New laws that took effect in Nevada on Oct. 1 and will kick in on Jan. 1 in Massachusetts may effectively mandate encryption for companies' hard drives, portable devices, and data transmissions. The laws will be binding on any organization that maintains personal information about residents of the two states. (Washington and Michigan are considering similar legislation.) Nevada's law deals mostly with transmitted information and Massachusetts's emphasizes stored information. Between them the two laws should put more of a dent into lax security practices than widespread laws requiring customer notification of data breaches have done. (Such laws are on the books in 40 states and by one estimate have reduced identity theft by 2%.) Here are a couple of legal takes on the impact of the new laws.

An anonymous reader tips us to a story up at Wired reporting on what may be the first computer attack to inflict physical harm on victims. Last Saturday, griefers posted hundreds of bogus messages on the support forums of the nonprofit Epilepsy Foundation that used JavaScript and strobing GIFs to trigger migraines and seizures in users. For about 3% of the 50 million epileptics worldwide, flashing lights and colors can trigger seizures. "'I don't fall over and convulse, but it hurts,' says [an IT worker in Ohio]. 'I was on the phone when it happened, and I couldn't move and couldn't speak.' ... Circumstantial evidence suggests the attack was the work of members of Anonymous, an informal collective of griefers best known for their recent war on the Church of Scientology. The first flurry of posts on the epilepsy forum referenced the site EBaumsWorld, which is much hated by Anonymous. And forum members claim they found a message board thread — since deleted — planning the attack at 7chan.org, a group stronghold."