Scrambling in the Desert: Nevada Encryption Mandate Begins Oct. 1

Carl Weinschenk

A lot of people in the security industry will be watching Nevada with interest beginning next month. On Oct. 1, a law goes into effect mandating encryption of all transmissions over the Internet that contain identifiable personal information.

 

That's a heck of a lot of encryption. This Baseline post does a good job of outlining the perceived shortcomings of the new rule. Essentially, technical folks think that the language in the law is far too broad and can be interpreted to mean things besides encryption.

 

Two major issues are potential structural problems with the law and whether mandated encryption is overkill. There is a third potential set of problems with encryption itself. At an Interop panel last week in New York City, SecureLogix CTO and Vice President of Engineering Mark Collier commented, at a panel entitled "Security Vulnerability in VoIP Products and Standards," that encryption adds overhead that can interfere with quality of service, requires that encryption keys also be encrypted and requires a complex key-management infrastructure.

 

The Nevada law, written more by attorneys than engineers, may not have taken these issues into account.

 

Despite any reservation or problem, encryption is, of course, a mainstay in the fight against crackers. Tek Talkin does a nice job of explaining the various forms of encryption. It covers IP Security (IPSec), RSA/RC4, the Data Encryption Standard (DES) and 3DES; Blowfish; the International Data Encryption Algorithm (IDEA), the Advanced Encryption Standard and CAST. It also talks about symmetric key cryptography, asymmetric key cryptography, hashing and passwords.


 

If the authorities in Nevada are pushing businesses -- in Las Vegas and other points in the state surely an interesting mix of businesses -- to encrypt everything, they clearly are going against the tide. This eWEEK post highlights research recently done on behalf of Certified Mail by Osterman Research. The survey featured responses from 205 respondents. Of them, 47 percent can't encrypt e-mail directly from desktops, 45 percent can send encrypted e-mail manually through their e-mail client and only 13 percent have access to a policy-based e-mail encryption system. Of those with the ability to send encrypted e-mail, 22 percent found it difficult or somewhat difficult, while 44 percent voice no problem.

 

Encryption is for more than e-mail, of course. This week, Brocade unveiled the Data Center Fabric Manager 10.0, which introduces fabric-based encryption for both physical and virtual servers. eWEEK reports that Brocade is offering a 2U appliance with 32 8-gigabit-per-second Fibre Channel ports and an encryption blade for the DCX Backbone chassis.

 

Encryption is simultaneously an attractive and problematic approach to security. Scrambling electronic messages is an extremely effective means of protecting data, but also a demanding one. Folks who don't properly plan for and deploy encryption will experience real problems.



Add Comment      Leave a comment on this blog post
Sep 30, 2008 10:21 AM CipherWizard CipherWizard  says:
After spending a week calling virtually every state agency in Nevada, there is no state registry where vendors can sign-up so businesses can easily find solutions to comply with NRS 597.970But have no fear! We have developed software for Windows XP that makes it easy for businesses to comply with this new law. Its called CipherWizard.CipherWizard provides a user-friendly way to encrypt confidential files and secure email messages for the average business computer user. You can easily email encrypted documents and messages from your business. Your clients would install a free CipherWizard Reader to decrypt your secure communications.CipherWizard also comes with CipherVault, which creates a virtual encrypted hard drive. When unlocked, the vault behaves like a hard drive; allowing you to store, organize, and use files and folders. When locked, the vault is securely encrypted.This isnt locking files with just a password; this is true strong-encryption made easy and affordable for business use.Storing private files in your CipherVault and emailing them once encrypted with CipherWizard is the easiest for a small business to secure client data and the future of their business.To learn more, go to http://www.cipherwizard.com Reply
Oct 7, 2008 3:16 AM Mark Mark  says:
Carl, thanks for the mention in the post. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.