Last winter, researchers demonstrated how they could get data off encrypted disks by extracting the encryption key from RAM. The “cold boot” attack has had security professionals scrambling to create countermeasures. Of the 40 or so states that have passed legislation requiring organizations to notify citizens whose personal information has been compromised, most have established a “safe harbor” for encrypted information. The theory is that if lost or stolen personally identifiable information had been encrypted, it hadn’t really been compromised. But with all the new attention being paid to encryption vulnerabilities, lawmakers aren’t likely to change their tune.”]