Unfortunately your (and my) driver's license number IS often copied down when we cash a check. What is copied can be a Social Sec Number (not Mass issued) or a Mass issued number used to prevent ID thieft. Any thinking person has changed to a Mass issued number by now. Now these folks say that can't be stored, but it is stilled copied down at the point-of-sale, entered into the banking system, and then stored in digital form by the banking system. Oops. And I can think of at least one method where the tracks of magnetic media (think hard drive disks) can be mechanically read with the info stored as an image of the magnetic domains, on paper. Then this law does not address the real issue of keystroke loggers infecting computers as has been done on a couple of high profile cases in this state. I believe the cass where data was lost by unencrypted computers was the fault of workers for the Commonwealth. They took their laptops home. Wouldn't a simple procedure be to frequire that all State stored data by locked up, in the manner as money is not left lying around? Finally, any data that is wirelessly transmitted can easily captured, stored, and later decrypted. Here time is on the side of the electronic capture. The data does not have to be decrypted in real time at all. In fact, this data could be sent to thousands of unsuspecting computers for decryption during their idle time, just as the Seti project is doing to find life elsewhere. There goes the arguement that a gizillon years are required for decryption. There has been a lack of thinking on Beacon Hill here. But that's nothing new. Jim Ussailis jim at natrionalwireless.com Original Message: ----------------- From: Roger Williams roger at qux.com Date: Fri, 27 Feb 2009 10:50:30 -0500 To: sreed at avacoda.com, hidden-discuss at lists.hidden-tech.net Subject: Re: [Hidden-tech] New Massachusetts Encryption Law ** Be sure to fill out the survey/skills inventory in the member's area. ** If you did, we all thank you. >>>>> Scott Reed <sreed at avacoda.com> writes: > What is the definition of "personal data"? 201 CMR 17.00 defines it as: a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident's financial account; provided, however, that "Personal information" shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public. -- Roger Williams <roger at qux.com> Chief Technical Officer, Qux Corporation 433 West Street, Suite 8, Amherst, MA 01002, USA Tel +1 413 253-6400 * Fax +1 508 302-0230 * GSM +1 508 287-1420 _______________________________________________ Hidden-discuss mailing list - home page: http://www.hidden-tech.net Hidden-discuss at lists.hidden-tech.net You are receiving this because you are on the Hidden-Tech Discussion list. If you would like to change your list preferences, Go to the Members page on the Hidden Tech Web site. http://www.hidden-tech.net/members -------------------------------------------------------------------- mail2web - Check your email from the web at http://link.mail2web.com/mail2web