From ukcrypto at chiark.greenend.org.uk Sun Dec 2 09:34:37 2007 From: ukcrypto at chiark.greenend.org.uk (Mary Hawking) Date: Sun, 2 Dec 2007 09:34:37 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? Message-ID: I appreciate that the greatest threat to patient confidentiality is people, but my question - to this technically literate group - is whether it is technically possible to construct a shared record (at present this means, in CSCA/TPP[1] language an integrated record held between General Practice and Community nursing services - not sure whether this includes health visitors, chiropodists, physios, specialist nurses and Community Matrons - or Social Services as yet) and maintain data integrity and patient confidentiality? The background to this is that the CSCA is the LSP for 3/5ths of England and has taken over TPP systems from Accenture. TPP claims to have an integrated system that covers general practice, community, prisons, hospices - anything you could name - and Yorkshire and the Humber SHA have a strategic plan to migrate all GP practices to this by 2009/10. This is a link to the IM&T strategy for North Tyneside (where, by the way, 70-80% of practices are EMIS) http://www.northtynesidepct.nhs.uk/board/67September07/item19.pdf but there seem to be some doubts in Rotherham (where they are actively implementing this) presentation at the PRIMIS+ conference 30/10/07 http://www.primis.nhs.uk/pages/conference/2007Presentations.asp An Insight into TPP Community Templates - The Rotherham Experience Questions on confidentiality: In a single record system - at this level (GP+Community) where the "single organisation" has several components, e.g. several practices + one or more Community Trusts + ? chiropody etc. - is it technically possible to limit access to the patient record to those patients with whom the clinician has, for want of a better term, a "legitimate relationship"? - in a single record shared by different organisations, who is the Data Controller ? - who is responsible for data quality and correction of errors? - who is accountable for taking action on data requested by someone else (I'm thinking here of lab results mainly. Suppose a district nurse requests blood tests, they are abnormal and medical action (change of medication, admission to hospital, further investigation etc.) is required, who is responsible for ensuring that appropriate action is taken - and liable if it is not? Assuming that these issues could be resolved in theory (and I have yet to see them addressed - even though the systems are being implemented now) , is it technically possible to implement a system that could only allow access to only those records and parts of those records needed for an individual team member's care of that particular patient? And who would have the responsibility for allowing such access? Mary Hawking PS I'm going to an East of England SHA meeting on the 6th - "Improving Lives, Saving Lives - NPfIT" - so any thoughts before then doubly welcome! [1] CSCA - CSC Alliance, the Local Service Provider originally for North West and West Midlands : took over North East and East Midlands and Eastern Clusters from Accenture. Although the three contracts differed originally, the whole area is now classified as NME - North Midlands East - and I am not clear whether the same contracts apply throughout. As they are "Commercially Confidential" it is unlikely that anyone can find out! TPP - the Phoenix Partnership. Product is SystmOne which was developed originally in Bradford in the late 1990s. It's main features are that it is a hosted system with a single database, and practice populations are defined by access permission to individual patient records. It also uses CTV3 - Read Code 3 - which is incompatible with Read Code v2 used by the vast majority of practices. It was contracted to Accenture originally (CSC didn't have a contract to supply or develop a GP system in the North West West Midlands cluster) but now is being aggressively promoted as the CSC product throughout NME. -- Mary Hawking From ukcrypto at chiark.greenend.org.uk Sun Dec 2 11:09:29 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sun, 2 Dec 2007 11:09:29 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: References: Message-ID: <465kXIqpJpUHFADJ@perry.co.uk> In article , Mary Hawking writes >- is it technically possible to limit access to the patient record to >those patients with whom the clinician has, for want of a better term, >a "legitimate relationship"? Technically possible, yes. But the problems arise when attempting to manage the list of 'clinicians with a legitimate relationship'. (Or indeed clerical staff with a legitimate relationship). Who defines when an additional clinician/clerk needs to be added to the list, and how quickly and securely can *that* be delivered. Does it need to be done on a case by case (patient by patient) basis, or are there circumstances where a general permission is appropriate. For example, you are taken ill and admitted to a hospital far from home. Can the whole. A&E might claim they don't need your medical records (and there's no time to add all the staff to your access-list anyway), but later on - does all the surgeon's team get access jus on his say so [he seemed like such a nice chap], or do we need to individually scrutinise that student nurse who took, and noted, your blood pressure just before you went to the operating theatre? -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sun Dec 2 12:32:00 2007 From: ukcrypto at chiark.greenend.org.uk (Gerard Freriks) Date: Sun, 2 Dec 2007 13:32:00 +0100 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: <465kXIqpJpUHFADJ@perry.co.uk> References: <465kXIqpJpUHFADJ@perry.co.uk> Message-ID: <01AF6AC6-1559-4284-9526-82C02C0D5F5F@luna.nl> --Apple-Mail-5--751811361 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Read again the BMA rules for Access Control to the Patient Record. And it is clear that it is not technology that is key. Gerard -- -- Gerard Freriks, MD Huigsloterdijk 378 2158 LR Buitenkaag The Netherlands T: +31 252544896 M: +31 620347088 E: gfrer@luna.nl Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 On Dec 2, 2007, at 12:09 PM, Roland Perry wrote: > In article , Mary Hawking > writes >> - is it technically possible to limit access to the patient record >> to those patients with whom the clinician has, for want of a better >> term, a "legitimate relationship"? > > Technically possible, yes. But the problems arise when attempting to > manage the list of 'clinicians with a legitimate relationship'. (Or > indeed clerical staff with a legitimate relationship). --Apple-Mail-5--751811361 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Read again the BMA rules for = Access Control to the Patient Record.
And it is clear that it is not = technology that is key.

Gerard


-- <private> --
Gerard Freriks, MD
2158 LR = Buitenkaag
The Netherlands

T: +31 = 252544896
M: +31 620347088
E:     gfrer@luna.nl


Those who would give up essential Liberty, to = purchase a little temporary 
Safety, = deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov = 1755




 =

On Dec 2, 2007, at 12:09 PM, Roland Perry = wrote:

In article <eMX96ADtwnUHFw1Y@tiger= s.demon.co.uk>, Mary Hawking <maryhawking@tigers.demon.co= .uk> writes
- is it technically = possible to limit access to the patient record to those patients with = whom the clinician has, for want of a better term, a "legitimate = relationship"?

Technically possible, yes. But the = problems arise when attempting to manage the list of 'clinicians with a = legitimate relationship'. (Or indeed clerical staff with a legitimate = relationship).

= --Apple-Mail-5--751811361-- From ukcrypto at chiark.greenend.org.uk Sun Dec 2 15:58:03 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sun, 2 Dec 2007 15:58:03 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: <01AF6AC6-1559-4284-9526-82C02C0D5F5F@luna.nl> References: <465kXIqpJpUHFADJ@perry.co.uk> <01AF6AC6-1559-4284-9526-82C02C0D5F5F@luna.nl> Message-ID: In article <01AF6AC6-1559-4284-9526-82C02C0D5F5F@luna.nl>, Gerard Freriks writes >Read again the BMA rules for Access Control to the Patient Record. >And it is clear that it is not technology that is key I haven't read them for a first time, but nevertheless I'm glad we seem to agree that it's a social problem, not a [failing of] technology one. As indeed is the case with most of the "bad things that happen on networks". -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sun Dec 2 16:32:37 2007 From: ukcrypto at chiark.greenend.org.uk (Nigel Metheringham) Date: Sun, 2 Dec 2007 16:32:37 +0000 Subject: BBC NEWS | Politics | Discs with 15m bank details lost In-Reply-To: References: <4088DF4A-DA93-4D02-AF03-C421FF210617@cs.ucl.ac.uk> <474F4902.6060205@iosis.co.uk> <474FE0DB.32653.6968AE@davidh.spidacom.co.uk> <1B5FF1E2-3DF5-4D99-81F7-4E72E2E4E955@batten.eu.org> <474FEC0E.5070202@iosis.co.uk> <7pEUDD8Bo$THFA70@perry.co.uk> <4f49dd7521ukcrypto@vigay.com> <475014B8.9020100@iosis.co.uk> Message-ID: <67F3BB6B-AD61-4731-BB8C-76F8B564E81E@dev.intechnology.co.uk> A couple of weeks back I wondered whether a suitable way of increasing the priority given to DPA issues by ministers would be making them personally responsible for apologising individually to those affected. So I put in a petition to the PMs website, expecting it to be kicked out as too frivolous... If anyone is interested, its at... http://petitions.pm.gov.uk/dpa-sign/ Nigel. From ukcrypto at chiark.greenend.org.uk Sun Dec 2 16:55:00 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Sun, 02 Dec 2007 16:55:00 +0000 Subject: BBC NEWS | Politics | Discs with 15m bank details lost In-Reply-To: <67F3BB6B-AD61-4731-BB8C-76F8B564E81E@dev.intechnology.co.uk> References: <4088DF4A-DA93-4D02-AF03-C421FF210617@cs.ucl.ac.uk> <474F4902.6060205@iosis.co.uk> <474FE0DB.32653.6968AE@davidh.spidacom.co.uk> <1B5FF1E2-3DF5-4D99-81F7-4E72E2E4E955@batten.eu.org> <474FEC0E.5070202@iosis.co.uk> <7pEUDD8Bo$THFA70@perry.co.uk> <4f49dd7521ukcrypto@vigay.com> <475014B8.9020100@iosis.co.uk> <67F3BB6B-AD61-4731-BB8C-76F8B564E81E@dev.intechnology.co.uk> Message-ID: <4752E364.6010506@iosis.co.uk> Nigel Metheringham wrote: > A couple of weeks back I wondered whether a suitable way of increasing > the priority given to DPA issues by ministers would be making them > personally responsible for apologising individually to those affected. > > So I put in a petition to the PMs website, expecting it to be kicked > out as too frivolous... > > If anyone is interested, its at... > http://petitions.pm.gov.uk/dpa-sign/ > > Nigel. Smart Card News (28/11/07) has reported something in this area, from the USA: Following on from some very high-profile data thefts, many States have now enacted so-called "Data Breach Notification" legislation. Put simply, this legislation says, "If you lose customers' Personal Identifiable Information (Social Security numbers, credit card numbers, driving licence numbers, etc) and it wasn't encrypted, then you MUST notify everyone who's likely to be affected. Many States have also included additional consumer protection, such as one year's free credit monitoring services to protect against possible identity theft. ** end quote ** Then there is a comment that US federal govt is immune from legislation by the States. Peter From ukcrypto at chiark.greenend.org.uk Sun Dec 2 22:21:26 2007 From: ukcrypto at chiark.greenend.org.uk (Adrian Midgley) Date: Sun, 02 Dec 2007 22:21:26 +0000 Subject: CDs ... terminological drift In-Reply-To: <474FD626.7030009@iosis.co.uk> References: <474FD626.7030009@iosis.co.uk> Message-ID: <47532FE6.5080502@defoam.net> > The organisation was responsible for Britain=92s biggest security breac= h > when two discs containing the country=92s entire child benefit records > were lost in the internal post between HMRC and the National Audit > Office in London on 18 October. This is a careful use of "internal". Internal for me is within a building. "Private" post might apply. --=20 A From ukcrypto at chiark.greenend.org.uk Sun Dec 2 22:56:27 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sun, 2 Dec 2007 22:56:27 +0000 Subject: CDs ... terminological drift In-Reply-To: <47532FE6.5080502@defoam.net> References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> Message-ID: In article <47532FE6.5080502@defoam.net>, Adrian Midgley writes >> The organisation was responsible for Britain’s biggest security breach >> when two discs containing the country’s entire child benefit records >> were lost in the internal post between HMRC and the National Audit >> Office in London on 18 October. > >This is a careful use of "internal". > >Internal for me is within a building. >"Private" post might apply. That's just daft. Think of a site like Addenbrookes in Cambridge. even within the one hospital there are dozens of buildings. And I'm pretty sure their "internal post" will take in most of the rest of the University (without any external long distance courier companies getting involved). -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sun Dec 2 23:26:20 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Brown) Date: Sun, 2 Dec 2007 23:26:20 +0000 Subject: CDs ... terminological drift In-Reply-To: <47532FE6.5080502@defoam.net> References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> Message-ID: <4C71D641-CF5E-4C99-A388-7045EFA8C475@cs.ucl.ac.uk> "Outsourced" would I think be the unions' preferred term :) Cheers, Ian. -- http://people.oii.ox.ac.uk/brown/ On 2 Dec 2007, at 22:21, Adrian Midgley wrote: > Internal for me is within a building. > "Private" post might apply. From ukcrypto at chiark.greenend.org.uk Mon Dec 3 08:57:59 2007 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Mon, 03 Dec 2007 08:57:59 -0000 Subject: CDs ... terminological drift In-Reply-To: <47532FE6.5080502@defoam.net> References: <474FD626.7030009@iosis.co.uk>, <47532FE6.5080502@defoam.net> Message-ID: <4753C517.26128.7DCC68@davidh.spidacom.co.uk> On 2 Dec 2007 at 22:21, Adrian Midgley wrote: > > The organisation was responsible for Britain´s biggest security breach > > when two discs containing the country´s entire child benefit records > > were lost in the internal post between HMRC and the National Audit > > Office in London on 18 October. > > This is a careful use of "internal". > > Internal for me is within a building. > "Private" post might apply. In some definitions internal might apply to post within an organisation. However, that is not the case here. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Mon Dec 3 09:55:09 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Mon, 3 Dec 2007 09:55:09 +0000 Subject: CDs ... terminological drift In-Reply-To: <4753C517.26128.7DCC68@davidh.spidacom.co.uk> References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> <4753C517.26128.7DCC68@davidh.spidacom.co.uk> Message-ID: In article <4753C517.26128.7DCC68@davidh.spidacom.co.uk>, David Hansen writes >> > The organisation was responsible for Britain´s biggest security breach >> > when two discs containing the country´s entire child benefit records >> > were lost in the internal post between HMRC and the National Audit >> > Office in London on 18 October. >> >> This is a careful use of "internal". >> >> Internal for me is within a building. >> "Private" post might apply. > >In some definitions internal might apply to post within an >organisation. However, that is not the case here. Throughout this episode there has been confusion caused by the expression "lost in the post", which gives a very strong first impression that Royal Mail is involved. We then get "post" translated to "mail", and then that it's "internal". I have little problem with the idea that HMRC and NAO are both covered by the same "internal mail" system. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Mon Dec 3 10:07:43 2007 From: ukcrypto at chiark.greenend.org.uk (Roger Hird) Date: Mon, 03 Dec 2007 10:07:43 +0000 (GMT) Subject: CDs ... terminological drift In-Reply-To: <47532FE6.5080502@defoam.net> References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> Message-ID: <4f4b58c743roger.hird@argonet.co.uk> In article <47532FE6.5080502@defoam.net>, Adrian Midgley wrote: > > The organisation was responsible for Britain=92s biggest security breach > > when two discs containing the country=92s entire child benefit records > > were lost in the internal post between HMRC and the National Audit > > Office in London on 18 October. > This is a careful use of "internal". > Internal for me is within a building. > "Private" post might apply. Sorry, can I ask the origin of the para quoted? --=20 Roger Hird roger.hird@argonet.co.uk Running RISCOS 4.39 on an Acorn StrongARM RiscPC From ukcrypto at chiark.greenend.org.uk Mon Dec 3 11:18:41 2007 From: ukcrypto at chiark.greenend.org.uk (Burkitt-Gray, Alan (UK)) Date: Mon, 3 Dec 2007 11:18:41 -0000 Subject: Two Convergys employees arrested on ID fraud charges References: <4753C517.26128.7DCC68@davidh.spidacom.co.uk> Message-ID: <4B4A6A8E1AA1644A8351C3B3EA34663101818168@UK71CL-S005.emea.global.root> =20 Thought people might be interested in this US news story, which seems relevant .... >From the Daily Herald, based in Provo, Utah http://www.heraldextra.com/content/view/245669/4/ November 30, 2007 =20 Two Convergys employees arrested on ID fraud charges PDF | Print | E-mail =20 ------------------------------------------------------------------------ -------- DAILY HERALD =20 Two Convergys employees were arrested and charged with ordering thousands of dollars worth of cell phones and accessories using the identities of AT&T customers.=20 Kechi Ezem, 24, of Provo, was arrested Tuesday and charged with one count each of identity fraud and theft, and 24-year-old Philista Oniango, of Orem, was arrested Wednesday and charged with one count each of theft and identity theft. Oniango is also being held at the Utah County Jail on an immigration hold. Both women are employees of Convergys, which handles calls for AT&T.=20 According to court documents, Orem police went to Convergys after AT&T learned that a cell phone billed to one of its customers had been ordered by Ezem. Ezem told police that Oniango had her computer password, and a search of company records showed that she had confirmed the order of more than $50,000 worth of phones and accessories using AT&T customer accounts, court documents said. Most of the phones were sent to Oniango's home in Orem.=20 Officers executed a search warrant for Oniango's house and found a large number of phones, shipping forms and receipts. According to court documents, Oniango told police that she had some phones delivered to another address in Provo and sent others that were delivered to her home to friends in Canada. =20 -- Alan Burkitt-Gray, Editor, Global Telecoms Business=20 www.globaltelecomsbusiness.com=20 aburkitt@euromoneyplc.com DISCLAIMER: The information in this email is confidential. The contents = may not be disclosed or used by anyone other than the addressee. If you = are not the intended recipient(s), any use, disclosure, copying, = distribution or any action taken or omitted to be taken in reliance on = it is prohibited and may be unlawful. If you have received this = communication in error please notify us by e-mail or by telephone on +44 = (0) 20 7779 8888 and then delete the e-mail and all attachments and any = copies thereof.=20 Euromoney Institutional Investor PLC (its subsidiaries and associates) = cannot accept responsibility for the accuracy or completeness of this = email as it has been transmitted over a public network. If you suspect = that the email may have been intercepted or amended, please call the = sender. Any views expressed by an individual in this email do not = necessarily reflect views of Euromoney Institutional Investor PLC (its = subsidiaries and associates). This communication is from Euromoney = Institutional Investor PLC, a company registered in England and Wales = under company number 954730 with registered office at Nestor House, = Playhouse Yard, London From ukcrypto at chiark.greenend.org.uk Mon Dec 3 14:31:54 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Mon, 3 Dec 2007 14:31:54 +0000 Subject: CDs ... terminological drift In-Reply-To: <4f4b58c743roger.hird@argonet.co.uk> References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> <4f4b58c743roger.hird@argonet.co.uk> Message-ID: <6pUUDTGaNBVHFALG@perry.co.uk> In article <4f4b58c743roger.hird@argonet.co.uk>, Roger Hird writes >> > The organisation was responsible for Britain’s biggest security breach >> > when two discs containing the country’s entire child benefit records >> > were lost in the internal post between HMRC and the National Audit >> > Office in London on 18 October. > >> This is a careful use of "internal". > >> Internal for me is within a building. >> "Private" post might apply. > >Sorry, can I ask the origin of the para quoted? According to the original poster: "Yesterday's Evening Standard, in a small article on page 8 (29/11/07 West End Final edition) said:" -- Roland Perry From ukcrypto at chiark.greenend.org.uk Mon Dec 3 15:23:37 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Mon, 3 Dec 2007 15:23:37 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: <465kXIqpJpUHFADJ@perry.co.uk> References: <465kXIqpJpUHFADJ@perry.co.uk> Message-ID: <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> On 02 Dec 07, at 1109, Roland Perry wrote: > A&E might claim they don't need your medical records (and there's > no time to add all the staff to your access-list anyway), but later > on - does all the surgeon's team get access jus on his say so [he > seemed like such a nice chap], or do we need to individually > scrutinise that student nurse who took, and noted, your blood > pressure just before you went to the operating theatre? However, the question is ``how many adverse events take place where a determining factor is lack of notes?'' If you're taken into a hospital in the aftermath of an accident or a sudden onset of illness, the doctors in the A&E unit will need to treat you without having a history to hand. Sometimes your history will contain nothing of interest, sometimes indirect interest (allergies, adverse reactions) and sometimes of direct interest (the heart attack you had last year relative to the heart attack you've just had). As of today, there are few scenarios in which records will be available. Even in the glorious dawn of the new NHS IT strategy, there won't be any notes if you're taken ill while abroad, or for temporary visitors to this country, or probably in fact for anyone crossing the Scottish border. How many people need to be treated in an A&E context without access to their previous history, as compared to treatment with full records, in order to prevent one serious adverse event? If the answer is 10, then Roland's question has one answer, both pragmatically and economically. If it's a million, it has another. Purely subjectively, I've never read a newspaper story in which a tear-stained relative says that the doctors could have saved little Jimmy had only they known fact X that is in his GP records. ian From ukcrypto at chiark.greenend.org.uk Mon Dec 3 15:46:12 2007 From: ukcrypto at chiark.greenend.org.uk (Roger Hird) Date: Mon, 03 Dec 2007 15:46:12 +0000 (GMT) Subject: CDs ... terminological drift In-Reply-To: <6pUUDTGaNBVHFALG@perry.co.uk> References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> <4f4b58c743roger.hird@argonet.co.uk> <6pUUDTGaNBVHFALG@perry.co.uk> Message-ID: <4f4b77c6baroger.hird@argonet.co.uk> In article <6pUUDTGaNBVHFALG@perry.co.uk>, Roland Perry wrote: > >Sorry, can I ask the origin of the para quoted? > According to the original poster: > "Yesterday's Evening Standard, in a small article on page 8 (29/11/07 > West End Final edition) said:" Ah - yes - found it - thanks. R -- Roger Hird roger.hird@argonet.co.uk Running RISCOS 4.39 on an Acorn StrongARM RiscPC From ukcrypto at chiark.greenend.org.uk Mon Dec 3 16:12:17 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Mon, 03 Dec 2007 16:12:17 +0000 Subject: CDs ... terminological drift In-Reply-To: <4f4b77c6baroger.hird@argonet.co.uk> References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> <4f4b58c743roger.hird@argonet.co.uk> <6pUUDTGaNBVHFALG@perry.co.uk> <4f4b77c6baroger.hird@argonet.co.uk> Message-ID: <47542AE1.2020601@iosis.co.uk> Roger Hird wrote: > In article <6pUUDTGaNBVHFALG@perry.co.uk>, Roland Perry > wrote: > >> Sorry, can I ask the origin of the para quoted? > > According to the original poster: "Yesterday's Evening Standard, in > > a small article on page 8 (29/11/07 West End Final edition) said:" > > Ah - yes - found it - thanks. > I'm more interested in someone picking up the substantive bit about the Manual of Protective Security: "But the manual — produced by the Cabinet Office — shows final responsibility rests with ministers. “Each department and agency is responsible, under its Minister, for maintaining its own appropriate levels of protective security,” the document states." Peter From ukcrypto at chiark.greenend.org.uk Mon Dec 3 16:23:52 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Mon, 3 Dec 2007 16:23:52 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> Message-ID: In article <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org>, Ian Batten writes > >On 02 Dec 07, at 1109, Roland Perry wrote: > >> A&E might claim they don't need your medical records (and there's no >>time to add all the staff to your access-list anyway), but later on - >>does all the surgeon's team get access jus on his say so [he seemed >>like such a nice chap], or do we need to individually scrutinise that >>student nurse who took, and noted, your blood pressure just before you >>went to the operating theatre? > >However, the question is ``how many adverse events take place where a >determining factor is lack of notes?'' > >If you're taken into a hospital in the aftermath of an accident or a >sudden onset of illness, the doctors in the A&E unit will need to treat >you without having a history to hand. Look at my first nine words above. >Purely subjectively, I've never read a newspaper story in which a >tear-stained relative says that the doctors could have saved little >Jimmy had only they known fact X that is in his GP records. Seems a bit of a hostage to fortune, but I agree it's probably quite rare for that to happen. But then I wasn't worrying about access to the records in A&E in the first place! -- Roland Perry From ukcrypto at chiark.greenend.org.uk Mon Dec 3 16:33:49 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Mon, 3 Dec 2007 16:33:49 +0000 Subject: CDs ... terminological drift In-Reply-To: <47542AE1.2020601@iosis.co.uk> References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> <4f4b58c743roger.hird@argonet.co.uk> <6pUUDTGaNBVHFALG@perry.co.uk> <4f4b77c6baroger.hird@argonet.co.uk> <47542AE1.2020601@iosis.co.uk> Message-ID: <3ZJXfsJt$CVHFA56@perry.co.uk> In article <47542AE1.2020601@iosis.co.uk>, Peter Tomlinson writes >I'm more interested in someone picking up the substantive bit about the >Manual of Protective Security: > >"But the manual - produced by the Cabinet Office - shows final >responsibility rests with ministers. "Each department and agency is >responsible, under its Minister, for maintaining its own appropriate >levels of protective security," the document states. I wasn't quite sure what your point was, or even if you were agreeing or disagreeing. Covering several possibilities: The manual's existence isn't a secret, it's mentioned on hundreds of public websites. The Police's "Manual of Standards" is a similar not- secret document that few people have heard of. Newspapers won't mention it very often as it's way too far down in the weeds for their target audience. It will make various broad brush statements - be careful not to confuse long term planning goals (which are just a list of platitudes and truisms) with the Heath Minister "being responsible" for checking every prescription as it's issued. He'll be a busy chappie. I can even read the statement above that the departments are responsible *to* the Minster, not that he's responsible *for* their performance. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Mon Dec 3 16:55:31 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Mon, 03 Dec 2007 16:55:31 +0000 Subject: CDs ... terminological drift In-Reply-To: <3ZJXfsJt$CVHFA56@perry.co.uk> References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> <4f4b58c743roger.hird@argonet.co.uk> <6pUUDTGaNBVHFALG@perry.co.uk> <4f4b77c6baroger.hird@argonet.co.uk> <47542AE1.2020601@iosis.co.uk> <3ZJXfsJt$CVHFA56@perry.co.uk> Message-ID: <47543503.1000906@iosis.co.uk> Roland Perry wrote: > In article <47542AE1.2020601@iosis.co.uk>, Peter Tomlinson > writes > >> I'm more interested in someone picking up the substantive bit about the >> Manual of Protective Security: >> >> "But the manual - produced by the Cabinet Office - shows final >> responsibility rests with ministers. "Each department and agency is >> responsible, under its Minister, for maintaining its own appropriate >> levels of protective security," the document states. >> >> >> >> I can even read the statement above that the departments are responsible >> *to* the Minster, not that he's responsible *for* their performance. >> I'm agreeing with that. The Evening Standard was I think trying to fly a kite. Peter From ukcrypto at chiark.greenend.org.uk Mon Dec 3 17:10:08 2007 From: ukcrypto at chiark.greenend.org.uk (Roger Hird) Date: Mon, 03 Dec 2007 17:10:08 +0000 (GMT) Subject: CDs ... terminological drift In-Reply-To: <47542AE1.2020601@iosis.co.uk> References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> <4f4b58c743roger.hird@argonet.co.uk> <6pUUDTGaNBVHFALG@perry.co.uk> <4f4b77c6baroger.hird@argonet.co.uk> <47542AE1.2020601@iosis.co.uk> Message-ID: <4f4b7f7502roger.hird@argonet.co.uk> In article <47542AE1.2020601@iosis.co.uk>, Peter Tomlinson wrote: > I'm more interested in someone picking up the substantive bit about the > Manual of Protective Security: > "But the manual =97 produced by the Cabinet Office =97 shows final > responsibility rests with ministers. =93Each department and agency is > responsible, under its Minister, for maintaining its own appropriate > levels of protective security,=94 the document states." Indeed - me too - but the mainstream media seem to have missed this and attention moved on to Donorgate. --=20 Roger Hird roger.hird@argonet.co.uk Running RISCOS 4.39 on an Acorn StrongARM RiscPC From ukcrypto at chiark.greenend.org.uk Tue Dec 4 09:48:18 2007 From: ukcrypto at chiark.greenend.org.uk (M J D Brown) Date: Tue, 4 Dec 2007 09:48:18 -0000 Subject: CDs ... terminological drift References: <474FD626.7030009@iosis.co.uk> <47532FE6.5080502@defoam.net> <4f4b58c743roger.hird@argonet.co.uk> <6pUUDTGaNBVHFALG@perry.co.uk> <4f4b77c6baroger.hird@argonet.co.uk> <47542AE1.2020601@iosis.co.uk> <3ZJXfsJt$CVHFA56@perry.co.uk> <47543503.1000906@iosis.co.uk> Message-ID: <009101c8365a$cf783fa0$891a313e@Powerstation> Peter Tomlinson wrote on Monday, December 03, 2007 at 4:55 PM, responding to Roland Perry who wrote: >>> I can even read the statement above that the departments are >>> responsible >>> *to* the Minster, not that he's responsible *for* their performance. >>> > I'm agreeing with that. The Evening Standard was I think trying to fly > a kite. I think the Evening Standard had it right; the Minister is responsible and should discharge that onus, firstly by ensuring that appropriate arrangements exist for compliance with the regulations within his department and, secondly, evaluating the extent of that compliance. It is indeed unrealistic to expect that ministers will personally encrypt CDs and carry them down to the Post Office, but we should expect them to be accountable for those failures of their subordinates that escape the compliance and inspection regime. Mike. From ukcrypto at chiark.greenend.org.uk Tue Dec 4 18:25:33 2007 From: ukcrypto at chiark.greenend.org.uk (James Gardiner) Date: Tue, 4 Dec 2007 18:25:33 +0000 Subject: Interesting Stuff on Unique Identifiers Message-ID: <20071204182533.GA19952@womble.org> Thought this was ) of interest to this group -- anyone looked at this before? http://mooseyard.com/Jens/2007/12/facebook-and-decentralized-identifiers James From ukcrypto at chiark.greenend.org.uk Wed Dec 5 14:37:25 2007 From: ukcrypto at chiark.greenend.org.uk (Richard Clayton) Date: Wed, 5 Dec 2007 14:37:25 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In article <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org>, Ian Batten writes >If you're taken into a hospital in the aftermath of an accident or a >sudden onset of illness, the doctors in the A&E unit will need to >treat you without having a history to hand. Sometimes your history >will contain nothing of interest, sometimes indirect interest >(allergies, adverse reactions) they will ask you about these.... most people are conscious, or are brought in by friends who know something of their histories however, if this might affect you, it's a jolly good idea to wear a MedAlert device -- this _will_ be looked for. > and sometimes of direct interest (the >heart attack you had last year relative to the heart attack you've >just had). actually no, it's the heart attack you had four months back, because there's a contra-indication to giving the same clot buster twice, and if you can't remember which one you had last time, then that will cause a little excitement [my partner is an A&E consultant, and she tells me that a scenario like this was the first time in 30 years experience when notes were not to hand and she wished that they had been. But even in this situation I understand that it was more a percentages issue, not definite death for guessing wrong]. > As of today, there are few scenarios in which records >will be available. and if you are not conscious then there may be some doubt as to who you are anyway... after a car accident personal possessions can be significantly jumbled up, so you may arrive in majors with someone else's credentials .... >Even in the glorious dawn of the new NHS IT >strategy, there won't be any notes if you're taken ill while abroad, >or for temporary visitors to this country, or probably in fact for >anyone crossing the Scottish border. ... and most people who are sick have notes several inches thick, and no A&E doctor is going to read them anyway. Bottom line is that people who tell you that ID cards, electronic patient records or similar are going to "save your life when you get hit by a bus" are making it up on the spot. Point and laugh! - -- richard Richard Clayton They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBR1a3pZoAxkTY1oPiEQJvSwCg5fEX5I0o8Tde0dm/hc98/4PNA+4An00K L6w3GWvOv416723q9KefkbB7 =seIR -----END PGP SIGNATURE----- From ukcrypto at chiark.greenend.org.uk Wed Dec 5 19:13:12 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Wed, 5 Dec 2007 19:13:12 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> Message-ID: In article , Richard Clayton writes >most people who are sick have notes several inches thick, and no >A&E doctor is going to read them anyway. I think we are complete agreement over the A&E issue. What I was trying to explore was the way in which the "several inches" were shared amongst the team treating you as an inpatient this week (in the sense of how you invent "technical measures" to grant and withdraw permissions wrt what might be widely varying team members from day to day). Of course, the other option is to consider inpatient-ism in the same vein as benefit-claimant-ism and make it clear that you find yourself in that condition, you have no effective privacy ever again. I honesty believe that these issues are poorly explored, because those who are wont to explore them have rarely found themselves in either condition (let alone both at the same time, which is the sort of thing that can happen adjacent to some claims for Disability or Incapacity benefit). -- Roland Perry From ukcrypto at chiark.greenend.org.uk Wed Dec 5 22:49:12 2007 From: ukcrypto at chiark.greenend.org.uk (Richard Clayton) Date: Wed, 5 Dec 2007 22:49:12 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In article , Roland Perry writes >In article , Richard Clayton > writes > >>most people who are sick have notes several inches thick, and no >>A&E doctor is going to read them anyway. > >I think we are complete agreement over the A&E issue. What I was trying >to explore was the way in which the "several inches" were shared amongst >the team treating you as an inpatient this week (in the sense of how you >invent "technical measures" to grant and withdraw permissions wrt what >might be widely varying team members from day to day). this is just "role based access control" and is well studied for example: http://www.cl.cam.ac.uk/~rja14/policy11/policy11.html >I honesty believe that these issues are poorly explored you need to read the literature before asserting that :) - -- richard Richard Clayton They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBR1cq6JoAxkTY1oPiEQIX1QCeNGo1wJWxavrxWZFJ9HWEqVKzV/sAnjbi nrgBPNsQobFHolvXgTI7RUeL =0Be7 -----END PGP SIGNATURE----- From ukcrypto at chiark.greenend.org.uk Wed Dec 5 23:54:16 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Wed, 05 Dec 2007 23:54:16 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> Message-ID: <47573A28.5030509@zen.co.uk> Roland Perry wrote: > In article , Richard Clayton > writes > >> most people who are sick have notes several inches thick, and no >> A&E doctor is going to read them anyway. > > I think we are complete agreement over the A&E issue. What I was trying > to explore was the way in which the "several inches" were shared amongst > the team treating you as an inpatient this week (in the sense of how you > invent "technical measures" to grant and withdraw permissions wrt what > might be widely varying team members from day to day). That's easy to do. > Of course, the other option is to consider inpatient-ism in the same > vein as benefit-claimant-ism and make it clear that you find yourself in > that condition, you have no effective privacy ever again. > > I honesty believe that these issues are poorly explored, because those > who are wont to explore them have rarely found themselves in either > condition (let alone both at the same time, which is the sort of thing > that can happen adjacent to some claims for Disability or Incapacity > benefit). They are well explored, and in fact quite easy to implement - thing is, the people who specify the systems in which they should be used don't have a clue about them, and aren't interested. The principle is simple, it's down to minimising the people who have access - "the security of a secret is proportional to the square of the number of people who can access it" - and everyone who has access then controls that access, data isn't like things, you can give it away and still have it. So to start designing such a system we first consider who absolutely has to have access to the data. That's the people who generate it, obviously, ie the GP and the hospital departments. The hospital departments will copy the data they generate to the GP - so the obvious person to control access to the patient record is the GP. This means that the GP should physically keep the data, as well as control it, in order to do any processing securely. Then if the GP thinks fit, he can give access to the data he keeps to a treatment team to - this can be done automatically if he trusts the treatment team. For instance if it's a travelling midwife he can authorise her to access the relevant records for all the pregnant women patients the midwife is treating. This can be accomplished easily and without any effort by the GP as an automatic action taken when the midwife is appointed. If it's a team with varying composition, it should have a data controller who says "this person is a member of the team" and/or "this person is treating this patient today". If the GP trusts that data controller he can authorise them to authorise the members of his team - and he can also limit the data they get to what is needed. It's actually very simple and obvious, requires minimal training and equipment, development is pretty much limited to deciding what you want to do (though that could be said of most software), and combined with proper access control software it makes it very hard for an intruder to get any data, and especially to get specific data or lots of data. You can go fancier, eg using blind and ZK crypto techniques (Paillier is good for this), but there is usually little or no need. But "they" want centralised control, in their hands. Unfortunately, it doesn't work nearly as well, and I doubt it can be made to work at all, that way - technically speaking. -- Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Wed Dec 5 21:33:38 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Wed, 5 Dec 2007 21:33:38 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> Message-ID: <06696044-0F0F-453B-871D-34BF28721830@batten.eu.org> On 5 Dec 2007, at 14:37, Richard Clayton wrote: > > however, if this might affect you, it's a jolly good idea to wear a > MedAlert device -- this _will_ be looked for. And has international currency, too. > >> As of today, there are few scenarios in which records >> will be available. > > and if you are not conscious then there may be some doubt as to who > you > are anyway... after a car accident personal possessions can be > significantly jumbled up, so you may arrive in majors with someone > else's credentials .... Quite so: a point I made to my MP recently (she's anti-ID cards, so I was gilding the lily, but the more points she has the better). My current reading is Professor Colonel (looks good on a business card, and I doubt he's 40) Tim Hodgett's `Trauma Rules' --- I'm not a doctor, but it's an interesting book for Trauma surgeons written by, and partially for, military doctors. He's the guy that fixed my foot, and in passing delivered a lecture to his students on why NHS drugs aren't the right ones and people need MILITARY drugs. All the way through it talks about all sorts of diagnostic and surgical techniques, and points out that frisking people for weapons is a good idea, but makes no mention of putting pre-existing records. > > Bottom line is that people who tell you that ID cards, electronic > patient records or similar are going to "save your life when you get > hit > by a bus" are making it up on the spot. Point and laugh! And even if they might save some hypothetical person with some hypothetical conditions in some hypothetical scenario, I had some bronchial problems in my teens, a bit of eczema in my twenties, a vasectomy in my thirties and a dislocated ankle in my forties. Hard to see how my meagre records would provide anything of interest... ian From ukcrypto at chiark.greenend.org.uk Thu Dec 6 03:37:57 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Thu, 06 Dec 2007 03:37:57 +0000 Subject: Permanent records In-Reply-To: <47573A28.5030509@zen.co.uk> References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> <47573A28.5030509@zen.co.uk> Message-ID: <47576E95.5050401@zen.co.uk> What kind of permanent records is it appropriate for the government to keep? Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Thu Dec 6 06:45:31 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Thu, 06 Dec 2007 06:45:31 +0000 Subject: Canada passport web site breach Message-ID: <47579A8B.1020707@iosis.co.uk> Canadian passport application web site suffered same as MTAS, according to the Toronto Globe and Mail: http://www.theglobeandmail.com/servlet/story/RTGAM.20071204.wpassport1204/BNStory/National/home Thanks to Dizzy Thinks for that. Peter From ukcrypto at chiark.greenend.org.uk Thu Dec 6 08:24:07 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Thu, 6 Dec 2007 08:24:07 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> Message-ID: In article , Richard Clayton writes >In article , Roland Perry olicyagency.com> writes > >>In article , Richard Clayton >> writes >> >>>most people who are sick have notes several inches thick, and no >>>A&E doctor is going to read them anyway. >> >>I think we are complete agreement over the A&E issue. What I was trying >>to explore was the way in which the "several inches" were shared amongst >>the team treating you as an inpatient this week (in the sense of how you >>invent "technical measures" to grant and withdraw permissions wrt what >>might be widely varying team members from day to day). > >this is just "role based access control" and is well studied What I'd understand as "role based" is what happens today. "Everyone who works at the hospital", for example. I thought people wanted more precision than that, and I'm very sceptical about the back-office administration required to update access lists given the pace of staff substitution that I've observed. >for example: > > http://www.cl.cam.ac.uk/~rja14/policy11/policy11.html > >>I honesty believe that these issues are poorly explored > >you need to read the literature before asserting that :) The stuff in that paper is all very well, but I think it glosses over how you reconcile role-based access "everyone working on the ward that day", with an apparent need to get permissions and issue notifications on an individual basis "that London-based colleague of the consultant who was visiting for the day and tagged onto the usual bunch of students doing the ward round". It's how you get that sort of thing into the adman systems, or whether you can waive some of the stringency, that I feel need more "exploring" (aka a public debate). -- Roland Perry From ukcrypto at chiark.greenend.org.uk Thu Dec 6 08:24:47 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Thu, 6 Dec 2007 08:24:47 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: <47573A28.5030509@zen.co.uk> References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> <47573A28.5030509@zen.co.uk> Message-ID: In article <47573A28.5030509@zen.co.uk>, Peter Fairbrother writes >>What I was trying to explore was the way in which the "several >>inches" were shared amongst the team treating you as an inpatient >>this week (in the sense of how you invent "technical measures" to >>grant and withdraw permissions wrt what might be widely varying team >>members from day to day). > >That's easy to do. I'm not convinced you've really considered the range of people who wander through the ward and take a look at/update medical records at the moment. Of course there are different levels of "need to know", but at the most basic level some of the information seems to be so universally necessary that it's chalked up on the wall. >The hospital departments will copy the data they generate to the GP - >so the obvious person to control access to the patient record is the >GP. This means that the GP should physically keep the data, as well as >control it, in order to do any processing securely. In my experience the hospital and GP are much more disjoint than that. My file at the hospital has stayed with the hospital, and as far as I can see only the most cursory summary (without much numerical data, copies of x-rays etc) has found its way to my GP. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Thu Dec 6 08:29:14 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Thu, 6 Dec 2007 08:29:14 +0000 Subject: Permanent records In-Reply-To: <47576E95.5050401@zen.co.uk> References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> <47573A28.5030509@zen.co.uk> <47576E95.5050401@zen.co.uk> Message-ID: In article <47576E95.5050401@zen.co.uk>, Peter Fairbrother writes >What kind of permanent records is it appropriate for the government to keep? If tax records aren't permanent (they may get thrown away after 7 years, or are they assiduously archived?) the sorts of permanent record they have a right to keep is births and deaths, immigrant and citizenship applications, NI status (paid up or not, and by how much). Was that the sort of thing you had in mind? -- Roland Perry From ukcrypto at chiark.greenend.org.uk Thu Dec 6 09:20:09 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Thu, 06 Dec 2007 09:20:09 +0000 Subject: Permanent records In-Reply-To: References: <465kXIqpJpUHFADJ@perry.co.uk> <9AE3BFD7-05D8-4EB1-85CB-D38699429A42@batten.eu.org> <47573A28.5030509@zen.co.uk> <47576E95.5050401@zen.co.uk> Message-ID: <4757BEC9.5000607@iosis.co.uk> Roland Perry wrote: > In article <47576E95.5050401@zen.co.uk>, Peter Fairbrother > writes >> What kind of permanent records is it appropriate for the government >> to keep? > > If tax records aren't permanent (they may get thrown away after 7 > years, or are they assiduously archived?) the sorts of permanent > record they have a right to keep is births and deaths, immigrant and > citizenship applications, NI status (paid up or not, and by how much). > Was that the sort of thing you had in mind? I'm aware that if you rent a council house your file may well continue to accumulate material until you die (and I know of one file that has been open for at least 70 years). Peter From ukcrypto at chiark.greenend.org.uk Tue Dec 11 22:33:46 2007 From: ukcrypto at chiark.greenend.org.uk (Mary Hawking) Date: Tue, 11 Dec 2007 22:33:46 +0000 Subject: found this on a different search Message-ID: Http://news.gmane.org/group/gmane.law.cryptography.uk/last=/force_load=t It appears to be mirroring the ukcrypto list is this usual and/or known? Just asking - I was surprised Mary Hawking -- Mary Hawking From ukcrypto at chiark.greenend.org.uk Wed Dec 12 08:44:49 2007 From: ukcrypto at chiark.greenend.org.uk (Dave Howe) Date: Wed, 12 Dec 2007 08:44:49 +0000 Subject: found this on a different search In-Reply-To: References: Message-ID: <475F9F81.6040202@gmx.co.uk> Mary Hawking wrote: > Http://news.gmane.org/group/gmane.law.cryptography.uk/last=/force_load=t > It appears to be mirroring the ukcrypto list > is this usual and/or known? > Just asking - I was surprised > Mary Hawking Seems to have a FAQ here: http://gmane.org/about.php From ukcrypto at chiark.greenend.org.uk Wed Dec 12 17:29:16 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Wed, 12 Dec 2007 17:29:16 +0000 Subject: Cambs Police certificates Message-ID: I happened to go to the Cambridgeshire Police website just now, and it seems that the Verisign certificate is made out to cambs-police.co.uk, rather than cambs.police.uk (my browser moaned). It made me think how often people are conditioned to click through warning like that, rather than contact the site administrator to check what's going on. As I need to get in touch with them for a completely different reason, maybe I'll mention it in passing. Although they have an alias of their site at www.cambs-police.co.uk which probably confuses things. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Thu Dec 13 12:30:28 2007 From: ukcrypto at chiark.greenend.org.uk (OTC) Date: Thu, 13 Dec 2007 12:30:28 +0000 Subject: Security breakthrough: Chip and no pin In-Reply-To: <4742D1DE.9010303@iosis.co.uk> References: <20071116114706.GB25399@consider-phlebas.complicity.co.uk> <4742C547.9080102@callnetuk.com> <4742D1DE.9010303@iosis.co.uk> Message-ID: <476125E4.1010407@callnetuk.com> Peter Tomlinson wrote on 20-11-07 12:23: > > PeteM wrote: >> There seems to be no end to the banks' desire to make our current >> accounts less secure. Mine has just sent me a new debit card that is >> advertised as being able to debit my account *without* my having to >> enter a PIN. All I do is wave my card near some machine in a retail >> outlet and it takes the money. "No hassle, no mess, no worries", as >> Halifax puts it. >> >> I have to input my PIN the very first time I use the card, but after >> that it is automatically authorised for all transactions under £10. >> >> If these cards come into general use I can see that £10 limit creeping >> up steadily. And how could you ever prove you hadn't conducted a >> transaction that did not even require a PIN authorisation? >> >> The new card was unsolicited, and the old one still has years to run. >> The new one has gone straight in the bin (in fact, in several >> different bins). But I have no doubt that, like The Terminator, it'll >> be back. > Both Visa (VisaWave) and MasterCard (paypass) have developed this > system: low value off-line payments using a contactless interface, and > the PIN needed every now and then.The technology is now to an EMV spec > enhancement, but earlier deployments in the USA were basically mag > stripe data with a crypto signature added. (Ross and collaborators have > described the security risks with that early version). > > This autumn Barclays was first into the UK market with the OnePulse deal > with TfL: Oyster, contactless bank payment, and contact bank payment, > all in one card. The chip technology is basically the same as in the > passport, but with less memory, with Mifare(R) emulation added and with > the contact interface enabled. Merchants have been signed up in London, > of course. > > MasterCard also launched in London this autumn, with fewer merchants. > They are offering in London a contactless and contact bank payment card. > (I was given a promo pre-loaded card with £10 in it at a conference last > month, but there was no relevant merchant anywhere near - i.e. I wanted > to find a convenience store to try it in. My 'free gift' of £10 expires > at the end of next Feb.) > > Note that I use the term 'bank payment' because both debit and credit > versions are possible, and I don't have details of who is doing what.Nor > do I have any detail of the protection offered to customers. > > Pete, yours is the first unsolicited mailout that I have heard of, but > it was expected. > As I said, I shredded this new card as soon as it arrived. Since then a further development. Last week I went into my Halifax branch and tried to use my old ATM card in one of their machines. The machine refused the transaction and retained the card. I asked at the counter for help; the guy checked my account on his computer, but he couldn't find any reason why it should be retained, so he dug the card out and I tried it again in a different ATM. It was retained again. I gave up. A day or two later I called Halifax's helpline to find out what was going on. I was told that the (unsolicited) issue of the contactless card had automatically cancelled my original card. However, the letter they had sent with the contactless card didn't tell me that! Crap or what? The call centre lady reassured me that a replacement card was on the way. I received it in the post today. It too is one of the new contactless type that I don't want :(( I called them again. Apparently Halifax is conducting a trial of these new cards across the whole London area. They must just be sending them to random customers, though; my wife hasn't had one even though she is joint holder of this same Halifax account. Is there no escape? I could change banks, but presumably they are all going to do this eventually. -- Pete Mitchell From ukcrypto at chiark.greenend.org.uk Thu Dec 13 19:09:54 2007 From: ukcrypto at chiark.greenend.org.uk (Dave Howe) Date: Thu, 13 Dec 2007 19:09:54 +0000 Subject: Security breakthrough: Chip and no pin In-Reply-To: <476125E4.1010407@callnetuk.com> References: <20071116114706.GB25399@consider-phlebas.complicity.co.uk> <4742C547.9080102@callnetuk.com> <4742D1DE.9010303@iosis.co.uk> <476125E4.1010407@callnetuk.com> Message-ID: <47618382.2040906@gmx.co.uk> OTC wrote: > Is there no escape? I could change banks, but presumably they are all > going to do this eventually. Just as a thought - what if you hand delivered or sent by recorded-delivery (which is another rant - "signed for"? wtf use is a recorded delivery envelope I can't prove was or wasn't delivered?) a letter to your bank manager, stating that you disagreed with the use of no-pin cards on your account, and would therefore not honour or accept charges for any withdrawals made using this method? I assume you would need to lodge a similar letter with your lawyer of choice.... From ukcrypto at chiark.greenend.org.uk Mon Dec 3 17:30:06 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Mason) Date: Mon, 3 Dec 2007 17:30:06 +0000 Subject: Confidentiality implications for North of Tyne NHS IM&T strategy: can confidentiality be preserved (technically)? In-Reply-To: References: Message-ID: <293618C4-F5A2-402B-9DDC-BCB304238990@ian.co.uk> On 2 Dec 2007, at 09:34, Mary Hawking wrote: > Questions on confidentiality: > In a single record system - at this level (GP+Community) where the > "single organisation" has several components, e.g. several > practices + one or more Community Trusts + ? chiropody etc. > - is it technically possible to limit access to the patient record > to those patients with whom the clinician has, for want of a better > term, a "legitimate relationship"? Technically- yes, as long as there is a mind to do so. Originally, there was more here in my original reply. What I found was I was designing a medical confidentially system in situ in my reply. Rather than rush that, make mistakes and also make the reply overlong, I'm going to defer my 'reply' to a new thread once I've had time write it up properly. > - in a single record shared by different organisations, who is the > Data Controller ? > - who is responsible for data quality and correction of errors? > - who is accountable for taking action on data requested by someone > else (I'm thinking here of lab results mainly. > Suppose a district nurse requests blood tests, they are abnormal > and medical action (change of medication, admission to hospital, > further investigation etc.) is required, who is responsible for > ensuring that appropriate action is taken - and liable if it is not? From ukcrypto at chiark.greenend.org.uk Thu Dec 13 13:02:06 2007 From: ukcrypto at chiark.greenend.org.uk (ken) Date: Thu, 13 Dec 2007 13:02:06 +0000 Subject: Security breakthrough: Chip and no pin In-Reply-To: <476125E4.1010407@callnetuk.com> References: <20071116114706.GB25399@consider-phlebas.complicity.co.uk> <4742C547.9080102@callnetuk.com> <4742D1DE.9010303@iosis.co.uk> <476125E4.1010407@callnetuk.com> Message-ID: <47612D4E.8060402@students.bbk.ac.uk> > Is there no escape? I could change banks, but presumably they are all > going to do this eventually. They'll probably take notice when there have been some burglaries of retail premises which take away the POS gear. Meanwhile, we could try to get some fast cash write a script for a 21st century version of Oliver Twist with a whole new way of picking pockets. From ukcrypto at chiark.greenend.org.uk Sun Dec 16 12:56:28 2007 From: ukcrypto at chiark.greenend.org.uk (Ross Anderson) Date: Sun, 16 Dec 2007 12:56:28 +0000 Subject: Are commonly used SSL/TLS ciphers controlled by the Export Control Act? Message-ID: Nick Bohm and I spent a lot of time in 2001-2 lobbying against what became the Export Conrol Act. We pointed out at the time that extending export controls from physical goods to intangibles would cause havoc with the software industry and with scientific research. Officials weren't interested although the minister, Lord Sainsbury, did pay some attention to the effects on science. We got the Tories, the Liberals and a good number of crossbenchers (led by the then president of the Royal Society, Bob May, who made his maiden speech in the Lords on the issue) and inserted what's now section 8 into the Act, which given an exemption for scientific research. Officials promptly did an end-run around this by making regulations to pass into UK law an EU regulation controlling the export of dual-use intangibles (reg 1334/2000), thus in effect defeating the will of parliament with a classic piece of policy laundering. We argued repeatedly at the time that the introduction of such regulations would criminalise many academics - for example if I put a remark on our security mailing list about cryptanalysis and it goes to George at Microsoft via Redmond - and also criminalise many software developers, who use algorithms such as AES much like duct tape. A government peer told me, "Look, dear boy, you can never get laws to fit the boundaries exactly - just trust us and keep proper records." Officials said that they had no plans whatsoever to use export control laws against academics. In 2006, the Act got its four-year post-implementation review by the Quadripartitie Committee. I mad ethe following submission: www.cl.cam.ac.uk/~rja14/fipr-exportcontrol-2006.pdf Earlier this year I was invited to a meeting at DTI along with folks from the Royal Society and UUK. The officials gleefully announced that they'd realised that academics weren't using the export control procedures and asked our opinion about how we could help them `raise awareness' and `market' their services. I reminded them that they'd promised not to. They denied this to my face. They also claimed that it had always been illegal to export intangibles and that the Act had made no difference. I reminded them that until the Export Control Act was passed they had no sanctions available against someone who exported crypto electronically, as the Export of Goods (Control) Order on which they'd previously relied applied only to physical goods. In fact the whole Act was justified to parliament by this arguement. They denied this to my face - even though I'd sat through the debate in the Lords, in the opposition experts' box. I have refused to meet with export control officials since then; I take the view that people who will lie to my face, not just about previous discussions but about matters of record in Hansard, are not trustworthy counterparties. The reason for the push now is, I suspect, a deliberate departmental strategy to enforce the new provisions only against the usual suspects (BAe etc) during its bedding-in phase, get a positive review, and then start building a huge empire afterwards. We academics still have loopholes we can use. For example, the Serpent source code is still on my website, and it will stay there, and I'm not applying for a license. If it's downloaded by someone outside the EU than it's they who do the `export', not me. But this is a lot harder to use if you have developers working in a number of countries who're constantly shuffling code to and from version control system. So the UK software industry now stands to get screwed. I did my best, but enough other people weren't interested at the time. I'm afraid it's up to the likes of IBM and HP and M$ and Google to do the heavy lifting now. Or maybe they will just shift development to India ... Ross PS: BTW Julian the export control laws are carefully designed so that you can't "roll your own". There are a number of open licences and they even used to be online - but even then you had to register to use them. Now you have to go cap in hand even to find out what they are. And it appears to be policy to screw anyone who tries to be independent. Henry Beker and Chris Avery wrote a paper on this back during the crypto wars, but it seems to have vanished from the web - their story as crypto exporters was that the entire purpose of the system was to drive you to a meeting at which the man from GCH would try to persuade you to use as weak crypto as possible They idea that anyone could understand the rules well enough to chart a path through for themselves was anathema. Indeed, there were one or two occasions during the Lords debate when Nick and I tried to parse the thicket and decide whether software X could be exported to country Y - we usually found ouselves able to argue it both ways, and once we each changed our minds overnight and argued different ends in the morning. There are so many layers of regulations that cross-refer to each other in complex ways: the legal equivalent of software obscurity --- original message --- To: ukcrypto@chiark.greenend.org.uk Subject: Are commonly used SSL/TLS ciphers controlled by the Export Control Act ? Reply-To: ukcrypto@chiark.greenend.org.uk Forgive me if this is a FAQ - I could find only two references to "export control act" in the archives: Cryptographic ciphers appear at 5A002.a.1 in the UK Strategic Export Control List[1]. The text, reproduced at [3], clearly covers the "strong" symmetric and asymmetric ciphers commonly used in SSL/TLS. According to BERR's website[2], this implies that all exports of >56 bit SSL technology are controlled, and appropriate export licences will be required to export code (source/object) to countries outside the EU. Is this really the case? If not, can anyone point me to an exemption/case law that establishes one? The nearest thing to an exemption I can find is section 8 of the Export Control Act 2002, which forbids the Secretary of State from making control orders that would have the affect of regulating, inter alia, "the communication of information that is generally available to the public"[4]. The SSL algorithms clearly are generally available to the public, but since the SoS has, as a matter of fact, made a control order that regulates their communication, presumably he would need to be challenged in court before a potential exporter could feel safe from prosecution if he exported outside the EU without a licence? And does it make any difference whether you distribute source code or binaries? Julian Midgley [1] Current Export Control List at: http://www.berr.gov.uk/files/file42587.pdf [2] A Beginner's Guide to Export Controls: http://www.dti.gov.uk/europeandtrade/strategic-export-control/help-advice/page 33913.html [3] The relevant text cut and pasted from p. 179 of the current Export Control List: 1. Designed or modified to use "cryptography" employing digital techniques performing any cryptographic function other than authentication or digital signature having any of the following: [ Technical Notes snipped ] a. A "symmetric algorithm" employing a key length in excess of 56 bits; or b. An "asymmetric algorithm" where the security of the algorithm is based on any of the following: 1. Factorisation of integers in excess of 512 bits (e.g., RSA); 2. Computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ); or 3. Discrete logarithms in a group other than mentioned in 5A002.a.1.b.2. in excess of 112 bits (e.g., Diffie-Hellman over a n elliptic curve); [4] Section 8 of the Export Control Act: http://tinyurl.com/2hsk8q From ukcrypto at chiark.greenend.org.uk Mon Dec 17 22:21:20 2007 From: ukcrypto at chiark.greenend.org.uk (Ian G Batten) Date: Mon, 17 Dec 2007 22:21:20 +0000 Subject: DPA && DSA Message-ID: <4766F660.7060902@batten.eu.org> This is a multi-part message in MIME format. --------------020909060001070501070006 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I suspect most of us are too old to have much knowledge of driving test theory exams (I took my driving test in April 1983), but if anyone is currently in `the system', it would be interesting to make a DPA subject access request to Pearson Driving Assessments Ltd requesting the information held in Iowa. It would also be interesting to raise an FoI request against the Driving Standards Agency for their policies for exporting data to the US. ian --------------020909060001070501070006 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit I suspect most of us are too old to have much knowledge of driving test theory exams (I took my driving test in April 1983), but if anyone is currently in `the system', it would be interesting to make a DPA subject access request to Pearson Driving Assessments Ltd requesting the information held in Iowa.  It would also be interesting to raise an FoI request against the Driving Standards Agency for their policies for exporting data to the US.

ian

 --------------020909060001070501070006-- From ukcrypto at chiark.greenend.org.uk Mon Dec 17 23:12:56 2007 From: ukcrypto at chiark.greenend.org.uk (Mike Richards) Date: Mon, 17 Dec 2007 15:12:56 -0800 Subject: DPA && DSA In-Reply-To: <4766F660.7060902@batten.eu.org> References: <4766F660.7060902@batten.eu.org> Message-ID: <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> On Monday, December 17, 2007, at 10:24PM, "Ian G Batten" wrote: >I suspect most of us are too old to have much knowledge of driving test >theory exams (I took my driving test in April 1983), but if anyone is >currently in `the system', it would be interesting to make a DPA subject >access request to Pearson Driving Assessments Ltd requesting the >information held in Iowa. It would also be interesting to raise an FoI >request against the Driving Standards Agency for their policies for >exporting data to the US. Won't Pearson come under the EU - US 'Safe Harbor' policy of shipping data to the US on the vague understanding that it might be looked after? Mike. From ukcrypto at chiark.greenend.org.uk Tue Dec 18 07:18:44 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Tue, 18 Dec 2007 07:18:44 +0000 Subject: DPA && DSA In-Reply-To: <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> References: <4766F660.7060902@batten.eu.org> <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> Message-ID: <3C34504F-A6EB-4CD9-B2CD-CCA1B587A944@batten.eu.org> On 17 Dec 2007, at 23:12, Mike Richards wrote: >> It would also be interesting to raise an FoI >> request against the Driving Standards Agency for their policies for >> exporting data to the US. > > Won't Pearson come under the EU - US 'Safe Harbor' policy of > shipping data to the US on the vague understanding that it might be > looked after? Now might be a good month to make that less vague. The spin the government tried --- tacking Kelly's announcement onto Darling's, announcing the pension rescue scheme in the morning to try to take possession of the news cycle (and don't you miss your weekly dose of CJ?) --- didn't work at all, so the bright lights are being shone into all sorts of places. Interesting the media haven't yet picked up on the Cabinet Office interim report. It washes whiter, you know. ian From ukcrypto at chiark.greenend.org.uk Tue Dec 18 08:42:07 2007 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Tue, 18 Dec 2007 08:42:07 +0000 Subject: DPA && DSA In-Reply-To: <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> References: <4766F660.7060902@batten.eu.org> <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> Message-ID: <476787DF.5050105@pemble.net> Mike Richards wrote: > > >Won't Pearson come under the EU - US 'Safe Harbor' policy of shipping data to the US on the vague understanding that it might be looked after? > >Mike. > > Not according to the official list: http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list?OpenDocument&Start=880 No Pearson of any description there that I could find. Matthew From ukcrypto at chiark.greenend.org.uk Tue Dec 18 11:49:12 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Tue, 18 Dec 2007 11:49:12 +0000 Subject: DPA && DSA In-Reply-To: <476787DF.5050105@pemble.net> References: <4766F660.7060902@batten.eu.org> <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> <476787DF.5050105@pemble.net> Message-ID: In article <476787DF.5050105@pemble.net>, Matthew Pemble writes >>Won't Pearson come under the EU - US 'Safe Harbor' policy of shipping data to the US on the vague understanding that it might be looked after? >> >>Mike. >> >Not according to the official list: http://web.ita.doc.gov/safeharbor/s >hlist.nsf/webPages/safe+harbor+list?OpenDocument&Start=880 > >No Pearson of any description there that I could find. Pearson Driving Assessments Ltd is the UK company, Pearson VUE seem to be the American arm, called locally NCS Pearson it would appear; and who has this Safe Harbour registration: EU/EEA Countries From Which Personal Information Is Received: Austria, Belgium, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, United Kingdom, Cyprus, Malta, Slovakia, Estonia, Latvia, Slovenia, Lithuania, Hungary, Poland, Czech Republic Industry Sector: Computer Services - (CSV) Personal Information Received From the EU: NCS Pearson is under contract to perform computer-based testing services through its Pearson VUE business on behalf of certification, licensure, and academic admission test sponsors. Personal information about test candidates is received from the EU for such test registration and delivery of testing services and transmission to such test sponsors. As a red herring, some reports claim that Pearson VUE are headquartered in Iowa City, but no such "contact" address is on their website, and the NCS Pearson registration has a Minnesota address. There are only two Safe Harbour companies in the whole of Iowa! http://www.pearsonncs.com/ Strapline "It's all about the data" - hoho. But still no Iowa addresses. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Tue Dec 18 07:58:12 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Brown) Date: Tue, 18 Dec 2007 07:58:12 +0000 Subject: DPA && DSA In-Reply-To: <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> References: <4766F660.7060902@batten.eu.org> <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> Message-ID: --Apple-Mail-4-614160409 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On 17 Dec 2007, at 23:12, Mike Richards wrote: > Won't Pearson come under the EU - US 'Safe Harbor' policy of > shipping data to the US on the vague understanding that it might be > looked after? Here is Pearson's Safe Harbor certification. You can see it online by searching at: http://web.ita.doc.gov/safeharbor/SHList.nsf/Search?OpenForm Cheers, Ian. -- http://people.oii.ox.ac.uk/brown/ Organization Information: --Apple-Mail-4-614160409 Content-Transfer-Encoding: base64 Content-Type: image/gif; x-unix-mode=0666; name=0.20C.gif Content-Disposition: inline; filename=0.20C.gif R0lGODlhtAEEAOf/AAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAtAEEAEAIJAABCBxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsSOAgAA7 --Apple-Mail-4-614160409 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed NCS Pearson, Inc. 5601 Green Valley Drive Bloomington, Minnesota 55437 Phone: 952-681-3000 Fax: 952-681-3975 http://www.pearsonvue.com --Apple-Mail-4-614160409 Content-Transfer-Encoding: base64 Content-Type: image/gif; x-unix-mode=0666; name=ecblank.gif Content-Disposition: inline; filename=ecblank.gif R0lGODlhEAABAIAAAAAAAP///yH5BAEAAAEALAAAAAAQAAEAAAIEjI8ZBQA7 --Apple-Mail-4-614160409 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Contact Information: --Apple-Mail-4-614160409 Content-Transfer-Encoding: base64 Content-Type: image/gif; x-unix-mode=0666; name=0.C8E.gif Content-Disposition: inline; filename=0.C8E.gif R0lGODlhtAEEAOf/AAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAtAEEAEAIJAABCBxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsSOAgAA7 --Apple-Mail-4-614160409 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Contact Office: Contracts Contact Name: Monica Theis, Contracts Manager Phone: 952-681-3615 Fax: 952-681-3975 Email: monica.theis@pearson.com Corporate Officer Information: --Apple-Mail-4-614160409 Content-Transfer-Encoding: base64 Content-Type: image/gif; x-unix-mode=0666; name=0.126A.gif Content-Disposition: inline; filename=0.126A.gif R0lGODlhtAEEAOf/AAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAtAEEAEAIJAABCBxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsSOAgAA7 --Apple-Mail-4-614160409 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Corporate Officer: Robert D. Whelan, President, Pearson VUE Phone: 952-681-3827 Fax: 952-681-3975 Email: bob.whelan@pearson.com Safe Harbor Information: --Apple-Mail-4-614160409 Content-Transfer-Encoding: base64 Content-Type: image/gif; x-unix-mode=0666; name=0.16F0.gif Content-Disposition: inline; filename=0.16F0.gif R0lGODlhtAEEAOf/AAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAtAEEAEAIJAABCBxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsSOAgAA7 --Apple-Mail-4-614160409 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Signed up to safe harbor 11/06/2002 06:00:50 PM Next certification 11/06/2008 EU/EEA Countries From Which Personal Information Is Received: Austria, Belgium, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, United Kingdom, Cyprus, Malta, Slovakia, Estonia, Latvia, Slovenia, Lithuania, Hungary, Poland, Czech Republic Industry Sector: Computer Services - (CSV) Personal Information Received From the EU: NCS Pearson is under contract to perform computer-based testing services through its Pearson VUE business on behalf of certification, licensure, and academic admission test sponsors. Personal information about test candidates is received from the EU for such test registration and delivery of testing services and transmission to such test sponsors. Privacy Policy Effective: Last updated on April 4, 2005 Location: http://www.pearsonvue.com/legal/privacy Regulated by: Federal Trade Commission Privacy Programs: none Verification: In-House Dispute Resolution: NCS Pearson commits to cooperation with the EU Data Protection Authorities. Personal Data Covered: On-Line, Off-Line, Manually Processed Human Resource Data Covered: No Do you agree to cooperate and comply with the European Data Protection Authorities? Yes Certification Status: Current Compliance Status: --Apple-Mail-4-614160409-- From ukcrypto at chiark.greenend.org.uk Tue Dec 18 12:01:21 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Tue, 18 Dec 2007 12:01:21 +0000 Subject: DPA && DSA In-Reply-To: References: <4766F660.7060902@batten.eu.org> <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> <476787DF.5050105@pemble.net> Message-ID: <9B4413FE-A338-4979-B722-441BEDEFA0D1@batten.eu.org> On 18 Dec 07, at 1149, Roland Perry wrote: > In article <476787DF.5050105@pemble.net>, Matthew Pemble > writes >>> Won't Pearson come under the EU - US 'Safe Harbor' policy of >>> shipping data to the US on the vague understanding that it might >>> be looked after? >>> >>> Mike. >>> >> Not according to the official list: http://web.ita.doc.gov/ >> safeharbor/s >> hlist.nsf/webPages/safe+harbor+list?OpenDocument&Start=880 >> >> No Pearson of any description there that I could find. > > Pearson Driving Assessments Ltd is the UK company, Pearson VUE seem to > be the American arm, called locally NCS Pearson it would appear; > and who > has this Safe Harbour registration: [...] The interesting question is why they were holding telephone numbers from three years ago. I've asked my MP to ask La Kelly. ian From ukcrypto at chiark.greenend.org.uk Tue Dec 18 12:06:35 2007 From: ukcrypto at chiark.greenend.org.uk (M J D Brown) Date: Tue, 18 Dec 2007 12:06:35 -0000 Subject: DPA && DSA References: <4766F660.7060902@batten.eu.org> Message-ID: <004701c8416e$7479b380$891a313e@Powerstation> Ian Batten wrote on Monday, December 17, 2007 at 10:21 PM: >I suspect most of us are too old to have much knowledge of driving test > theory exams (I took my driving test in April 1983), but if anyone is > currently in `the system', it would be interesting to make a DPA > subject > access request to Pearson Driving Assessments Ltd requesting the > information held in Iowa. It would also be interesting to raise an > FoI > request against the Driving Standards Agency for their policies for > exporting data to the US. It would seem that the information related to identifiable persons linked with the inference that they did not yet possess a full driving licence. As such, the data is quite clearly subject to the Data Protection Act. As I understand it, there is no US data protection legislation compliant with EU requirements. If so, the export of identifiable personal information would comprise an offence under the UK DPA. Mike. From ukcrypto at chiark.greenend.org.uk Tue Dec 18 12:17:12 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Tue, 18 Dec 2007 12:17:12 +0000 Subject: DPA && DSA In-Reply-To: <9B4413FE-A338-4979-B722-441BEDEFA0D1@batten.eu.org> References: <4766F660.7060902@batten.eu.org> <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> <476787DF.5050105@pemble.net> <9B4413FE-A338-4979-B722-441BEDEFA0D1@batten.eu.org> Message-ID: In article <9B4413FE-A338-4979-B722-441BEDEFA0D1@batten.eu.org>, Ian Batten writes >The interesting question is why they were holding telephone numbers >from three years ago. I've asked my MP to ask La Kelly. On two levels: (a) does their data retention policy state they expect to hold the data that long, and why [it's often to do with being able to conduct appeals in an efficient manner] and (b) if it doesn't, then why were they not applying the policy, and what other data is being held in excess of that policy. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Tue Dec 18 12:28:05 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Tue, 18 Dec 2007 12:28:05 +0000 Subject: DPA && DSA In-Reply-To: <004701c8416e$7479b380$891a313e@Powerstation> References: <4766F660.7060902@batten.eu.org> <004701c8416e$7479b380$891a313e@Powerstation> Message-ID: In article <004701c8416e$7479b380$891a313e@Powerstation>, M J D Brown writes >As I understand it, there is no US data protection legislation >compliant with EU requirements. If so, the export of identifiable >personal information would comprise an offence under the UK DPA. The "Safe Harbour" scheme is what enables data transfers such as this. http://www.export.gov/safeharbor/ -- Roland Perry From ukcrypto at chiark.greenend.org.uk Tue Dec 18 12:41:15 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Tue, 18 Dec 2007 12:41:15 +0000 Subject: DPA && DSA In-Reply-To: References: <4766F660.7060902@batten.eu.org> <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> <476787DF.5050105@pemble.net> Message-ID: <4767BFEB.7040905@iosis.co.uk> Roland Perry wrote: > As a red herring, some reports claim that Pearson VUE are > headquartered in Iowa City, but no such "contact" address is on their > website, and the NCS Pearson registration has a Minnesota address. My recollection is that Ruth said that the disc went missing from a Pearson data centre in Iowa City. Peter From ukcrypto at chiark.greenend.org.uk Tue Dec 18 13:20:25 2007 From: ukcrypto at chiark.greenend.org.uk (M J D Brown) Date: Tue, 18 Dec 2007 13:20:25 -0000 Subject: DPA && DSA References: <4766F660.7060902@batten.eu.org> <004701c8416e$7479b380$891a313e@Powerstation> Message-ID: <011d01c84178$c57e0330$891a313e@Powerstation> ----- Original Message ----- From: "Roland Perry" To: Sent: Tuesday, December 18, 2007 12:28 PM Subject: Re: DPA && DSA > In article <004701c8416e$7479b380$891a313e@Powerstation>, M J D Brown > writes >>As I understand it, there is no US data protection legislation >>compliant with EU requirements. If so, the export of identifiable >>personal information would comprise an offence under the UK DPA. > > The "Safe Harbour" scheme is what enables data transfers such as this. > > http://www.export.gov/safeharbor/ > -- > Roland Perry The text of the registration posted by an earlier correspondent excludes 'human resources' and contains no status verification. I wonder if that actually qualifies as compliant. Mike. From ukcrypto at chiark.greenend.org.uk Tue Dec 18 13:26:32 2007 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Tue, 18 Dec 2007 13:26:32 +0000 Subject: DPA && DSA In-Reply-To: References: <4766F660.7060902@batten.eu.org> <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> <476787DF.5050105@pemble.net> Message-ID: <4767CA88.3000802@pemble.net> Roland Perry wrote: >In article <476787DF.5050105@pemble.net>, Matthew Pemble > writes > > >> No Pearson of any description there that I could find. > > >Pearson Driving Assessments Ltd is the UK company, Pearson VUE seem to >be the American arm, called locally NCS Pearson it would appear; and who >has this Safe Harbour registration: > > Mea culpa. The full link for those interested. Or it is no808 on the list: http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list?OpenDocument&Start=808 Matthew From ukcrypto at chiark.greenend.org.uk Tue Dec 18 13:32:24 2007 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Tue, 18 Dec 2007 13:32:24 +0000 Subject: DPA && DSA In-Reply-To: <011d01c84178$c57e0330$891a313e@Powerstation> References: <4766F660.7060902@batten.eu.org> <004701c8416e$7479b380$891a313e@Powerstation> <011d01c84178$c57e0330$891a313e@Powerstation> Message-ID: <4767CBE8.3080404@pemble.net> Mike, >The text of the registration posted by an earlier correspondent excludes >'human resources' and contains no status verification. I wonder if that >actually qualifies as compliant. > > I have just posted a link to the actual record. I would assume that as people apply for the tests they are customers for the system, as opposed to employees, therefore it isn't so much 'Human Resources' as 'Human Materials'. Also, if you look here, you'll see that the 'Compliance Status' field is only populated (yes, I know this doesn't make sense but it is the government) if they have 'persistently failed to comply'. Matthew From ukcrypto at chiark.greenend.org.uk Tue Dec 18 14:12:16 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Tue, 18 Dec 2007 14:12:16 +0000 Subject: DPA && DSA In-Reply-To: <4767BFEB.7040905@iosis.co.uk> References: <4766F660.7060902@batten.eu.org> <77DA0BEA-0116-1000-8579-9677F2C2731B-Webmail-10017@mac.com> <476787DF.5050105@pemble.net> <4767BFEB.7040905@iosis.co.uk> Message-ID: <8++lmprAV9ZHFArU@perry.co.uk> In article <4767BFEB.7040905@iosis.co.uk>, Peter Tomlinson writes >> As a red herring, some reports claim that Pearson VUE are >> headquartered in Iowa City, but no such "contact" address is on their >> website, and the NCS Pearson registration has a Minnesota address. > >My recollection is that Ruth said that the disc went missing from a >Pearson data centre in Iowa City. Perhaps she did, but some reports did conflate that into a location for corporate HQ, but most online reports have fixed that now. [And yes, this is the same Pearson as owns the FT]. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Tue Dec 18 13:09:03 2007 From: ukcrypto at chiark.greenend.org.uk (Ben Laurie) Date: Tue, 18 Dec 2007 13:09:03 +0000 Subject: DPA && DSA In-Reply-To: <4766F660.7060902@batten.eu.org> References: <4766F660.7060902@batten.eu.org> Message-ID: <4767C66F.7000303@links.org> Ian G Batten wrote: > I suspect most of us are too old to have much knowledge of driving test > theory exams (I took my driving test in April 1983), but if anyone is > currently in `the system', it would be interesting to make a DPA subject > access request to Pearson Driving Assessments Ltd requesting the > information held in Iowa. As it happens, I am. Why would it be interesting? > It would also be interesting to raise an FoI > request against the Driving Standards Agency for their policies for > exporting data to the US. > > ian > -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From ukcrypto at chiark.greenend.org.uk Tue Dec 18 18:07:29 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Tue, 18 Dec 2007 18:07:29 +0000 Subject: DPA && DSA In-Reply-To: <4767C66F.7000303@links.org> References: <4766F660.7060902@batten.eu.org> <4767C66F.7000303@links.org> Message-ID: On 18 Dec 07, at 1309, Ben Laurie wrote: > Ian G Batten wrote: >> I suspect most of us are too old to have much knowledge of driving >> test >> theory exams (I took my driving test in April 1983), but if anyone is >> currently in `the system', it would be interesting to make a DPA >> subject >> access request to Pearson Driving Assessments Ltd requesting the >> information held in Iowa. > > As it happens, I am. Why would it be interesting? To see what they say. ian From ukcrypto at chiark.greenend.org.uk Wed Dec 19 15:23:48 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Wed, 19 Dec 2007 15:23:48 +0000 Subject: MTAS: "sharp rebuke for govt" by ICO Message-ID: <47693784.3070105@iosis.co.uk> Wed 19/12/07: Channel 4 News at lunchtime had the story of the ICO's rebuke to DoH over MTAS. Its currently on the home page www.channel4.com/news/ where you can click to watch the lunchtime report. ICO Press Release is at http://www.ico.gov.uk/upload/documents/pressreleases/2007/doh_undertaking_pr.pdf Peter From ukcrypto at chiark.greenend.org.uk Wed Dec 19 16:57:17 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Wed, 19 Dec 2007 16:57:17 +0000 Subject: MTAS: "sharp rebuke for govt" by ICO In-Reply-To: <47693784.3070105@iosis.co.uk> References: <47693784.3070105@iosis.co.uk> Message-ID: <3AA83CBF-9DC8-4E99-9537-AB51B58F4434@batten.eu.org> On 19 Dec 07, at 1523, Peter Tomlinson wrote: > Wed 19/12/07: Channel 4 News at lunchtime had the story of the > ICO's rebuke to DoH over MTAS. Its currently on the home page > www.channel4.com/news/ where you can click to watch the lunchtime > report. > > ICO Press Release is at http://www.ico.gov.uk/upload/documents/ > pressreleases/2007/doh_undertaking_pr.pdf > > Peter > > Those with a sense of humour, albeit mordant, might care to read the Department of Health's ``Information Security'' policy (http:// www.dh.gov.uk/en/Policyandguidance/Informationpolicy/ Informationsecurity/index.htm). The giveaway as to how seriously the Department of Health takes it, and how often anyone who works for the Department of Health looks at it, is in the date: ``24 Arpil 2007''. Yes, Arpil. Quality stuff, eh? Once you're beyond that, it's a little surprising that the ICO had to investigate this, because the policy clearly says: > all breaches of information security, actual or suspected, shall be > recorded, > reported to and investigated by an appropriately experienced and > skilled > Information Security Officer; > And surely in this case, given the massive publicity that attended it, there must have been such an investigation? Surely? ian From ukcrypto at chiark.greenend.org.uk Sun Dec 23 00:33:57 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Sun, 23 Dec 2007 00:33:57 +0000 Subject: NHS Trusts, Nine of them, join the HMRC Message-ID: http://www.guardian.co.uk/uklatest/story/0,,-7173596,00.html From ukcrypto at chiark.greenend.org.uk Sun Dec 23 14:01:50 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Sun, 23 Dec 2007 14:01:50 +0000 Subject: Security of personal data within the NHS Message-ID: <476E6A4E.9010803@iosis.co.uk> Just before 2 pm Sunday 23/12: Dawn Primarolo on BBC News 24 about personal data in the NHS: The new system has "the latest and highest standards of security". And "the very highest level of confidentiality and security". Peter From ukcrypto at chiark.greenend.org.uk Sun Dec 23 14:23:25 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Sun, 23 Dec 2007 14:23:25 +0000 Subject: Security of personal data within the NHS In-Reply-To: <476E6A4E.9010803@iosis.co.uk> References: <476E6A4E.9010803@iosis.co.uk> Message-ID: <95FF8F6D-8432-4F96-A488-259EB2F81803@batten.eu.org> On 23 Dec 2007, at 14:01, Peter Tomlinson wrote: > Just before 2 pm Sunday 23/12: Dawn Primarolo on BBC News 24 about > personal data in the NHS: > The new system has "the latest and highest standards of security". > And "the very highest level of confidentiality and security". > They said that about the Titanic. And government is fond of minimising risks: to see how unlikely doesn't mean impossible, google for Violet Jessop. ian From ukcrypto at chiark.greenend.org.uk Sun Dec 23 17:51:37 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Sun, 23 Dec 2007 17:51:37 +0000 Subject: Security of personal data within the NHS In-Reply-To: <95FF8F6D-8432-4F96-A488-259EB2F81803@batten.eu.org> References: <476E6A4E.9010803@iosis.co.uk> <95FF8F6D-8432-4F96-A488-259EB2F81803@batten.eu.org> Message-ID: <476EA029.6040706@iosis.co.uk> Ian Batten wrote: > On 23 Dec 2007, at 14:01, Peter Tomlinson wrote: >> Just before 2 pm Sunday 23/12: Dawn Primarolo on BBC News 24 about >> personal data in the NHS: >> The new system has "the latest and highest standards of security". >> And "the very highest level of confidentiality and security". > They said that about the Titanic. And government is fond of > minimising risks: to see how unlikely doesn't mean impossible, google > for Violet Jessop. > Honest, I have not spend this Sunday before Christmas scanning media channels, but simply put the TV on once for the headlines, and did it a couple of minutes early - there was Ms P. Now, driving back a short journey from Sainsbury's, on R4 in the 5pm news headlines they said that DoH had said that the security of patient records is the responsibility of the individual trusts. So how can they justify imposing on the NHS a national database method that the trusts cannot control? Merry (or perhaps Puzzled) Christmas, Peter From ukcrypto at chiark.greenend.org.uk Mon Dec 24 08:43:43 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Mon, 24 Dec 2007 08:43:43 +0000 Subject: Security of personal data within the NHS In-Reply-To: <476EA029.6040706@iosis.co.uk> References: <476E6A4E.9010803@iosis.co.uk> <95FF8F6D-8432-4F96-A488-259EB2F81803@batten.eu.org> <476EA029.6040706@iosis.co.uk> Message-ID: <3DB99DD4-0289-4064-B486-4AA2FBB85C1E@batten.eu.org> On 23 Dec 2007, at 17:51, Peter Tomlinson wrote: > Ian Batten wrote: >> On 23 Dec 2007, at 14:01, Peter Tomlinson wrote: >>> Just before 2 pm Sunday 23/12: Dawn Primarolo on BBC News 24 about >>> personal data in the NHS: >>> The new system has "the latest and highest standards of security". >>> And "the very highest level of confidentiality and security". >> They said that about the Titanic. And government is fond of >> minimising risks: to see how unlikely doesn't mean impossible, >> google for Violet Jessop. >> > Honest, I have not spend this Sunday before Christmas scanning media > channels, but simply put the TV on once for the headlines, and did > it a couple of minutes early - there was Ms P. Now, driving back a > short journey from Sainsbury's, on R4 in the 5pm news headlines they > said that DoH had said that the security of patient records is the > responsibility of the individual trusts. So how can they justify > imposing on the NHS a national database method that the trusts > cannot control? She's quoted in the Graun this morning saying: > Primarolo said that 1 million patients were treated every 36 hours, > and added that NHS procedures were far more secure than internet > banking. That's an interesting claim, given the wildly different security landscapes of the two arms of the comparison (for a start off, users of internet banking have a very personal stake in maintaining the security, which NHS employees with the best will in the world don't. Does anyone happen to be a constituent of Red Dawn? It would be interesting to find out the basis upon which she makes this claim. ``More Secure'' against what? Assessed how? ``Compare and contrast the security of the NHS with the security of the online banking sector'' strikes me as rather more than a simple undergraduate essay question, and if Primarolo doesn't know the data that's been lost, it's hard to see how she can make this claim. ian From ukcrypto at chiark.greenend.org.uk Mon Dec 24 14:24:51 2007 From: ukcrypto at chiark.greenend.org.uk (OTC) Date: Mon, 24 Dec 2007 14:24:51 +0000 Subject: Security of personal data within the NHS In-Reply-To: <3DB99DD4-0289-4064-B486-4AA2FBB85C1E@batten.eu.org> References: <476E6A4E.9010803@iosis.co.uk> <95FF8F6D-8432-4F96-A488-259EB2F81803@batten.eu.org> <476EA029.6040706@iosis.co.uk> <3DB99DD4-0289-4064-B486-4AA2FBB85C1E@batten.eu.org> Message-ID: <476FC133.7060906@callnetuk.com> Ian Batten wrote on 24-12-07 08:43: > >> Primarolo said that 1 million patients were treated every 36 hours, >> and added that NHS procedures were far more secure than internet banking. > > That's an interesting claim, given the wildly different security > landscapes of the two arms of the comparison (for a start off, users of > internet banking have a very personal stake in maintaining the security, > which NHS employees with the best will in the world don't. Does anyone > happen to be a constituent of Red Dawn? It would be interesting to > find out the basis upon which she makes this claim. She's just regurgitating a PR line that has been trotted out for several years now by Connecting for Health and its predecessors. I don't really think it's supposed to mean anything specific, other than "Now children, do run along and stop bothering us, we know what we're doing and we really don't have time for all this confidentiality nonsense." -- Pete Mitchell From ukcrypto at chiark.greenend.org.uk Tue Dec 25 10:11:39 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Tue, 25 Dec 2007 10:11:39 +0000 Subject: Security of personal data within the NHS In-Reply-To: <3DB99DD4-0289-4064-B486-4AA2FBB85C1E@batten.eu.org> References: <476E6A4E.9010803@iosis.co.uk> <95FF8F6D-8432-4F96-A488-259EB2F81803@batten.eu.org> <476EA029.6040706@iosis.co.uk> <3DB99DD4-0289-4064-B486-4AA2FBB85C1E@batten.eu.org> Message-ID: <4770D75B.9020904@iosis.co.uk> Ian Batten wrote: > > Does anyone happen to be a constituent of Red Dawn? No, but she's only on the other side of town. I remember when she was an Avon Councillor in the days of the loony left. Peter