Encryption by Law? If so, what strength or type?

30 pts.
Should encryption be explicitly proscribed in Data Security and Privacy legislation like the Massachusetts Data Prvacy Law and the White House cybersecurity initiative? If so, what strength or method? Should there be a minimum strength? What do you think? Troy Tate, thanks, are you recommending the law should explicitly require 1024-bit minimum key length? I'm interested in what we feel the law should specify rather than how anyone recommends interpreting the law. Right now the law is totally vague. JoeMellott seems to be saying the law should not attempt to require encryption because it is not feasible to come up with a reasonable standard. Rklanke seems to agree that specifying encryption in the law is futile since its implementation has so many dependencies and these would also have to beexplicitly specified. SbElectric seems to be unclear but suggesting using a NIST standard. An interesting idea, so I asked, which one? there seem to be hundreds and "encryption" is not a NIST cluster topic. Will be waiting to hear responses.

Answer Wiki

Thanks. We'll let you know when a new response is added.

As with any law, it should start with a basic level and then permit restrictions above the level specified. So, the law could say 1024-bit encryption or better. Kind of like the states can make more restrictive laws than the federal gov’t but the states must meet minimum criteria.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Robert Stewart
    Minimum and Maximum, now how many times in our tech world, have these changed? IE minimum specs required change with every new OS out there. Encryption technologies change even more frequently than an upgrade for an OS. This is why they are leaving these laws so vague IMOH. They just mention encryption, what is their standard and how did they get there?? Who will babysit the Law for updates in the encryption technologies?? This is a knee jerk reaction to poor policies of some IT folk on the front end.
    1,810 pointsBadges:
  • Stroagepipe
    That's a pretty complex question with a lot of variables to consider. The strongest encryption in the world can't protect you if it isn't implemented properly. In the case of online backup, you want to make sure that your data is encrypted using a private password that's only known by the customer (you). Using a methodology like this, no third-party will ever get access to your private data. If the other party can decrypt your data, it doesn't really matter how strong your encryption is.
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: