NHS email encryption
Adrian Midgley
ukcrypto at chiark.greenend.org.uk
Sat, 25 Aug 2007 14:07:27 +0100
Dave Howe wrote:
> Roland Perry wrote:
>> In article <46CEE726.5000806@defoam.net>, "Dr Adrian Midgley (In the
>> office)" <amidgley2@defoam.net> writes
>>> Any patient identifiable information sent from an ordinary email
>>> account (eg ekcpct.nhs.uk or gp-g80000.nhs.uk) is not fully
>>> encrypted and therefore open to interception and would constitute
>>> sending details outside the EEA.
>>
>> Hold on, are they saying that the server that does nhs.uk emails is
>> located outside the EEA?!?
>>
>> mail.nhs.uk is allegedly 212.137.44.179, which is somewhere in
>> cw.net; Sheffield according to one geolocation tool, Manchester
>> another, London a third (did anyone say geolocation was an inexact
>> science?)
>
> I *do* know the nhs.net official mailservers have been causing us
> problems - they assert their wilingness/ability to do opportunistic
> crypto in their EHLO replies, but then drop the connection if you
> attempt to do a STARTTLS from outside of the nhs.... This is
> apparently a deliberate security misfeature, no idea how or why they
> would implement that.
Is it possible to document that (I mean further than just saying it - I
believe you of course)?
And can I confirm that this would mean that the system being presented
to doctors and all other NHS workers as providing encrypted ("end to
end" no less) transmission to collect mail by (webmail and) POP3 and
IMAP4 over SSL so as to safely carry patient-identifiable information
between places in the NHS network and places outside it, does not
provide that encryption when operated as described?
Or is it possible that there is some secret sauce in Microsoft
Outlook/Express which causes the server to communicate with it as
securely as any Microsoft application and other standard-compliant
systems for email to be served a degraded performance? (Why does this
sound so horribly familiar and plausible?)
--
A