PKC

[Ken Brown]

Owen Lewis wrote:
 
> Isn't one of the main points about securing data in an NHS system
> that the NHS is, essentially a low/medium security environment whilst
> serious cipher systems, pre- modern computer technology, were really
> only of value in medium/high security environments? If we can agree 
> on this,  then your point falls at a second as well as at the first fence.

But it is no more expensive or difficult to implement strong
cryptography than weak. The question should not even arise. 

You seem to be saying "because the whole system is quite weak we may as
look around for an insecure crypto system to fit in with the rest".
Which is plain silly. Why waste time and money on trying to persuade the
NHS not to use "serious" systems?  

It isn't like building a bridge, where there might be no point in
spending vast amounts of money on building  one section from over-speced
or stronger materials than another.   Of course it is always possible
that people with an accounting or military or engineering background
might not have realised that the good stuff costs the same as the
low-quality stuff. But surely doctors will be familiar with the idea
that cheap treatments may be more useful than expensive. 

Ken Brown