RE: California State Bill SB1386
From: Jonathan A. Zdziarski (jonathan@networkdweebs.com)
Date: 03/24/03
- Previous message: Tobias Lachmann: "AW: Chinese source: some web attack tool"
- In reply to: Steve Zenone: "California State Bill SB1386"
- Next in thread: Steve Zenone: "RE: California State Bill SB1386"
- Reply: Steve Zenone: "RE: California State Bill SB1386"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jonathan A. Zdziarski" <jonathan@networkdweebs.com> To: "'Steve Zenone'" <zenone@cats.ucsc.edu>, <incidents@securityfocus.com> Date: Sun, 23 Mar 2003 22:21:50 -0500
> of California whose unencrypted personal information
> was, or is reasonably believed to have been, acquired
> by an unauthorized person."
It seems to me that the language used in this bill suggests that
notification would be necessary if the unencrypted information _COULD HAVE
BEEN ACQUIRED_ .... NOT that the unencrypted information itself was
_TRANSMITTED_....so to me that says if there is a reasonable chance that the
information that was stolen (even if encrypted) could be decrypted into
plain text (either via a weak encryption scheme such as ROT13 or if there's
evidence the keys were stolen as well), that it would need to be reported.
I think this clears up some of your other questions as well.
----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfihl1
- Previous message: Tobias Lachmann: "AW: Chinese source: some web attack tool"
- In reply to: Steve Zenone: "California State Bill SB1386"
- Next in thread: Steve Zenone: "RE: California State Bill SB1386"
- Reply: Steve Zenone: "RE: California State Bill SB1386"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
