[Hidden-tech] New Massachusetts Encryption Law

ussailis at shaysnet.com ussailis at shaysnet.com
Sun Mar 1 13:10:28 EST 2009


Unfortunately your (and my) driver's license number IS often copied down
when we cash a check. What is copied can be a Social Sec Number (not Mass
issued) or a Mass issued number used to prevent ID thieft. Any thinking
person has changed to a Mass issued number by now.

Now these folks say that can't be stored, but it is stilled copied down at
the point-of-sale, entered into the banking system, and then stored in
digital form by the banking system. Oops.

And I can think of at least one method where the tracks of magnetic media
(think hard drive disks) can be mechanically read with the info stored as
an image of the magnetic domains, on paper.

Then this law does not address the real issue of keystroke loggers
infecting computers as has been done on a couple of high profile cases in
this state.

I believe the cass where data was lost by unencrypted computers was the
fault of workers for the Commonwealth. They took their laptops home.
Wouldn't a simple procedure be to frequire that all State stored data by
locked up, in the manner as money is not left lying around?

Finally, any data that is wirelessly transmitted can easily captured,
stored, and later decrypted. Here time is on the side of the electronic
capture. The data does not have to be decrypted in real time at all. In
fact, this data could be sent to thousands of unsuspecting computers for
decryption during their idle time, just as the Seti project is doing to
find life elsewhere. There goes the arguement that a gizillon years are
required for decryption.

There has been a lack of thinking on Beacon Hill here. But that's nothing
new.


Jim Ussailis
jim at natrionalwireless.com

Original Message:
-----------------
From: Roger Williams roger at qux.com
Date: Fri, 27 Feb 2009 10:50:30 -0500
To: sreed at avacoda.com, hidden-discuss at lists.hidden-tech.net
Subject: Re: [Hidden-tech] New Massachusetts Encryption Law


   ** Be sure to fill out the survey/skills inventory in the member's area.
   ** If you did, we all thank you.


>>>>> Scott Reed <sreed at avacoda.com> writes:

  > What is the definition of "personal data"?

201 CMR 17.00 defines it as:

  a Massachusetts resident's first name and last name or first initial and
  last name in combination with any one or more of the following data
elements
  that relate to such resident: (a) Social Security number; (b) driver's
  license number or state-issued identification card number; or (c)
financial
  account number, or credit or debit card number, with or without any
required
  security code, access code, personal identification number or password,
that
  would permit access to a resident's financial account; provided, however,
  that "Personal information" shall not include information that is lawfully
  obtained from publicly available information, or from federal, state or
  local government records lawfully made available to the general public.

-- 
Roger Williams <roger at qux.com>
Chief Technical Officer, Qux Corporation
433 West Street, Suite 8, Amherst, MA 01002, USA
Tel +1 413 253-6400 * Fax +1 508 302-0230 * GSM +1 508 287-1420
_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
Hidden-discuss at lists.hidden-tech.net

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members   
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://link.mail2web.com/mail2web




Google

More information about the Hidden-discuss mailing list