Re: California State Bill SB1386

["Anders Reed Mohn" <anders_rm () utepils com>]

> I appreciate the various replies that I've received. However,
> the fundamental question of what defines encryption, so far as
> SB1386 is concerned, is still unanswered. I've looked through
> other California State Bills and supporting documentation, all
> to no avail.

You could maybe ask:
Jacqueline Craig, jcraig () socrates berkeley edu, , who according to
http://istpub.berkeley.edu:4201/bcc/Spring2003/news.sb1386.html
"will chair the SB 1386 working group" at Berkeley, to ensure that
campuses are compliant with the bill.

How does California Law relate to the US justice department anyway?
If your lawmen don't know any California precedence (if that's the word),
then I assume a definition from some federal bureau/office is "next in line"
to be valid.

According to these docs:
http://www.thawte.com/html/CORPORATE/news/crimaliseEnc.html
http://www.securityfocus.com/columnists/145,

the US justice department defines encryption as referring to "the scrambling
(and descrambling) of [..] communications, [..] using mathematical formulas
or algorithms in order to [..] prevent unauthorized recipients from
accessing or
altering, such communications or information."

Unless there is a clarification somewhere in the text of the
"Domestic Security Enhancement Act of 2003", this would seem to include
any kind of scrambling, as long as the purpose is to hide the plaintext.
I have searched other DOJ documents for definitions, but they all seem to
give much the same definition. There is no requirements stated as to the
quality of the encryption, ie. noone seem to (explicitly) state that the
encryption must be of a certain type or quality, for it to actually "prevent
unauthorized recipients from accessing or altering, etc."
I am guessing that in court it would be argued that the _intent_ to hide
information is every bit as important as the hiding itself.

Also,this article:
http://www.onlinesecurity.com/index.php
claims that  "Several national consulting and integration firms have been
quietly promoting 'best practices' within the compliance space as it relates
to electronic commerce."
One of these, if you can identify one, would have a definition of encryption
in relation to this, would they not?


Cheers,
Anders RM :)


----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfihl1