Hosting Provided By

Re: California State Bill SB1386

From: Anders Reed Mohn <anders_rm(at)utepils.com>
Date: Wed Mar 26 2003 - 03:26:24 EST

>I appreciate the various replies that I've received. However,
>the fundamental question of what defines encryption, so far as
>SB1386 is concerned, is still unanswered. I've looked through
>other California State Bills and supporting documentation, all
>to no avail.

You could maybe ask:
Jacqueline Craig, jcraig@socrates.berkeley.edu, , who according to http://istpub.berkeley.edu:4201/bcc/Spring2003/news.sb1386.html "will chair the SB 1386 working group" at Berkeley, to ensure that campuses are compliant with the bill.

How does California Law relate to the US justice department anyway? If your lawmen don't know any California precedence (if that's the word), then I assume a definition from some federal bureau/office is "next in line" to be valid.

According to these docs:
http://www.thawte.com/html/CORPORATE/news/crimaliseEnc.html http://www.securityfocus.com/columnists/145,

the US justice department defines encryption as referring to "the scrambling (and descrambling) of [..] communications, [..] using mathematical formulas or algorithms in order to [..] prevent unauthorized recipients from accessing or
altering, such communications or information."

Unless there is a clarification somewhere in the text of the "Domestic Security Enhancement Act of 2003", this would seem to include any kind of scrambling, as long as the purpose is to hide the plaintext. I have searched other DOJ documents for definitions, but they all seem to give much the same definition. There is no requirements stated as to the quality of the encryption, ie. noone seem to (explicitly) state that the encryption must be of a certain type or quality, for it to actually "prevent unauthorized recipients from accessing or altering, etc." I am guessing that in court it would be argued that the _intent_ to hide information is every bit as important as the hiding itself.

Also,this article:
http://www.onlinesecurity.com/index.php
claims that "Several national consulting and integration firms have been quietly promoting 'best practices' within the compliance space as it relates to electronic commerce."
One of these, if you can identify one, would have a definition of encryption in relation to this, would they not?

Do you need help?

Cheers,
Anders RM :)

Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfihl1 Received on Wed Mar 26 19:08:44 2003

This message: [ Message body ]
Next message: digigal11(at)hushmail.com: "Re: [Fwd: FW: California State Bill SB1386]"
Previous message: Dan Hanson: "Dead Thread: California State Bill SB1386"
In reply to: Steve Zenone: "RE: California State Bill SB1386"
Next in thread: Cliff Gilley (System Admin, HolyElvis.com): "Re: California State Bill SB1386"
Reply: Cliff Gilley (System Admin, HolyElvis.com): "Re: California State Bill SB1386"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:00 EDT