuation of the billionerrors stock markup FraUD/pyramid schemes. nobody ever mentions the real long term costs of those debacles in both life & any notion of prosperity for us, or our children, not to mention the abuse of the consciences of those of us who still have one. see you on the other side of it. the lights are coming up all over now. conspiracy theorists are being vindicated. some might choose a tin umbrella to go with their hats. the fairytail is winding down now. let your conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

http://news.google.com/?ncl=1216734813&hl=en&topic=n
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A
http://news.yahoo.com/s/ap/20080918/ap_on_re_us/tent_cities;_ylt=A0wNcyS6yNJIZBoBSxKs0NUE
http://www.nytimes.com/2008/05/29/world/29amnesty.html?hp
http://www.cnn.com/2008/US/06/02/nasa.global.warming.ap/index.html
http://www.cnn.com/2008/US/weather/06/05/severe.weather.ap/index.html
http://www.cnn.com/2008/US/weather/06/02/honore.preparedness/index.html
http://www.cnn.com/2008/TECH/science/09/28/what.matters.meltdown/index.html#cnnSTCText
http://www.cnn.com/2008/SHOWBIZ/books/10/07/atwood.debt/index.html
http://www.nytimes.com/2008/06/01/opinion/01dowd.html?em&ex=1212638400&en=744b7cebc86723e5&ei=5087%0A
http://www.cnn.com/2008/POLITICS/06/05/senate.iraq/index.html
http://www.nytimes.com/2008/06/17/washington/17contractor.html?hp
http://www.nytimes.com/2008/07/03/world/middleeast/03kurdistan.html?_r=1&hp&oref=slogin
http://biz.yahoo.com/ap/080708/cheney_climate.html
http://news.yahoo.com/s/politico/20080805/pl_politico/12308;_ylt=A0wNcxTPdJhILAYAVQms0NUE
http://www.cnn.com/2008/POLITICS/09/18/voting.problems/index.html
http://news.yahoo.com/s/nm/20080903/ts_nm/environment_arctic_dc;_ylt=A0wNcwhhcb5It3EBoy2s0NUE
(talk about cowardlly race fixing/bad theater/fiction?) http://money.cnn.com/2008/09/19/news/economy/sec_short_selling/index.htm?cnn=yes
http://us.lrd.yahoo.com/_ylt=ApTbxRfLnscxaGGuCocWlwq7YWsA/SIG=11qicue6l/**http%3A//biz.yahoo.com/ap/081006/meltdown_kashkari.html
http://www.nytimes.com/2008/10/04/opinion/04sat1.html?_r=1&oref=slogin
(the teaching of hate as a way of 'life' synonymous with failed dictatorships) http://news.yahoo.com/s/ap/20081004/ap_on_re_us/newspapers_islam_dvd;_ylt=A0wNcwWdfudITHkACAus0NUE
(some yoga & yogurt makes killing/getting killed less stressful) http://news.yahoo.com/s/ap/20081007/ap_on_re_us/warrior_mind;_ylt=A0wNcw9iXutIPkMBwzGs0NUE
(the old bait & switch...you're share of the resulting 'product' is a fairytail nightmare?)
http://news.yahoo.com/s/ap/20081011/ap_on_bi_ge/where_s_the_money;_ylt=A0wNcwJGwvFIZAQAE6ms0NUE

is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.

http://www.google.com/search?hl=en&q=weather+manipulation&btnG=Search
http://video.google.com/videosearch?hl=en&q=video+cloud+spraying

'The current rate of extinction is around 10 to 100 times the usual background level, and has been elevated above the background level since the Pleistocene. The current extinction rate is more rapid than in any other extinction event in earth history, and 50% of species could be extinct by the end of this century. While the role of humans is unclear in the longer-term extinction pattern, it is clear that factors such as deforestation, habitat destruction, hunting, the introduction of non-native species, pollution and climate change have reduced biodiversity profoundly.' (wiki)

"I think the bottom line is, what kind of a world do you want to leave for your children," Andrew Smith, a professor in the Arizona State University School of Life Sciences, said in a telephone interview. "How impoverished we would be if we lost 25 percent of the world's mammals," said Smith, one of more than 100 co-authors of the report. "Within our lifetime hundreds of species could be lost as a result of our own actions, a frightening sign of what is happening to the ecosystems where they live," added Julia Marton-Lefevre, IUCN director general. "We must now set clear targets for the future to reverse this trend to ensure that our enduring legacy is not to wipe out many of our closest relatives."

"The wealth of the universe is for me. Every thing is explicable and practical for me .... I am defeated all the time; yet to victory I am born." --emerson
consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

Jurisdiction? (0)

Anonymous Coward | more than 5 years ago | (#25414979)

How does Massachusetts have jurisdiction over business entities that neither reside nor provide services within its borders?

minimal effort (3, Interesting)

Wyck (254936) | more than 5 years ago | (#25415159)

I wonder if people will simply ROT13 [wikipedia.org] their data for cheap token compliance.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...