Nevada Businesses MUST Encrypt Email Starting Next Week Under Law

If you find this useful please share it!



 

Under a law which takes effect next week, Nevada businesses must start encrypting their email, or face a penalty.

According to the law, which was passed in 2005, but doesn’t take effect until next week, “A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.”


 

What this means is that if you are a business in Nevada, and are sending email which contains anything that could be considered personal information (and let’s face it, an email address is personal), then you must, under this law, send it encrypted, or not at all.

So what exactly qualifies as “encrypted” under this law? According to the state of Nevada’s own legal definition:

” ‘Encryption’ means the use of any protective or disruptive measure, including, without limitation, cryptography, enciphering, encoding or a computer contaminant, to:

(Article continues below)
Get notified of new Internet Patrol articles for free!
Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!

Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Nevada Businesses MUST Encrypt Email Starting Next Week Under Law

1. Prevent, impede, delay or disrupt access to any data, information, image, program, signal or sound;

2. Cause or make any data, information, image, program, signal or sound unintelligible or unusable; or

3. Prevent, impede, delay or disrupt the normal operation or use of any component, device, equipment, system or network.”

Zounds! This sounds like the definition of spyware! And, indeed under California law, a “computer contaminant” is defined as “any set of computer instructions that are designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information.”

We know you're sick of ads on websites. But we still need to pay to keep the lights on for you. So instead of huge ads and video ads, we use smaller, plainer ads. Still, if you'd like to support the Internet Patrol but not the ads, please consider supporting us here:
Donate via Paypal
Other Amount:

This should be very interesting to watch.

In the meantime, we at ISIPP stand ready to help any business wanting to get some form of encryption in place so that they don’t become a test case.

  
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!

Nevada Businesses MUST Encrypt Email Starting Next Week Under Law

Get notified of new Internet Patrol articles!

If you find this useful please share it!

2 Replies to “Nevada Businesses MUST Encrypt Email Starting Next Week Under Law”

  1. Do you have any idea how this might impact marketers sending email to businesses in Nevada? Are there any additional steps that must be taken by marketers sending to Nevada?

    What constitutes a Nevada business? Does the mail server need to be in Nevada to qualify?

  2. Speaking as a mail geek, this is not really as onerous as it sounds. There are essentially two kinds of email encryption: content encryption and transport encryption. Content encryption has to be done by end users’ mailer programs (aka “MUA’s”: Mail User Agents) and encrypts the mail before it leaves the machine that it is composed on. Recipients have to also support the same kind of content encryption and have enough of a relationship with the sender that they can decrypt the mail sent to them. There are two incompatible standards for content encryption, PGP and S/MIME, and both of them have problems that are visible to end users. Transport encryption is done using TLS (and its predecessor SSL) and is handled almost invisibly to end users, sometimes between MUA’s and the mail servers (MTA’s: Mail Transport Agents) they hand mail to and commonly between MTA’s. Transport encryption means that the entire communications channel between machines is encrypted, i.e. not just the contents of mail but the entire conversation that is carried out between sending and receiving systems to offer mail from a sender to one or more recipients. Because businesses transfer mail outside of their own realms almost only through MTA-MTA communications and because it protects the sender and recipient addresses from snooping in transit, using transport encryption would satisfy the Nevada law and do so better than having everyone who writes email get personal mail encryption certificates or publish PGP keys.

    All modern mail server software can support TLS, and a significant fraction of corporate mail servers have that support active. The big part of the Nevada mandate for encryption is that if Nevada companies follow it by the simplest approach of only sending mail over TLS sessions, they will have to stop sending mail to MTA’s that do not offer TLS service. Few if any of the major consumer ISP’s and mail providers in the US offer it today.

Leave a Reply

Your email address will not be published. Required fields are marked *