Security Incidents mailing list archives
Re: California State Bill SB1386
From: "Anders Reed Mohn" <anders_rm () utepils com>
Date: Wed, 26 Mar 2003 09:26:24 +0100
I appreciate the various replies that I've received. However, the fundamental question of what defines encryption, so far as SB1386 is concerned, is still unanswered. I've looked through other California State Bills and supporting documentation, all to no avail.
You could maybe ask: Jacqueline Craig, jcraig () socrates berkeley edu, , who according to http://istpub.berkeley.edu:4201/bcc/Spring2003/news.sb1386.html "will chair the SB 1386 working group" at Berkeley, to ensure that campuses are compliant with the bill. How does California Law relate to the US justice department anyway? If your lawmen don't know any California precedence (if that's the word), then I assume a definition from some federal bureau/office is "next in line" to be valid. According to these docs: http://www.thawte.com/html/CORPORATE/news/crimaliseEnc.html http://www.securityfocus.com/columnists/145, the US justice department defines encryption as referring to "the scrambling (and descrambling) of [..] communications, [..] using mathematical formulas or algorithms in order to [..] prevent unauthorized recipients from accessing or altering, such communications or information." Unless there is a clarification somewhere in the text of the "Domestic Security Enhancement Act of 2003", this would seem to include any kind of scrambling, as long as the purpose is to hide the plaintext. I have searched other DOJ documents for definitions, but they all seem to give much the same definition. There is no requirements stated as to the quality of the encryption, ie. noone seem to (explicitly) state that the encryption must be of a certain type or quality, for it to actually "prevent unauthorized recipients from accessing or altering, etc." I am guessing that in court it would be argued that the _intent_ to hide information is every bit as important as the hiding itself. Also,this article: http://www.onlinesecurity.com/index.php claims that "Several national consulting and integration firms have been quietly promoting 'best practices' within the compliance space as it relates to electronic commerce." One of these, if you can identify one, would have a definition of encryption in relation to this, would they not? Cheers, Anders RM :) ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfihl1
Current thread:
- California State Bill SB1386 Steve Zenone (Mar 22)
- RE: California State Bill SB1386 Jonathan A. Zdziarski (Mar 24)
- RE: California State Bill SB1386 Steve Zenone (Mar 24)
- RE: California State Bill SB1386 Jonathan A. Zdziarski (Mar 26)
- Re: California State Bill SB1386 Rodrigo Barbosa (Mar 26)
- RE: California State Bill SB1386 System Administrator (Mar 26)
- Re: California State Bill SB1386 Anders Reed Mohn (Mar 26)
- Re: California State Bill SB1386 Cliff Gilley (System Admin, HolyElvis.com) (Mar 28)
- RE: California State Bill SB1386 Steve Zenone (Mar 24)
- RE: California State Bill SB1386 Jonathan A. Zdziarski (Mar 24)
- <Possible follow-ups>
- RE: California State Bill SB1386 Rohrer, Mark E (Mar 26)