Security Incidents: Re: California State Bill SB1386

["Cliff Gilley (System Admin, HolyElvis.com)" <root () holyelvis com>]

On Wed, 26 Mar 2003, Anders Reed Mohn wrote:

> > I appreciate the various replies that I've received. However,
> > the fundamental question of what defines encryption, so far as
> > SB1386 is concerned, is still unanswered. I've looked through
> > other California State Bills and supporting documentation, all
> > to no avail.
> How does California Law relate to the US justice department anyway?
> If your lawmen don't know any California precedence (if that's the word),
> then I assume a definition from some federal bureau/office is "next in line"
> to be valid.
Actually, that's not quite true.  State law is independent of federal 
rules and regulations (for the most part, and except where the Federal 
government has passed a law precluding the states from acting - lots of 
technicalities that I don't think apply to this state law).  While 
these publications might be what's termed "persuasive authority" for an 
argument in court, the CA courts would not be required to follow them, 
and would be completely free to make up whatever definition they felt 
necessary.  It's an aspect of state  sovereignty that is actually pretty rigorously 
applied.  

In this situation, the legislature has completely failed to provide a 
definition of the term "encryption".  If a case is brought under this law, 
I can guarantee you that both sides will be arguing what encryption is, 
and it's likely going to take an appellate court's decision to impute a 
definition to the Senate's bill.  It would have been much simpler (and 
cheaper for CA taxpayers) for everyone involved if the Senate had done its 
job and provided a definition under the bill for a technically amorphous 
term.  Then you might argue that their definition was insufficient or 
inaccurate, but at least you'd know what you had to do.

Here's the unfortunate part, at least for consumers.  When a term has 
plain meaning (like "encryption"), and the legislature has not specified a 
separate meaning, the courts will probably apply the term's plain meaning.  
Which in this case is completely contradictory to the intent of the law - 
someone *could* use ROT-3 "encryption" and fit within the words of 
the statute, if not the spirit.  This is a really tough legal question, 
which is probably the reason the Senate passed on addressing it.

Cliff Gilley
SysAdmin, HolyElvis.com
Attorney, WSBA #30707

Disclaimer:  Nothing in this email should be considered legal advice, nor 
should it be deemed to constitute an offer of services or the commencement 
of an attorney-client relationship; this is not a confidential 
communication, and may be freely distributed.



----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfihl1