<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_11_06_1638226</id>
	<title>National Data Breach Law Advances</title>
	<author>kdawson</author>
	<datestamp>1257531120000</datestamp>
	<htmltext>Trailrunner7 writes <i>"Two separate bills that would require organizations to notify consumers when their personal information has been compromised have made their way out of committee in the Senate, a critical step toward the <a href="http://threatpost.com/en\_us/blogs/two-data-breach-notification-bills-advance-senate-110609">creation of a national data-breach notification bill</a>. But the Data Breach Notification Act, S.139, exempts federal agencies and other organizations subject to the bill from disclosing a breach if the data involved in the breach was encrypted. This is a clause that has caused some controversy, as some experts say that simply encrypting data does not render it useless. Also, S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standard.' That is a very broad exemption that could become a sticking point as the bill moves along. The terms 'access controls' and 'other such mechanisms' encompass a huge number of technologies."</i></htmltext>
<tokenext>Trailrunner7 writes " Two separate bills that would require organizations to notify consumers when their personal information has been compromised have made their way out of committee in the Senate , a critical step toward the creation of a national data-breach notification bill .
But the Data Breach Notification Act , S.139 , exempts federal agencies and other organizations subject to the bill from disclosing a breach if the data involved in the breach was encrypted .
This is a clause that has caused some controversy , as some experts say that simply encrypting data does not render it useless .
Also , S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods , such as redaction , access controls , or other such mechanisms , that are widely accepted as an effective industry practice , or an effective industry standard .
' That is a very broad exemption that could become a sticking point as the bill moves along .
The terms 'access controls ' and 'other such mechanisms ' encompass a huge number of technologies .
"</tokentext>
<sentencetext>Trailrunner7 writes "Two separate bills that would require organizations to notify consumers when their personal information has been compromised have made their way out of committee in the Senate, a critical step toward the creation of a national data-breach notification bill.
But the Data Breach Notification Act, S.139, exempts federal agencies and other organizations subject to the bill from disclosing a breach if the data involved in the breach was encrypted.
This is a clause that has caused some controversy, as some experts say that simply encrypting data does not render it useless.
Also, S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standard.
' That is a very broad exemption that could become a sticking point as the bill moves along.
The terms 'access controls' and 'other such mechanisms' encompass a huge number of technologies.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007932</id>
	<title>Good idea, wrong language</title>
	<author>lax-goalie</author>
	<datestamp>1257537300000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>"Also, S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standard.'"</p><p>I think that the whole purpose of this is to cover things like storing passwords, etc., as hashed data. That's something I tried to get into Virginia's data breach law (and will probably give it a shot again this year), but try explaining the concept of "cryptographic hashes" to legislators who are mostly lawyers. Three guys on the subcommittee got it (engineers and tech guys), but it was WAY over everybody else's heads.</p><p>And it's not just the legislators. the LexisNexis lobbyist went ballistic over the idea until she talked to somebody in her IT department, because she didn't understand what was going on.</p><p>I understand what this language is supposed to do, but it's just poorly crafted.</p></htmltext>
<tokenext>" Also , S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods , such as redaction , access controls , or other such mechanisms , that are widely accepted as an effective industry practice , or an effective industry standard .
' " I think that the whole purpose of this is to cover things like storing passwords , etc. , as hashed data .
That 's something I tried to get into Virginia 's data breach law ( and will probably give it a shot again this year ) , but try explaining the concept of " cryptographic hashes " to legislators who are mostly lawyers .
Three guys on the subcommittee got it ( engineers and tech guys ) , but it was WAY over everybody else 's heads.And it 's not just the legislators .
the LexisNexis lobbyist went ballistic over the idea until she talked to somebody in her IT department , because she did n't understand what was going on.I understand what this language is supposed to do , but it 's just poorly crafted .</tokentext>
<sentencetext>"Also, S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standard.
'"I think that the whole purpose of this is to cover things like storing passwords, etc., as hashed data.
That's something I tried to get into Virginia's data breach law (and will probably give it a shot again this year), but try explaining the concept of "cryptographic hashes" to legislators who are mostly lawyers.
Three guys on the subcommittee got it (engineers and tech guys), but it was WAY over everybody else's heads.And it's not just the legislators.
the LexisNexis lobbyist went ballistic over the idea until she talked to somebody in her IT department, because she didn't understand what was going on.I understand what this language is supposed to do, but it's just poorly crafted.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007746</id>
	<title>Privacy?</title>
	<author>Anonymous</author>
	<datestamp>1257536220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I wonder how this would change how courts view peoples' expectations of privacy with regard to their data.  It sounds like this kind of measure could be used to help reinforce the need for warrants for the authorities to search the data?</p></htmltext>
<tokenext>I wonder how this would change how courts view peoples ' expectations of privacy with regard to their data .
It sounds like this kind of measure could be used to help reinforce the need for warrants for the authorities to search the data ?</tokentext>
<sentencetext>I wonder how this would change how courts view peoples' expectations of privacy with regard to their data.
It sounds like this kind of measure could be used to help reinforce the need for warrants for the authorities to search the data?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007798</id>
	<title>Re:Toothless</title>
	<author>Timothy Brownawell</author>
	<datestamp>1257536460000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext>WTF, why does this kind of fatalistic crap get modded up? It adds nothing to the discussion.</htmltext>
<tokenext>WTF , why does this kind of fatalistic crap get modded up ?
It adds nothing to the discussion .</tokentext>
<sentencetext>WTF, why does this kind of fatalistic crap get modded up?
It adds nothing to the discussion.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007594</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30008140</id>
	<title>Root cause analysis</title>
	<author>iztehsux</author>
	<datestamp>1257538380000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext>You'd think that large corporations would already have incentive to secure their data, aside from being required to do so. I would imagine that the cost of taking some basic measures to up your game would be much cheaper than paying out large sums of money in lawsuits to people who had their credentials compromised. Simple things like full drive crypto on laptops, or sanitizing database inputs to prevent SQL injection are not difficult to do, yet would prevent against a laptop theft from a car or someone dumping your entire database. Cryptography is good, but not invincible. Motivated attackers can use distributed cracking tools, rainbow tables, or merely exploit a weak avenue and wait for password re-use. I'd like to see requirements for companies notifying individuals if there has been a breach, but I'd also prefer that simple security measures were put in place so that disclosure laws didn't need to be invoked very often.</htmltext>
<tokenext>You 'd think that large corporations would already have incentive to secure their data , aside from being required to do so .
I would imagine that the cost of taking some basic measures to up your game would be much cheaper than paying out large sums of money in lawsuits to people who had their credentials compromised .
Simple things like full drive crypto on laptops , or sanitizing database inputs to prevent SQL injection are not difficult to do , yet would prevent against a laptop theft from a car or someone dumping your entire database .
Cryptography is good , but not invincible .
Motivated attackers can use distributed cracking tools , rainbow tables , or merely exploit a weak avenue and wait for password re-use .
I 'd like to see requirements for companies notifying individuals if there has been a breach , but I 'd also prefer that simple security measures were put in place so that disclosure laws did n't need to be invoked very often .</tokentext>
<sentencetext>You'd think that large corporations would already have incentive to secure their data, aside from being required to do so.
I would imagine that the cost of taking some basic measures to up your game would be much cheaper than paying out large sums of money in lawsuits to people who had their credentials compromised.
Simple things like full drive crypto on laptops, or sanitizing database inputs to prevent SQL injection are not difficult to do, yet would prevent against a laptop theft from a car or someone dumping your entire database.
Cryptography is good, but not invincible.
Motivated attackers can use distributed cracking tools, rainbow tables, or merely exploit a weak avenue and wait for password re-use.
I'd like to see requirements for companies notifying individuals if there has been a breach, but I'd also prefer that simple security measures were put in place so that disclosure laws didn't need to be invoked very often.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30009606</id>
	<title>you insensiti7e clod!</title>
	<author>Anonymous</author>
	<datestamp>1257501480000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext>contact to sse if despite the it transforms into goal here? How can</htmltext>
<tokenext>contact to sse if despite the it transforms into goal here ?
How can</tokentext>
<sentencetext>contact to sse if despite the it transforms into goal here?
How can</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007698</id>
	<title>Corporate interests?</title>
	<author>Anonymous</author>
	<datestamp>1257535920000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Dude, if you own stock, you ARE the corporation...</p></htmltext>
<tokenext>Dude , if you own stock , you ARE the corporation.. .</tokentext>
<sentencetext>Dude, if you own stock, you ARE the corporation...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007594</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30008812</id>
	<title>30+ years of experience suggest limits on secrets</title>
	<author>Anonymous</author>
	<datestamp>1257498060000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p>A few years ago, at one of the last National Information Security Systems Conference meetings, one of the speakers noted that for 30+ years, people had been trying to make multilevel secure databases, with lots of very clever methods tried.<br>All these efforts failed.<br>It was found that you could keep all those secrets securely, but performance in retrieving any of them went off a cliff. If you wanted good performance, there were always open channels.<br>The relevance is that Nature may be trying to tell us here that keeping too many secrets at a time and still use them quickly is an infeasible thing. Encryption is one way to do access control, and unless the key handling is discussed, it tends to be snake oil. Consider that encrypting your giant database of sensitive info with a, say, 512 bit key and the best algorithm you can find still means that it takes only 128 characters of hex to hold that key. This small key can be written on a slip of paper and carried out, or handled with stego to foil inspectors who empty pockets/purses. If you lose the giant database, and believe all is well because it is strongly encrypted, if one of a myriad of folks who need access to the data legitimately manages to get a copy of the key and spirits it out of your organization, that data is lost. Point is that people tend to watch encrypted data less than cleartext data, believing it to be safe. Yet if a key for it is widely enough needed,  it will be an Achilles' heel of the scheme and the crypto can actually facilitate theft.<br>The main lesson that has been ignored is that most of the information is sensitive because it is abused as authentication signals, rather than merely identification. Your phone number is (mostly) not sensitive because nobody expects that only YOU can possibly know it. Now, with the continual failing of el cheapo schemes to authenticate, and gradual recognition of the weaknesses of e.g. fingerprints (vulnerable to theft of patterns) and the like, it becomes apparent that some hardware in customer hands, which is not connected to computer networks,is one of the few promising avenues. It must be used with protocols that identify in both directions and which allow transaction signing (since remote access connections are not 100\% guaranteed never to be broken into), and the protocols need to be designed so that they work whether eavesdropped upon or not. With such beasts, only the small secrets needed to validate them need be kept, not a myriad of pieces of "personal" information that everyone can get to with a little internet research.<br>Alas, the government does not seem to understand this and continues to act as though the solution is to find yet larger whips and spears with which to flog those who (again) release this sensitive data, rather than make it intrinsically un-useful to anyone trying to steal identities, money, etc. Various other institutions likewise seem not to "get" this. The effect of such is that fraud of all kinds abounds, is cheap, easy, and hard to prosecute. Also the intellectually out-of-gas legislators and bureaucrats who are floundering about trying to "solve" the problem look likely to succumb to turning the country into a totalitarian regime in their efforts. Lord help them and us if they do; they will not solve the problem, but if a fanatic on any subject who is not inhibited by conscience gets in power, all these "remedies" will come back to haunt millions and perhaps make the efforts of Stalin or the like seem like amateur acts.</p></htmltext>
<tokenext>A few years ago , at one of the last National Information Security Systems Conference meetings , one of the speakers noted that for 30 + years , people had been trying to make multilevel secure databases , with lots of very clever methods tried.All these efforts failed.It was found that you could keep all those secrets securely , but performance in retrieving any of them went off a cliff .
If you wanted good performance , there were always open channels.The relevance is that Nature may be trying to tell us here that keeping too many secrets at a time and still use them quickly is an infeasible thing .
Encryption is one way to do access control , and unless the key handling is discussed , it tends to be snake oil .
Consider that encrypting your giant database of sensitive info with a , say , 512 bit key and the best algorithm you can find still means that it takes only 128 characters of hex to hold that key .
This small key can be written on a slip of paper and carried out , or handled with stego to foil inspectors who empty pockets/purses .
If you lose the giant database , and believe all is well because it is strongly encrypted , if one of a myriad of folks who need access to the data legitimately manages to get a copy of the key and spirits it out of your organization , that data is lost .
Point is that people tend to watch encrypted data less than cleartext data , believing it to be safe .
Yet if a key for it is widely enough needed , it will be an Achilles ' heel of the scheme and the crypto can actually facilitate theft.The main lesson that has been ignored is that most of the information is sensitive because it is abused as authentication signals , rather than merely identification .
Your phone number is ( mostly ) not sensitive because nobody expects that only YOU can possibly know it .
Now , with the continual failing of el cheapo schemes to authenticate , and gradual recognition of the weaknesses of e.g .
fingerprints ( vulnerable to theft of patterns ) and the like , it becomes apparent that some hardware in customer hands , which is not connected to computer networks,is one of the few promising avenues .
It must be used with protocols that identify in both directions and which allow transaction signing ( since remote access connections are not 100 \ % guaranteed never to be broken into ) , and the protocols need to be designed so that they work whether eavesdropped upon or not .
With such beasts , only the small secrets needed to validate them need be kept , not a myriad of pieces of " personal " information that everyone can get to with a little internet research.Alas , the government does not seem to understand this and continues to act as though the solution is to find yet larger whips and spears with which to flog those who ( again ) release this sensitive data , rather than make it intrinsically un-useful to anyone trying to steal identities , money , etc .
Various other institutions likewise seem not to " get " this .
The effect of such is that fraud of all kinds abounds , is cheap , easy , and hard to prosecute .
Also the intellectually out-of-gas legislators and bureaucrats who are floundering about trying to " solve " the problem look likely to succumb to turning the country into a totalitarian regime in their efforts .
Lord help them and us if they do ; they will not solve the problem , but if a fanatic on any subject who is not inhibited by conscience gets in power , all these " remedies " will come back to haunt millions and perhaps make the efforts of Stalin or the like seem like amateur acts .</tokentext>
<sentencetext>A few years ago, at one of the last National Information Security Systems Conference meetings, one of the speakers noted that for 30+ years, people had been trying to make multilevel secure databases, with lots of very clever methods tried.All these efforts failed.It was found that you could keep all those secrets securely, but performance in retrieving any of them went off a cliff.
If you wanted good performance, there were always open channels.The relevance is that Nature may be trying to tell us here that keeping too many secrets at a time and still use them quickly is an infeasible thing.
Encryption is one way to do access control, and unless the key handling is discussed, it tends to be snake oil.
Consider that encrypting your giant database of sensitive info with a, say, 512 bit key and the best algorithm you can find still means that it takes only 128 characters of hex to hold that key.
This small key can be written on a slip of paper and carried out, or handled with stego to foil inspectors who empty pockets/purses.
If you lose the giant database, and believe all is well because it is strongly encrypted, if one of a myriad of folks who need access to the data legitimately manages to get a copy of the key and spirits it out of your organization, that data is lost.
Point is that people tend to watch encrypted data less than cleartext data, believing it to be safe.
Yet if a key for it is widely enough needed,  it will be an Achilles' heel of the scheme and the crypto can actually facilitate theft.The main lesson that has been ignored is that most of the information is sensitive because it is abused as authentication signals, rather than merely identification.
Your phone number is (mostly) not sensitive because nobody expects that only YOU can possibly know it.
Now, with the continual failing of el cheapo schemes to authenticate, and gradual recognition of the weaknesses of e.g.
fingerprints (vulnerable to theft of patterns) and the like, it becomes apparent that some hardware in customer hands, which is not connected to computer networks,is one of the few promising avenues.
It must be used with protocols that identify in both directions and which allow transaction signing (since remote access connections are not 100\% guaranteed never to be broken into), and the protocols need to be designed so that they work whether eavesdropped upon or not.
With such beasts, only the small secrets needed to validate them need be kept, not a myriad of pieces of "personal" information that everyone can get to with a little internet research.Alas, the government does not seem to understand this and continues to act as though the solution is to find yet larger whips and spears with which to flog those who (again) release this sensitive data, rather than make it intrinsically un-useful to anyone trying to steal identities, money, etc.
Various other institutions likewise seem not to "get" this.
The effect of such is that fraud of all kinds abounds, is cheap, easy, and hard to prosecute.
Also the intellectually out-of-gas legislators and bureaucrats who are floundering about trying to "solve" the problem look likely to succumb to turning the country into a totalitarian regime in their efforts.
Lord help them and us if they do; they will not solve the problem, but if a fanatic on any subject who is not inhibited by conscience gets in power, all these "remedies" will come back to haunt millions and perhaps make the efforts of Stalin or the like seem like amateur acts.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007772</id>
	<title>"widely accepted"??</title>
	<author>jipn4</author>
	<datestamp>1257536280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>that are widely accepted as an effective industry practice</i></p><p>Windows is "widely accepted as an effective industry practice"; that doesn't make it so.  Most people are not very good at security and will "accept" stupid practices.</p></htmltext>
<tokenext>that are widely accepted as an effective industry practiceWindows is " widely accepted as an effective industry practice " ; that does n't make it so .
Most people are not very good at security and will " accept " stupid practices .</tokentext>
<sentencetext>that are widely accepted as an effective industry practiceWindows is "widely accepted as an effective industry practice"; that doesn't make it so.
Most people are not very good at security and will "accept" stupid practices.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30009730</id>
	<title>If encryption is "best practice" ...</title>
	<author>Intron</author>
	<datestamp>1257502080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why is the default for filesystems to be unencrypted?</p><p>Why is the default for email unencrypted?</p><p>In fact, in any current OS, Windows/Linux/OSX, I have to go out of my way to add encryption to either my data or my email.  And if I do encrypt my email, I will just get blank stares from the recipients, because their client will not have a clue.</p></htmltext>
<tokenext>Why is the default for filesystems to be unencrypted ? Why is the default for email unencrypted ? In fact , in any current OS , Windows/Linux/OSX , I have to go out of my way to add encryption to either my data or my email .
And if I do encrypt my email , I will just get blank stares from the recipients , because their client will not have a clue .</tokentext>
<sentencetext>Why is the default for filesystems to be unencrypted?Why is the default for email unencrypted?In fact, in any current OS, Windows/Linux/OSX, I have to go out of my way to add encryption to either my data or my email.
And if I do encrypt my email, I will just get blank stares from the recipients, because their client will not have a clue.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007752</id>
	<title>Look for higher costs</title>
	<author>Anonymous</author>
	<datestamp>1257536220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>All this will really do is further increase the costs of good and services. Isn't it great when government gets involved?</p></htmltext>
<tokenext>All this will really do is further increase the costs of good and services .
Is n't it great when government gets involved ?</tokentext>
<sentencetext>All this will really do is further increase the costs of good and services.
Isn't it great when government gets involved?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30009898</id>
	<title>Re:You are missing the point</title>
	<author>thejynxed</author>
	<datestamp>1257502680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Sure there is. It's made up of three words that anyone in the corporate working world can understand.</p><p>"Corporate Death Penalty"</p></htmltext>
<tokenext>Sure there is .
It 's made up of three words that anyone in the corporate working world can understand .
" Corporate Death Penalty "</tokentext>
<sentencetext>Sure there is.
It's made up of three words that anyone in the corporate working world can understand.
"Corporate Death Penalty"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30008198</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30008198</id>
	<title>You are missing the point</title>
	<author>Anonymous</author>
	<datestamp>1257538560000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>The intention isn't to make everything 100\% secure at first. That just wouldn't be feasible. The way I see it, this might be very efficient in improving the overall situation over time.</p><p>You can get yourself exempt from a lot of the responsibility by implementing encryption? What kind of a manager would not do their best to achieve that? There needs to be some significant carrot like that to encourage the managers to really want it.</p><p>And as you are going to implement some practices regarding them anyways, you could just as well do it decently (put a bit more money into research, consultants, etc., produce a few whitepapers... Get some manager cred. for a succesful operation.). Not perfectly (money doesn't guarantee quality, as we well know), but enough to improve things from what they were.</p><p>The "widely accepted industry standards" means that the worst companies of the lot don't qualify so this encourages them to improve their standards. When the worst companies always have the interest in improving their standards, it could throw the industry to very slow but steady loop of improving quality.</p><p>Yeah, this isn't a silverbullet that fixes everything. I don't think that there could be anything like that. But this has some serious potential to encourage companies to improve in the area.</p></htmltext>
<tokenext>The intention is n't to make everything 100 \ % secure at first .
That just would n't be feasible .
The way I see it , this might be very efficient in improving the overall situation over time.You can get yourself exempt from a lot of the responsibility by implementing encryption ?
What kind of a manager would not do their best to achieve that ?
There needs to be some significant carrot like that to encourage the managers to really want it.And as you are going to implement some practices regarding them anyways , you could just as well do it decently ( put a bit more money into research , consultants , etc. , produce a few whitepapers... Get some manager cred .
for a succesful operation. ) .
Not perfectly ( money does n't guarantee quality , as we well know ) , but enough to improve things from what they were.The " widely accepted industry standards " means that the worst companies of the lot do n't qualify so this encourages them to improve their standards .
When the worst companies always have the interest in improving their standards , it could throw the industry to very slow but steady loop of improving quality.Yeah , this is n't a silverbullet that fixes everything .
I do n't think that there could be anything like that .
But this has some serious potential to encourage companies to improve in the area .</tokentext>
<sentencetext>The intention isn't to make everything 100\% secure at first.
That just wouldn't be feasible.
The way I see it, this might be very efficient in improving the overall situation over time.You can get yourself exempt from a lot of the responsibility by implementing encryption?
What kind of a manager would not do their best to achieve that?
There needs to be some significant carrot like that to encourage the managers to really want it.And as you are going to implement some practices regarding them anyways, you could just as well do it decently (put a bit more money into research, consultants, etc., produce a few whitepapers... Get some manager cred.
for a succesful operation.).
Not perfectly (money doesn't guarantee quality, as we well know), but enough to improve things from what they were.The "widely accepted industry standards" means that the worst companies of the lot don't qualify so this encourages them to improve their standards.
When the worst companies always have the interest in improving their standards, it could throw the industry to very slow but steady loop of improving quality.Yeah, this isn't a silverbullet that fixes everything.
I don't think that there could be anything like that.
But this has some serious potential to encourage companies to improve in the area.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007606</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30010930</id>
	<title>What about goverments</title>
	<author>Anonymous</author>
	<datestamp>1257508680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>So what the hell happens when a corporation improperly releases my information to the Government?</p><p>Some hacker in RU or China getting a database dump of my personal information bothers me a lot less than most government agencies getting a database dumps of my personal information. At least the frigen hackers are likely to do a better job of controlling how that information gets spread around than most government agencies.</p></htmltext>
<tokenext>So what the hell happens when a corporation improperly releases my information to the Government ? Some hacker in RU or China getting a database dump of my personal information bothers me a lot less than most government agencies getting a database dumps of my personal information .
At least the frigen hackers are likely to do a better job of controlling how that information gets spread around than most government agencies .</tokentext>
<sentencetext>So what the hell happens when a corporation improperly releases my information to the Government?Some hacker in RU or China getting a database dump of my personal information bothers me a lot less than most government agencies getting a database dumps of my personal information.
At least the frigen hackers are likely to do a better job of controlling how that information gets spread around than most government agencies.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007966</id>
	<title>Well I feel perfectly safe now!</title>
	<author>mandark1967</author>
	<datestamp>1257537600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I for one welcome our ROT13 encoding overlords.</p></htmltext>
<tokenext>I for one welcome our ROT13 encoding overlords .</tokentext>
<sentencetext>I for one welcome our ROT13 encoding overlords.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30009918</id>
	<title>DMCA set this up for failure!</title>
	<author>brainsto</author>
	<datestamp>1257502800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I'm sure someone will correct me if I'm wrong, but according to the DMCA, bitswapping is considered as encryption. (Remember dvd encryption, and how it only took those guys mere minutes to brute force against it? That made me want to laugh myself to death.)

What's to prevent the health care industry from doing the minimum encryption possible? Most corporations are mostly interested in the bottom line, which means the minimum dollar amount required to achieve the minimum compliance level necessary to cover their own ass. And, then they'll probably advertise more on the fact that they're compliant, than on the act of actual compliance. The smoking companies are pretty famous for that.

And who's to say that whatever compliance level that is described (if any) in the bills, aren't annually revised to maintain a sufficient level of effort required to still make cracking the encryption impractical. Because, if it's not, then just wait a few years, and the power of technology will let you brute force/crack almost anything. We're already at the point where there's news of 2+ attacks against WPA1. And with personal health info, the average lifespan is 70+ years, so that means you could probably sit on the data for 10 years or more while technology makes cracking the encryption way more trivial than it was when it was encrypted.</htmltext>
<tokenext>I 'm sure someone will correct me if I 'm wrong , but according to the DMCA , bitswapping is considered as encryption .
( Remember dvd encryption , and how it only took those guys mere minutes to brute force against it ?
That made me want to laugh myself to death .
) What 's to prevent the health care industry from doing the minimum encryption possible ?
Most corporations are mostly interested in the bottom line , which means the minimum dollar amount required to achieve the minimum compliance level necessary to cover their own ass .
And , then they 'll probably advertise more on the fact that they 're compliant , than on the act of actual compliance .
The smoking companies are pretty famous for that .
And who 's to say that whatever compliance level that is described ( if any ) in the bills , are n't annually revised to maintain a sufficient level of effort required to still make cracking the encryption impractical .
Because , if it 's not , then just wait a few years , and the power of technology will let you brute force/crack almost anything .
We 're already at the point where there 's news of 2 + attacks against WPA1 .
And with personal health info , the average lifespan is 70 + years , so that means you could probably sit on the data for 10 years or more while technology makes cracking the encryption way more trivial than it was when it was encrypted .</tokentext>
<sentencetext>I'm sure someone will correct me if I'm wrong, but according to the DMCA, bitswapping is considered as encryption.
(Remember dvd encryption, and how it only took those guys mere minutes to brute force against it?
That made me want to laugh myself to death.
)

What's to prevent the health care industry from doing the minimum encryption possible?
Most corporations are mostly interested in the bottom line, which means the minimum dollar amount required to achieve the minimum compliance level necessary to cover their own ass.
And, then they'll probably advertise more on the fact that they're compliant, than on the act of actual compliance.
The smoking companies are pretty famous for that.
And who's to say that whatever compliance level that is described (if any) in the bills, aren't annually revised to maintain a sufficient level of effort required to still make cracking the encryption impractical.
Because, if it's not, then just wait a few years, and the power of technology will let you brute force/crack almost anything.
We're already at the point where there's news of 2+ attacks against WPA1.
And with personal health info, the average lifespan is 70+ years, so that means you could probably sit on the data for 10 years or more while technology makes cracking the encryption way more trivial than it was when it was encrypted.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007784</id>
	<title>Redaction Reaction Recitation</title>
	<author>Mr\_Blank</author>
	<datestamp>1257536340000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>I am not sure the proposed law does much if redaction is all it takes to get a pass.  From Law.com:</p><blockquote><div><p> <b>Electronic Redaction Doesn't Always Hide What It's Supposed to Hide</b><br>Paralegals need to know how to keep information confidential</p><p>Dana J. Lesemann.  The Recorder.  May 05, 2006</p><p>With the issue of intentional government leaks of classified information frequently in the news, the problem of unintentional leaks of classified and sensitive information is frequently overlooked. The examples are numerous and startling.</p><p>Last year, U.S. military commanders in Iraq released a long-awaited report of the American investigation into the fatal shooting of an Italian agent escorting a freed hostage through a security checkpoint. In order to give the classified report the widest possible distribution, officials posted the document on the military's "Multinational Force-Iraq" Web site in Adobe's portable document format, or PDF. The report was heavily redacted, with sections obscured by black boxes.</p><p>Within hours, however, readers in the blogosphere had discovered that the classified information would appear if the text was copied and pasted into Microsoft Word or any other word-processing program. Stars and Stripes, the Department of Defense newspaper, noted that the classified sections of the report covered "the securing of checkpoints, as well as specifics concerning how soldiers manned the checkpoint where the Italian intelligence officer was killed. In the past, Pentagon officials have repeatedly refused to discuss such details, citing security concerns." Soon after, the report was removed from the Web site.</p><p>Copies of the improperly redacted report, however, live on. We at the consulting firm of Stroz Friedberg, too, were able to remove the redaction and save the clear text in a Word document. Forensic examiners in our office found that the document had been produced directly from Microsoft Word using Adobe Acrobat 6.0's PDFMaker. The redacted text simply had been highlighted in black. As a result, to reveal the classified information, the steps are simple: Highlight the text with the "select text" button on the PDF toolbar, copy the text by typing "control C," open a new document in a word-processing program and paste the text into the new document.</p></div></blockquote><p><a href="http://www.law.com/jsp/law/international/LawArticleIntl.jsp?id=900005549014" title="law.com">Read more...</a> [law.com]</p></div>
	</htmltext>
<tokenext>I am not sure the proposed law does much if redaction is all it takes to get a pass .
From Law.com : Electronic Redaction Does n't Always Hide What It 's Supposed to HideParalegals need to know how to keep information confidentialDana J. Lesemann. The Recorder .
May 05 , 2006With the issue of intentional government leaks of classified information frequently in the news , the problem of unintentional leaks of classified and sensitive information is frequently overlooked .
The examples are numerous and startling.Last year , U.S. military commanders in Iraq released a long-awaited report of the American investigation into the fatal shooting of an Italian agent escorting a freed hostage through a security checkpoint .
In order to give the classified report the widest possible distribution , officials posted the document on the military 's " Multinational Force-Iraq " Web site in Adobe 's portable document format , or PDF .
The report was heavily redacted , with sections obscured by black boxes.Within hours , however , readers in the blogosphere had discovered that the classified information would appear if the text was copied and pasted into Microsoft Word or any other word-processing program .
Stars and Stripes , the Department of Defense newspaper , noted that the classified sections of the report covered " the securing of checkpoints , as well as specifics concerning how soldiers manned the checkpoint where the Italian intelligence officer was killed .
In the past , Pentagon officials have repeatedly refused to discuss such details , citing security concerns .
" Soon after , the report was removed from the Web site.Copies of the improperly redacted report , however , live on .
We at the consulting firm of Stroz Friedberg , too , were able to remove the redaction and save the clear text in a Word document .
Forensic examiners in our office found that the document had been produced directly from Microsoft Word using Adobe Acrobat 6.0 's PDFMaker .
The redacted text simply had been highlighted in black .
As a result , to reveal the classified information , the steps are simple : Highlight the text with the " select text " button on the PDF toolbar , copy the text by typing " control C , " open a new document in a word-processing program and paste the text into the new document.Read more... [ law.com ]</tokentext>
<sentencetext>I am not sure the proposed law does much if redaction is all it takes to get a pass.
From Law.com: Electronic Redaction Doesn't Always Hide What It's Supposed to HideParalegals need to know how to keep information confidentialDana J. Lesemann.  The Recorder.
May 05, 2006With the issue of intentional government leaks of classified information frequently in the news, the problem of unintentional leaks of classified and sensitive information is frequently overlooked.
The examples are numerous and startling.Last year, U.S. military commanders in Iraq released a long-awaited report of the American investigation into the fatal shooting of an Italian agent escorting a freed hostage through a security checkpoint.
In order to give the classified report the widest possible distribution, officials posted the document on the military's "Multinational Force-Iraq" Web site in Adobe's portable document format, or PDF.
The report was heavily redacted, with sections obscured by black boxes.Within hours, however, readers in the blogosphere had discovered that the classified information would appear if the text was copied and pasted into Microsoft Word or any other word-processing program.
Stars and Stripes, the Department of Defense newspaper, noted that the classified sections of the report covered "the securing of checkpoints, as well as specifics concerning how soldiers manned the checkpoint where the Italian intelligence officer was killed.
In the past, Pentagon officials have repeatedly refused to discuss such details, citing security concerns.
" Soon after, the report was removed from the Web site.Copies of the improperly redacted report, however, live on.
We at the consulting firm of Stroz Friedberg, too, were able to remove the redaction and save the clear text in a Word document.
Forensic examiners in our office found that the document had been produced directly from Microsoft Word using Adobe Acrobat 6.0's PDFMaker.
The redacted text simply had been highlighted in black.
As a result, to reveal the classified information, the steps are simple: Highlight the text with the "select text" button on the PDF toolbar, copy the text by typing "control C," open a new document in a word-processing program and paste the text into the new document.Read more... [law.com]
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007984</id>
	<title>Encryption doesn't mean the data is secure</title>
	<author>mlts</author>
	<datestamp>1257537660000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>Encryption is not a cure all for security needs.  It is merely a tool, similar to locks on the door, guards with M16s, and CCTV cameras.  Poorly implemented, it could mean little to a clued attacker, and businesses need to realize that the clued attackers are far more common that they think.</p><p>One example:  Say someone uses the hardware encryption on a tape drive.  Tape drives can have encryption set in multiple ways.  It can be manually set for all tapes, or the backup application can manage keys and set the encryption pet tape.  If an organization is slipshod about the way they use the encryption and use one key for all tapes, and have that key information written on the proverbial slip of paper on the monitor, then an attacker can grab the tapes, perhaps grab a tape drive or buy one, and decrypt the info to their hearts content.  Compare this to an organization which uses more stringent backup procedures so that even if a tape is stolen by an insider, it won't be decodable.</p><p>Another example:  BitLocker.  If implemented right, BitLocker is solid against most known threats (avenues like rubber hoses and RAM scanning via IEEE1394 are different).  However, if someone installs BitLocker and then disables all key protectors, to a competant attacker, the BitLocker protection is dealt with.  Same with people using BitLocker on machines without TPMs using USB flash drives, and not making sure the flash drive is stored securely.</p><p>There are various implementions of encryption.  ECB is a bad version (because an attacker can figure out what a block matches to).  A good implementation might use multiple diffusers and an algorithm like XTS so an attacker can't compare sector 55 with sector 157 and determine if the contents are similar.  So, even though a program might use AES, if salts and other crypto concepts are not used, it severely weakens security.</p><p>Finally, TrueCrypt.  If someone thinks that TrueCrypt fixes all their security issues and doesn't concern themselves with attacks over the wire, an attacker can either slap a keylogger on a machine, or just read the volume decryption keys from memory, then at a later date grab the disks if there is too much data to fetch from remote.  If TrueCrypt is used with proper protection against network attacks (firewall, etc.) then it provides excellent protection.</p><p>I am concerned that a law exempting breaches from being disclosed would only work in the blackhat's favor.  In theory, someone could rot13 the data on the drive, or AES it with an all zero key to make the security that comes with encryption meaningless.</p></htmltext>
<tokenext>Encryption is not a cure all for security needs .
It is merely a tool , similar to locks on the door , guards with M16s , and CCTV cameras .
Poorly implemented , it could mean little to a clued attacker , and businesses need to realize that the clued attackers are far more common that they think.One example : Say someone uses the hardware encryption on a tape drive .
Tape drives can have encryption set in multiple ways .
It can be manually set for all tapes , or the backup application can manage keys and set the encryption pet tape .
If an organization is slipshod about the way they use the encryption and use one key for all tapes , and have that key information written on the proverbial slip of paper on the monitor , then an attacker can grab the tapes , perhaps grab a tape drive or buy one , and decrypt the info to their hearts content .
Compare this to an organization which uses more stringent backup procedures so that even if a tape is stolen by an insider , it wo n't be decodable.Another example : BitLocker .
If implemented right , BitLocker is solid against most known threats ( avenues like rubber hoses and RAM scanning via IEEE1394 are different ) .
However , if someone installs BitLocker and then disables all key protectors , to a competant attacker , the BitLocker protection is dealt with .
Same with people using BitLocker on machines without TPMs using USB flash drives , and not making sure the flash drive is stored securely.There are various implementions of encryption .
ECB is a bad version ( because an attacker can figure out what a block matches to ) .
A good implementation might use multiple diffusers and an algorithm like XTS so an attacker ca n't compare sector 55 with sector 157 and determine if the contents are similar .
So , even though a program might use AES , if salts and other crypto concepts are not used , it severely weakens security.Finally , TrueCrypt .
If someone thinks that TrueCrypt fixes all their security issues and does n't concern themselves with attacks over the wire , an attacker can either slap a keylogger on a machine , or just read the volume decryption keys from memory , then at a later date grab the disks if there is too much data to fetch from remote .
If TrueCrypt is used with proper protection against network attacks ( firewall , etc .
) then it provides excellent protection.I am concerned that a law exempting breaches from being disclosed would only work in the blackhat 's favor .
In theory , someone could rot13 the data on the drive , or AES it with an all zero key to make the security that comes with encryption meaningless .</tokentext>
<sentencetext>Encryption is not a cure all for security needs.
It is merely a tool, similar to locks on the door, guards with M16s, and CCTV cameras.
Poorly implemented, it could mean little to a clued attacker, and businesses need to realize that the clued attackers are far more common that they think.One example:  Say someone uses the hardware encryption on a tape drive.
Tape drives can have encryption set in multiple ways.
It can be manually set for all tapes, or the backup application can manage keys and set the encryption pet tape.
If an organization is slipshod about the way they use the encryption and use one key for all tapes, and have that key information written on the proverbial slip of paper on the monitor, then an attacker can grab the tapes, perhaps grab a tape drive or buy one, and decrypt the info to their hearts content.
Compare this to an organization which uses more stringent backup procedures so that even if a tape is stolen by an insider, it won't be decodable.Another example:  BitLocker.
If implemented right, BitLocker is solid against most known threats (avenues like rubber hoses and RAM scanning via IEEE1394 are different).
However, if someone installs BitLocker and then disables all key protectors, to a competant attacker, the BitLocker protection is dealt with.
Same with people using BitLocker on machines without TPMs using USB flash drives, and not making sure the flash drive is stored securely.There are various implementions of encryption.
ECB is a bad version (because an attacker can figure out what a block matches to).
A good implementation might use multiple diffusers and an algorithm like XTS so an attacker can't compare sector 55 with sector 157 and determine if the contents are similar.
So, even though a program might use AES, if salts and other crypto concepts are not used, it severely weakens security.Finally, TrueCrypt.
If someone thinks that TrueCrypt fixes all their security issues and doesn't concern themselves with attacks over the wire, an attacker can either slap a keylogger on a machine, or just read the volume decryption keys from memory, then at a later date grab the disks if there is too much data to fetch from remote.
If TrueCrypt is used with proper protection against network attacks (firewall, etc.
) then it provides excellent protection.I am concerned that a law exempting breaches from being disclosed would only work in the blackhat's favor.
In theory, someone could rot13 the data on the drive, or AES it with an all zero key to make the security that comes with encryption meaningless.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007606</id>
	<title>Oh, this will be easy...</title>
	<author>Penguinisto</author>
	<datestamp>1257535320000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>"I'm sorry, but we cannot disclose such an event because the data was indeed encrypted... in our new and highly-advanced ROT-0 encryption algorithm."</p></htmltext>
<tokenext>" I 'm sorry , but we can not disclose such an event because the data was indeed encrypted... in our new and highly-advanced ROT-0 encryption algorithm .
"</tokentext>
<sentencetext>"I'm sorry, but we cannot disclose such an event because the data was indeed encrypted... in our new and highly-advanced ROT-0 encryption algorithm.
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007906</id>
	<title>iFirst</title>
	<author>Anonymous</author>
	<datestamp>1257537120000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext>trouble. It Man walking. It's then Jordan HHubard</htmltext>
<tokenext>trouble .
It Man walking .
It 's then Jordan HHubard</tokentext>
<sentencetext>trouble.
It Man walking.
It's then Jordan HHubard</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007694</id>
	<title>Protecting the megacorps</title>
	<author>commodore64\_love</author>
	<datestamp>1257535860000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>That's what this does: "S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms."   It's akin to the Audit the Fed bill was rendered harmless by allowing the federal reserve to black-out names of persons/organizations that received money.  It's meaningless.</p><p>I honestly don't understand Congresscritters who sell-out like this.  Is keeping their job so important that they'd bend to the will of their corporate donaters and ignore their basic "don't be evil" morals?</p></htmltext>
<tokenext>That 's what this does : " S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods , such as redaction , access controls , or other such mechanisms .
" It 's akin to the Audit the Fed bill was rendered harmless by allowing the federal reserve to black-out names of persons/organizations that received money .
It 's meaningless.I honestly do n't understand Congresscritters who sell-out like this .
Is keeping their job so important that they 'd bend to the will of their corporate donaters and ignore their basic " do n't be evil " morals ?</tokentext>
<sentencetext>That's what this does: "S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms.
"   It's akin to the Audit the Fed bill was rendered harmless by allowing the federal reserve to black-out names of persons/organizations that received money.
It's meaningless.I honestly don't understand Congresscritters who sell-out like this.
Is keeping their job so important that they'd bend to the will of their corporate donaters and ignore their basic "don't be evil" morals?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30008646</id>
	<title>Congress Critters work for us?</title>
	<author>Anonymous</author>
	<datestamp>1257540600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Power Corrupts.
<p>
Absolute power corrupts absolutely</p></htmltext>
<tokenext>Power Corrupts .
Absolute power corrupts absolutely</tokentext>
<sentencetext>Power Corrupts.
Absolute power corrupts absolutely</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007694</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30047736</id>
	<title>Re:Access Controls</title>
	<author>Hurricane78</author>
	<datestamp>1257876840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Combined with the idea of the government managing our health care, I'm not terribly encouraged by the idea.</p></div><p>You mean other than private companies, whose sole reason of existence is to make as much money off you while giving you as little as possible? Either legal or trough bribery. Who literally will throw you out of the hospital with broken ribs, to die on the street. (Yes, I've seen that happen.) And who are in no way related to your actual health?</p><p>Yeah, I really hope you can keep those companies. Then I don't have to strangle you with my bare hands for being such an unbelievable retard, but can just let the HMOs kill you, slowly, and painfully... as they usually do it.</p></div>
	</htmltext>
<tokenext>Combined with the idea of the government managing our health care , I 'm not terribly encouraged by the idea.You mean other than private companies , whose sole reason of existence is to make as much money off you while giving you as little as possible ?
Either legal or trough bribery .
Who literally will throw you out of the hospital with broken ribs , to die on the street .
( Yes , I 've seen that happen .
) And who are in no way related to your actual health ? Yeah , I really hope you can keep those companies .
Then I do n't have to strangle you with my bare hands for being such an unbelievable retard , but can just let the HMOs kill you , slowly , and painfully... as they usually do it .</tokentext>
<sentencetext>Combined with the idea of the government managing our health care, I'm not terribly encouraged by the idea.You mean other than private companies, whose sole reason of existence is to make as much money off you while giving you as little as possible?
Either legal or trough bribery.
Who literally will throw you out of the hospital with broken ribs, to die on the street.
(Yes, I've seen that happen.
) And who are in no way related to your actual health?Yeah, I really hope you can keep those companies.
Then I don't have to strangle you with my bare hands for being such an unbelievable retard, but can just let the HMOs kill you, slowly, and painfully... as they usually do it.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007614</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007536</id>
	<title>Comment Redacted</title>
	<author>Anonymous</author>
	<datestamp>1257534960000</datestamp>
	<modclass>Funny</modclass>
	<modscore>0</modscore>
	<htmltext><p>Comment Redacted<br>Approved for Public Release</p></htmltext>
<tokenext>Comment RedactedApproved for Public Release</tokentext>
<sentencetext>Comment RedactedApproved for Public Release</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007614</id>
	<title>Access Controls</title>
	<author>savanik</author>
	<datestamp>1257535440000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>Sounds like they're saying that putting a BIOS password on a laptop means they don't have to tell anyone the next time they lose 500 million social security records, huh? Or heck, if BIOS passwords are too difficult, it could always just have user accounts. Those count as "access controls", too.</p><p>Combined with the idea of the government managing our health care, I'm not terribly encouraged by the idea.</p></htmltext>
<tokenext>Sounds like they 're saying that putting a BIOS password on a laptop means they do n't have to tell anyone the next time they lose 500 million social security records , huh ?
Or heck , if BIOS passwords are too difficult , it could always just have user accounts .
Those count as " access controls " , too.Combined with the idea of the government managing our health care , I 'm not terribly encouraged by the idea .</tokentext>
<sentencetext>Sounds like they're saying that putting a BIOS password on a laptop means they don't have to tell anyone the next time they lose 500 million social security records, huh?
Or heck, if BIOS passwords are too difficult, it could always just have user accounts.
Those count as "access controls", too.Combined with the idea of the government managing our health care, I'm not terribly encouraged by the idea.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007594</id>
	<title>Toothless</title>
	<author>guruevi</author>
	<datestamp>1257535320000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>The law would be able to benefit us and punish corporate greed and misbehavior when it comes to data protection but thanks to the corporate interests in the pockets of our lawmakers this law has been made ineffective. The law probably doesn't even specify what punishment would be affected and if it does it's probably so small that most corporations would rather pay it than implementing the technology it requires to satisfy the law. It would probably be even harder to find punishments or personal liability of the corporate officers that make decisions around the compliance with the words. And as it advances through several other levels of lawmakers (house, president, back to congress, rewriting,<nobr> <wbr></nobr>...) it will probably become even more bland.</p><p>If the law were to affect us, simple peasants and benefit corporate interests when breached, you could bet on it that long prison sentences and fines would be involved with it as is the case with the DMCA, ACTA and general 'intellectual property' laws.</p></htmltext>
<tokenext>The law would be able to benefit us and punish corporate greed and misbehavior when it comes to data protection but thanks to the corporate interests in the pockets of our lawmakers this law has been made ineffective .
The law probably does n't even specify what punishment would be affected and if it does it 's probably so small that most corporations would rather pay it than implementing the technology it requires to satisfy the law .
It would probably be even harder to find punishments or personal liability of the corporate officers that make decisions around the compliance with the words .
And as it advances through several other levels of lawmakers ( house , president , back to congress , rewriting , ... ) it will probably become even more bland.If the law were to affect us , simple peasants and benefit corporate interests when breached , you could bet on it that long prison sentences and fines would be involved with it as is the case with the DMCA , ACTA and general 'intellectual property ' laws .</tokentext>
<sentencetext>The law would be able to benefit us and punish corporate greed and misbehavior when it comes to data protection but thanks to the corporate interests in the pockets of our lawmakers this law has been made ineffective.
The law probably doesn't even specify what punishment would be affected and if it does it's probably so small that most corporations would rather pay it than implementing the technology it requires to satisfy the law.
It would probably be even harder to find punishments or personal liability of the corporate officers that make decisions around the compliance with the words.
And as it advances through several other levels of lawmakers (house, president, back to congress, rewriting, ...) it will probably become even more bland.If the law were to affect us, simple peasants and benefit corporate interests when breached, you could bet on it that long prison sentences and fines would be involved with it as is the case with the DMCA, ACTA and general 'intellectual property' laws.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30009924</id>
	<title>There should be no exemptions</title>
	<author>mysidia</author>
	<datestamp>1257502800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
The company should be allowed to explain what type of encryption the data was protected with <b>when informing customers of the breach</b>
</p><p>
But should not be relieved of the notification.
Mere data encryption does not assure the info has not been exposed and won't be, based on the breach.
</p></htmltext>
<tokenext>The company should be allowed to explain what type of encryption the data was protected with when informing customers of the breach But should not be relieved of the notification .
Mere data encryption does not assure the info has not been exposed and wo n't be , based on the breach .</tokentext>
<sentencetext>
The company should be allowed to explain what type of encryption the data was protected with when informing customers of the breach

But should not be relieved of the notification.
Mere data encryption does not assure the info has not been exposed and won't be, based on the breach.
</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30010144</id>
	<title>Re:Oh, this will be easy...</title>
	<author>DarthVain</author>
	<datestamp>1257503820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Don't make me drug you and beat you with a wrench!</p></htmltext>
<tokenext>Do n't make me drug you and beat you with a wrench !</tokentext>
<sentencetext>Don't make me drug you and beat you with a wrench!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007606</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007706</id>
	<title>it should be about effectiveness</title>
	<author>Anonymous</author>
	<datestamp>1257535980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It looks to me (perhaps naively) that the exemption might be well-intentioned.  But yeah, they got it wrong.  They're looking at the notification as somehow a punishment, and if the accidental leaker basically tried to do the right thing, then there's no reason to "punish" them by embarrassing them.
</p><p>But is that really the point?  If your information gets out, nobody gives a damn whether the leaker did what all the other lemmings did.  What you care about, is whether whatever they did -- whether it's a standard industry practice or not -- will prevent the leaked data from being useable. There are lots of industry standards but if you actually work in the industry or understand tech stuff, then you know that many of them are pretty stup-- ineffective.
</p><p>The exemption should totally ignore the idea of what is considered best practices, and just ask: can the information be used?  If it can, then notification should be required.  If the information is safe, then don't worry too much.</p></htmltext>
<tokenext>It looks to me ( perhaps naively ) that the exemption might be well-intentioned .
But yeah , they got it wrong .
They 're looking at the notification as somehow a punishment , and if the accidental leaker basically tried to do the right thing , then there 's no reason to " punish " them by embarrassing them .
But is that really the point ?
If your information gets out , nobody gives a damn whether the leaker did what all the other lemmings did .
What you care about , is whether whatever they did -- whether it 's a standard industry practice or not -- will prevent the leaked data from being useable .
There are lots of industry standards but if you actually work in the industry or understand tech stuff , then you know that many of them are pretty stup-- ineffective .
The exemption should totally ignore the idea of what is considered best practices , and just ask : can the information be used ?
If it can , then notification should be required .
If the information is safe , then do n't worry too much .</tokentext>
<sentencetext>It looks to me (perhaps naively) that the exemption might be well-intentioned.
But yeah, they got it wrong.
They're looking at the notification as somehow a punishment, and if the accidental leaker basically tried to do the right thing, then there's no reason to "punish" them by embarrassing them.
But is that really the point?
If your information gets out, nobody gives a damn whether the leaker did what all the other lemmings did.
What you care about, is whether whatever they did -- whether it's a standard industry practice or not -- will prevent the leaked data from being useable.
There are lots of industry standards but if you actually work in the industry or understand tech stuff, then you know that many of them are pretty stup-- ineffective.
The exemption should totally ignore the idea of what is considered best practices, and just ask: can the information be used?
If it can, then notification should be required.
If the information is safe, then don't worry too much.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007758</id>
	<title>Access Controls?</title>
	<author>Reason58</author>
	<datestamp>1257536220000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods, such as redaction, <b>access controls</b>, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standard.</p></div><p>In essence, this means the only companies required to report a data breach are the ones that keep their information in a publicly facing database with no authentication.</p></div>
	</htmltext>
<tokenext>S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods , such as redaction , access controls , or other such mechanisms , that are widely accepted as an effective industry practice , or an effective industry standard.In essence , this means the only companies required to report a data breach are the ones that keep their information in a publicly facing database with no authentication .</tokentext>
<sentencetext>S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standard.In essence, this means the only companies required to report a data breach are the ones that keep their information in a publicly facing database with no authentication.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007734</id>
	<title>wow....</title>
	<author>stoned\_hamster</author>
	<datestamp>1257536100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>now all the stupid spammers have to do is flash their 12 for a dollar gov't I.D.'s and they're home free.</htmltext>
<tokenext>now all the stupid spammers have to do is flash their 12 for a dollar gov't I.D .
's and they 're home free .</tokentext>
<sentencetext>now all the stupid spammers have to do is flash their 12 for a dollar gov't I.D.
's and they're home free.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30008134</id>
	<title>Access Controls != No Access</title>
	<author>GeekZilla</author>
	<datestamp>1257538320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"Sure, Ryan and his boys can make it hack-proof. But that don't mean we ain't gonna hack it."</p></htmltext>
<tokenext>" Sure , Ryan and his boys can make it hack-proof .
But that do n't mean we ai n't gon na hack it .
"</tokentext>
<sentencetext>"Sure, Ryan and his boys can make it hack-proof.
But that don't mean we ain't gonna hack it.
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007592</id>
	<title>Your official guide to the Jigaboo presidency</title>
	<author>Anonymous</author>
	<datestamp>1257535260000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Congratulations on your purchase of a brand new nigger! If handled properly, your apeman will give years of valuable, if reluctant, service.</p><p>INSTALLING YOUR NIGGER.<br>You should install your nigger differently according to whether you have purchased the field or house model. Field niggers work best in a serial configuration, i.e. chained together. Chain your nigger to another nigger immediately after unpacking it, and don't even think about taking that chain off, ever. Many niggers start singing as soon as you put a chain on them. This habit can usually be thrashed out of them if nipped in the bud. House niggers work best as standalone units, but should be hobbled or hamstrung to prevent attempts at escape. At this stage, your nigger can also be given a name. Most owners use the same names over and over, since niggers become confused by too much data. Rufus, Rastus, Remus, Toby, Carslisle, Carlton, Hey-You!-Yes-you!, Yeller, Blackstar, and Sambo are all effective names for your new buck nigger. If your nigger is a ho, it should be called Latrelle, L'Tanya, or Jemima. Some owners call their nigger hoes Latrine for a joke. Pearl, Blossom, and Ivory are also righteous names for nigger hoes. These names go straight over your nigger's head, by the way.</p><p>CONFIGURING YOUR NIGGER<br>Owing to a design error, your nigger comes equipped with a tongue and vocal chords. Most niggers can master only a few basic human phrases with this apparatus - "muh dick" being the most popular. However, others make barking, yelping, yapping noises and appear to be in some pain, so you should probably call a vet and have him remove your nigger's tongue. Once de-tongued your nigger will be a lot happier - at least, you won't hear it complaining anywhere near as much. Niggers have nothing interesting to say, anyway. Many owners also castrate their niggers for health reasons (yours, mine, and that of women, not the nigger's). This is strongly recommended, and frankly, it's a mystery why this is not done on the boat</p><p>HOUSING YOUR NIGGER.<br>Your nigger can be accommodated in cages with stout iron bars. Make sure, however, that the bars are wide enough to push pieces of nigger food through. The rule of thumb is, four niggers per square yard of cage. So a fifteen foot by thirty foot nigger cage can accommodate two hundred niggers. You can site a nigger cage anywhere, even on soft ground. Don't worry about your nigger fashioning makeshift shovels out of odd pieces of wood and digging an escape tunnel under the bars of the cage. Niggers never invented the shovel before and they're not about to now. In any case, your nigger is certainly too lazy to attempt escape. As long as the free food holds out, your nigger is living better than it did in Africa, so it will stay put. Buck niggers and hoe niggers can be safely accommodated in the same cage, as bucks never attempt sex with black hoes.</p><p>FEEDING YOUR NIGGER.<br>Your Nigger likes fried chicken, corn bread, and watermelon. You should therefore give it none of these things because its lazy ass almost certainly doesn't deserve it. Instead, feed it on porridge with salt, and creek water. Your nigger will supplement its diet with whatever it finds in the fields, other niggers, etc. Experienced nigger owners sometimes push watermelon slices through the bars of the nigger cage at the end of the day as a treat, but only if all niggers have worked well and nothing has been stolen that day. Mike of the Old Ranch Plantation reports that this last one is a killer, since all niggers steal something almost every single day of their lives. He reports he doesn't have to spend much on free watermelon for his niggers as a result. You should never allow your nigger meal breaks while at work, since if it stops work for more than ten minutes it will need to be retrained. You would be surprised how long it takes to teach a nigger to pick cotton. You really would. Coffee beans? Don't ask. You have no idea.</p><p>MAKING YOUR NIGGER WORK.<br>Niggers are very, very averse to work of any kind. The nigger's most</p></htmltext>
<tokenext>Congratulations on your purchase of a brand new nigger !
If handled properly , your apeman will give years of valuable , if reluctant , service.INSTALLING YOUR NIGGER.You should install your nigger differently according to whether you have purchased the field or house model .
Field niggers work best in a serial configuration , i.e .
chained together .
Chain your nigger to another nigger immediately after unpacking it , and do n't even think about taking that chain off , ever .
Many niggers start singing as soon as you put a chain on them .
This habit can usually be thrashed out of them if nipped in the bud .
House niggers work best as standalone units , but should be hobbled or hamstrung to prevent attempts at escape .
At this stage , your nigger can also be given a name .
Most owners use the same names over and over , since niggers become confused by too much data .
Rufus , Rastus , Remus , Toby , Carslisle , Carlton , Hey-You ! -Yes-you ! , Yeller , Blackstar , and Sambo are all effective names for your new buck nigger .
If your nigger is a ho , it should be called Latrelle , L'Tanya , or Jemima .
Some owners call their nigger hoes Latrine for a joke .
Pearl , Blossom , and Ivory are also righteous names for nigger hoes .
These names go straight over your nigger 's head , by the way.CONFIGURING YOUR NIGGEROwing to a design error , your nigger comes equipped with a tongue and vocal chords .
Most niggers can master only a few basic human phrases with this apparatus - " muh dick " being the most popular .
However , others make barking , yelping , yapping noises and appear to be in some pain , so you should probably call a vet and have him remove your nigger 's tongue .
Once de-tongued your nigger will be a lot happier - at least , you wo n't hear it complaining anywhere near as much .
Niggers have nothing interesting to say , anyway .
Many owners also castrate their niggers for health reasons ( yours , mine , and that of women , not the nigger 's ) .
This is strongly recommended , and frankly , it 's a mystery why this is not done on the boatHOUSING YOUR NIGGER.Your nigger can be accommodated in cages with stout iron bars .
Make sure , however , that the bars are wide enough to push pieces of nigger food through .
The rule of thumb is , four niggers per square yard of cage .
So a fifteen foot by thirty foot nigger cage can accommodate two hundred niggers .
You can site a nigger cage anywhere , even on soft ground .
Do n't worry about your nigger fashioning makeshift shovels out of odd pieces of wood and digging an escape tunnel under the bars of the cage .
Niggers never invented the shovel before and they 're not about to now .
In any case , your nigger is certainly too lazy to attempt escape .
As long as the free food holds out , your nigger is living better than it did in Africa , so it will stay put .
Buck niggers and hoe niggers can be safely accommodated in the same cage , as bucks never attempt sex with black hoes.FEEDING YOUR NIGGER.Your Nigger likes fried chicken , corn bread , and watermelon .
You should therefore give it none of these things because its lazy ass almost certainly does n't deserve it .
Instead , feed it on porridge with salt , and creek water .
Your nigger will supplement its diet with whatever it finds in the fields , other niggers , etc .
Experienced nigger owners sometimes push watermelon slices through the bars of the nigger cage at the end of the day as a treat , but only if all niggers have worked well and nothing has been stolen that day .
Mike of the Old Ranch Plantation reports that this last one is a killer , since all niggers steal something almost every single day of their lives .
He reports he does n't have to spend much on free watermelon for his niggers as a result .
You should never allow your nigger meal breaks while at work , since if it stops work for more than ten minutes it will need to be retrained .
You would be surprised how long it takes to teach a nigger to pick cotton .
You really would .
Coffee beans ?
Do n't ask .
You have no idea.MAKING YOUR NIGGER WORK.Niggers are very , very averse to work of any kind .
The nigger 's most</tokentext>
<sentencetext>Congratulations on your purchase of a brand new nigger!
If handled properly, your apeman will give years of valuable, if reluctant, service.INSTALLING YOUR NIGGER.You should install your nigger differently according to whether you have purchased the field or house model.
Field niggers work best in a serial configuration, i.e.
chained together.
Chain your nigger to another nigger immediately after unpacking it, and don't even think about taking that chain off, ever.
Many niggers start singing as soon as you put a chain on them.
This habit can usually be thrashed out of them if nipped in the bud.
House niggers work best as standalone units, but should be hobbled or hamstrung to prevent attempts at escape.
At this stage, your nigger can also be given a name.
Most owners use the same names over and over, since niggers become confused by too much data.
Rufus, Rastus, Remus, Toby, Carslisle, Carlton, Hey-You!-Yes-you!, Yeller, Blackstar, and Sambo are all effective names for your new buck nigger.
If your nigger is a ho, it should be called Latrelle, L'Tanya, or Jemima.
Some owners call their nigger hoes Latrine for a joke.
Pearl, Blossom, and Ivory are also righteous names for nigger hoes.
These names go straight over your nigger's head, by the way.CONFIGURING YOUR NIGGEROwing to a design error, your nigger comes equipped with a tongue and vocal chords.
Most niggers can master only a few basic human phrases with this apparatus - "muh dick" being the most popular.
However, others make barking, yelping, yapping noises and appear to be in some pain, so you should probably call a vet and have him remove your nigger's tongue.
Once de-tongued your nigger will be a lot happier - at least, you won't hear it complaining anywhere near as much.
Niggers have nothing interesting to say, anyway.
Many owners also castrate their niggers for health reasons (yours, mine, and that of women, not the nigger's).
This is strongly recommended, and frankly, it's a mystery why this is not done on the boatHOUSING YOUR NIGGER.Your nigger can be accommodated in cages with stout iron bars.
Make sure, however, that the bars are wide enough to push pieces of nigger food through.
The rule of thumb is, four niggers per square yard of cage.
So a fifteen foot by thirty foot nigger cage can accommodate two hundred niggers.
You can site a nigger cage anywhere, even on soft ground.
Don't worry about your nigger fashioning makeshift shovels out of odd pieces of wood and digging an escape tunnel under the bars of the cage.
Niggers never invented the shovel before and they're not about to now.
In any case, your nigger is certainly too lazy to attempt escape.
As long as the free food holds out, your nigger is living better than it did in Africa, so it will stay put.
Buck niggers and hoe niggers can be safely accommodated in the same cage, as bucks never attempt sex with black hoes.FEEDING YOUR NIGGER.Your Nigger likes fried chicken, corn bread, and watermelon.
You should therefore give it none of these things because its lazy ass almost certainly doesn't deserve it.
Instead, feed it on porridge with salt, and creek water.
Your nigger will supplement its diet with whatever it finds in the fields, other niggers, etc.
Experienced nigger owners sometimes push watermelon slices through the bars of the nigger cage at the end of the day as a treat, but only if all niggers have worked well and nothing has been stolen that day.
Mike of the Old Ranch Plantation reports that this last one is a killer, since all niggers steal something almost every single day of their lives.
He reports he doesn't have to spend much on free watermelon for his niggers as a result.
You should never allow your nigger meal breaks while at work, since if it stops work for more than ten minutes it will need to be retrained.
You would be surprised how long it takes to teach a nigger to pick cotton.
You really would.
Coffee beans?
Don't ask.
You have no idea.MAKING YOUR NIGGER WORK.Niggers are very, very averse to work of any kind.
The nigger's most</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30012118</id>
	<title>Now if we could just get two of these laws</title>
	<author>hey!</author>
	<datestamp>1257522240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>... our National Data wouldn't be walking around without pants.</p></htmltext>
<tokenext>... our National Data would n't be walking around without pants .</tokentext>
<sentencetext>... our National Data wouldn't be walking around without pants.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007690</id>
	<title>Why industry standards?</title>
	<author>Anonymous</author>
	<datestamp>1257535860000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p><div class="quote"><p>rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standard</p></div><p>Doesn't ISO (International Organization for Standardization) have... standards for these kinds of things?</p><p>Industry standards are the corporate version of "all the other kids are doing it".<br>And seriously, I don't think self-regulation (aka industry standards) is going to cut it for data security.</p></div>
	</htmltext>
<tokenext>rendered indecipherable through the use of best practices or methods , such as redaction , access controls , or other such mechanisms , that are widely accepted as an effective industry practice , or an effective industry standardDoes n't ISO ( International Organization for Standardization ) have... standards for these kinds of things ? Industry standards are the corporate version of " all the other kids are doing it " .And seriously , I do n't think self-regulation ( aka industry standards ) is going to cut it for data security .</tokentext>
<sentencetext>rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standardDoesn't ISO (International Organization for Standardization) have... standards for these kinds of things?Industry standards are the corporate version of "all the other kids are doing it".And seriously, I don't think self-regulation (aka industry standards) is going to cut it for data security.
	</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_06_1638226_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30010144
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007606
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_06_1638226_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007698
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007594
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_06_1638226_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30009898
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30008198
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007606
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_06_1638226_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30008646
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007694
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_06_1638226_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007798
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007594
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_06_1638226_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30047736
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007614
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_06_1638226.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007690
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_06_1638226.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007614
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30047736
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_06_1638226.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007694
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30008646
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_06_1638226.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007606
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30010144
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30008198
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30009898
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_06_1638226.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007984
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_06_1638226.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007784
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_06_1638226.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007594
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007698
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007798
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_06_1638226.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007536
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_06_1638226.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_06_1638226.30007706
</commentlist>
</conversation>
