Archive for the ‘Legal Questions’ Category

Encryption and decryption from security law perspective (Part II)

Friday, July 3rd, 2009

In my previous post I suggested several variants of computer security translated by different laws. Now I’d like to get to ciphers…again viewed by law.

So, how does the law see encryption and decryption issues through glasses of security standard? First of all, it says there simply should be encryption/decryption tools available.

ENCRYTION AND DECRYPTION (A) – § 164.312(a)(2)(iv)
Where this implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must:
“Implement a mechanism to encrypt and decrypt electronic protected health information.”

(more…)

Tags: , , , ,
Posted in Did you know that...?, General, Legal Questions, Security | No Comments »

Reasonable, appropriate, adequate…security (Part I)

Tuesday, June 30th, 2009

Most laws define security obligations as reasonable, appropriate, suitable, necessary, adequate etc. without giving more precise directives to follow. Is it good or bad? And what should be known about these standards?

Let’s see what major security standards say about recommended security measures.

(more…)

Tags: , , ,
Posted in Did you know that...?, General, Legal Questions, Security | 1 Comment »

Password Recovery Tools Are Legal In Germany

Wednesday, June 24th, 2009

 When we meet our customers at trade fairs in Germany, we are always asked questions about legality of our tools. The reason for this is that German law on so-called “hacking tools” is very strict. At the same time the wording of the respective paragraphs is unclear and ambiguous.

On Friday, German Federal Constitutional Court dismissed a complaint of an entrepreneur that production and distribution of tools for capturing traffic data is against the law. The judges said that the constitutional rights are not violated by the use of “hacking tools” (§202a-202b). According to the court decision, legal penalty applies only in the case when the software was developed with illegal intent in mind. “Double-purpose” tools that are designed to be used by law enforcement and IT security officers are not regarded illegal.

Special thanks for Florian Hohenauer for sending us the link.

Tags: , , ,
Posted in Legal Questions | No Comments »