Should encryption be explicitly proscribed in Data Security and Privacy legislation like the Massachusetts Data Prvacy Law and the White House cybersecurity initiative? If so, what strength or method? Should there be a minimum strength? What do you think?
Troy Tate, thanks, are you recommending the law should explicitly require 1024-bit minimum key length? I'm interested in what we feel the law should specify rather than how anyone recommends interpreting the law. Right now the law is totally vague.
JoeMellott seems to be saying the law should not attempt to require encryption because it is not feasible to come up with a reasonable standard.
Rklanke seems to agree that specifying encryption in the law is futile since its implementation has so many dependencies and these would also have to beexplicitly specified.
SbElectric seems to be unclear but suggesting using a NIST standard. An interesting idea, so I asked, which one? there seem to be hundreds and "encryption" is not a NIST cluster topic.
Will be waiting to hear responses.