[Cryptography] Feinstein-Burr crypto bill introduced
Tom Mitchell
mitch at niftyegg.com
Thu Apr 14 18:10:51 EDT 2016
On Thu, Apr 14, 2016 at 3:15 AM, Benjamin Kreuter <brk7bx at virginia.edu>
wrote:
> On Thu, 2016-04-14 at 00:14 +0000, John Levine wrote:
>
> > Dunno if this is deliberately aimed at Apple,
>
...
>
> Relevant quote from Section 3, part (C):
>
> 10 (c) LICENSE DISTRIBUTORS .—A provider of remote
...
> It would also
> cover Linux distros, Github, etc., though given the overall technical
> illiteracy of the proposal I have some doubts that Burr or Feinstein
> are even aware of such things.
>
Or of FFIEC guidelines and regulations.
"The outstanding feature of the FFIEC guidelines is the requirement that
encryption be used in all online transaction processing (OLTP) done by
financial institutions. The level of encryption must be sufficient to
prevent unauthorized disclosure within a bank's internal networks and among
shared external networks."
----
http://searchfinancialsecurity.techtarget.com/definition/FFIEC-compliance
Or of FERPA (Family Educational Rights and Privacy Act)
http://www2.ed.gov/policy/gen/guid/fpco/pdf/reasonablemtd_agreement.pdf
Multiple states have enacted laws mandating data encryption.
Some make it clear that key management as implied in Feinstein-Burr
crypto daft-discussion would not be acceptable (Nevada and Mass).
Footnote 32.
Among notable state efforts, Nevada, for example, requires both businesses
and government agencies to use encryption when externally transmitting
personal information, and Massachusetts imposes much more extensive
encryption requirements on personal information."
i.e. At a glance key management rules and tracking as specified in state
and federal law would require
any and all vendors, individuals and law enforcement agents with these keys
to be enumerated and
audited. Such a vast list of key holders is also a list of phone book and
rubber hose coercion targets.
As a federal obligation the Feds would have to pull all others into their
uber top level data base. A reverse would
place the identity of agents in the hands of school boards etc.
This is not a topic for a 15 second sound bite.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160414/c9314597/attachment.html>
More information about the cryptography
mailing list