From ukcrypto at chiark.greenend.org.uk  Tue Jul  1 09:09:38 2008
From: ukcrypto at chiark.greenend.org.uk (David Hansen)
Date: Tue, 01 Jul 2008 09:09:38 +0100
Subject: Targeted junkmail "from" your GP?
In-Reply-To: <486905C5.9030205@zen.co.uk>
References: <20080628064610.22373.44146.Mailman@chiark.greenend.org.uk>, <C99DE7EFAC644BA59D6D4AE281728512@FortyTwo>, <486905C5.9030205@zen.co.uk>
Message-ID: <4869F452.22182.3175ED@davidh.spidacom.co.uk>

On 30 Jun 2008 at 17:11, Peter Fairbrother wrote:

> To give an example, suppose an AIDS trial. The researchers prepare a set 
> of criteria which is passed to GP's surgeries. Surgeries then run the 
> criteria against their records (they get paid for this BTW), and report 
> the number of results.
> 
> The results will be almost identical to those generated by a centralised 
> database survey, the difference being Surgeries who don't perform the 
> search - which would not be in the interest of their patients, so 
> probably not many losses here - plus the people who opt-out of a 
> centralised database. Overall I'd guess that the gains would far 
> outnumber the losses, especially after surgeries get used to running 
> searches.
> 
> 
> Surgeries then write to any possible candidates (they get paid for this 
> too), and things go from there.

I think this is the right approach, though details could be discussed 
in order to refine them. It is the sort of approach I was thinking of, 
though had not put into words.

> I'd suggest three categories of search - one mandatory, for NHS 
> administration purposes only, and all results must remain within the NHS 
> administration (unless they pass them on to the Police for investigation 
> of misconduct, Shipmanism, etc).

I think that this should be subject to some real regulation. It is not 
good enough for some official to think it is a good idea to scoop up 
say 25 million records and then put them on an unencrypted piece of 
plastic.
 
> Second, mandated research. Surgeries must perform these searches. These 
> searches should be approved by the NHS, a privacy committee, and an 
> ethics committee.
> 
> Third, voluntary research. These searches should be approved by a 
> privacy committee and an ethics committee. Surgeries get paid extra for 
> running these searches.

I'm not sure that such a distinction is useful. What sort of things 
were you thinking of putting into each category?

> The privacy committee should look at the results to be submitted - eg in 
> many cases it might be "we have 6 patients matching the criteria".

That is a very good point

> Full 
> records should not be made available without patient consent.

I can imagine the howls from the medical research mob about this.


-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From ukcrypto at chiark.greenend.org.uk  Tue Jul  1 09:37:04 2008
From: ukcrypto at chiark.greenend.org.uk (David Hansen)
Date: Tue, 01 Jul 2008 09:37:04 +0100
Subject: Targeted junkmail "from" your GP?
In-Reply-To: <2D75316D-81DF-43E0-BDAD-306307EE2816@luna.nl>
References: <20080628064610.22373.44146.Mailman@chiark.greenend.org.uk>, <4868EC36.17931.625C408@davidh.spidacom.co.uk>, <2D75316D-81DF-43E0-BDAD-306307EE2816@luna.nl>
Message-ID: <4869FAC0.29659.4A9216@davidh.spidacom.co.uk>

On 30 Jun 2008 at 16:24, Gerard Freriks wrote:

> The standards are there.
> The legal framework is there.
> What is missing?
> 
> Awareness with the other 'medical mob', industry and politicians?

I think it is a mixture of things, but which can be boiled down to one 
thing, arrogance. There is a mindset that what one is doing is the 
right thing to do. Even if there is some "minor bending of the law", 
history will prove that one was right and people will be grateful 
eventually. One of the best examples is Mr Liar over the illegal 
invasion he was involved in. He will no-doubt go to his grave believing 
this delusion.

The medical mob are particularly prone to this sort of delusion caused 
by arrogance. We know that cycle helmets are largely ineffective (if 
they actually wanted to reduce head injuries they would be promoting 
pedestrian and car helmets first, as these would have better results), 
yet the medical mob (as a group, there are individual exceptions) 
continue to promote the daft idea of bike helmets. Their zeal extends 
to belittling anyone who disagrees with their opinion and trying to 
exclude any alternative viewpoint (even to the extent that all 
photographs of cyclists have to show them wearing a helmet in a growing 
number of organisations).

Part of the problem is that the medical mob are poor to useless at 
research. This is a broader issue than cycle helmets, as is explained 
at

<http://www.cyclehelmets.org/mf.html?1134>

"The study of cycle helmets is beset by conflicts between case-control 
studies, which infer large benefits from helmet use by comparing 
injuries of cyclists who chose to wear helmets with those who did not, 
and data from entire cyclist populations when substantial increases in 
cycle helmet use (sometimes as a result of legislation) show that the 
benefits, if any, fall far short of those predicted by case-control 
studies.

"Cycle helmet research is not the only area of research where such 
conflicts exist, as evidenced by an increasing number of papers in 
epidemiological journals drawing attention to this problem. There have 
been issues with studies of the effect of hormone replacement therapy 
on heart disease, vitamin supplements, antibiotics and the MMR triple 
vaccine. Findings that had appeared robust subsequently turned out to 
be unreliable or simply wrong."






-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From ukcrypto at chiark.greenend.org.uk  Tue Jul  1 11:15:04 2008
From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother)
Date: Tue, 01 Jul 2008 11:15:04 +0100
Subject: Targeted junkmail "from" your GP?
In-Reply-To: <4869F452.22182.3175ED@davidh.spidacom.co.uk>
References: <20080628064610.22373.44146.Mailman@chiark.greenend.org.uk>, <C99DE7EFAC644BA59D6D4AE281728512@FortyTwo>, <486905C5.9030205@zen.co.uk> <4869F452.22182.3175ED@davidh.spidacom.co.uk>
Message-ID: <486A03A8.8030509@zen.co.uk>

David Hansen wrote:
> On 30 Jun 2008 at 17:11, Peter Fairbrother wrote:
> 
>> To give an example, suppose an AIDS trial. The researchers prepare a set 
>> of criteria which is passed to GP's surgeries. Surgeries then run the 
>> criteria against their records (they get paid for this BTW), and report 
>> the number of results.
>>
>> The results will be almost identical to those generated by a centralised 
>> database survey, the difference being Surgeries who don't perform the 
>> search - which would not be in the interest of their patients, so 
>> probably not many losses here - plus the people who opt-out of a 
>> centralised database. Overall I'd guess that the gains would far 
>> outnumber the losses, especially after surgeries get used to running 
>> searches.
>>
>>
>> Surgeries then write to any possible candidates (they get paid for this 
>> too), and things go from there.
> 
> I think this is the right approach, though details could be discussed 
> in order to refine them. It is the sort of approach I was thinking of, 
> though had not put into words.
> 
>> I'd suggest three categories of search - one mandatory, for NHS 
>> administration purposes only, and all results must remain within the NHS 
>> administration (unless they pass them on to the Police for investigation 
>> of misconduct, Shipmanism, etc).
> 
> I think that this should be subject to some real regulation. It is not 
> good enough for some official to think it is a good idea to scoop up 
> say 25 million records and then put them on an unencrypted piece of 
> plastic.
>  
>> Second, mandated research. Surgeries must perform these searches. These 
>> searches should be approved by the NHS, a privacy committee, and an 
>> ethics committee.
>>
>> Third, voluntary research. These searches should be approved by a 
>> privacy committee and an ethics committee. Surgeries get paid extra for 
>> running these searches.
> 
> I'm not sure that such a distinction is useful. What sort of things 
> were you thinking of putting into each category?

This isn't something I'm going to defend in detail, as it's just a rough 
direction rather than a specific suggestion, but eg epidemiological 
research commissioned by the NHS or BMA (do I mean BMA?) could go into 
category 2, and commercial drug research into category three.

It might be an idea to have a fourth category, voluntary unpaid 
searches, for academic researchers etc. Surgeries don't get paid for 
this, but it should only take them about ten minutes a week - or no time 
at all if automated - consider it a pro bono service.



There is one possible disadvantage to this scheme - it takes a while to 
get a search approved. If researchers have unlimited access to an entire 
dataset then they can do lots of searches in much less time, modifying 
the search terms between searches. Searching at semi-random, or by 
hunch, can actually be quite useful, as often you don't know what is 
going to be significant before you find it.

However if this much access is granted then all control over privacy, 
indeed over the dataset, is in practice lost, and I don't think, even 
for the privacy-ignoring invisible people in charge of NHS IT, that that 
was ever the plan - I think there was always meant to be some form of 
prior approval required for each search.

If I am correct about that then there is very little difference between 
distributed and centralised databases from a search efficiency 
viewpoint, and a distributed database is about half the cost. far more 
robust and secure, and almost infinitely more privacy-preserving than a 
centralised database.

-- Peter Fairbrother


> 
>> The privacy committee should look at the results to be submitted - eg in 
>> many cases it might be "we have 6 patients matching the criteria".
> 
> That is a very good point
> 
>> Full 
>> records should not be made available without patient consent.
> 
> I can imagine the howls from the medical research mob about this.
> 
> 



From ukcrypto at chiark.greenend.org.uk  Wed Jul  2 12:54:39 2008
From: ukcrypto at chiark.greenend.org.uk (Richard Lamont)
Date: Wed, 02 Jul 2008 12:54:39 +0100
Subject: ECHR finds UK in violation of Article 8
Message-ID: <486B6C7F.6080009@lamont.me.uk>

Following the discovery (by yours truly) of the real purpose of the
'Capenhurst Tower' in 1999, an investigation with Duncan Campbell and
subsequent exposé on Channel 4 News, the UK Government was taken to the
European Court of Human Rights by Liberty, British Irish Rights Watch
and the Irish Council for Civil Liberties.

The court published its verdict in 'Liberty and Others v. the United
Kingdom' yesterday. It found HMG in violation of Article 8 of the
Convention. Here are a few media reports:

http://uk.reuters.com/article/topNews/idUKL0113494120080701
http://www.guardian.co.uk/uk/2008/jul/02/privacy.humanrights
http://www.belfasttelegraph.co.uk/breaking-news/ireland/article3854301.ece
http://www.metro.co.uk/news/article.html?in_article_id=199167&in_page_id=34
http://www.rte.ie/news/2008/0701/rights.html

The full judgement, in the form of a 32-page Word file, can be found here:

http://cmiskp.echr.coe.int////tkp197/viewhbkm.asp?action=open&table=F69A27FD8FB86142BF01C1166DEA398649&key=71408&skin=hudoc-en&attachment=true


-- 
Richard Lamont                        http://www.lamont.me.uk/
<richard@lamont.me.uk>
OpenPGP Key ID: 0xBD89BE41
Fingerprint: CE78 C285 1F97 0BDA 886D BA78 26D8 6C34 BD89 BE41


From ukcrypto at chiark.greenend.org.uk  Wed Jul  2 11:00:46 2008
From: ukcrypto at chiark.greenend.org.uk (Nigel Heffernan)
Date: Wed, 2 Jul 2008 03:00:46 -0700 (PDT)
Subject: Targeted junkmail "from" your GP?
In-Reply-To: <20080702064630.6145.33926.Mailman@chiark.greenend.org.uk>
Message-ID: <448438.21632.qm@web54505.mail.re2.yahoo.com>

On Tuesday 01 July 2008, Peter Fairbrother wrote:
>=20
> If I am correct about that then there is very little
> difference between distributed and centralised databases
> from a search efficiency  viewpoint, and a distributed
> database is about half the cost. far more robust and
> secure, and almost infinitely more privacy-preserving
> than a centralised database.
>=20
> -- Peter Fairbrother
>=20
Search efficiency for a distributed database is very sensitive to database =
design, particularly with respect to the choice of which indexes are held o=
n a central server (or on a distributed cluster that is, in effect, a centr=
al server) and to query design.

In simple terms, querying the entire national database for a regional break=
down of cancer rates would run very quickly: the data is segmented geograph=
ically but this is no obstacle to a process which is, essentially, running =
the same query repeatedly on each local and geographically-defined volume a=
nd then aggregating the results. Running a breakdown of cancer rates by age=
 would be much harder, as you might need to start by aggregating the entire=
 data set - or rather, construct and mount an index of it - on the machine =
that runs your query.

This has security and privacy implications, but I have to admit that I'm no=
t sure how they would play out in the real world. The theft of anonymised d=
ata from (say) a research project at an STD clinic wouldn't be too difficul=
t to tie back to identified names, if you had a stolen password to the rele=
vant local volume, because the clinic would draw patients from at most one =
or two health trusts - the query wouldn't cut across geographically-separat=
ed data volumes. Large-scale data losses from a national project, however, =
would be almost unusable.

Meanwhile, you are both right and wrong about distributed databases being m=
ore secure. Yes, data losses arising from a local password theft, subverted=
 staff, or a stolen backup tape are limited to a given data volume: but thi=
s presupposes that there is a rational structure of data access and securit=
y management. It is entirely possible that a central authority would have u=
nlimited access and, once their security measures  are subverted or bypasse=
d, the entire database is available to all.

There are ways in which good data design can help. For a start, 'regional' =
queries should only be permitted to retrieve anonymised data: the lookup ta=
ble tying back to patients' names should never leave the local data server.=
 That is to say, the usual hierarchy of user and superusers can be delibera=
tely broken in a distributed database, with no central 'sysadmin' having al=
l the access privileges of lesser mortals - local managers or even individu=
al GPs would be the only people who would have full access to their local l=
ookup list of identifiable patient names. It would be a trivial matter to e=
nsure that queries from (say) an out-of-region GP or hospital go through a =
scalar function with a half-second delay or a counter rather than the 'vect=
or' or table-returning function that mounts an index; thus, if you're outsi=
de the area, you can only get records one at a time rather than scanning th=
e entire table.

In theory. I have no reason to believe that even the most elementary design=
 consideration has been given to security-by-design rather than security-as=
-a-bolt-on in the NHS patient database and, in the unlikely event that soun=
d security schema was ever implemented, I am certain that it would be delib=
erately bypassed by a central authority.

Nigel Heffernan=0A=0A=0A      _____________________________________________=
_____________=0ANot happy with your email address?.=0AGet the one you reall=
y want - millions of new email addresses available now at Yahoo! http://uk.=
docs.yahoo.com/ymail/new.html


From ukcrypto at chiark.greenend.org.uk  Wed Jul  2 13:33:22 2008
From: ukcrypto at chiark.greenend.org.uk (R.Corrigan)
Date: Wed, 2 Jul 2008 13:33:22 +0100
Subject: ECHR finds UK in violation of Article 8
Message-ID: <8A7993C5C1740143B7FCB78EBEB0D893124AC7@DELAMERE-EVS1.open.ac.uk>

The full judgement is also available in html:
http://cmiskp.echr.coe.int/tkp197/view.asp?item=3D9&portal=3Dhbkm&action=3D=
html&highlight=3D&sessionid=3D10649976&skin=3Dhudoc-en
Regards
Ray

Ray Corrigan, Senior Lecturer in Technology, Open University; Mailing add=
ress: Open University in the South, Foxcombe Hall, Boars Hill, Oxford, OX=
1 5HR, UK;  Tel +44 (01865) 327000; blog http://b2fxxx.blogspot.com/



-----Original Message-----
From: ukcrypto-admin@chiark.greenend.org.uk [mailto:ukcrypto-admin@chiark=
=2Egreenend.org.uk] On Behalf Of Richard Lamont
Sent: 02 July 2008 12:55
To: ukcrypto@chiark.greenend.org.uk
Subject: ECHR finds UK in violation of Article 8


Following the discovery (by yours truly) of the real purpose of the 'Cape=
nhurst Tower' in 1999, an investigation with Duncan Campbell and subseque=
nt expos=E9 on Channel 4 News, the UK Government was taken to the Europea=
n Court of Human Rights by Liberty, British Irish Rights Watch and the Ir=
ish Council for Civil Liberties.

The court published its verdict in 'Liberty and Others v. the United King=
dom' yesterday. It found HMG in violation of Article 8 of the Convention.=
 Here are a few media reports:

http://uk.reuters.com/article/topNews/idUKL0113494120080701
http://www.guardian.co.uk/uk/2008/jul/02/privacy.humanrights
http://www.belfasttelegraph.co.uk/breaking-news/ireland/article3854301.ec=
e
http://www.metro.co.uk/news/article.html?in_article_id=3D199167&in_page_i=
d=3D34
http://www.rte.ie/news/2008/0701/rights.html

The full judgement, in the form of a 32-page Word file, can be found here=
:

http://cmiskp.echr.coe.int////tkp197/viewhbkm.asp?action=3Dopen&table=3DF=
69A27FD8FB86142BF01C1166DEA398649&key=3D71408&skin=3Dhudoc-en&attachment=3D=
true


--=20
Richard Lamont                        http://www.lamont.me.uk/
<richard@lamont.me.uk>
OpenPGP Key ID: 0xBD89BE41
Fingerprint: CE78 C285 1F97 0BDA 886D BA78 26D8 6C34 BD89 BE41


---------------------------------
The Open University is incorporated by Royal Charter (RC 000391), an exem=
pt charity in England & Wales and a charity registered in Scotland (SC 03=
8302).


From ukcrypto at chiark.greenend.org.uk  Wed Jul  2 11:45:15 2008
From: ukcrypto at chiark.greenend.org.uk (Glyn Wintle)
Date: Wed, 2 Jul 2008 03:45:15 -0700 (PDT)
Subject: London Elections: "Insufficient evidence" to declare confidence in results
Message-ID: <272759.3585.qm@web52703.mail.re2.yahoo.com>

The Open Rights Group's report into e-counting of votes cast in the London Elections is out today.

http://www.openrightsgroup.org/2008/07/02/org-verdict-on-london-elections-insufficient-evidence-to-declare-confidence-in-results/

The report finds that:

  "there is insufficient evidence available to allow independent observers to state reliably whether the results declared in the May 2008 elections for the Mayor of London and the London Assembly are an accurate representation of voters' intentions."

Votes for London Mayor and the 25 member London Assembly were counted electronically, and overall the election was well-managed by the independent body set up to run elections in London, London Elects.

However, transparency around the recording of valid votes was a major issue, leading many of our team of 27 official observers to conclude that they were unable to observe votes being counted. And while hundreds of screens set up by vote scanners showed almost meaningless data to observers, London Elects admit that the system was likely to be recording blank ballots as valid votes.

The report also details how London Elects are unable to publish an audit, commissioned from KPMG, of some of the software used to count the London vote, because of disputes over commercial confidentiality. The situation highlights the problems that arise when the very public function of running elections is mixed with issues of commercial confidentiality and proprietary software. In the context of a public election, it is unacceptable that these issues should preclude the publication of the KPMG audit. 


      


From ukcrypto at chiark.greenend.org.uk  Wed Jul  2 16:16:06 2008
From: ukcrypto at chiark.greenend.org.uk (David Hansen)
Date: Wed, 02 Jul 2008 16:16:06 +0100
Subject: ECHR finds UK in violation of Article 8
In-Reply-To: <8A7993C5C1740143B7FCB78EBEB0D893124AC7@DELAMERE-EVS1.open.ac.uk>
References: <8A7993C5C1740143B7FCB78EBEB0D893124AC7@DELAMERE-EVS1.open.ac.uk>
Message-ID: <486BA9C6.32164.1BB4710@davidh.spidacom.co.uk>

On 2 Jul 2008 at 13:33, R.Corrigan wrote:

> The full judgement is also available in html:
> http://cmiskp.echr.coe.int/tkp197/view.asp?item=9&portal=hbkm&action=html&
> highlight=&sessionid=10649976&skin=hudoc-en

Thanks. A quick, but not too quick, read is most interesting. Good to 
see the ECHR demolishing the bullshit the Home Office have spouted for 
ages.

What none of the mainstream mass media reports, which people have 
highlighted, have mentioned is the utter failure of the various Huttons 
to carry out the regulatory function they are supposed to undertake. 
While it comes as no surprise to me that these bods are useless, their 
smug boilerplated reports are a dead giveaway, the mass media should 
have picked this up and made something of it. The Register do mention 
this aspect of the judgement 
<http://www.theregister.co.uk/2008/07/02/echr_ripa_judgement/>.








-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From ukcrypto at chiark.greenend.org.uk  Wed Jul  2 16:13:06 2008
From: ukcrypto at chiark.greenend.org.uk (M J D Brown)
Date: Wed, 2 Jul 2008 16:13:06 +0100
Subject: ECHR finds UK in violation of Article 8
References: <486B6C7F.6080009@lamont.me.uk>
Message-ID: <013901c8dc56$2bfe1870$891a313e@Powerstation>

----- Original Message ----- 
From: "Richard Lamont" <richard@lamont.me.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Wednesday, July 02, 2008 12:54 PM
Subject: ECHR finds UK in violation of Article 8


> Following the discovery (by yours truly) of the real purpose of the
> 'Capenhurst Tower' in 1999, an investigation with Duncan Campbell and
> subsequent exposé on Channel 4 News, the UK Government was taken to
> the
> European Court of Human Rights by Liberty, British Irish Rights Watch
> and the Irish Council for Civil Liberties.

If the terrorists were so solicitous of the rights of ordinary citizens,
they would not hide their communications amongst those of innocent
people.

Mike.





From ukcrypto at chiark.greenend.org.uk  Wed Jul  2 17:35:18 2008
From: ukcrypto at chiark.greenend.org.uk (PeteM)
Date: Wed, 02 Jul 2008 17:35:18 +0100
Subject: ECHR finds UK in violation of Article 8
In-Reply-To: <013901c8dc56$2bfe1870$891a313e@Powerstation>
References: <486B6C7F.6080009@lamont.me.uk> <013901c8dc56$2bfe1870$891a313e@Powerstation>
Message-ID: <486BAE46.2010900@callnetuk.com>

M J D Brown wrote  on 2-07-08 16:13:
> 
> If the terrorists were so solicitous of the rights of ordinary citizens,
> they would not hide their communications amongst those of innocent
> people.

Who says the art of irony is dead, eh?

-- 
Pete Mitchell



From ukcrypto at chiark.greenend.org.uk  Tue Jul  1 01:55:36 2008
From: ukcrypto at chiark.greenend.org.uk (Alun Harford)
Date: Tue, 01 Jul 2008 01:55:36 +0100
Subject: Targeted junkmail "from" your GP?
In-Reply-To: <IjbDtVGPUTaIFAJi@perry.co.uk>
References: <20080628064610.22373.44146.Mailman@chiark.greenend.org.uk> <2KWXrEBd5hZIFwkw@tigers.demon.co.uk> <bwh3JXKpHjZIFAzx@perry.co.uk> <4866333B.4070007@pelicancrossing.net> <48665ACA.2080000@links.org> <48682FD4.30200@zen.co.uk> <wYX9jmG9gIaIFA9Q@perry.co.uk> <4868EF0E.5080403@defoam.net> <IjbDtVGPUTaIFAJi@perry.co.uk>
Message-ID: <48698088.2000507@alunharford.co.uk>

Roland Perry wrote:
> In article <4868EF0E.5080403@defoam.net>, Adrian Midgley 
> <amidgley2@defoam.net> writes
>>> I very much doubt my medical records include my occupation (which is in
>>> any event so obscure that I have difficulty categorising it even when
>>> someone *is* gathering the information).
>>
>> There is a field for it with a qualifier for detail.
> 
> Maybe we need things like "Teacher" (field) "in a 1960's 
> comprehensive"[1] (qualifier) so everyone can excited about
> exposure to asbestos?

Actually you can just SNOMED code it, because you can calculate the 
required code. (Which itself causes more problems because you can 
quickly find yourself doing something as hard as NLP to decode your 
codes...)

That said, I can't really see a hospital routinely asking patients for 
data even using the pre-defined codes. "Are you a pure mathematician 
(26755008) or an applied mathematician (59559001)?" "Are you allergic to 
crunchy peanut butter (227508007) or smooth peanut butter (227507002)?" etc.

Alun Harford


From ukcrypto at chiark.greenend.org.uk  Wed Jul  2 20:21:17 2008
From: ukcrypto at chiark.greenend.org.uk (Ben Laurie)
Date: Wed, 02 Jul 2008 20:21:17 +0100
Subject: London Elections: "Insufficient evidence" to declare confidence
 in results
In-Reply-To: <272759.3585.qm@web52703.mail.re2.yahoo.com>
References: <272759.3585.qm@web52703.mail.re2.yahoo.com>
Message-ID: <486BD52D.6000003@links.org>

Glyn Wintle wrote:
> The report also details how London Elects are unable to publish an
> audit, commissioned from KPMG, of some of the software used to count
> the London vote, because of disputes over commercial confidentiality.

In other words, KPMG would prefer not to be publicly exposed as useless 
tossers.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff


From ukcrypto at chiark.greenend.org.uk  Wed Jul  2 21:02:50 2008
From: ukcrypto at chiark.greenend.org.uk (Adrian Midgley)
Date: Wed, 02 Jul 2008 21:02:50 +0100
Subject: Targeted junkmail "from" your GP?
In-Reply-To: <4869FAC0.29659.4A9216@davidh.spidacom.co.uk>
References: <20080628064610.22373.44146.Mailman@chiark.greenend.org.uk>, <4868EC36.17931.625C408@davidh.spidacom.co.uk>, <2D75316D-81DF-43E0-BDAD-306307EE2816@luna.nl> <4869FAC0.29659.4A9216@davidh.spidacom.co.uk>
Message-ID: <486BDEEA.9040303@defoam.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Hansen wrote:
> On 30 Jun 2008 at 16:24, Gerard Freriks wrote:
> 
>> The standards are there.
>> The legal framework is there.
>> What is missing?
>>
>> Awareness with the other 'medical mob', industry and politicians?
> 
> I think it is a mixture of things, but which can be boiled down to one 
> thing, arrogance. 


Perahps one day one of the medical mob will favour the world with a view
on David.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIa97pb80am9d/StcRAp5WAJ9LXZ9ApqjITMXQyNTy3Kcmh2KsqwCbBhti
B8FPMyHyJ+u3QzrjZz/Jr2Y=
=DdwP
-----END PGP SIGNATURE-----



From ukcrypto at chiark.greenend.org.uk  Wed Jul  2 22:47:07 2008
From: ukcrypto at chiark.greenend.org.uk (Gerard Freriks)
Date: Wed, 2 Jul 2008 23:47:07 +0200
Subject: Targeted junkmail "from" your GP?
In-Reply-To: <486BDEEA.9040303@defoam.net>
References: <20080628064610.22373.44146.Mailman@chiark.greenend.org.uk>, <4868EC36.17931.625C408@davidh.spidacom.co.uk>, <2D75316D-81DF-43E0-BDAD-306307EE2816@luna.nl> <4869FAC0.29659.4A9216@davidh.spidacom.co.uk> <486BDEEA.9040303@defoam.net>
Message-ID: <BA6A01E2-8C80-45CB-8DD7-5FD5AB0CC57F@luna.nl>

--Apple-Mail-42-504826653
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit

'Boiled down to one thing, arrogance'.

Mobbish behavior and Arrogance are human traits to be found in many  
circles.
Including the medical profession.
I'm one.
But in other professions as well.
What to think of so called security experts that make systems in  
hospitals in the Netherlands unusable?

In addition.
Many humans suffer from a thing called dumbness, and ignorance.
And on security matters medical people, politicians, civil servants,  
and many others never thought about this topic properly.

Ever asked your self why the average IQ is 100?
Answer: because 50% in below that number and 50% above.
Many academics I know are just above this number of 100, I fear.
As for politicians, managers, members of boards, security experts,  
etc, ...?  :-)

Gerard Freriks


On 2, Jul, 2008, at 22:02 , Adrian Midgley wrote:

> David Hansen wrote:
>> On 30 Jun 2008 at 16:24, Gerard Freriks wrote:
>>
>>> The standards are there.
>>> The legal framework is there.
>>> What is missing?
>>>
>>> Awareness with the other 'medical mob', industry and politicians?
>>
>> I think it is a mixture of things, but which can be boiled down to  
>> one
>> thing, arrogance.
>
>
> Perahps one day one of the medical mob will favour the world with a  
> view
> on David.



-- <private> --
Gerard Freriks, MD
Huigsloterdijk 378
2158 LR Buitenkaag
The Netherlands

T: +31 252544896
M: +31 620347088
E:     gfrer@luna.nl


Those who would give up essential Liberty, to purchase a little  
temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov  
1755






--Apple-Mail-42-504826653
Content-Type: text/html;
	charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; ">'Boiled down to one thing, =
arrogance'.<div><br></div><div>Mobbish&nbsp;behavior&nbsp;and Arrogance =
are human traits to be found in many circles.</div><div>Including the =
medical profession.</div><div>I'm one.</div><div>But in other =
professions as well.</div><div>What to think of so called security =
experts that make systems in hospitals in the Netherlands =
unusable?</div><div><br></div><div>In addition.</div><div>Many humans =
suffer from a thing called dumbness, and ignorance.</div><div>And on =
security matters medical people, politicians, civil servants, and many =
others never thought about this topic =
properly.</div><div><br></div><div>Ever asked your self why the average =
IQ is 100?</div><div>Answer: because 50% in below that number and 50% =
above.</div><div>Many academics I know are just above this number of =
100, I fear.</div><div>As for politicians, managers, members of boards, =
security experts, etc, ...? &nbsp;:-)</div><div><br></div><div>Gerard =
Freriks</div><div><br><div><br><div><div>On 2, Jul, 2008, at 22:02 , =
Adrian Midgley wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-align: auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0; ">David Hansen wrote:<br><blockquote =
type=3D"cite">On 30 Jun 2008 at 16:24, Gerard Freriks =
wrote:<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite"><blockquote =
type=3D"cite">The standards are =
there.<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote =
type=3D"cite">The legal framework is =
there.<br></blockquote></blockquote><blockquote type=3D"cite"><blockquote =
type=3D"cite">What is missing?<br></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote =
type=3D"cite"><br></blockquote></blockquote><blockquote =
type=3D"cite"><blockquote type=3D"cite">Awareness with the other =
'medical mob', industry and =
politicians?<br></blockquote></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">I think it is a =
mixture of things, but which can be boiled down to one<span =
class=3D"Apple-converted-space">&nbsp;</span><br></blockquote><blockquote =
type=3D"cite">thing, arrogance.<span =
class=3D"Apple-converted-space">&nbsp;</span><br></blockquote><br><br>Pera=
hps one day one of the medical mob will favour the world with a =
view<br>on David.</span></blockquote></div><br><div =
apple-content-edited=3D"true"> <span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div =
style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><br =
class=3D"Apple-interchange-newline"><div><br =
class=3D"khtml-block-placeholder"></div><div>-- &lt;private> --<div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Gerard Freriks, MD</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">Huigsloterdijk 378</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; ">2158 LR =
Buitenkaag</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">The Netherlands</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 9px/normal Monaco; =
min-height: 12px; ; font-family: Monaco; font-size: 9px; "><br style=3D"; =
font-family: Monaco; font-size: 9px; "></div><div>T: +31 =
252544896</div><div>M: +31 620347088</div><div>E:&nbsp; &nbsp; &nbsp;<a =
href=3D"mailto:gfrer@luna.nl">gfrer@luna.nl</a></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><br class=3D"khtml-block-placeholder"></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><br class=3D"khtml-block-placeholder"></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">Those who would give up essential Liberty, to =
purchase a little temporary&nbsp;</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Safety, =
deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov =
1755</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><br =
class=3D"khtml-block-placeholder"></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br =
class=3D"khtml-block-placeholder"></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br =
class=3D"khtml-block-placeholder"></div></div><br =
class=3D"Apple-interchange-newline"></span></span></span></div></span> =
</div><br></div></div></body></html>=

--Apple-Mail-42-504826653--


From ukcrypto at chiark.greenend.org.uk  Thu Jul  3 08:17:23 2008
From: ukcrypto at chiark.greenend.org.uk (David Hansen)
Date: Thu, 03 Jul 2008 08:17:23 +0100
Subject: Targeted junkmail "from" your GP?
In-Reply-To: <BA6A01E2-8C80-45CB-8DD7-5FD5AB0CC57F@luna.nl>
References: <20080628064610.22373.44146.Mailman@chiark.greenend.org.uk>, <486BDEEA.9040303@defoam.net>, <BA6A01E2-8C80-45CB-8DD7-5FD5AB0CC57F@luna.nl>
Message-ID: <486C8B13.12870.24FD4C@davidh.spidacom.co.uk>

On 2 Jul 2008 at 23:47, Gerard Freriks wrote:

> In addition.
> Many humans suffer from a thing called dumbness, and ignorance.
> And on security matters medical people, politicians, civil servants,  
> and many others never thought about this topic properly.

They didn't think about it at all.



-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From ukcrypto at chiark.greenend.org.uk  Thu Jul  3 08:25:30 2008
From: ukcrypto at chiark.greenend.org.uk (David Hansen)
Date: Thu, 03 Jul 2008 08:25:30 +0100
Subject: Targeted junkmail "from" your GP?
In-Reply-To: <486BDEEA.9040303@defoam.net>
References: <20080628064610.22373.44146.Mailman@chiark.greenend.org.uk>, <4869FAC0.29659.4A9216@davidh.spidacom.co.uk>, <486BDEEA.9040303@defoam.net>
Message-ID: <486C8CFA.8475.2C6AE9@davidh.spidacom.co.uk>

On 2 Jul 2008 at 21:02, Adrian Midgley wrote:

> Perahps one day one of the medical mob will favour the world with a view
> on David.

Perahps one day one of the medical mob will favour the world with a 
view on Adrian. Of course if this "view" is simply based on on-line 
communications it is likely to be highly inaccurate and cause people 
who know Adrian to laugh loudly at the person making the "view".

However, I hope that nobody would be rude or silly enough to make such 
a call on this discussion group. Discussing people rather than the 
issues is the sort of childish approach party politicians, journalists 
and many academics try when they do not have any better arguments. They 
flail around desperately trying to make their point, but to those with 
a brain they just look silly.

I thought better of you Adrian, but have now revised my view.


-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From ukcrypto at chiark.greenend.org.uk  Thu Jul  3 19:39:57 2008
From: ukcrypto at chiark.greenend.org.uk (Adrian Midgley)
Date: Thu, 03 Jul 2008 19:39:57 +0100
Subject: Targeted junkmail "from" your GP?
In-Reply-To: <IjbDtVGPUTaIFAJi@perry.co.uk>
References: <20080628064610.22373.44146.Mailman@chiark.greenend.org.uk> <2KWXrEBd5hZIFwkw@tigers.demon.co.uk> <bwh3JXKpHjZIFAzx@perry.co.uk> <4866333B.4070007@pelicancrossing.net> <48665ACA.2080000@links.org> <48682FD4.30200@zen.co.uk> <wYX9jmG9gIaIFA9Q@perry.co.uk> <4868EF0E.5080403@defoam.net> <IjbDtVGPUTaIFAJi@perry.co.uk>
Message-ID: <486D1CFD.3060904@defoam.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roland Perry wrote:
> In article <4868EF0E.5080403@defoam.net>, Adrian Midgley
> <amidgley2@defoam.net> writes
>>> I very much doubt my medical records include my occupation (which is in
>>> any event so obscure that I have difficulty categorising it even when
>>> someone *is* gathering the information).
>>
>> There is a field for it with a qualifier for detail.
> 
> Maybe we need things like "Teacher" (field) "in a 1960's
> comprehensive"[1] (qualifier) so everyone can excited about
> exposure to asbestos?
> 
> [1] Versus "in a Victorian primary school".

The obvious qualifier would be the GUID for the school, allowing someone
who needed to look up the by then current state of information about
that school, rather than demanding the person of the moment working out
what sort of school it had been.

Abstraction is good in coding.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIbRz9b80am9d/StcRAiHkAJ0YpW2c9L/fQFBHbSLHB5F8ymvTzwCeN3LM
8joX+2nQPEzROYXa4tOLoW8=
=wMKs
-----END PGP SIGNATURE-----



From ukcrypto at chiark.greenend.org.uk  Fri Jul  4 11:15:19 2008
From: ukcrypto at chiark.greenend.org.uk (David Hansen)
Date: Fri, 04 Jul 2008 11:15:19 +0100
Subject: Home Office "identity" card poromotion - slightly OT
Message-ID: <486E0647.23201.8A2DE6@davidh.spidacom.co.uk>

I see that some bod from the Home Office was in Edinburgh recently, in 
order to promote "identity" cards and the database behind them, both of 
great use to criminals. This bod is obviously so scared of public 
debate that she only wanted carefully selected people at the meeting. 
In true Labour Party style carefully selected people to say how 
wonderful the Home Office's plans for "identity" cards are. Even by the 
standards of the Home Office this "consultation" meeting is a new low.

As a result when "mere" members of the public entered they were treated 
badly, as one would expect in New Britain, with all of them (including 
a four year old) carted off to a police station. Obviously having the 
"wrong" opinion is not something to be tolerated in New Britain.

I did like the East German border guard dress of some of the 
protestors, very apt.

There is a short report at 
<http://www.indymedia.org.uk/en/2008/07/402542.html> and it is worth 
reading the "Comment from activist" attached to that article for some 
more information.

There is a letter at
<http://edinburghnews.scotsman.com/letters/Open-and-honest-debate-
on.4251433.jp>
which gives some more perspective on the "consultation". It refers to 
an earlier article
<http://edinburghnews.scotsman.com/latestnews/Boy-4-held-by-
police.4238662.jp>.

Of course "identity" cards (and the databases) are already here, as the 
letter at <http://thescotsman.scotsman.com/letters/ID-cards-already-
here.4255107.jp> explains. The young, old and disabled have already 
been forced to have them.  I imagine the Home Office are proud of 
themselves, after all not every bunch of officials manages to turn the 
UK into East Germany.


-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From ukcrypto at chiark.greenend.org.uk  Tue Jul  8 11:55:53 2008
From: ukcrypto at chiark.greenend.org.uk (David Biggins)
Date: Tue, 8 Jul 2008 11:55:53 +0100
Subject: ECHR finds UK in violation of Article 8
In-Reply-To: <013901c8dc56$2bfe1870$891a313e@Powerstation>
References: <486B6C7F.6080009@lamont.me.uk> <013901c8dc56$2bfe1870$891a313e@Powerstation>
Message-ID: <C6F343320DAC194BA010FD66AD4936233915E9@home.usermgmt.local>

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk [mailto:ukcrypto-
> admin@chiark.greenend.org.uk] On Behalf Of M J D Brown
> Sent: 02 July 2008 16:13
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: ECHR finds UK in violation of Article 8
>=20
>=20
> ----- Original Message -----
> From: "Richard Lamont" <richard@lamont.me.uk>
> To: <ukcrypto@chiark.greenend.org.uk>
> Sent: Wednesday, July 02, 2008 12:54 PM
> Subject: ECHR finds UK in violation of Article 8
>=20
>=20
> > Following the discovery (by yours truly) of the real purpose of the
> > 'Capenhurst Tower' in 1999, an investigation with Duncan Campbell =
and
> > subsequent expos=E9 on Channel 4 News, the UK Government was taken =
to
> > the
> > European Court of Human Rights by Liberty, British Irish Rights =
Watch
> > and the Irish Council for Civil Liberties.
>=20
> If the terrorists were so solicitous of the rights of ordinary
> citizens,
> they would not hide their communications amongst those of innocent
> people.
>=20
> Mike.

That the terrorists disregard the rights of the innocent people is no =
surprise - they do after all also commit acts of violence against them, =
and from concealment with them.

Among their very worst accomplishments of course in doing so, is to =
provide governments and related agencies with the fig-leaf of an =
apparently legitimate excuse for abuses of their own, and a ready-made =
framework to justify ignoring challenges against such abuses.

Dave.


From ukcrypto at chiark.greenend.org.uk  Tue Jul  8 14:18:39 2008
From: ukcrypto at chiark.greenend.org.uk (Richard Clayton)
Date: Tue, 8 Jul 2008 14:18:39 +0100
Subject: Personal Internet Security - follow-up report
Message-ID: <UmMW$wYvk2cIFAqb@highwayman.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The House of Lords Science and Technology Committee have just completed
a follow-up inquiry into "Personal Internet Security.

Report:

<URL:http://www.publications.parliament.uk/pa/ld200708/ldselect/ldsctech
/131/131.pdf>

My commentary:

<URL:http://www.lightbluetouchpaper.org/2008/07/08/personal-internet-
security-follow-up-report/>

the BBC:

<URL:http://news.bbc.co.uk/1/hi/uk_politics/7495118.stm>

and many others (Lord Broers had a busy morning on the phone!):

<URL:http://www.itweek.co.uk/itweek/news/2221018/lords-renew-calls-
security-laws>

<URL:http://www.managementconsultancy.co.uk/computing/news/2221020/lords
- -say-crime-nust-reported>

<URL:http://news.zdnet.co.uk/security/0,1000000189,39444410,00.htm>

<URL:http://www.computing.co.uk/computing/news/2221020/lords-say-crime-
nust-reported>

<URL:http://www.pcpro.co.uk/news/210939/lords-demand-banks-foot-the-
bill-for-online-fraud.html>

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSHNpL5oAxkTY1oPiEQLkCQCg9TAWlGmS3kxXPoYBcPWMR3tRn3IAoMSY
kyU4bM5rejEiI4v6Uemy1DfD
=nJ9y
-----END PGP SIGNATURE-----


From ukcrypto at chiark.greenend.org.uk  Wed Jul  9 00:50:16 2008
From: ukcrypto at chiark.greenend.org.uk (Richard Clayton)
Date: Wed, 9 Jul 2008 00:50:16 +0100
Subject: Behavioural advertising may breach US wiretapping laws
Message-ID: <RZZnglB40$cIFA5o@highwayman.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


CDT have just published an opinion suggesting that behavioural
advertising (such as the NebuAd and Phorm systems) will breach US
wiretapping laws.

The illegality will be fixed in some states with the permission of the
end-user (rather as it would have been in the UK until Oct 2000 under
IOCA 1985). However, some states require both ends of the communication
to give permission (as is the case under RIP 2000 now in the UK). In
particular California also has an extra-territoriality provision so it
would apply if only one end of the communication was in California...

Of course there's hardly any websites in California....

CDT have some interesting remarks about permission:

  Consent is context-based. It is one thing to imply consent in the
  context of a prison or a workplace, where notice may be presented as
  part of the daily log-in process. It is quite another to imply it in
  the context of ordinary Internet usage by residential subscribers,
  who, by definition, are using the service for personal and often
  highly sensitive communications. Continued use of a service after a
  mailed notice might not be enough to constitute consent. Certainly,
  mailing notification to the bill payer is probably insufficient to put
  all members of the household who share the Internet connection on
  notice.

  Thus, it seems that an assertion of implied consent, whether or not
  users are provided an opportunity to opt out of the system, would most
  likely not satisfy the consent exception for the type of interception
  or disclosure under consideration here. Express prior consent (opt-in
  consent) is clearly preferable and may be required. While meaningful
  opt-in consent would be sufficient, courts would likely be skeptical
  of an opt-in consisting merely of a click-through agreement -- i.e., a
  set of terms that a user agrees to by clicking an on-screen button.if
  it displays characteristics typical of such agreements, such as a
  large amount of text displayed in a small box, no requirement that the
  user scroll through the entire agreement, or the opt-in provision
  buried among other terms of service.

http://cdt.org/press/20080708press.php

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSHP9OJoAxkTY1oPiEQITPwCfTCPL+fMKn2e6ujM4OgKAqdyZOD0AoLag
SoU2Eaccpm6nPXEe7uVHRl6Q
=5r66
-----END PGP SIGNATURE-----


From ukcrypto at chiark.greenend.org.uk  Fri Jul 11 13:37:14 2008
From: ukcrypto at chiark.greenend.org.uk (Richard Clayton)
Date: Fri, 11 Jul 2008 13:37:14 +0100
Subject: Interception Modernisation Programme
Message-ID: <9xYs65I6P1dIFA2X@highwayman.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hansard: 8 July 2008 : Column WA75

Home Office: Interception Modernisation Programme

The Earl of Northesk asked Her Majesty's Government:

  What are the aims of the Home Office's interception modernisation
  programme. [HL4465]

The Parliamentary Under-Secretary of State, Home Office (Lord West of
Spithead):

  The objective of the interception modernisation programme (IMP) is to
  maintain the UK's lawful intercept and communications data
  capabilities in the changing communications environment. It is a
  cross-government programme, led by the Home Office, to ensure that our
  capability to lawfully intercept and exploit data when fighting crime
  and terrorism is not lost. It was established in response to my right
  honourable friend the Prime Minister's national security remit in
  2006.

The Earl of Northesk asked Her Majesty's Government:

  Whether the current Comprehensive Spending Review allocation contains
  any financing for the Home Office's interception modernisation
  programme; and, if so, how much. [HL4466]

Lord West of Spithead:

  As part of the Government's Comprehensive Spending Review (CSR 07) a
  central bid was made to HM Treasury on behalf of the security and
  intelligence agencies. Funding for IMP was included in the bid, and
  the exact programme allocation across the CSR years is currently being
  finalised between the Home Office and HM Treasury.

The Earl of Northesk asked Her Majesty's Government:

  What are the Home Office's current budgetary estimates for
  demonstrating the feasibility of the interception modernisation
  programme. [HL4467]

Lord West of Spithead:

  A significant proportion of the programme investment over the CSR
  period will be used to test feasibility and reduce the risk associated
  with implementing the proposed IMP solution. The private sector is
  likely to play a major role in this work and the programme will be
  conducting a competitive tender and entering commercial negotiations
  to commission its services.

  The tendering processes are not yet complete and therefore the budget
  for the feasibility and de-risking activities is not finalised. For
  this reason, a precise figure cannot be given at this time.

The Earl of Northesk asked Her Majesty's Government:

  What are the Home Office's current budgetary estimates for the
  interception modernisation programme. [HL4468]

Lord West of Spithead:

  The interception modernisation programme (IMP) will require a
  substantial level of investment which will need to tie in with the
  Government's three-year CSR periods. The scale of overall economic
  investment is very difficult to calculate because of the complexity of
  the project and wide ranging implementation solutions currently being
  considered.

  Given this complexity and the commercial and national security
  sensitivities, the precise costs of the programme cannot be disclosed.
  Further detail on budgetary estimates for the IMP will, however,
  become available once the draft Communications Data Bill is published.

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSHdT+poAxkTY1oPiEQL4LACgn81QEu2JTloL4maGN4F1FnHpJZIAoK2W
P4np6wNRtw3uaSCBZl9DlDjX
=V9Q9
-----END PGP SIGNATURE-----


From ukcrypto at chiark.greenend.org.uk  Fri Jul 11 15:41:52 2008
From: ukcrypto at chiark.greenend.org.uk (David Hansen)
Date: Fri, 11 Jul 2008 15:41:52 +0100
Subject: Interception Modernisation Programme
In-Reply-To: <9xYs65I6P1dIFA2X@highwayman.com>
References: <9xYs65I6P1dIFA2X@highwayman.com>
Message-ID: <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk>

On 11 Jul 2008 at 13:37, Richard Clayton wrote:

> The Parliamentary Under-Secretary of State, Home Office (Lord West of
> Spithead):
> 
>   The objective of the interception modernisation programme (IMP) is to
>   maintain the UK's lawful intercept and communications data
>   capabilities in the changing communications environment. It is a
>   cross-government programme, led by the Home Office, to ensure that our
>   capability to lawfully intercept and exploit data when fighting crime
>   and terrorism

Is "terrorism" no longer a crime? I must have missed this change.

Of course we all know that the real aim is to fight those suspected of 
anything which the bods inside the tent don't like. 

RIP Part 1 Chapter 1 Section 5(3) gives "the reasons" for interception 
as:

"(a) in the interests of national security;

"(b) for the purpose of preventing or detecting serious crime;

"(c) for the purpose of safeguarding the economic well-being of the 
United Kingdom;"

All of these are vague enough to allow officials to do almost anything 
they feel like. The last one is no-doubt particularly useful to those 
attacking animal rights campaigners, who are often branded by party 
politicians as affecting the economy. I have heard similar statements 
from party politicians about GM crop campaigners and environmentalists 
in general, plus a number of other groups. It was no surprise that they 
picked on animal rights people to use threatening words and behaviour 
towards over keys.

Of course all campaigners are now "terrorists", at least when officials 
don't like them. That includes people reading out the names of the dead 
at the cenotaph in London, Walter Wolfgang and so on.

I was delighted to discover that the English police presumably consider 
me a phase 1 domestic extremist campaigner, for writing letters to 
organisations. It just goes to show how far these bods have lost the 
plot and how desperate they have become to inflict their views on us 
<http://www.netcu.org.uk/protection/domesticextremisttactics.jsp>.

One may wonder who the domestic extremist campaigners really are. The 
photograph on that page does show masked people who have gone equipped 
for  violence. These people all have the letters POLICE written on 
their clothes. Presumably this is to allow rioters to identify each 
other more easily.

Neither have members of any stop the war or environmental group shot a 
passenger on a train seven times in the head and once in the shoulder, 
after being specially hyped up at a briefing and using ammunition which 
is illegal to use in war. Were members of either group to do so you may 
be sure that the organisation "investigating" the crime would not start 
its "investigation" off by putting out a press release saying what a 
wonderful job the group was doing and how it should be supported, not 
bother to put in an appearance at the crime scene for four days and 
then whitewash the whole thing.


On communications data RIP part 1 chapter 2 section 22(2) gives the 
following carte blanche for grabbing data:

"(a) in the interests of national security;

"(b) for the purpose of preventing or detecting crime or of preventing 
disorder;

"(c) in the interests of the economic well-being of the United Kingdom;

"(d) in the interests of public safety;

"(e) for the purpose of protecting public health;

"(f) for the purpose of assessing or collecting any tax, duty, levy or 
other imposition, contribution or charge payable to a government 
department;

"(g) for the purpose, in an emergency, of preventing death or injury or 
any damage to a person´s physical or mental health, or of mitigating 
any injury or damage to a person´s physical or mental health; or

"(h) for any purpose (not falling within paragraphs (a) to (g)) which 
is specified for the purposes of this subsection by an order made by 
the Secretary of State."

Even without (h) it is difficult to think of any "reason" which would 
fall out of (a) to (g). (h) is just to make sure.


Mr West therefore lied to the Westminster parliament when he claimed 
that it was only for "fighting crime and terrorism".


-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From ukcrypto at chiark.greenend.org.uk  Fri Jul 11 17:56:20 2008
From: ukcrypto at chiark.greenend.org.uk (Roland Perry)
Date: Fri, 11 Jul 2008 17:56:20 +0100
Subject: Interception Modernisation Programme
In-Reply-To: <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk>
References: <9xYs65I6P1dIFA2X@highwayman.com>
 <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk>
Message-ID: <96Ce7bI0C5dIFAW8@perry.co.uk>

In article <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk>, David Hansen 
<davidh@spidacom.co.uk> writes
>Even without (h) it is difficult to think of any "reason" which would
>fall out of (a) to (g). (h) is just to make sure.

Finding out the identity of a dead body by asking his mobile phone 
company to look him up was "one that got away".
-- 
Roland Perry


From ukcrypto at chiark.greenend.org.uk  Fri Jul 11 18:46:28 2008
From: ukcrypto at chiark.greenend.org.uk (Richard Clayton)
Date: Fri, 11 Jul 2008 18:46:28 +0100
Subject: Interception Modernisation Programme
In-Reply-To: <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk>
References: <9xYs65I6P1dIFA2X@highwayman.com>
 <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk>
Message-ID: <VfbGBhB0x5dIFAxv@highwayman.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk>, David Hansen
<davidh@spidacom.co.uk> writes

>On 11 Jul 2008 at 13:37, Richard Clayton wrote:
>
>> The Parliamentary Under-Secretary of State, Home Office (Lord West of
>> Spithead):
>> 
>>   The objective of the interception modernisation programme (IMP) is to
>>   maintain the UK's lawful intercept and communications data
>>   capabilities in the changing communications environment. It is a
>>   cross-government programme, led by the Home Office, to ensure that our
>>   capability to lawfully intercept and exploit data when fighting crime
>>   and terrorism

[snip material about the RIP Act 2000]

>Mr West therefore lied to the Westminster parliament when he claimed 
>that it was only for "fighting crime and terrorism".

I think you've slightly missed the point, in that the answer given by
Admiral West specifically refers to systems and laws that are yet to
come; and that the Home Office might have an idea about what it will
cost by the time the draft Communications Bill is published...

... the Earl of Northesk's other questions have not yet been answered
(so far as I can see); about how much has been spent on the systems at
the ISPs at Telcos which will become redundant if all of the
communications data is swept into central warehouses.

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSHecdJoAxkTY1oPiEQIGSwCfVwRvwMEOemBiKkHfeto8G9KXow4An2QP
pxZz++s6SX0uP17aj8ymc4v3
=5lJ7
-----END PGP SIGNATURE-----


From ukcrypto at chiark.greenend.org.uk  Sat Jul 12 10:26:07 2008
From: ukcrypto at chiark.greenend.org.uk (David Hansen)
Date: Sat, 12 Jul 2008 10:26:07 +0100
Subject: Interception Modernisation Programme
In-Reply-To: <VfbGBhB0x5dIFAxv@highwayman.com>
References: <9xYs65I6P1dIFA2X@highwayman.com>, <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk>, <VfbGBhB0x5dIFAxv@highwayman.com>
Message-ID: <487886BF.16805.A22E8@davidh.spidacom.co.uk>

On 11 Jul 2008 at 18:46, Richard Clayton wrote:

> I think you've slightly missed the point,

Possibly, but I don't think so in this case.

> in that the answer given by
> Admiral West specifically refers to systems and laws that are yet to
> come;

"The objective of the interception modernisation programme (IMP) is to
maintain the UK's lawful intercept and communications data
capabilities in the changing communications environment. It is a
cross-government programme, led by the Home Office, to ensure that our
capability to lawfully intercept and exploit data when fighting crime
and terrorism [snip]"

He is referring to systems both now and in the future. He makes the 
assertion that these things are used to fight crime. This is clearly a 
bogus claim as RIP covers much more than crime. He has therefore misled 
the Westminster parliament.

The question is whether he knowlingly misled the Westminster 
parliament, or whether he simply repeated lies given to him by 
officials. I have no idea what the answer to that question is. I have 
asked, it will be interesting to see whether a reply is forthcoming.



-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From ukcrypto at chiark.greenend.org.uk  Sat Jul 12 17:33:16 2008
From: ukcrypto at chiark.greenend.org.uk (Richard Clayton)
Date: Sat, 12 Jul 2008 17:33:16 +0100
Subject: IMP on iPM
Message-ID: <GpmicmIMzNeIFApd@highwayman.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


first 6+ minutes of the show:

  http://www.bbc.co.uk/radio/aod/networks/radio4/aod.shtml?radio4/ipm

show blog:

<URL:http://www.bbc.co.uk/blogs/ipm/2008/07/show_notes_communications_da
ta.shtml>

Stuart Ward's blog:

  http://stuartward.wordpress.com/2008/06/22/surveillance-society/

there's rather more in the audio than the other two sources...

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSHjczJoAxkTY1oPiEQKqJQCeJWx3kh1F+jiMk1tZL6oqeV0vOhMAoObS
f97xLCA1nx2gmOmJmAdjMS7D
=UZBV
-----END PGP SIGNATURE-----


From ukcrypto at chiark.greenend.org.uk  Sat Jul 12 19:04:40 2008
From: ukcrypto at chiark.greenend.org.uk (Mary Hawking)
Date: Sat, 12 Jul 2008 19:04:40 +0100
Subject: Data Sharing Review
Message-ID: <E047ELB4IPeIFwYC@tigers.demon.co.uk>

The report on data sharing commissioned from Dr Mark Walport (Welcome 
Trust) and Richard Thomas has been published: hardly surprisingly - 
seeing the interests of one of the authors - it is very keen to allow 
researchers full access to medical records - and seems to think that 
these will be held on a central database for the whole of England. I 
don't think there is the full support for making medical records 
available for research among the medical profession that is claimed.

Http://www.justice.gov.uk/reviews/datasharing-intro.htm

(I found the evidence submitted by GeneWatch very interesting.

http://www.genewatch.org/uploads/f03c6d66a9b354535738483c1c3d49e4/GeneWat
chUK_datarev08.doc
especially 1(vi))

The thought of legislation to allow the Sec. of State to fast track 
secondary legislation and change primary legislation and common law to 
fit this sharing is alarming: and the thought that this might actually 
be implemented drives me to despair!

Mary Hawking
GP but *not* one of the "medical mob"!
-- 
Mary Hawking



From ukcrypto at chiark.greenend.org.uk  Sat Jul 12 17:41:43 2008
From: ukcrypto at chiark.greenend.org.uk (Roland Perry)
Date: Sat, 12 Jul 2008 17:41:43 +0100
Subject: Interception Modernisation Programme
In-Reply-To: <487886BF.16805.A22E8@davidh.spidacom.co.uk>
References: <9xYs65I6P1dIFA2X@highwayman.com>
 <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk>
 <VfbGBhB0x5dIFAxv@highwayman.com>
 <487886BF.16805.A22E8@davidh.spidacom.co.uk>
Message-ID: <M0dyI4gH7NeIFAo6@perry.co.uk>

In article <487886BF.16805.A22E8@davidh.spidacom.co.uk>, David Hansen 
<davidh@spidacom.co.uk> writes
>"The objective of the interception modernisation programme (IMP) is to
>maintain the UK's lawful intercept and communications data
>capabilities in the changing communications environment. It is a
>cross-government programme, led by the Home Office, to ensure that our
>capability to lawfully intercept and exploit data when fighting crime
>and terrorism [snip]"
>
>He is referring to systems both now and in the future. He makes the
>assertion that these things are used to fight crime.

You are misreading the statement.

"THE objective of the IMP is....

"It [will] ensure ... A and B ...."

But it will also ensure X, Y and Z.

Perhaps you disapprove of it ensuring X, Y and Z, but it's not 
misleading Parliament to leave them out.

>This is clearly a bogus claim as RIP covers much more than crime.

And he was talking about IMP, not RIP. There are plenty of things that 
we all know RIP does, that have nothing at all to do with IMP (for 
example, to get even vaguely on-Crypto-topic, requesting the encryption 
key for a seized memory stick).
-- 
Roland Perry


From ukcrypto at chiark.greenend.org.uk  Sun Jul 13 14:20:20 2008
From: ukcrypto at chiark.greenend.org.uk (David Hansen)
Date: Sun, 13 Jul 2008 14:20:20 +0100
Subject: Interception Modernisation Programme
In-Reply-To: <M0dyI4gH7NeIFAo6@perry.co.uk>
References: <9xYs65I6P1dIFA2X@highwayman.com>, <487886BF.16805.A22E8@davidh.spidacom.co.uk>, <M0dyI4gH7NeIFAo6@perry.co.uk>
Message-ID: <487A0F24.18620.410C67@davidh.spidacom.co.uk>

On 12 Jul 2008 at 17:41, Roland Perry wrote:

> >"The objective of the interception modernisation programme (IMP) is to
> >maintain the UK's lawful intercept and communications data
> >capabilities in the changing communications environment. It is a
> >cross-government programme, led by the Home Office, to ensure that our
> >capability to lawfully intercept and exploit data when fighting crime
> >and terrorism [snip]"
> >
> >He is referring to systems both now and in the future. He makes the
> >assertion that these things are used to fight crime.
> 
> You are misreading the statement.

I don't think so.

The statement can be re-written more generally as, the objective of 
this new thing is to maintain what we are doing now. It therefore 
follows that what we are doing now is relevent to an appraisal of the 
statement.


-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From ukcrypto at chiark.greenend.org.uk  Sun Jul 13 14:58:48 2008
From: ukcrypto at chiark.greenend.org.uk (Roland Perry)
Date: Sun, 13 Jul 2008 14:58:48 +0100
Subject: Interception Modernisation Programme
In-Reply-To: <487A0F24.18620.410C67@davidh.spidacom.co.uk>
References: <9xYs65I6P1dIFA2X@highwayman.com>
 <487886BF.16805.A22E8@davidh.spidacom.co.uk> <M0dyI4gH7NeIFAo6@perry.co.uk>
 <487A0F24.18620.410C67@davidh.spidacom.co.uk>
Message-ID: <drKG$xoYogeIFAbL@perry.co.uk>

In article <487A0F24.18620.410C67@davidh.spidacom.co.uk>, David Hansen 
<davidh@spidacom.co.uk> writes
>> You are misreading the statement.
>
>I don't think so.
>
>The statement can be re-written more generally as, the objective of
>this new thing is to maintain what we are doing now. It therefore
>follows that what we are doing now is relevent to an appraisal of the
>statement.

And he's given one example of "what we are doing now". If you wanted an 
exhaustive list then you'd be disappointed, rather than misinformed.
-- 
Roland Perry


From ukcrypto at chiark.greenend.org.uk  Sun Jul 13 16:22:08 2008
From: ukcrypto at chiark.greenend.org.uk (PeteM)
Date: Sun, 13 Jul 2008 16:22:08 +0100
Subject: Interception Modernisation Programme
In-Reply-To: <M0dyI4gH7NeIFAo6@perry.co.uk>
References: <9xYs65I6P1dIFA2X@highwayman.com> <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk> <VfbGBhB0x5dIFAxv@highwayman.com> <487886BF.16805.A22E8@davidh.spidacom.co.uk> <M0dyI4gH7NeIFAo6@perry.co.uk>
Message-ID: <487A1DA0.7060706@callnetuk.com>

Roland Perry wrote  on 12-07-08 17:41:
> In article <487886BF.16805.A22E8@davidh.spidacom.co.uk>, David Hansen 
> <davidh@spidacom.co.uk> writes
>> "The objective of the interception modernisation programme (IMP) is to
>> maintain the UK's lawful intercept and communications data
>> capabilities in the changing communications environment. It is a
>> cross-government programme, led by the Home Office, to ensure that our
>> capability to lawfully intercept and exploit data when fighting crime
>> and terrorism [snip]"
>>
>> He is referring to systems both now and in the future. He makes the
>> assertion that these things are used to fight crime.
> 
> You are misreading the statement.
> 
> "THE objective of the IMP is....
> 
> "It [will] ensure ... A and B ...."
> 
> But it will also ensure X, Y and Z.
> 
> Perhaps you disapprove of it ensuring X, Y and Z, but it's not 
> misleading Parliament to leave them out.

Is it not? Let's substitute in some different values in for the 
variables; instead of "IMP" we will insert "Invasion of Iraq", for "A 
and B" write "Removal of illegal WMD"  and for "X, Y and Z" we will 
substitute "Removal of regime disliked by Washington, advancement of 
Western military control of the Middle East, securing of US access to 
enormous oil reserves, improving Israel's security".

It seems to me it clearly *was* misleading Parliament not to mention 
these objectives, and therefore Roland's Theorem as stated above is false.

-- 
Pete Mitchell



From ukcrypto at chiark.greenend.org.uk  Sun Jul 13 17:05:26 2008
From: ukcrypto at chiark.greenend.org.uk (Roland Perry)
Date: Sun, 13 Jul 2008 17:05:26 +0100
Subject: Interception Modernisation Programme
In-Reply-To: <487A1DA0.7060706@callnetuk.com>
References: <9xYs65I6P1dIFA2X@highwayman.com>
 <48777F40.19958.1B3FF8A@davidh.spidacom.co.uk>
 <VfbGBhB0x5dIFAxv@highwayman.com>
 <487886BF.16805.A22E8@davidh.spidacom.co.uk> <M0dyI4gH7NeIFAo6@perry.co.uk>
 <487A1DA0.7060706@callnetuk.com>
Message-ID: <kNdoGI4GfieIFAeC@perry.co.uk>

In article <487A1DA0.7060706@callnetuk.com>, PeteM <otcbn@callnetuk.com> 
writes
>>  You are misreading the statement.
>>  "THE objective of the IMP is....
>>  "It [will] ensure ... A and B ...."
>>  But it will also ensure X, Y and Z.
>>  Perhaps you disapprove of it ensuring X, Y and Z, but it's not 
>>misleading Parliament to leave them out.
>
>Is it not? Let's substitute in some different values in for the 
>variables; instead of "IMP" we will insert "Invasion of Iraq", for "A 
>and B" write "Removal of illegal WMD"  and for "X, Y and Z" we will 
>substitute "Removal of regime disliked by Washington, advancement of 
>Western military control of the Middle East, securing of US access to 
>enormous oil reserves, improving Israel's security".
>
>It seems to me it clearly *was* misleading Parliament not to mention 
>these objectives, and therefore Roland's Theorem as stated above is 
>false.

The difference is that everyone knows the IMP X, Y and Z as a result of 
the RIPA debate [1], so failing to trot out a huge list every time you 
mention it, is not misleading.

[1] Have the consequences of such a regime ever been discussed as 
exhaustively?
-- 
Roland Perry


From ukcrypto at chiark.greenend.org.uk  Mon Jul 14 11:06:54 2008
From: ukcrypto at chiark.greenend.org.uk (Michael Simpson)
Date: Mon, 14 Jul 2008 11:06:54 +0100
Subject: Data Sharing Review
In-Reply-To: <E047ELB4IPeIFwYC@tigers.demon.co.uk>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk>
Message-ID: <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>

On 7/12/08, Mary Hawking <maryhawking@tigers.demon.co.uk> wrote:
> The report on data sharing commissioned from Dr Mark Walport (Welcome Trust)
> and Richard Thomas has been published: hardly surprisingly - seeing the
> interests of one of the authors - it is very keen to allow researchers full
> access to medical records - and seems to think that these will be held on a
> central database for the whole of England. I don't think there is the full
> support for making medical records available for research among the medical
> profession that is claimed.
>

As a medic with an interest in developing an electronic patient
register i would be unhappy with the concept of any data sharing
without the specific consent of the patient being given *every* time
that their data is to be accessed by anyone.

The state seems to have real problems with the idea of accountability
and without clear mechanisms in place to implement *all* of the 3As
and a demonstration of what they actually mean then it would be my
view that any current proposals are flawed.

cf recent House of Lords ruling on FOI attempt to access info on
leukaemia clusters + all 999 call data from Scotland being lost in
transit without any real reason for sending live data to a third party
by post in the first place.

Mike Simpson
Medical Officer - Glasgow Addiction Service
also not one of the "medical mob"


From ukcrypto at chiark.greenend.org.uk  Mon Jul 14 16:57:54 2008
From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother)
Date: Mon, 14 Jul 2008 16:57:54 +0100
Subject: Crypto law survey
Message-ID: <487B7782.6070106@zen.co.uk>

Bert-Jaap Koops has updated his crypto law survey (it summarises the 
laws relating to cryptography in different countries):

http://rechten.uvt.nl/koops/cryptolaw/

Well worth a look-see, and a good source.



In the US case law section I spied:

"In the case of United States  v. Boucher, 2007 WL 4246473 (29 November 
2007), the District Court for the District of Vermont held that a 
password that protects encrypted files falls under the Fifth Amendment 
(the privilege against self-incrimination). Boucher was subpoenad by a 
grand jury to give the password. The court held that a defendant cannot 
be compelled to give the password, since it exists in the suspect's mind 
and handing it over would provide testimonial evidence, in particular, 
the fact that the suspect knows the password and has control over the 
encrypted files. Cf. Susan Brenner's blog post.
http://cyb3rcrim3.blogspot.com/2007/12/court-upholds-using-fifth-amendment-to.html"


So perhaps enforced decryption a la RIPA pt.3 won't be spreading too far.

-- Peter Fairbrother



From ukcrypto at chiark.greenend.org.uk  Mon Jul 14 18:11:57 2008
From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother)
Date: Mon, 14 Jul 2008 18:11:57 +0100
Subject: Data Sharing Review
In-Reply-To: <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk> <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
Message-ID: <487B88DD.5060605@zen.co.uk>

Michael Simpson wrote:
> On 7/12/08, Mary Hawking <maryhawking@tigers.demon.co.uk> wrote:
>> The report on data sharing commissioned from Dr Mark Walport (Welcome Trust)
>> and Richard Thomas has been published: hardly surprisingly - seeing the
>> interests of one of the authors - it is very keen to allow researchers full
>> access to medical records - and seems to think that these will be held on a
>> central database for the whole of England. I don't think there is the full
>> support for making medical records available for research among the medical
>> profession that is claimed.
>>
> 
> As a medic with an interest in developing an electronic patient
> register i would be unhappy with the concept of any data sharing
> without the specific consent of the patient being given *every* time
> that their data is to be accessed by anyone.

While that's an almost hippy-ish goal, it's not actually necessary - 
there are times when giving out patient data simply isn't intrusive.

Though the present "data mob", if I may coin a phrase, have no clue when 
that is - admittedly the line isn't easy to draw, but it's not in the 
same universe as what they propose.

> 
> The state seems to have real problems with the idea of accountability
> and without clear mechanisms in place to implement *all* of the 3As
> and a demonstration of what they actually mean then it would be my
> view that any current proposals are flawed.
> 
> cf recent House of Lords ruling on FOI attempt to access info on
> leukaemia clusters + all 999 call data from Scotland being lost in
> transit without any real reason for sending live data to a third party
> by post in the first place.
> 
> Mike Simpson
> Medical Officer - Glasgow Addiction Service
> also not one of the "medical mob"
> 
> 



From ukcrypto at chiark.greenend.org.uk  Mon Jul 14 18:20:43 2008
From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother)
Date: Mon, 14 Jul 2008 18:20:43 +0100
Subject: Data Sharing Review
In-Reply-To: <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk> <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
Message-ID: <487B8AEB.3010008@zen.co.uk>

Sorry for the half-double post, sticky keyboard.

Michael Simpson wrote:
> On 7/12/08, Mary Hawking <maryhawking@tigers.demon.co.uk> wrote:
>> The report on data sharing commissioned from Dr Mark Walport (Welcome Trust)
>> and Richard Thomas has been published: hardly surprisingly - seeing the
>> interests of one of the authors - it is very keen to allow researchers full
>> access to medical records - and seems to think that these will be held on a
>> central database for the whole of England. I don't think there is the full
>> support for making medical records available for research among the medical
>> profession that is claimed.
>>
> 
> As a medic with an interest in developing an electronic patient
> register i would be unhappy with the concept of any data sharing
> without the specific consent of the patient being given *every* time
> that their data is to be accessed by anyone.

While that's an almost hippy-ish goal, it's not strictly necessary - 
there are times when giving out patient data simply isn't intrusive.

Though the present "data mob", if I may coin a phrase, have no clue when 
that is - admittedly the line isn't easy to draw, but it's not in the 
same universe as what they propose.

So it may be necessary after all.

> 
> The state seems to have real problems with the idea of accountability
> and without clear mechanisms in place to implement *all* of the 3As
> and a demonstration of what they actually mean then it would be my
> view that any current proposals are flawed.

What's the 3A's?

> 
> cf recent House of Lords ruling on FOI attempt to access info on
> leukaemia clusters + all 999 call data from Scotland being lost in
> transit without any real reason for sending live data to a third party
> by post in the first place.
> 
> Mike Simpson
> Medical Officer - Glasgow Addiction Service

I'd not let the soche send me for that job!

-- Peter Fairbrother

> also not one of the "medical mob"
> 
> 



From ukcrypto at chiark.greenend.org.uk  Tue Jul 15 10:08:53 2008
From: ukcrypto at chiark.greenend.org.uk (David Hansen)
Date: Tue, 15 Jul 2008 10:08:53 +0100
Subject: Data Sharing Review
In-Reply-To: <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk>, <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
Message-ID: <487C7735.23925.576AF4B@davidh.spidacom.co.uk>

On 14 Jul 2008 at 11:06, Michael Simpson wrote:

> cf recent House of Lords ruling on FOI attempt to access info on
> leukaemia clusters

A most interesting case. For once a case where there really was a clash 
of principles.


-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From ukcrypto at chiark.greenend.org.uk  Tue Jul 15 15:52:31 2008
From: ukcrypto at chiark.greenend.org.uk (Michael Simpson)
Date: Tue, 15 Jul 2008 15:52:31 +0100
Subject: Data Sharing Review
In-Reply-To: <487B8AEB.3010008@zen.co.uk>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk>
 <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
 <487B8AEB.3010008@zen.co.uk>
Message-ID: <82abd3a70807150752xca892absbdc1bfa6e504316f@mail.gmail.com>

Hello

answers inline

On Mon, Jul 14, 2008 at 6:20 PM, Peter Fairbrother
<zenadsl6186@zen.co.uk> wrote:
> Sorry for the half-double post, sticky keyboard.
>
> Michael Simpson wrote:
>>
>> On 7/12/08, Mary Hawking <maryhawking@tigers.demon.co.uk> wrote:
>>>
>>> The report on data sharing commissioned from Dr Mark Walport (Welcome
>>> Trust)
>>> and Richard Thomas has been published: hardly surprisingly - seeing the
>>> interests of one of the authors - it is very keen to allow researchers
>>> full
>>> access to medical records - and seems to think that these will be held on
>>> a
>>> central database for the whole of England. I don't think there is the
>>> full
>>> support for making medical records available for research among the
>>> medical
>>> profession that is claimed.
>>>
>>
>> As a medic with an interest in developing an electronic patient
>> register i would be unhappy with the concept of any data sharing
>> without the specific consent of the patient being given *every* time
>> that their data is to be accessed by anyone.
>
> While that's an almost hippy-ish goal, it's not strictly necessary - there
> are times when giving out patient data simply isn't intrusive.
>
> Though the present "data mob", if I may coin a phrase, have no clue when
> that is - admittedly the line isn't easy to draw, but it's not in the same
> universe as what they propose.
>
> So it may be necessary after all.
>

i think it is necessary rather than some sort of tick here if you
don't wish us to give your details to any interested third party
i'm very big on the idea of informed consent

>>
>> The state seems to have real problems with the idea of accountability
>> and without clear mechanisms in place to implement *all* of the 3As
>> and a demonstration of what they actually mean then it would be my
>> view that any current proposals are flawed.
>
> What's the 3A's?
>
Authentication, authorisation and accountability

>> cf recent House of Lords ruling on FOI attempt to access info on
>> leukaemia clusters + all 999 call data from Scotland being lost in
>> transit without any real reason for sending live data to a third party
>> by post in the first place.
>>
>> Mike Simpson
>> Medical Officer - Glasgow Addiction Service
>
> I'd not let the soche send me for that job!
>
slightly better than being abused and beaten up by the public in A&E
:-)

mike

> -- Peter Fairbrother
>
>> also not one of the "medical mob"
>>
>>
>
>
>


From ukcrypto at chiark.greenend.org.uk  Tue Jul 15 16:12:48 2008
From: ukcrypto at chiark.greenend.org.uk (Alexander Hanff)
Date: Tue, 15 Jul 2008 16:12:48 +0100
Subject: Phorm Protest
In-Reply-To: <82abd3a70807150752xca892absbdc1bfa6e504316f@mail.gmail.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk>	 <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>	 <487B8AEB.3010008@zen.co.uk> <82abd3a70807150752xca892absbdc1bfa6e504316f@mail.gmail.com>
Message-ID: <487CBE70.5020909@googlemail.com>

Just a reminder that the Phorm Protest takes place tomorrow in London 
outside BT's AGM at the Barbican Centre.

We have Baroness Miller giving a speech at 1:15pm as well as a few other 
people including myself in the noon-2pm period.  The protest starts at 
10am and will continue through to the late afternoon.  I will also be 
presenting the CoL Police with a dossier of evidence calling for an 
investigation of the BT Covert Trials in 2006/2007.

I had a meeting with CoL Police last week and they have agreed to look 
at the dosier officially (as opposed to just passing the buck) so that 
is at least some progress.

I hope to see some of you there.

Regards,

Alexander Hanff


From ukcrypto at chiark.greenend.org.uk  Tue Jul 15 17:24:34 2008
From: ukcrypto at chiark.greenend.org.uk (Richard Clayton)
Date: Tue, 15 Jul 2008 17:24:34 +0100
Subject: Information Commissioner on the IMP
Message-ID: <KJkh0uMC9MfIFAyM@highwayman.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't think anyone's told Richard Thomas about the proposed data
collection method, just the resulting database... but that's enough to
make him concerned:

        http://news.bbc.co.uk/1/hi/uk_politics/7507627.stm

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSHzPQpoAxkTY1oPiEQKjAwCfd0thKIbpLwLdfZBpgJxO0Dj/zZUAoJye
i+OGNWyhHSZvwF7NBIXqbbSP
=cxLG
-----END PGP SIGNATURE-----


From ukcrypto at chiark.greenend.org.uk  Tue Jul 15 21:23:30 2008
From: ukcrypto at chiark.greenend.org.uk (Mary Hawking)
Date: Tue, 15 Jul 2008 21:23:30 +0100
Subject: Data Sharing Review
In-Reply-To: <20080715064636.10971.26644.Mailman@chiark.greenend.org.uk>
References: <20080715064636.10971.26644.Mailman@chiark.greenend.org.uk>
Message-ID: <hLnC7ICCdQfIFwH3@tigers.demon.co.uk>

Michael Simpson said

>As a medic with an interest in developing an electronic patient 
>register i would be unhappy with the concept of any data sharing 
>without the specific consent of the patient being given *every* time 
>that their data is to be accessed by anyone.

There is another problem about data sharing - the quality of the data to 
be shared.
Mark Walport does not appear to have considered this as far as medical 
data goes - and medical data is, by it's very nature, imprecise, fuzzy 
and open to different interpretations in different parts of the health 
care system.

Drug services are a case in point (cheer up, this problem only applies 
in England - so far)

Data sharing of appropriate data in appropriate ways to support 
individual patient care is not and never has been a problem.
Extending this to include *all* medical information to *all* health care 
providers (and pharmaceutical companies) is something different - and 
single shared records - the Detailed Care Record model in NME - Lorenzo 
level 4 and TPP - is a different problem again.

Changing goal-posts - have you seen the Darzi review on Vision for 
Primary and Secondary Care para 7.6? Access to the National Care Record 
service - which includes both summary and detailed care records - to be 
extended to social services and voluntary organisations.

</rant>
see my presentation at the PHCSG summer conference - www.phcsg.org.uk 
the Conferences - summer conference - program and day 1 stream 2 15.20

(Michael, I'll send it to you off line)

Mary Hawking


-- 
Mary Hawking



From ukcrypto at chiark.greenend.org.uk  Wed Jul 16 09:53:11 2008
From: ukcrypto at chiark.greenend.org.uk (Adrian Midgley)
Date: Wed, 16 Jul 2008 09:53:11 +0100
Subject: Data Sharing Review
In-Reply-To: <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk> <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
Message-ID: <487DB6F7.8090805@defoam.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Simpson wrote:
> On 7/12/08, Mary Hawking <maryhawking@tigers.demon.co.uk> wrote:
>> The report on data sharing commissioned from Dr Mark Walport (Welcome Trust)
>> and Richard Thomas has been published: hardly surprisingly - seeing the
>> interests of one of the authors - it is very keen to allow researchers full
>> access to medical records - and seems to think that these will be held on a
>> central database for the whole of England. I don't think there is the full
>> support for making medical records available for research among the medical
>> profession that is claimed.
>>
> 
> As a medic with an interest in developing an electronic patient
> register i would be unhappy with the concept of any data sharing
> without the specific consent of the patient being given *every* time
> that their data is to be accessed by anyone.


There are two definite problems there:-

1.  that when the patient is present they will almost always have some
agenda, and substituting gaining consent to look at their records for
their opening remarks is bad.


2.  It makes work when the patient is not there difficult - unless the
consent is assumed to or explicitly extends on from when it was last
given ...  This would render reviews of medicines and results and
referrals difficult and taken to its extreme require a new solution to
repeat prescriptions.



I favour an absolute rule of all reading of the patient's notes being
reported to them, quarterly or  monthly or by access to a web site at
their will - whatever is suitable.  Like a phone bill or credit card.

Each report should say who accessed what, what right they asserted, what
purpose they declare and what they accessed.

Given (existing or required) logging of access this becomes a sizeable
but not difficult task.

- --
A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkh9tvcACgkQb80am9d/StdE0QCfYxIAZyfX8iLFHaznRwWhSAeg
UT8AoL11/H0395ipZUf38hOuYH9/1gcy
=iXxK
-----END PGP SIGNATURE-----



From ukcrypto at chiark.greenend.org.uk  Wed Jul 16 11:24:27 2008
From: ukcrypto at chiark.greenend.org.uk (Michael Simpson)
Date: Wed, 16 Jul 2008 11:24:27 +0100
Subject: Data Sharing Review
In-Reply-To: <hLnC7ICCdQfIFwH3@tigers.demon.co.uk>
References: <20080715064636.10971.26644.Mailman@chiark.greenend.org.uk>
 <hLnC7ICCdQfIFwH3@tigers.demon.co.uk>
Message-ID: <82abd3a70807160324l4a0898d5n9a8ae16ff27bd892@mail.gmail.com>

Hi Mary

answers in-line

On 7/15/08, Mary Hawking <maryhawking@tigers.demon.co.uk> wrote:
> Michael Simpson said
>
> > As a medic with an interest in developing an electronic patient register i
> would be unhappy with the concept of any data sharing without the specific
> consent of the patient being given *every* time that their data is to be
> accessed by anyone.
> >
>
> There is another problem about data sharing - the quality of the data to be
> shared.

oh indeed, garbage in - garbage out

> Mark Walport does not appear to have considered this as far as medical data
> goes - and medical data is, by it's very nature, imprecise, fuzzy and open
> to different interpretations in different parts of the health care system.
>
> Drug services are a case in point (cheer up, this problem only applies in
> England - so far)
>

We are an integrated service with 3 primary electronic systems, none
of which have any good quality data in them so whatever the condition
of the English services ours are significantly worse
-we have more people on substitute prescribing per capita than any
other country in EU yet we are unable to answer questions along the
lines of "how many people are in service?"
much danger, much risk, no information sharing!

> Data sharing of appropriate data in appropriate ways to support individual
> patient care is not and never has been a problem.
> Extending this to include *all* medical information to *all* health care
> providers (and pharmaceutical companies) is something different - and single
> shared records - the Detailed Care Record model in NME - Lorenzo level 4 and
> TPP - is a different problem again.
>
> Changing goal-posts - have you seen the Darzi review on Vision for Primary
> and Secondary Care para 7.6? Access to the National Care Record service -
> which includes both summary and detailed care records - to be extended to
> social services and voluntary organisations.
>

As said above i work in a health/social work/social care "partnership"
with a paper single shared assessment which is a bit of a disaster.

i just stick to the written medical notes.
> </rant>
> see my presentation at the PHCSG summer conference - www.phcsg.org.uk the
> Conferences - summer conference - program and day 1 stream 2 15.20
>

Very interesting and thank you for that.
The concept of RBAC is critical - assuming that you mean role based
access control. I use the same concepts with SELinux to decide who can
do what on my servers at a user level. We have mirrored this concept
in the electronic single shared assessment that my company (which we
run in our spare time and consists of 2 hugely geeky medics with 26
years NHS experience) is developing which is designed for use by
integrated teams.

> (Michael, I'll send it to you off line)
>
> Mary Hawking

best wishes

mike


From ukcrypto at chiark.greenend.org.uk  Wed Jul 16 12:04:37 2008
From: ukcrypto at chiark.greenend.org.uk (Michael Simpson)
Date: Wed, 16 Jul 2008 12:04:37 +0100
Subject: Data Sharing Review
In-Reply-To: <487DB6F7.8090805@defoam.net>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk>
 <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
 <487DB6F7.8090805@defoam.net>
Message-ID: <82abd3a70807160404w1fb8b95dp4c7d9bc08446f8bc@mail.gmail.com>

Hi Adrian

answers in-line

On 7/16/08, Adrian Midgley <amidgley2@defoam.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael Simpson wrote:
> > On 7/12/08, Mary Hawking <maryhawking@tigers.demon.co.uk> wrote:
> >> The report on data sharing commissioned from Dr Mark Walport (Welcome Trust)
> >> and Richard Thomas has been published: hardly surprisingly - seeing the
> >> interests of one of the authors - it is very keen to allow researchers full
> >> access to medical records - and seems to think that these will be held on a
> >> central database for the whole of England. I don't think there is the full
> >> support for making medical records available for research among the medical
> >> profession that is claimed.
> >>
> >
> > As a medic with an interest in developing an electronic patient
> > register i would be unhappy with the concept of any data sharing
> > without the specific consent of the patient being given *every* time
> > that their data is to be accessed by anyone.
>
>
> There are two definite problems there:-
>
> 1.  that when the patient is present they will almost always have some
> agenda, and substituting gaining consent to look at their records for
> their opening remarks is bad.
>

I agree however if the system was based on some sort of biometric
marker then it would become automatic.
When i see a patient for the first time then i have to ask their
permission to share their info with social work.
With a fair proportion of them they interprete this as "tell me about
your drug use so that i can tell social work to come and remove your
children"
I have become very good at reassuring people about how their data will
be used in this instance.

>
> 2.  It makes work when the patient is not there difficult - unless the
> consent is assumed to or explicitly extends on from when it was last
> given ...  This would render reviews of medicines and results and
> referrals difficult and taken to its extreme require a new solution to
> repeat prescriptions.
>

As part of the initial "data sharing" interview then patients can be
asked "if your records need to be accessed in an emergent situation
and you are unable to give permission at that time do you give your
consent for that to happen"
Having worked for years in A&E this would enable much more rapid
treatment for patients with a number of conditions, and it is these
patients that would be more than happy to sign up. Also patients on
interestingly lethal drugs would also consent quite quickly (yes
warfarin, i'm looking at you).

Once patients got used to putting thier finger into a reader (for
instance) prior to consultations with GPs, pharmacists, nursing staff,
SHOs (or whatever they are called these days) in hospital then it
would become routine very quickly.

It would also give them reassurance that they had control over their
information which is something that nobody has any assurance of at
present.

PKI with some sort of key escrow accessible by specific medics (senior
A&E docs) would enable this to happen and would reassure me that my
private records aren't going to be left on a laptop then being sold in
irc channels after some mandarin has a moment of forgetfulness in a
taxi or TNT loses another "encrypted" disk.

>
>
> I favour an absolute rule of all reading of the patient's notes being
> reported to them, quarterly or  monthly or by access to a web site at
> their will - whatever is suitable.  Like a phone bill or credit card.
>

cart <-horse
many of my patients are no fixed abode and are not yet part of the
information age wrt inet access
Social exclusion is the main acheivement of this area of Glasgow so
that wouldn't work.

> Each report should say who accessed what, what right they asserted, what
> purpose they declare and what they accessed.
>

I have worked for Big Pharma and would trust them as far as i could
throw the collective members of the board.
If i was approached by someone doing research to induct patients into
a trial or use details for a cohort then i would still rather gain
informed consent every time.


> Given (existing or required) logging of access this becomes a sizeable
> but not difficult task.
>
i agree with all access being logged anyway even (in fact especially)
after consent to create a decent audit trail.

a decent sized mySQL cluster should do it
:-)

> - --
> A
>

mike


From ukcrypto at chiark.greenend.org.uk  Wed Jul 16 15:36:44 2008
From: ukcrypto at chiark.greenend.org.uk (Richard Clayton)
Date: Wed, 16 Jul 2008 15:36:44 +0100
Subject: Consumer fears over ad targeting threaten ISPs
Message-ID: <$G7cH5B8dgfIFA0H@highwayman.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


A churn of 65% of the users of the UK's top 3 ISPs would have a
considerable impact upon the industry....

... this was just an online survey of 1000 adults, but still ...

- -=-=-=-=

http://www.nma.co.uk/Articles/38754/Consumer+fears+over+ad+targeting+thr
eaten+ISPs.html

UK consumers have a deep mistrust of behavioural targeting and would
ditch ISPs using it, research commissioned by NMA has found.

The report discovered almost two-thirds (65%) of UK adults would leave
their ISP if it introduced behavioural targeting, while 81% were in
favour of opting out from receiving targeted online advertising.

Just 20% of consumers trust their ISP to protect their privacy.

[etc]

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSH4HfJoAxkTY1oPiEQKJAQCeMJDUopX28P5GJ9KHOP/ZSDiYDSgAn29I
Zkk3qcaD8qMqgy4ehc2ZcCY/
=KBl8
-----END PGP SIGNATURE-----


From ukcrypto at chiark.greenend.org.uk  Wed Jul 16 16:49:59 2008
From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother)
Date: Wed, 16 Jul 2008 16:49:59 +0100
Subject: Consumer fears over ad targeting threaten ISPs
In-Reply-To: <$G7cH5B8dgfIFA0H@highwayman.com>
References: <$G7cH5B8dgfIFA0H@highwayman.com>
Message-ID: <487E18A7.2050202@zen.co.uk>

Richard Clayton wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> A churn of 65% of the users of the UK's top 3 ISPs would have a
> considerable impact upon the industry....
> 
> ... this was just an online survey of 1000 adults, but still ...
> 
> - -=-=-=-=
> 
> http://www.nma.co.uk/Articles/38754/Consumer+fears+over+ad+targeting+thr
> eaten+ISPs.html
> 
> UK consumers have a deep mistrust of behavioural targeting and would
> ditch ISPs using it, research commissioned by NMA has found.
> 
> The report discovered almost two-thirds (65%) of UK adults would leave
> their ISP if it introduced behavioural targeting, 

While I'd like to believe that would happen, I don't.

The commercial and administrative aspects of changing ISP aren't that 
difficult these days, despite contracts with defined lifetimes, and the 
new ISP will often do all the work for you - but the real problem is you 
have to change your email address too.

I don't have a satisfactory solution for that one.

Using either free email addresses or your own email address - and 
sometimes an ISP will not allow this, limiting port 25 traffic to their 
own server - is okay, but has to be done in advance or as a general 
practice.

Maybe if you have an email address eg peterfairbrother@BT.com (not a 
real address) assigned by BT then OFCOM or someone could require that BT 
maintain that address and forward email, perhaps for a fee in the £5 per 
annum range? A bit like telephone numbers, you can often keep them 
despite changing telephone service provider.

-- Peter Fairbrother

while 81% were in
> favour of opting out from receiving targeted online advertising.
> 
> Just 20% of consumers trust their ISP to protect their privacy.
> 
> [etc]
> 
> - -- 
> richard                                              Richard Clayton
> 
> They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety.         Benjamin Franklin
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPsdk version 1.7.1
> 
> iQA/AwUBSH4HfJoAxkTY1oPiEQKJAQCeMJDUopX28P5GJ9KHOP/ZSDiYDSgAn29I
> Zkk3qcaD8qMqgy4ehc2ZcCY/
> =KBl8
> -----END PGP SIGNATURE-----
> 
> 



From ukcrypto at chiark.greenend.org.uk  Wed Jul 16 17:11:05 2008
From: ukcrypto at chiark.greenend.org.uk (Roland Perry)
Date: Wed, 16 Jul 2008 17:11:05 +0100
Subject: Consumer fears over ad targeting threaten ISPs
In-Reply-To: <487E18A7.2050202@zen.co.uk>
References: <$G7cH5B8dgfIFA0H@highwayman.com> <487E18A7.2050202@zen.co.uk>
Message-ID: <T0r1oxRZ2hfIFACf@perry.co.uk>

In article <487E18A7.2050202@zen.co.uk>, Peter Fairbrother 
<zenadsl6186@zen.co.uk> writes
>the real problem is you have to change your email address too.
>
>I don't have a satisfactory solution for that one.

hotmail
gmail
perry.co.uk registered in 1996 and still works (umpteen connectivity
                                                              ISPs later)
-- 
Roland Perry


From ukcrypto at chiark.greenend.org.uk  Wed Jul 16 18:01:42 2008
From: ukcrypto at chiark.greenend.org.uk (Sammy Lowrie)
Date: Wed, 16 Jul 2008 18:01:42 +0100
Subject: European Commisioner calls for action by UK Government
Message-ID: <000601c8e765$9f579750$9f1fec5c@CELTsoft0003>

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C8E76E.011E7050
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

http://www.easybourse.com/bourse-actualite/marches/eu-commission-wants-uk-go
vernment-to-probe-targeted-488767

"The European Commission has warned the U.K. government it needs to take
action to protect consumer privacy due to concerns about targeted
advertising company Phorm Inc. (PHRM.LN), European Union communications
commissioner Viviane Reding said Wednesday."

 

 

Regards

 

--

Sammy Lowrie

 

 


------=_NextPart_000_0007_01C8E76E.011E7050
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"country-region"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:Arial;
	color:windowtext;}
@page Section1
	{size:595.3pt 841.9pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=3DEN-GB link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><a
href=3D"http://www.easybourse.com/bourse-actualite/marches/eu-commission-=
wants-uk-government-to-probe-targeted-488767"
target=3D"_new">http://www.easybourse.com/bourse-actualite/marches/eu-com=
mission-wants-uk-government-to-probe-targeted-488767</a><br>
<br>
&quot;The European Commission has warned the <st1:country-region =
w:st=3D"on"><st1:place
 w:st=3D"on">U.K.</st1:place></st1:country-region> government it needs =
to take
action to protect consumer privacy due to concerns about targeted =
advertising
company Phorm Inc. (PHRM.LN), European Union communications commissioner
Viviane Reding said Wednesday.&quot;</span></font><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p=
>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Regards<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>--</span></font><o:p></o:p></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Sammy Lowrie</span></font><o:p></o:p></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>

------=_NextPart_000_0007_01C8E76E.011E7050--





From ukcrypto at chiark.greenend.org.uk  Wed Jul 16 20:14:27 2008
From: ukcrypto at chiark.greenend.org.uk (Ian Batten)
Date: Wed, 16 Jul 2008 20:14:27 +0100
Subject: Consumer fears over ad targeting threaten ISPs
In-Reply-To: <487E18A7.2050202@zen.co.uk>
References: <$G7cH5B8dgfIFA0H@highwayman.com> <487E18A7.2050202@zen.co.uk>
Message-ID: <DE56A8F0-4F5B-48C3-B98C-A6DBD1B45C59@batten.eu.org>

On 16 Jul 2008, at 16:49, Peter Fairbrother wrote:

> the real problem is you have to change your email address too.

Almost all my wife's friends, who I use as a touchstone for non-geeks,  
appear to use hotmail/yahoo/etc webmail accounts.  Easier to set up  
than IMAP/POP3, easier to use from work, generally better.

ian



From ukcrypto at chiark.greenend.org.uk  Wed Jul 16 20:43:59 2008
From: ukcrypto at chiark.greenend.org.uk (Adrian Midgley)
Date: Wed, 16 Jul 2008 20:43:59 +0100
Subject: Data Sharing Review
In-Reply-To: <82abd3a70807160404w1fb8b95dp4c7d9bc08446f8bc@mail.gmail.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk>	 <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>	 <487DB6F7.8090805@defoam.net> <82abd3a70807160404w1fb8b95dp4c7d9bc08446f8bc@mail.gmail.com>
Message-ID: <487E4F7F.2070803@defoam.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Simpson wrote:

> I agree however if the system was based on some sort of biometric
> marker then it would become automatic.

I doubt it, biometrics are not as good as people have hoped, and it
requires the patient or some substantial part of them to be present.
I don't think biometrics solves this problem.

> When i see a patient for the first time then i have to ask their
> permission to share their info with social work.
> With a fair proportion of them they interprete this as "tell me about
> your drug use so that i can tell social work to come and remove your
> children"
> I have become very good at reassuring people about how their data will
> be used in this instance.

A view common if not general on this list, and which is my own is that
we actually have very little idea how their data will be used, and that
there are few reliable boundaires and minimal effective controls on how
it is used.

I try not to reassure people about things like that.


>> 2.  It makes work when the patient is not there difficult - unless the

> As part of the initial "data sharing" interview then patients can be
> asked "if your records need to be accessed in an emergent situation
> and you are unable to give permission at that time do you give your
> consent for that to happen"
Although at present I understand the DoH/NHS view on this is that
consent is not needed in that situation.  I suspect it is very rare,
that those who it is likely to happen to have bracelets or a card in
their wallet - which are both rather mroe reliable than NHS IT
facilities as yet, and that the number of times when it would be done,
and useful non-obvious information would be revealed that way would be
remarkably small.

> Having worked for years in A&E this would enable much more rapid
> treatment for patients with a number of conditions, and it is these
> patients that would be more than happy to sign up. Also patients on
> interestingly lethal drugs would also consent quite quickly (yes
> warfarin, i'm looking at you).

They get a book...
Pencils could be issued.


> Once patients got used to putting thier finger into a reader (for
> instance) prior to consultations with GPs, pharmacists, nursing staff,
> SHOs (or whatever they are called these days) in hospital then it
> would become routine very quickly.

And the same probably applies to buses, tube trains, crossroads, front
doors etc.   This Perfect Day, Ira Levin.

> It would also give them reassurance that they had control over their
> information which is something that nobody has any assurance of at
> present.

I think several more changes would need to be made.

> PKI with some sort of key escrow accessible by specific medics (senior
> A&E docs) would enable this to happen and would reassure me that my
> private records aren't going to be left on a laptop then being sold in
> irc channels after some mandarin has a moment of forgetfulness in a
> taxi or TNT loses another "encrypted" disk.



>>
>> I favour an absolute rule of all reading of the patient's notes being
>> reported to them, quarterly or  monthly or by access to a web site at
>> their will - whatever is suitable.  Like a phone bill or credit card.
>>
> 
> cart <-horse
> many of my patients are no fixed abode and are not yet part of the
> information age wrt inet access
> Social exclusion is the main acheivement of this area of Glasgow so
> that wouldn't work.

I see you have a point there, however while the patient may lack a fixed
point, there are many around.  At the risk of sounding like the Daily
Mail, some people in that situation manage to attend the benefits agency.



>> Each report should say who accessed what, what right they asserted, what
>> purpose they declare and what they accessed.
>>
> 
> I have worked for Big Pharma and would trust them as far as i could
> throw the collective members of the board.
> If i was approached by someone doing research to induct patients into
> a trial or use details for a cohort then i would still rather gain
> informed consent every time.


>> Given (existing or required) logging of access this becomes a sizeable
>> but not difficult task.
>>
> i agree with all access being logged anyway even (in fact especially)
> after consent to create a decent audit trail.
> 
> a decent sized mySQL cluster should do it
> :-)


Concur, although I'm unsure of the scale of the technology.  I suppose
one should do some numbers, based on say 60 million people getting a
report every quarter based upon things that happen on average around
once a month.

- --
A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkh+T38ACgkQb80am9d/Stew4gCggokoo3gYprm5jL/+/mQ0xhNd
og4AoMXpQ4MbzTH17wFzZXTxh4pdGmqr
=HVo6
-----END PGP SIGNATURE-----



From ukcrypto at chiark.greenend.org.uk  Thu Jul 17 09:38:09 2008
From: ukcrypto at chiark.greenend.org.uk (Ian Batten)
Date: Thu, 17 Jul 2008 09:38:09 +0100
Subject: Data Sharing Review
In-Reply-To: <82abd3a70807160404w1fb8b95dp4c7d9bc08446f8bc@mail.gmail.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk> <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com> <487DB6F7.8090805@defoam.net> <82abd3a70807160404w1fb8b95dp4c7d9bc08446f8bc@mail.gmail.com>
Message-ID: <F3214C20-09FF-4A04-95EC-010E2EC8D210@batten.eu.org>

>
> Once patients got used to putting thier finger into a reader (for
> instance) prior to consultations with GPs, pharmacists, nursing staff,
> SHOs (or whatever they are called these days) in hospital then it
> would become routine very quickly.

Yes, because clearly getting people used to using a biometric  
identifier every time they contact the state is a desirable outcome.   
I presume you support using fingerprints for school meals, on similar  
(``it would become routine very quickly'') grounds?

>
>
> It would also give them reassurance that they had control over their
> information which is something that nobody has any assurance of at
> present.

How?  Just because I need to use my fingerprint to access a system  
tells me nothing about who else has access to it.  It just provides a  
false sense of security.  It's like those fingerprint reader laptops:  
all I need to do is open the drive bay with the handy plastic lugs,  
remove the hard drive with the handy pull-off connector (SATA, now, so  
fewer pins to bend) and I've got all the data.

>
>
> PKI with some sort of key escrow accessible by specific medics (senior
> A&E docs) would enable this to happen

Except the senior A&E docs would delegate their authority to junior  
staff, who would delegate it to the receptionists.

ian



From ukcrypto at chiark.greenend.org.uk  Thu Jul 17 10:29:16 2008
From: ukcrypto at chiark.greenend.org.uk (Michael Simpson)
Date: Thu, 17 Jul 2008 10:29:16 +0100
Subject: Data Sharing Review
In-Reply-To: <F3214C20-09FF-4A04-95EC-010E2EC8D210@batten.eu.org>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk>
 <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
 <487DB6F7.8090805@defoam.net>
 <82abd3a70807160404w1fb8b95dp4c7d9bc08446f8bc@mail.gmail.com>
 <F3214C20-09FF-4A04-95EC-010E2EC8D210@batten.eu.org>
Message-ID: <82abd3a70807170229t18c5ed1cybac09e2251ecc2ea@mail.gmail.com>

On 7/17/08, Ian Batten <igb@batten.eu.org> wrote:
> >
> > Once patients got used to putting thier finger into a reader (for
> > instance) prior to consultations with GPs, pharmacists, nursing staff,
> > SHOs (or whatever they are called these days) in hospital then it
> > would become routine very quickly.
> >
>
> Yes, because clearly getting people used to using a biometric identifier
> every time they contact the state is a desirable outcome.  I presume you
> support using fingerprints for school meals, on similar (``it would become
> routine very quickly'') grounds?
>

no.
But using fingerprints/iris scans to safeguard their data is a
*slightly* different matter.
In some spheres of addicitons it is being used to increase patient safety
<www.methameasure.co.uk>
This is in use across many pharmacies in Glasgow and has stopped
people from getting the wrong dose of what can be a pretty lethal
drug.
Not everything is a slippery slope to 1984.

> >
> >
> > It would also give them reassurance that they had control over their
> > information which is something that nobody has any assurance of at
> > present.
> >
>
> How?  Just because I need to use my fingerprint to access a system tells me
> nothing about who else has access to it.  It just provides a false sense of
> security.  It's like those fingerprint reader laptops: all I need to do is
> open the drive bay with the handy plastic lugs, remove the hard drive with
> the handy pull-off connector (SATA, now, so fewer pins to bend) and I've got
> all the data.
>

really.
good luck trying to decrypt the data on my laptop's harddrive without
access to a working quantum computer (probably)
fingerprint hash is passphrase for large key hence without it (except
for specific emergent situation) no data
GP as data controller (they act as gatekeepers for all other bits of
NHS after all)

> >
> >
> > PKI with some sort of key escrow accessible by specific medics (senior
> > A&E docs) would enable this to happen
> >
>
> Except the senior A&E docs would delegate their authority to junior staff,
> who would delegate it to the receptionists.

How, by giving them their finger or eye. I believe that there are
fingerprint devices with pulse oximeters built in to stop this.
Make it a clinical governance issue and tell them that each time they
do delegate  it they will lose a discretionary point.
>
> ian
>

The mistakes that are being made right now due to still being on paper
records and a total lack of joined up thinking between primary and
secondary care need to be stopped by designing systems to take over
the whole process. My point is that the patients need to be in control
of where their data is used or i for one will absolutely refuse to
have any of my personal data placed anywhere near the system.

<preaching to the choir>

Cryptography is the ideal solution where there are trust issues, we
are in a unique position of being able to design systems that are
secure and trustworthy from the outset, learning from previous
failures. We should grasp the nettle with both hands.

</preaching to the choir>

regards
mike


From ukcrypto at chiark.greenend.org.uk  Thu Jul 17 11:17:13 2008
From: ukcrypto at chiark.greenend.org.uk (Richard Clayton)
Date: Thu, 17 Jul 2008 11:17:13 +0100
Subject: Data Sharing Review
In-Reply-To: <82abd3a70807170229t18c5ed1cybac09e2251ecc2ea@mail.gmail.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk>
 <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
 <487DB6F7.8090805@defoam.net>
 <82abd3a70807160404w1fb8b95dp4c7d9bc08446f8bc@mail.gmail.com>
 <F3214C20-09FF-4A04-95EC-010E2EC8D210@batten.eu.org>
 <82abd3a70807170229t18c5ed1cybac09e2251ecc2ea@mail.gmail.com>
Message-ID: <TH+HX8BpwxfIFABE@highwayman.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <82abd3a70807170229t18c5ed1cybac09e2251ecc2ea@mail.gmail.com>
, Michael Simpson <mikie.simpson@gmail.com> writes

><preaching to the choir>
>
>Cryptography is the ideal solution where there are trust issues, 

erm...  you didn't mean that surely :(

Cryptography is a building block, and one that is often poorly employed
(and _de_ployed even worse).

The Lampson/Needham quote "Whoever thinks his problem can be solved
using cryptography, doesn't understand his problem and doesn't
understand cryptography" has more than a grain of truth to it.

>we
>are in a unique position of being able to design systems that are
>secure and trustworthy from the outset, learning from previous
>failures. 

that sounds better :)

>We should grasp the nettle with both hands.

a mistake in my experience...  a firm grip between finger and thumb flat
onto the leaf is fairly safe.  Anything less positive (and synchronising
two hands at once comes into that category) is usually quite painful :(

></preaching to the choir>

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSH8cKZoAxkTY1oPiEQJAywCgncdYCbmPhxxjatgwopp4T7vfSJQAn2mX
USMrouztahGVw+ybrO/JBB42
=E87L
-----END PGP SIGNATURE-----


From ukcrypto at chiark.greenend.org.uk  Thu Jul 17 11:22:50 2008
From: ukcrypto at chiark.greenend.org.uk (Wendy M. Grossman)
Date: Thu, 17 Jul 2008 11:22:50 +0100
Subject: Data Sharing Review
In-Reply-To: <TH+HX8BpwxfIFABE@highwayman.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk> <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com> <487DB6F7.8090805@defoam.net> <82abd3a70807160404w1fb8b95dp4c7d9bc08446f8bc@mail.gmail.com> <F3214C20-09FF-4A04-95EC-010E2EC8D210@batten.eu.org> <82abd3a70807170229t18c5ed1cybac09e2251ecc2ea@mail.gmail.com> <TH+HX8BpwxfIFABE@highwayman.com>
Message-ID: <487F1D7A.6040902@pelicancrossing.net>

Richard Clayton wrote:

> In article <82abd3a70807170229t18c5ed1cybac09e2251ecc2ea@mail.gmail.com>
> , Michael Simpson <mikie.simpson@gmail.com> writes
> 
>> <preaching to the choir>
>>
>> Cryptography is the ideal solution where there are trust issues, 
> 
> erm...  you didn't mean that surely :(
> 
> Cryptography is a building block, and one that is often poorly employed
> (and _de_ployed even worse).
> 
> The Lampson/Needham quote "Whoever thinks his problem can be solved
> using cryptography, doesn't understand his problem and doesn't
> understand cryptography" has more than a grain of truth to it.

I like Bruce Sterling's version of that, heard at the 1994 CFP: 
"Mathematics is not your *friend*."

wg


From ukcrypto at chiark.greenend.org.uk  Thu Jul 17 11:54:21 2008
From: ukcrypto at chiark.greenend.org.uk (Michael Simpson)
Date: Thu, 17 Jul 2008 11:54:21 +0100
Subject: Data Sharing Review
In-Reply-To: <TH+HX8BpwxfIFABE@highwayman.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk>
 <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com>
 <487DB6F7.8090805@defoam.net>
 <82abd3a70807160404w1fb8b95dp4c7d9bc08446f8bc@mail.gmail.com>
 <F3214C20-09FF-4A04-95EC-010E2EC8D210@batten.eu.org>
 <82abd3a70807170229t18c5ed1cybac09e2251ecc2ea@mail.gmail.com>
 <TH+HX8BpwxfIFABE@highwayman.com>
Message-ID: <82abd3a70807170354l4df009a3x9ca3a0b1c1042bcb@mail.gmail.com>

On 7/17/08, Richard Clayton <richard@highwayman.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In article <82abd3a70807170229t18c5ed1cybac09e2251ecc2ea@mail.gmail.com>
> , Michael Simpson <mikie.simpson@gmail.com> writes
>
> ><preaching to the choir>
> >
> >Cryptography is the ideal solution where there are trust issues,
>
> erm...  you didn't mean that surely :(
>
> Cryptography is a building block, and one that is often poorly employed
> (and _de_ployed even worse).
>
> The Lampson/Needham quote "Whoever thinks his problem can be solved
> using cryptography, doesn't understand his problem and doesn't
> understand cryptography" has more than a grain of truth to it.
>

trying to use shorthand always gets me in trouble

What i meant was:
Using a well designed RBAC system based on use of secure Cryptographic
algorithms where the initial design has been informed by individuals
or companies with a track record of being able to implement secure
systems would be the solution to the huge trust problem that is
creating electronic able-to-be-shared patient records. This system
should be open to peer-review and tested (and attacked) repeatedly
(for ever) in order to insure that the implementation has not
compromised the security of the underlying "published and thought to
be secure so far" crypto protocol used.

Alice is the patient, bob is the GP, charles is the hospital
consultant and eve is the pharma firm or the health insurance
provider.

Main aim of the system is to not end up in the doghouse list on cryptogram.

I do appreciate that the problem is needing clarified before the
solution can be worked on by significantly greater minds than mine.
I also appreciate that it is significantly easier to destroy the
inherent usefulness of any encryption/decryption system with a poor
implementation then it is to create a good system.

I like using systems that work and have been shown to be secure so
far. I also am an optimist and would like to think that it is possible
to achieve the nirvana like state of having shared records with proper
authentication, authorisation, and non-repudiation/accountability.
>From my repeated reading of Bruce Schneier's work this would seem to
suggest some sort of use of cryptography.



> >we
> >are in a unique position of being able to design systems that are
> >secure and trustworthy from the outset, learning from previous
> >failures.
>
> that sounds better :)
>
> >We should grasp the nettle with both hands.
>
> a mistake in my experience...  a firm grip between finger and thumb flat
> onto the leaf is fairly safe.  Anything less positive (and synchronising
> two hands at once comes into that category) is usually quite painful :(
>

My day involves coming into work and sticking my face into a nice big
patch of nettles that i have by my desk and pulling them up by my
teeth.
My colleague and i judge how each other's day is going by asking "how
is the pain today"
At least after i left the fast burn of A&E and moved into the surreal
parallel universe that is treating Glasgow's heroin problem my hair
has stopped going grey quite as fast as it was and i see more
sunlight.

:-)

Best wishes
Mike


From ukcrypto at chiark.greenend.org.uk  Thu Jul 17 13:22:51 2008
From: ukcrypto at chiark.greenend.org.uk (Ian Batten)
Date: Thu, 17 Jul 2008 13:22:51 +0100
Subject: Data Sharing Review
In-Reply-To: <82abd3a70807170229t18c5ed1cybac09e2251ecc2ea@mail.gmail.com>
References: <E047ELB4IPeIFwYC@tigers.demon.co.uk> <82abd3a70807140306s78e07196o74e8ca84ebeb6b2c@mail.gmail.com> <487DB6F7.8090805@defoam.net> <82abd3a70807160404w1fb8b95dp4c7d9bc08446f8bc@mail.gmail.com> <F3214C20-09FF-4A04-95EC-010E2EC8D210@batten.eu.org> <82abd3a70807170229t18c5ed1cybac09e2251ecc2ea@mail.gmail.com>
Message-ID: <9FC8001B-3919-4263-A68C-5E2517DE0E41@batten.eu.org>

>>
>> How?  Just because I need to use my fingerprint to access a system  
>> tells me
>> nothing about who else has access to it.  It just provides a false  
>> sense of
>> security.  It's like those fingerprint reader laptops: all I need  
>> to do is
>> open the drive bay with the handy plastic lugs, remove the hard  
>> drive with
>> the handy pull-off connector (SATA, now, so fewer pins to bend) and  
>> I've got
>> all the data.
>>
>
> really.
> good luck trying to decrypt the data on my laptop's harddrive without
> access to a working quantum computer (probably)

Well done.  Congratulations.  Now, remind me, what proportion of  
machines with fingerprint readers have taken those precautions?  1%?   
So for the other 99%, it's just smoke and mirrors.

If you believe that the mere existence of a fingerprint reader means  
that the Infosec governance issues behind it have been considered, I  
have a bridge to sell you.


>
> fingerprint hash is passphrase for large key hence without it (except
> for specific emergent situation) no data

So after you die, how is the data recovered?  Key Escrow?  Good: now I  
don't need your fingerprint: I just social engineer the key escrow  
mechanism.  As Ross has shown, phoning up a doctor and saying ``I'm a  
doctor, give my XXX's records'' is about 90% successful: similarly  
your key escrow mechanism.

>
> GP as data controller (they act as gatekeepers for all other bits of
> NHS after all)

See above.
>>

>> Except the senior A&E docs would delegate their authority to junior  
>> staff,
>> who would delegate it to the receptionists.
>
> How, by giving them their finger or eye.

No, by logging onto the machine and then leaving it to the junior  
staff.  Or are you proposing a system where I have to keep my finger  
on the pad continuously?  That's going to be a pain to use.

> I believe that there are
> fingerprint devices with pulse oximeters built in to stop this.

You appear to believe that social problems can be solve with technical  
measures.  Good luck with that.  Most crypto / security systems fail  
because the users believe they are doing an overall good by `solving'  
the `problems' the security imposes.

>
> Make it a clinical governance issue and tell them that each time they
> do delegate  it they will lose a discretionary point.

How will you catch them?
> My point is that the patients need to be in control
> of where their data is used or i for one will absolutely refuse to
> have any of my personal data placed anywhere near the system.

And a finger print reader has what relevance to that?

>
>
> <preaching to the choir>
>
> Cryptography is the ideal solution where there are trust issues

People who think their problem can be solved with cryptography don't  
understand their problem and don't understand cryptography.  Trust has  
nothing to do with cryptography: that you have encrypted my records  
AES256 is of no value unless you can prove that only I hold the key.   
You can't.  End of.

ian



From ukcrypto at chiark.greenend.org.uk  Thu Jul 17 13:34:27 2008
From: ukcrypto at chiark.greenend.org.uk (Ian Batten)
Date: Thu, 17 Jul 2008 13: