From ukcrypto at chiark.greenend.org.uk Sun Sep 2 10:47:02 2007 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Sun, 02 Sep 2007 10:47:02 +0100 Subject: NHS email encryption In-Reply-To: <46D86788.7030101@defoam.net> References: <46CEE726.5000806@defoam.net>, <46D81F5B.308.11ADB12@davidh.spidacom.co.uk>, <46D86788.7030101@defoam.net> Message-ID: <46DA94A6.10663.853486@davidh.spidacom.co.uk> On 31 Aug 2007 at 20:10, Adrian Midgley wrote: > JOhn Snow. > He mapped the area, then plotted on his map each Cholera case. > THen determined, on the ground I think, for each house in the area which > of the two pumps they went to to get tehir water. > He demonstrated that the families who got water from the Broad St pump > tended to get Cholera, and the familes who went to the other pump > tended not to. > > Then, having crunched his numbers thus, he went and removed the handle > of the Broad St Pump. The first step in his research was not to crunch numbers. Rather it was to establish the position of every outbreak., gathering real data. Very different from starting off by trying to sift data. The same is true of the study of electrical conductors mentioned earlier. The way to do this is to take an area, ask people if they mind helping and then measure distances and field strengths precisely. It is the difference between producing a map of mobile phone coverage from data and producing one byt measuring signal strength. I know which map is better if one is interested in whether a mobile phone will work. As has been said in another place, the medical mob are not very good at science or maths. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Sun Sep 2 12:16:52 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sun, 2 Sep 2007 12:16:52 +0100 Subject: NHS email encryption In-Reply-To: <46DA94A6.10663.853486@davidh.spidacom.co.uk> References: <46CEE726.5000806@defoam.net> <46D81F5B.308.11ADB12@davidh.spidacom.co.uk> <46D86788.7030101@defoam.net> <46DA94A6.10663.853486@davidh.spidacom.co.uk> Message-ID: In article <46DA94A6.10663.853486@davidh.spidacom.co.uk>, David Hansen writes >> Then, having crunched his numbers thus, he went and removed the handle >> of the Broad St Pump. > >The first step in his research was not to crunch numbers. Rather it was >to establish the position of every outbreak., gathering real data. Very >different from starting off by trying to sift data. > >The same is true of the study of electrical conductors mentioned >earlier. The way to do this is to take an area, ask people if they mind >helping Which means collecting medical records direct from the public? Which they don't have immediate access to anyway. Or are you suggesting you get a list of people who have agreed, then ask the NHS. Although that sample is self-selecting and therefore statistically worthless. >and then measure distances and field strengths precisely. That's needed too. But doesn't require the public's help, nor their medical records. >It is the difference between producing a map of mobile phone coverage >from data and producing one byt measuring signal strength. I know which >map is better if one is interested in whether a mobile phone will work. The mobile phone companies do both (I have friends who produce the maps). You start off with some very sophisticated maths (to see where you need to put the masts - moving them around afterwards is a bit costly), then drive the area with suitably equipped van. >As has been said in another place, the medical mob are not very good at >science or maths. And IT people are bad at Epidemiology. (They'd have a better grasp of their audience and who encounters how much of their brand of bugs, otherwise). -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sun Sep 2 14:21:31 2007 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Sun, 02 Sep 2007 14:21:31 +0100 Subject: NHS email encryption In-Reply-To: References: <46CEE726.5000806@defoam.net>, <46DA94A6.10663.853486@davidh.spidacom.co.uk>, Message-ID: <46DAC6EB.23673.14995E6@davidh.spidacom.co.uk> On 2 Sep 2007 at 12:16, Roland Perry wrote: > >The first step in his research was not to crunch numbers. Rather it was > >to establish the position of every outbreak., gathering real data. Very > >different from starting off by trying to sift data. > > > >The same is true of the study of electrical conductors mentioned > >earlier. The way to do this is to take an area, ask people if they mind > >helping > > Which means collecting medical records direct from the public? No. It means asking the people in the study. If some medical bod wishes to use *my* medical information for a study they can get in touch, explain what the study is about and, if I agree, they can look at it. I could also add information not included in my notes. If they have a convincing argument for their study then I wiuld have no objection. Instead, in their usual arrogant manner, these bods assume that they can use *my* information for whatever whim they are following at the moment. That sort of arrogance disgusts me, it is the same sort of arrogance displayed by telecommunications companies with regard to RIP and their failure to notify me when I am a victim of the Egg Marketing Board. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Mon Sep 3 09:52:56 2007 From: ukcrypto at chiark.greenend.org.uk (Ian G Batten) Date: Mon, 3 Sep 2007 09:52:56 +0100 Subject: NHS email encryption In-Reply-To: <46DA94A6.10663.853486@davidh.spidacom.co.uk> References: <46CEE726.5000806@defoam.net>, <46D81F5B.308.11ADB12@davidh.spidacom.co.uk>, <46D86788.7030101@defoam.net> <46DA94A6.10663.853486@davidh.spidacom.co.uk> Message-ID: <7B889390-6B91-4C28-A358-C785B08A9F82@uk.fujitsu.com> On 2 Sep 2007, at 10:47, David Hansen wrote: > > The same is true of the study of electrical conductors mentioned > earlier. The way to do this is to take an area, ask people if they > mind > helping and then measure distances and field strengths precisely. Snow's long-term victory was to show that cholera wasn't caused by `bad airs', but by water. Had he done what you're suggesting, he would have taken an area, asked people to help in his study, and then measured the strength of the miasmas. It's poor science to assume the answer. Suppose we did find that some condition clusters along the 132kV network. Is it EM field? Is it the noise? Is it poverty (houses under large wires are less aesthetic, so less change hands for less)? Is it fear (parents who believe that EM is an issue don't let their children play outside under the wires, so they are exposed to more carcinogens in the house?) Is it only overheads, or are buried 132kV an issue as well, in which case cooling oil could be an issue? Who knows? Epidemiology on self-selecting groups is very difficult, too. Run a study on X-cancer which is volunteered for and people with a family history of X will enrol more frequently than those without. ian From ukcrypto at chiark.greenend.org.uk Mon Sep 3 11:10:53 2007 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Mon, 03 Sep 2007 11:10:53 +0100 Subject: NHS email encryption In-Reply-To: <7B889390-6B91-4C28-A358-C785B08A9F82@uk.fujitsu.com> References: <46CEE726.5000806@defoam.net>, <46DA94A6.10663.853486@davidh.spidacom.co.uk>, <7B889390-6B91-4C28-A358-C785B08A9F82@uk.fujitsu.com> Message-ID: <46DBEBBD.16845.16EBAD@davidh.spidacom.co.uk> On 3 Sep 2007 at 9:52, Ian G Batten wrote: > Snow's long-term victory was to show that cholera wasn't caused by > `bad airs', but by water. Had he done what you're suggesting, he > would have taken an area, asked people to help in his study, and then > measured the strength of the miasmas. Assuming it was possible to measure such things, had he done so he would have found no correlation. The choice would then have been to fix the results or look for something else. There were two competing theories in Victorian times. The miasma theory had the most support, but was wrong. Those who said disease was waterborne were often laughed at, but were right. The man who banished many diseases in London was the engineer Joseph Bazalgette, not the medical mob. Had he been able to start his sewers earlier, there was a long time when he was prevented from starting work, lots of people whould have been kep alive for longer. While one should always appreciate the medical mob for their efforts they should never be allowed to get too big for their boots. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Mon Sep 3 11:29:26 2007 From: ukcrypto at chiark.greenend.org.uk (Gerard Freriks) Date: Mon, 3 Sep 2007 12:29:26 +0200 Subject: NHS email encryption In-Reply-To: <46DBEBBD.16845.16EBAD@davidh.spidacom.co.uk> References: <46CEE726.5000806@defoam.net>, <46DA94A6.10663.853486@davidh.spidacom.co.uk>, <7B889390-6B91-4C28-A358-C785B08A9F82@uk.fujitsu.com> <46DBEBBD.16845.16EBAD@davidh.spidacom.co.uk> Message-ID: <2752DF07-F9E2-4265-BBF5-06BF2721762E@luna.nl> --Apple-Mail-48-54769470 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed I'm "medical mob", but agree fully. GF -- -- Gerard Freriks, MD Huigsloterdijk 378 2158 LR Buitenkaag The Netherlands T: +31 252544896 M: +31 620347088 E: gfrer@luna.nl Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 On Sep 3, 2007, at 12:10 PM, David Hansen wrote: > While one should always appreciate the medical mob for their efforts > they should never be allowed to get too big for their boots. --Apple-Mail-48-54769470 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=ISO-8859-1 I'm "medical mob", but agree = fully.

GF
=

--=A0 <private> = --
Gerard Freriks, MD
2158 LR = Buitenkaag
The Netherlands

T:=A0 +31 = 252544896
M:=A0+31 620347088
E:=A0 =A0=A0 =A0gfrer@luna.nl


Those who would give up essential Liberty, to = purchase a little temporary=A0
Safety, = deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov = 1755

On Sep = 3, 2007, at 12:10 PM, David Hansen wrote:

While one should always = appreciate the medical mob for their efforts=A0

they should never be allowed to get too = big for their boots.

=

= --Apple-Mail-48-54769470-- From ukcrypto at chiark.greenend.org.uk Tue Sep 4 13:53:59 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Tue, 4 Sep 2007 13:53:59 +0100 Subject: NHS email encryption In-Reply-To: <46DAC6EB.23673.14995E6@davidh.spidacom.co.uk> References: <46CEE726.5000806@defoam.net> <46DA94A6.10663.853486@davidh.spidacom.co.uk> <46DAC6EB.23673.14995E6@davidh.spidacom.co.uk> Message-ID: In article <46DAC6EB.23673.14995E6@davidh.spidacom.co.uk>, David Hansen writes >On 2 Sep 2007 at 12:16, Roland Perry wrote: > >> >The first step in his research was not to crunch numbers. Rather it was >> >to establish the position of every outbreak., gathering real data. Very >> >different from starting off by trying to sift data. >> > >> >The same is true of the study of electrical conductors mentioned >> >earlier. The way to do this is to take an area, ask people if they mind >> >helping >> >> Which means collecting medical records direct from the public? > >No. It means asking the people in the study. They don't know exactly enough what their medical records say (even if the doctor did tell them once, most will have forgotten). >If some medical bod wishes to use *my* medical information for a study >they can get in touch, explain what the study is about and, if I agree, >they can look at it. I could also add information not included in my >notes. If they have a convincing argument for their study then I wiuld >have no objection. It's an approach that doesn't scale, and introduces self-selection. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Tue Sep 4 15:46:14 2007 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Tue, 04 Sep 2007 15:46:14 +0100 Subject: NHS email encryption In-Reply-To: References: <46CEE726.5000806@defoam.net>, <46DAC6EB.23673.14995E6@davidh.spidacom.co.uk>, Message-ID: <46DD7DC6.21879.1031EBD@davidh.spidacom.co.uk> On 4 Sep 2007 at 13:53, Roland Perry wrote: > >If some medical bod wishes to use *my* medical information for a study > >they can get in touch, explain what the study is about and, if I agree, > >they can look at it. I could also add information not included in my > >notes. If they have a convincing argument for their study then I wiuld > >have no objection. > > It's an approach that doesn't scale, and introduces self-selection. It is an approach which has worked for some time. I'm not convinced that Icelandic style appeoaches will do better. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Tue Sep 4 22:06:27 2007 From: ukcrypto at chiark.greenend.org.uk (Mary Hawking) Date: Tue, 4 Sep 2007 22:06:27 +0100 Subject: NHS email encryption In-Reply-To: <20070904064519.16994.46938.Mailman@chiark.greenend.org.uk> References: <20070904064519.16994.46938.Mailman@chiark.greenend.org.uk> Message-ID: <4W7U8XETjc3GFw9X@tigers.demon.co.uk> In message <20070904064519.16994.46938.Mailman@chiark.greenend.org.uk>, ukcrypto-request@chiark.greenend.org.uk writes >There were two competing theories in Victorian times. The miasma theory >had the most support, but was wrong. Those who said disease was >waterborne were often laughed at, but were right. > >The man who banished many diseases in London was the engineer Joseph >Bazalgette, not the medical mob. Had he been able to start his sewers >earlier, there was a long time when he was prevented from starting >work, lots of people whould have been kep alive for longer. I would agree that sanitation , sewers, clean water and other public health measures have produced better life expectancy than most high tech medical interventions. *However* I am not clear about the time sequence of this - or the reasons for Joseph Bazalgette being prevented from starting work on sewers - and equally why the work was allowed to proceed. Did Snow's work have any influence on this? After all, it did seem to show a connection between water supply and cholera! ;-> > >While one should always appreciate the medical mob for their efforts >they should never be allowed to get too big for their boots. I'm not sure what this is about: Snow's work and observations were good - and have been corroborated by subsequent work: I don't recall that he claimed to have provided a permanent solution to the problem of epidemic cholera: merely to have demonstrated that there was a connection between water supplies and the people affected in that epidemic. In the days when the miasma theory of spread of cholera was the dominant theory, this was sensational - and no doubt provided further reasons for employing engineers to install sewage systems! Mary Hawking (GP - one of "the medical mob") PS any views on Edward Jenner? PS any other mobs who need taking down a peg? -- Mary Hawking From ukcrypto at chiark.greenend.org.uk Wed Sep 5 08:36:52 2007 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Wed, 05 Sep 2007 08:36:52 +0100 Subject: NHS email encryption In-Reply-To: <4W7U8XETjc3GFw9X@tigers.demon.co.uk> References: <20070904064519.16994.46938.Mailman@chiark.greenend.org.uk>, <4W7U8XETjc3GFw9X@tigers.demon.co.uk> Message-ID: <46DE6AA4.30572.500AD8@davidh.spidacom.co.uk> On 4 Sep 2007 at 22:06, Mary Hawking wrote: > *However* I am not clear about the time sequence of this - or the > reasons for Joseph Bazalgette being prevented from starting work on > sewers - and equally why the work was allowed to proceed. > Did Snow's work have any influence on this? After all, it did seem to > show a connection between water supply and cholera! ;-> IIRC the time sequence is that Mr Snow's work was a little earlier. I suspect that it was part of the reason Mr Bazalgette pushed for proper sewers, but far from the only reason. The latter tried for many years to get something done about sewers. After a fairly long struggle the organisation was created, but for several years their plans remained plans. It was only when the politicians were directly exposed to the Great Stink in their palace that they allowed the work to proceed. > >While one should always appreciate the medical mob for their efforts > >they should never be allowed to get too big for their boots. > > I'm not sure what this is about: Snow's work and observations were good > - and have been corroborated by subsequent work: His work was fine, but very different from the sort of ineffectual data shifting the medical research mob wish to carry out without permission. > PS any views on Edward Jenner? No. Until I looked him up it was not a name I was familiar with. > PS any other mobs who need taking down a peg? Plenty of them. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Thu Sep 20 07:39:16 2007 From: ukcrypto at chiark.greenend.org.uk (Clive D. W. Feather) Date: Thu, 20 Sep 2007 07:39:16 +0100 Subject: NHS email encryption In-Reply-To: <46D7D4BC.7000505@callnetuk.com> References: <46CEE726.5000806@defoam.net> <46D003F5.3040303@gmx.co.uk> <46D0298F.8050501@defoam.net> <46D05C2E.4080103@gmx.co.uk> <46D17909.5090802@defoam.net> <46D2CC59.2010300@callnetuk.com> <46D6947C.40501@callnetuk.com> <484A2CB2-4A73-4D1E-B701-D2B8C46F61A5@uk.fujitsu.com> <46D7D4BC.7000505@callnetuk.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <46D7D4BC.7000505@callnetuk.com>, PeteM writes >There are only 36 addresses that match my postcode, [...] >In areas that are less densely populated than SW London there are >probably even fewer households per postcode. Data point: my current postcode covers 14 addresses (it used to be 13, but someone converted their garage to a granny flat). My previous code, in the same village, covered 64 addresses. - -- Clive D.W. Feather | Home: Tel: +44 20 8495 6138 (work) | Web: Fax: +44 870 051 9937 | Work: Please reply to the Reply-To address, which is: -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.0.2 iQEVAwUBRvIVkyNAHP3TFZrhAQEnCQf/UJfRv7ZA+tIqsLt91UWG5QHS5ttpbyDY nN2V6GM4bt7WUmuWj4MwYHuy127oR+eGlw5HTzCNo86gX2rL4IXuhyyXBNJwSnx0 BlwF/SiLaEEn7rdR2hA6OKKf4aSvwAMrxW0fGTKsSHgOvUYSIHWiEwIBITe2j2QV V92WATH2VfwJ7KUs+7quQAbdXnRJWcep+8Mv5mCMYPNHjA7FsUrDK/F7iNb+dNs+ CJKf9rJse32+fz8vlt2w9fTypaamvZdvrWERG269IhnsryHqc4s1CImb7w+B2d6B QCP8a/VCTXIsIcU26NlxqcGTRM78Sb5lJzQrGBHA+J/3rHZM0mmosA== =OLp0 -----END PGP SIGNATURE----- From ukcrypto at chiark.greenend.org.uk Thu Sep 20 07:58:22 2007 From: ukcrypto at chiark.greenend.org.uk (Clive D. W. Feather) Date: Thu, 20 Sep 2007 07:58:22 +0100 Subject: NHS email encryption In-Reply-To: <4W7U8XETjc3GFw9X@tigers.demon.co.uk> References: <20070904064519.16994.46938.Mailman@chiark.greenend.org.uk> <4W7U8XETjc3GFw9X@tigers.demon.co.uk> Message-ID: <3TolydfOoh8GFwUf@romana.davros.org> -----BEGIN PGP SIGNED MESSAGE----- In article <4W7U8XETjc3GFw9X@tigers.demon.co.uk>, Mary Hawking writes >>The man who banished many diseases in London was the engineer Joseph >>Bazalgette, not the medical mob. Had he been able to start his sewers >>earlier, there was a long time when he was prevented from starting >>work, lots of people whould have been kep alive for longer. >*However* I am not clear about the time sequence of this - or the >reasons for Joseph Bazalgette being prevented from starting work on >sewers - and equally why the work was allowed to proceed. I don't believe there was any active "prevented". Rather, Bazalgette proposed a network of sewers be built. This was not made a funding or legislative priority until the Great Stink, when Parliament got their noses rubbed in the problem. Powers and funding were then fairly quickly forthcoming. - -- Clive D.W. Feather | Home: Tel: +44 20 8495 6138 (work) | Web: Fax: +44 870 051 9937 | Work: Please reply to the Reply-To address, which is: -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.0.2 iQEVAwUBRvIaDiNAHP3TFZrhAQGr0gf/VrQ17pf6uPnN4K3ATysItcytSxyYNQ4P M47nIXkROy+Msqd+oFBrnxTnKEiDIzaK5uyAaEqrUhmaqNuAvfK8DeMvwXQTeMMp QMObyoFx179c6a9pSFowLWEFGgUpqroECuomXwXNhCLZXKEMemTARyv/voTUZEle x/LTc2H3b6BULNo2E7twjQY1ciUD4mK2dMXGjYn9I7PQ+sj88vk7gdLu0sgla3/D o9H0uaEc3fWr4XdPazUQ+JAKgrnTICNflPr+Yc1inuFPZmpZFN1ToTQXtts4ue3+ QgltSmNRjPOQoMfXrOF42ZoegLME/nZ75/YcvFHaLm5Myd0V21mqqw== =nzxg -----END PGP SIGNATURE----- From ukcrypto at chiark.greenend.org.uk Thu Sep 20 08:00:16 2007 From: ukcrypto at chiark.greenend.org.uk (Clive D. W. Feather) Date: Thu, 20 Sep 2007 08:00:16 +0100 Subject: NHS email encryption In-Reply-To: <46D80FAF.30565.DDA1D2@davidh.spidacom.co.uk> References: <46CEE726.5000806@defoam.net> <46D7D4BC.7000505@callnetuk.com> <46D80FAF.30565.DDA1D2@davidh.spidacom.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <46D80FAF.30565.DDA1D2@davidh.spidacom.co.uk>, David Hansen writes >> They might be doing a study of people living within a certain distance >> of some $natural_hazard. > >For most of the population of the UK I'm not convinced that any study >would be that more useful with the whole of the postcode, compared to >just the first part of the postcode. You may be too used to big cities. My outward code (CB23) covers an area on the order of 1000 square kilometres, and it's nowhere near the largest. Even adding the next digit still includes several villages many kilometres apart. - -- Clive D.W. Feather | Home: Tel: +44 20 8495 6138 (work) | Web: Fax: +44 870 051 9937 | Work: Please reply to the Reply-To address, which is: -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.0.2 iQEVAwUBRvIafiNAHP3TFZrhAQHXFwf/bxzR+v5uGxtBGfwKHRq9qVz8B5Xg2Pn6 Se4vOO3IZhpQ1MOt8h7RrwG6pr/qRG+z9BR7oaZgy3KCS6auCoa2JqFqDozz0yAZ L88LO7Bi5BxZLZSDcnuvJAYNjMWq61wvwnKkjRT5qoleyJ19Wy2SA67n7ZYoqVMf s3J4G2TL8nJZpph1IDyTPHRaHtPfJLaQ4GUDedyA7b1yGNL4kKoz2TlpD3zq8IGR dujsnqZ/H3uYX+FEvsgbCpKUVTqdbnlwZ5Gp3aRlaRSjujQq6uQ4IwtPCHZ3ApF1 emRV3h8AJgc38W6D4X80vT+NbgdMfRgDd+xEP9KJFXRIRYII/55zrQ== =OHrl -----END PGP SIGNATURE----- From ukcrypto at chiark.greenend.org.uk Fri Sep 21 10:08:20 2007 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Fri, 21 Sep 2007 10:08:20 +0100 Subject: NHS email encryption In-Reply-To: <3TolydfOoh8GFwUf@romana.davros.org> References: <20070904064519.16994.46938.Mailman@chiark.greenend.org.uk>, <4W7U8XETjc3GFw9X@tigers.demon.co.uk>, <3TolydfOoh8GFwUf@romana.davros.org> Message-ID: <46F39814.8916.39910F@davidh.spidacom.co.uk> On 20 Sep 2007 at 7:58, Clive D. W. Feather wrote: > >*However* I am not clear about the time sequence of this - or the > >reasons for Joseph Bazalgette being prevented from starting work on > >sewers - and equally why the work was allowed to proceed. > > I don't believe there was any active "prevented". > > Rather, Bazalgette proposed a network of sewers be built. This was not > made a funding or legislative priority until the Great Stink, when > Parliament got their noses rubbed in the problem. Powers and funding > were then fairly quickly forthcoming. I suppose it depends on what one means by prevented. Not funding something is a pretty good way of preventing it in my view. He spent a considerable amount of time before the stink convincing others of the value of sewers and that this had to be done by a more publically owned organisation than was fashionable at the time. The work could have started years earlier had it not been for the politicians and they only did something when they were affected directly by their inaction. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Sun Sep 23 01:14:49 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Mason) Date: Sun, 23 Sep 2007 01:14:49 +0100 Subject: NHS email encryption In-Reply-To: <46F39814.8916.39910F@davidh.spidacom.co.uk> References: <20070904064519.16994.46938.Mailman@chiark.greenend.org.uk>, <4W7U8XETjc3GFw9X@tigers.demon.co.uk>, <3TolydfOoh8GFwUf@romana.davros.org> <46F39814.8916.39910F@davidh.spidacom.co.uk> Message-ID: <96642571-4CD4-4DDD-A717-3ABDBDE8B827@sourcetagged.ian.co.uk> On 21 Sep 2007, at 10:08, David Hansen wrote: > ... had it not been for the > politicians and they only did something when they were affected > directly by their inaction. > Plus =E7a change=85 From ukcrypto at chiark.greenend.org.uk Sun Sep 23 15:18:13 2007 From: ukcrypto at chiark.greenend.org.uk (Charles Lindsey) Date: Sun, 23 Sep 2007 15:18:13 +0100 Subject: Security of American Health Records Message-ID: I have belatedly got around to reading the article "Enabling the 21st Century Health Care Information Technology Revolution" by Agrawal et al in Comm. ACN Vol 50 #2 February 2007. It seems that they started from a PITAC report in June 2004 "Revolutionizing Health Care Through Information Technology" which laid down a set of requirements for a nationwide system of health records available to bona fide health providers, but with adequate safeguards to ensure privacy (exceedingly adequate compared to the usual laissez faire attidudes to privacy which we often see from over there). The have implemented a system known as AE (Active Enforcement) which sits between the database and all means of access to it, and which provides for Setting of detailed privacy and access policies by the database owners; Setting of further privacy restrictions by individual patients, right down to individual fields within records; Means of providing anonymised data to researchers (essentially by allowing researchers to query the database in complex ways, but without giving them actual records - some novel uses of encryption are used for this); A record of who accessed each record and on what pretext. An auditing system using those records so that the source of leaks could be traced. I didn't follow all the details, so I cannot comment on the adequacy of their precautions, but they claim that, by designng the security in from the start, they were enabled to do it all without undue overhead. But for sure they were addressing all the right questions. Do you suppose our own NHS database has been designed on similar principles? (-: -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From ukcrypto at chiark.greenend.org.uk Mon Sep 24 09:48:17 2007 From: ukcrypto at chiark.greenend.org.uk (Mary Hawking) Date: Mon, 24 Sep 2007 09:48:17 +0100 Subject: Security of American Health Records In-Reply-To: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk> References: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk> Message-ID: In message <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk>,=20 ukcrypto-request@chiark.greenend.org.uk writes >I have belatedly got around to reading the article "Enabling the 21st=20 >Century Health Care Information Technology Revolution" by Agrawal et al=20 >in Comm. ACN Vol 50 #2 February 2007. Unfortunately you have to be a professional or student member to access=20 this paper - and I know I wouldn't understand it if I did! ;-> > >It seems that they started from a PITAC report in June 2004=20 >"Revolutionizing Health Care Through Information Technology" which laid=20 >down a set of requirements for a nationwide system of health records=20 >available to bona fide health providers, but with adequate safeguards=20 >to ensure privacy (exceedingly adequate compared to the usual laissez=20 >faire attidudes to privacy which we often see from over there). I can't find this report either. Do you mean adequate or adequate=20 compared to? > >The have implemented a system known as AE (Active Enforcement) which=20 >sits between the database and all means of access to it, and which=20 >provides for > Setting of detailed privacy and access policies by the database owners; > Setting of further privacy restrictions by individual patients,=20 >right down to individual fields within records; > Means of providing anonymised data to researchers (essentially by=20 >allowing researchers to query the database in complex ways, but without=20 >giving them actual records - some novel uses of encryption are used for=20 >this); > A record of who accessed each record and on what pretext. > An auditing system using those records so that the source of leaks=20 >could be traced. This sounds as though it might be similar to the approach used for=20 medical records in the American army in Europe. According to a colleague=20 who used to work for them, there were so many passwords - and so many=20 words which automatically chucked you out (like "test" and "sex") that=20 it was unusable in real time. One of the complaints about using smartcards in the NHS is that they=20 slow down the system and create a significant delay in all aspects of=20 the consultation. I'm all right - as a GP I have a limited number of patients in a=20 contained database. The harassed SHO in A&E would have huge problems with a central single=20 record - especially as he/she would presumably have to access the record=20 in person, rather than asking the clerk to get it for him/her. > >I didn't follow all the details, so I cannot comment on the adequacy of=20 >their precautions, but they claim that, by designng the security in=20 >from the start, they were enabled to do it all without undue overhead. Overhead for whom, and in terms of what? It may be a great solution for=20 security - but not much use if it makes the applications unusable! >But for sure they were addressing all the right questions. > >Do you suppose our own NHS database has been designed on similar=20 >principles? (-: Not having seen the principles it is hard to say - but my feeling is=20 that the *principles* involved in smartcards and role based access are=20 probably reasonably sound: the problem lies with organisation and the=20 need for the users to be able to function - which leads to work-arounds=20 which breach security. Mary Hawking > >-- >Charles=A0H.=A0Lindsey --=20 Mary Hawking From ukcrypto at chiark.greenend.org.uk Mon Sep 24 11:20:24 2007 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Mon, 24 Sep 2007 11:20:24 +0100 Subject: Security of American Health Records In-Reply-To: References: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk>, Message-ID: <46F79D78.3655.C050B@davidh.spidacom.co.uk> On 24 Sep 2007 at 9:48, Mary Hawking wrote: > This sounds as though it might be similar to the approach used for > medical records in the American army in Europe. According to a colleague > who used to work for them, there were so many passwords - and so many > words which automatically chucked you out (like "test" and "sex") that > it was unusable in real time. This sort of thing tends to cause people to write down the passwords on a piece of and stick this on the side of the screen, or something similar involving their diary. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Mon Sep 24 12:12:44 2007 From: ukcrypto at chiark.greenend.org.uk (Ian G Batten) Date: Mon, 24 Sep 2007 12:12:44 +0100 Subject: Security of American Health Records In-Reply-To: <46F79D78.3655.C050B@davidh.spidacom.co.uk> References: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk>, <46F79D78.3655.C050B@davidh.spidacom.co.uk> Message-ID: <953B7DE1-0252-4E00-8237-ED4307932B16@uk.fujitsu.com> On 24 Sep 07, at 1120, David Hansen wrote: > On 24 Sep 2007 at 9:48, Mary Hawking wrote: > >> This sounds as though it might be similar to the approach used for >> medical records in the American army in Europe. According to a >> colleague >> who used to work for them, there were so many passwords - and so many >> words which automatically chucked you out (like "test" and "sex") >> that >> it was unusable in real time. > > This sort of thing tends to cause people to write down the > passwords on > a piece of and stick this on the side of the screen, or something > similar involving their diary. We had an conversation about this over lunch a few days ago. The topic was simple, brute-force solvable passwords committed to memory versus complex, `better' strings that are written down. We concluded that there are environments where your threats are local: then a good password written down is probably worse than a bad password committed to memory. On the other hand, for a lot of environments, the threats are far more likely to be physically remote than was the case a decade or two ago. In that case, good passwords written down are preferable to bad passwords that are memorised. We could be wrong, of course. ian From ukcrypto at chiark.greenend.org.uk Mon Sep 24 13:59:51 2007 From: ukcrypto at chiark.greenend.org.uk (Mary Hawking) Date: Mon, 24 Sep 2007 13:59:51 +0100 Subject: Security of American Health Records In-Reply-To: <953B7DE1-0252-4E00-8237-ED4307932B16@uk.fujitsu.com> References: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk> <46F79D78.3655.C050B@davidh.spidacom.co.uk> <953B7DE1-0252-4E00-8237-ED4307932B16@uk.fujitsu.com> Message-ID: In message <953B7DE1-0252-4E00-8237-ED4307932B16@uk.fujitsu.com>, Ian G Batten writes >>> This sounds as though it might be similar to the approach used for >>> medical records in the American army in Europe. According to a >>>colleague >>> who used to work for them, there were so many passwords - and so many >>> words which automatically chucked you out (like "test" and "sex") >>>that >>> it was unusable in real time. >> >> This sort of thing tends to cause people to write down the passwords >>on >> a piece of and stick this on the side of the screen, or something >> similar involving their diary. > >We had an conversation about this over lunch a few days ago. The topic >was simple, brute-force solvable passwords committed to memory versus >complex, `better' strings that are written down. > >We concluded that there are environments where your threats are local: >then a good password written down is probably worse than a bad >password committed to memory. On the other hand, for a lot of >environments, the threats are far more likely to be physically remote >than was the case a decade or two ago. In that case, good passwords >written down are preferable to bad passwords that are memorised. > >We could be wrong, of course. Passwords, whether good or bad, and how they are remembered are only one part of the problem. Would this degree of security render the whole system unusable? Mary Hawking -- Mary Hawking From ukcrypto at chiark.greenend.org.uk Mon Sep 24 14:30:53 2007 From: ukcrypto at chiark.greenend.org.uk (Charles Lindsey) Date: Mon, 24 Sep 2007 14:30:53 +0100 Subject: Security of American Health Records In-Reply-To: References: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk> Message-ID: On Mon, 24 Sep 2007 09:48:17 +0100, Mary Hawking wrote: > In message <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk>, > ukcrypto-request@chiark.greenend.org.uk writes > >> I have belatedly got around to reading the article "Enabling the 21st >> Century Health Care Information Technology Revolution" by Agrawal et al >> in Comm. ACN Vol 50 #2 February 2007. > > Unfortunately you have to be a professional or student member to access > this paper - and I know I wouldn't understand it if I did! ;-> What you need is a good library :-( . I expect you would follow the general drift of it. >> >> It seems that they started from a PITAC report in June 2004 >> "Revolutionizing Health Care Through Information Technology"... > > I can't find this report either. Do you mean adequate or adequate > compared to? http://www.nitrd.gov/pitac/meetings/2004/20040617/20040615_hit.pdf The Americans have not been noted for taking privacy seriously as compared with the EU, but this report seems to be much stronger that their previous attitudes. >> >> The have implemented a system known as AE (Active Enforcement) which >> sits between the database and all means of access to it, and which >> provides for..... > This sounds as though it might be similar to the approach used for > medical records in the American army in Europe. According to a colleague > who used to work for them, there were so many passwords - and so many > words which automatically chucked you out (like "test" and "sex") that > it was unusable in real time. I don't think AE is particularly concerned with how passwords are checked or with checking for rude words. It starts from the assumption that the person/entity requesting the information has been idenfitied somehow, and then checks whether that person should be given access (and to which fields), and if so the access is logged for auditing purposes. > One of the complaints about using smartcards in the NHS is that they > slow down the system and create a significant delay in all aspects of > the consultation. The claim in this case was that the checks performed and the extra information stored did not make access to the databas significantly slower than it would otherwise have been. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From ukcrypto at chiark.greenend.org.uk Mon Sep 24 15:18:51 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Mason) Date: Mon, 24 Sep 2007 15:18:51 +0100 Subject: Security of American Health Records In-Reply-To: <953B7DE1-0252-4E00-8237-ED4307932B16@uk.fujitsu.com> References: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk>, <46F79D78.3655.C050B@davidh.spidacom.co.uk> <953B7DE1-0252-4E00-8237-ED4307932B16@uk.fujitsu.com> Message-ID: On 24 Sep 2007, at 12:12, Ian G Batten wrote: > ... On the other hand, for a lot of environments, the threats are > far more likely to be physically remote than was the case a decade > or two ago. In that case, good passwords written down are > preferable to bad passwords that are memorised. > I note that the exact phase you used was "physically remote" but it brings the following to mind nevertheless. There is a general tendency to assume threats are external and underestimate the level of threat from insiders. I'd grant that there is a significant threat to systems today from outsiders that didn't exist or was much smaller in pre-Internet times. However, insiders are the perpetrators in the vast majority of security breaches. For example, in the context of health records a significant risk for unauthorised access to health records by the police is the 'other half' of individual officers who work inside the health service (there's a LOT of them) rather than direct attacks. This is exactly why information needs compartmentalising inside health records systems so that it isn't sufficient to just be any nurse or doctor to get access to a particular patients records. From ukcrypto at chiark.greenend.org.uk Mon Sep 24 15:25:26 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Mason) Date: Mon, 24 Sep 2007 15:25:26 +0100 Subject: Security of American Health Records In-Reply-To: References: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk> Message-ID: <94AEFD81-1E2F-4D2E-8FEC-457519BA522A@sourcetagged.ian.co.uk> On 24 Sep 2007, at 09:48, Mary Hawking wrote: > > I can't find this report either. Do you mean adequate or adequate > compared to? http://www.nitrd.gov/pitac/meetings/2004/20040617/20040615_hit.pdf > Overhead for whom, and in terms of what? It may be a great solution > for security - but not much use if it makes the applications unusable! My assumption is that Charles means overhead in the sense that the system has similar efficiency and usability with the security as it would have without it. From ukcrypto at chiark.greenend.org.uk Mon Sep 24 13:35:58 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Mon, 24 Sep 2007 13:35:58 +0100 Subject: NHS IT log-in delay In-Reply-To: References: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk> Message-ID: <46F7AF2E.2060507@iosis.co.uk> Mary Hawking wrote (in thread 'Security of American Health records'): > One of the complaints about using smartcards in the NHS is that they > slow down the system and create a significant delay in all aspects of > the consultation. > I'm all right - as a GP I have a limited number of patients in a > contained database. > The harassed SHO in A&E would have huge problems with a central single > record - especially as he/she would presumably have to access the > record in person, rather than asking the clerk to get it for him/her. A couple of days ago I found a Jan 2007 article at http://www.computerweekly.com/blogs/tony_collins/2007/01/smartcard-sharing-comment-by-m-1.html *Smartcard sharing - comment by Martyn Thomas* Martyn Thomas, one of the 23 computer scientists who have called for an independent review of the NHS's National Programme for IT [NPfIT], has questioned how one part of the health service has ended up with smartcard sharing. His comments were prompted by Computer Weekly's disclosure that the board of South Warwickshire General Hospitals NHS Trust has approved smartcard sharing for some clinicians. The reason for the apparent breach of security is that doctors in a busy A&E department do not have time to log on every time they need to access a PC that provides links to the patient administration system and the Care Records Service, a key part of the NPfIT. It can take up to 90 seconds to log on, When our article was followed up by the national and regional press, Connecting for Health, which oversees the IT element of the NPfIT, issued a statement that appeared to give qualified acceptance to smartcard sharing. Martyn Thomas says: "If sharing smartcards is secure, it should have been in the security policies from the start. If context switching can be unacceptably slow, there should have been explicit upper limits for the time allowed, stated unambiguously in the specifications. So: did the specification omit this essential requirement (in which case, what other essential requirements have been overlooked?); or did the output-based specification state a time limit that has not been achieved? Or did the output-based specification specify a time limit that was too long in practice (in which case, what else have they got wrong by failing to prototype adequately before letting contracts?)." Martyn Thomas is a Visiting Professor in Software Engineering at Oxford University. -- end -- In other words, diligent engineering should be applied right from the specification stage (which of course is a regular Cambridge point as well [1]). This is a common theme among many public sector ICT projects... Peter [1] Just trying to be even handed. Interesting: there wasn't any serious engineering at Oxford in my student days, but perhaps they have now allowed it as a visiting topic. From ukcrypto at chiark.greenend.org.uk Mon Sep 24 15:23:16 2007 From: ukcrypto at chiark.greenend.org.uk (Ian Mason) Date: Mon, 24 Sep 2007 15:23:16 +0100 Subject: Security of American Health Records In-Reply-To: References: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk> Message-ID: On 24 Sep 2007, at 09:48, Mary Hawking wrote: > > I can't find this report either. Do you mean adequate or adequate > compared to? http://www.nitrd.gov/pitac/meetings/2004/20040617/20040615_hit.pdf > Overhead for whom, and in terms of what? It may be a great solution > for security - but not much use if it makes the applications unusable! My assumption is that Charles means overhead in the sense that the system has similar efficiency and usability with the security as it would have without it. From ukcrypto at chiark.greenend.org.uk Wed Sep 26 21:49:53 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Wed, 26 Sep 2007 21:49:53 +0100 Subject: Security of American Health Records In-Reply-To: References: <20070924064516.17466.54209.Mailman@chiark.greenend.org.uk> Message-ID: <46FAC5F1.40000@iosis.co.uk> Ian Mason wrote: > > On 24 Sep 2007, at 09:48, Mary Hawking wrote: > >> >> I can't find this report either. Do you mean adequate or adequate >> compared to? > > http://www.nitrd.gov/pitac/meetings/2004/20040617/20040615_hit.pdf > >> Overhead for whom, and in terms of what? It may be a great solution >> for security - but not much use if it makes the applications unusable! > > My assumption is that Charles means overhead in the sense that the > system has similar efficiency and usability with the security as it > would have without it. > Thanks, Ian, that link certainly works for me: "Revolutionizing Health Care Through Information Technology", June 2004, draft. Peter From ukcrypto at chiark.greenend.org.uk Sun Sep 30 19:42:50 2007 From: ukcrypto at chiark.greenend.org.uk (Richard Clayton) Date: Sun, 30 Sep 2007 19:42:50 +0100 Subject: Restrospective effect of Part III Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't recall ever seeing a discussion on the effective retrospective effect (try saying that on a packet of winegums) of Part III... http://www.lightbluetouchpaper.org/2007/09/30/time-to-forget/ - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBRv/uKpoAxkTY1oPiEQLjQgCg1BNprAJ1mUE3PTxSDybnaUjI4BIAn3xS KqZVpTCiMJG246AyQD4ymJ6+ =C0lZ -----END PGP SIGNATURE-----