Data Sharing Review

Michael Simpson ukcrypto at chiark.greenend.org.uk
Thu, 17 Jul 2008 14:15:03 +0100 

On 7/17/08, Ian Batten <igb@batten.eu.org> wrote:
> >
> > >
> > > How?  Just because I need to use my fingerprint to access a system tells
> me
> > > nothing about who else has access to it.  It just provides a false sense
> of
> > > security.  It's like those fingerprint reader laptops: all I need to do
> is
> > > open the drive bay with the handy plastic lugs, remove the hard drive
> with
> > > the handy pull-off connector (SATA, now, so fewer pins to bend) and I've
> got
> > > all the data.
> > >
> > >
> >
> > really.
> > good luck trying to decrypt the data on my laptop's harddrive without
> > access to a working quantum computer (probably)
> >
>
> Well done.  Congratulations.  Now, remind me, what proportion of machines
> with fingerprint readers have taken those precautions?  1%?  So for the
> other 99%, it's just smoke and mirrors.
>
> If you believe that the mere existence of a fingerprint reader means that
> the Infosec governance issues behind it have been considered, I have a
> bridge to sell you.
>
is it a nice bridge?
i don't believe that i just think that biometric keys are easier for
the general public to use rather than having everyone remember their
huge passphrase
i seem to remember someone saying that if you can remember your
passhrase it prolly isn't long enough

>
> >
> > fingerprint hash is passphrase for large key hence without it (except
> > for specific emergent situation) no data
> >
>
> So after you die, how is the data recovered?  Key Escrow?  Good: now I don't
> need your fingerprint: I just social engineer the key escrow mechanism.  As
> Ross has shown, phoning up a doctor and saying ``I'm a doctor, give my XXX's
> records'' is about 90% successful: similarly your key escrow mechanism.
>
No system is ever going to be 100% secure the idea would be to raise
the bar to stop it being profitable for all and sundry to get access
and yes i always taught my juniors to at least call back to go through
someone's reception to try and validate a cold call and never give out
info.

Because most people will hand over passwords for chocolate to
strangers conduction a "survey" in a train station should we stop
using passwords
and again yes i know that that is a valid pov (especially in light of
passwords under keyboards or on monitors because of supposed security
measures that decrease actual security)
Indeed at present socially engineering one's way into a hospital to
get records is ridiculously easy, it was only recently that it became
difficult to steal children from maternity wards!! (through use of
controlled entry and tagging the kiddies)
Let's try not to repeat the mistakes that have been made over and over
and over again when we move from the physical domain to the electronic
one.

> >
> > GP as data controller (they act as gatekeepers for all other bits of
> > NHS after all)
> >
>
> See above.

bit more training needed

> >
> > >
> > >
> >
>
> >
> > > Except the senior A&E docs would delegate their authority to junior
> staff,
> > > who would delegate it to the receptionists.
> > >
> >
> > How, by giving them their finger or eye.
> >
>
> No, by logging onto the machine and then leaving it to the junior staff.  Or
> are you proposing a system where I have to keep my finger on the pad
> continuously?  That's going to be a pain to use.

No, just everytime you access the system to use the key escrow, then
the system will know that you looked at that record at that time so
when it comes to be audited there is the necessary trail. I suspect
that you would then disseminate the required info for that patient to
your junior staff.

When i worked in the Glasgow Royal A&E (one of the busiest in europe)
we would see 6-12 comatose patients per very busy day so we would need
to access the system that often.

>
> > I believe that there are
> > fingerprint devices with pulse oximeters built in to stop this.
> >
>
> You appear to believe that social problems can be solve with technical
> measures.  Good luck with that.  Most crypto / security systems fail because
> the users believe they are doing an overall good by `solving' the `problems'
> the security imposes.
>
eh?
no i don't.
social problems require societal solutions.
price alcohol out of existence, price cigarettes out of existence,
ensure adequate nutrition for kids, improve social housing stock, give
people the necessary skills to get jobs. I work in an area with infant
mortality rates > ethiopia and an average life expectancy of 53yrs.
50% of all knife crime in UK happens in Glasgow. Social problems are a
bit out of my league, i'm just trying to pull individuals out of the
river as my day job

however
I thought that we were talking about EPRs and the infosec matters
arising from that.

> >
> > Make it a clinical governance issue and tell them that each time they
> > do delegate  it they will lose a discretionary point.
> >
>
> How will you catch them?

audit audit audit
how else do we catch bad docs?

> > My point is that the patients need to be in control
> > of where their data is used or i for one will absolutely refuse to
> > have any of my personal data placed anywhere near the system.
> >
>
> And a finger print reader has what relevance to that?
please don't be too focused on the biometrics
it just seems a less bad  option where people forget to carry
smartcards or can't remember a password more secure that "password1"
>
> >
> >
> > <preaching to the choir>
> >
> > Cryptography is the ideal solution where there are trust issues
> >
>
> People who think their problem can be solved with cryptography don't
> understand their problem and don't understand cryptography.  Trust has
> nothing to do with cryptography: that you have encrypted my records AES256
> is of no value unless you can prove that only I hold the key.  You can't.
> End of.
>

ever?
<facetious>
even with an id chip buried in your iliac crest carrying your random
generated passphrase or your dna as passphrase
</facetious>

my point is that the government are hell-bent on having a centralised
database containing patient records in England and Wales.
Scotland will do what we normally do and wait to see what happens.
Are you of the opinion that no control on the data is better than some?

mike