bye bye ViaCode

[Ross Anderson]

Trust issues in the NHS are a red herring. The typical GP only uses
consultants at one or two hospitals, and the consultants don't have
PCs - they trust the hospital mainframe. The cryptography that is
already done runs to and from an EDIFACT converter, not to and from
the consultant's terminal (which he won't touch anyway and touching
keyboards is woman's work). So if you want to use crypto, hand-carry
an AES key to the hospital and type it in.

Of course, it's entirely unclear why crypto will do you any good.
WHy should the government bother tapping the line from the surgery
to the hospital, when the hospital mainframe copies everything of
interest to Clearing, and if for some reason they've forgotten
something they can always subpoena it under the new Health Act?

Get real, guys. Crypto and medical privacy have very little to do
with each other from the viewpoint of rational engineering. It's
just from the viewpoint of political rhetoric that crypto matters -
claims that `crypto is used' blind people to the ways in which data
get shared with people who have no business with it

Ross