[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Adrian Midgley wrote:
Actually either PGP or GNU PG
I assume PGP was just a historical patenting accident in this regard.
The NHS is adopting a PKI-based scheme for moving lab results, which I infer has now made it past GCHQ et al, and we can expect half the secret to be used to generate our key to be emailed to us soon, and the other half to be conveyed to the health authority.
Interesting, one Civil Service IT Security chap I knew said they avoided encryption because of the trouble created by men in Grey Suits. Seems if you do encryption in the Civil Service, you have to do it with really good algorithmns (Presumably that is ones that ONLY GCHQ can break ;). Effectively the politics of this ended up preventing them from implementing simple general encryption of e-mail and such like. Which is probably more the kind of thing they needed, such as would stop the administrator backing it all up as plain text and taking it home to "grep" ;) Now if they were going to trust national secrets, instead of personnel records, to e-mail.....
Once those secrets have been combined the channel over which they were distributed will be assumed by many people to have been secured. Politics is intensely bound up with crypto, and the discussions on the UK-Crypto list are often rather interesting.
With my only sensitive use of PK technology, I surprised the other party by insisting on checking public key finger print information in another channel. No one had ever done that with him before! It did match, either the there was no man in the middle, or he is better at PGP than we give him credit for. Which leads us to the big issue with encryption, which is making sure it is used as intended. One suspects also that like credit cards and HTTPS, the data may be far safer travelling to the doctors surgery, than it is on either end of the line. Interesting they are starting with lab results. My problem has been that I couldn't get hold of the lab test results if they were unusual, as the receptionist or nurse would never give a blood test result out if it was abnormal, until the doctor had checked it. I can quite understand why this happens, having receptionists tell patients they have some ghastly ailment over the phone is probably not good medicine, but for some conditions you just want to know is it "high" or "low", you know it is unlikely to be normal. Anyway I guess having switched GP's I'll find out how Dr Midgley's practise approaches these things. I'm still trying to make time to look at opportunistic encryption in FreeSWAN properly. -- Are you using the Internet to best effect ? www.eighth-layer.com Tel: +44(0)1395 232769 ICQ: 116952768 Moderated discussion of teleworking at news:uk.business.telework -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.