> > Alan Hassey and I thought we ought to tell the list about an attempted
> > attack on PGP encrypted traffic involving me, him and two other GPs.
>
> My problem: I happen to believe the two of you.
> But I do not have a paranoid character.

Neither do I. I know that the spooks monitor what we do from time to
time, and I don't care. They have tried to interfere with our
research, for example, and we have seen them off.

In fact, the reason the BMA got involved in clinical information
system security was that GCHQ spiked the original plans to encrypt
traffic on the NHS wide network. The story of this is told in
http://www.cl.cam.ac.uk/users/rja14/bmaupdate/bmaupdate.html.

> Perhaps there are other benign explanations possible?

We looked fairly hard. It is possible that the attack was from a
research student whom we have suspended for disciplinary reasons, but
the balance of the evidence is strongly against that hypothesis.

Also, the attack fits in with a pattern of government attempts to
discredit BMA security efforts. For example, a couple of months ago
there was a hacking incident at our computing service. This is quite
separate from the computer laboratory, where I am. But IMG people were
soon gleefully telling doctors' groups that the Cambridge computer lab
had been hacked, so the BMA's advice obviously wasn't much good.

> Because I don't like the thoughts I have, when I think of the
> consequences of Spooks after E-Mail of GP's.

National intelligence agencies have for years had standing orders to
collect medical samples from foreign heads of gpvernment.  Now that
the cold war is over, we see the CIA declaring that its mission is now
commercial intelligence; we see MI5 taking over civil government
computer security from the CCTA; and a GCHQ director told us on
Thursday at the IEE that in 1994 their mission was expanded from
national classified information to all government information.

So yes, there is a medical interest (though it will rarely be the top
priority); and the boundaries of the game are spreading and blurring
rapidly. Your patient who is the director of a small but strategic
software company could well be an intelligence target.

> One line of thought I have is that only technology controled by us/me, a
> thinking human, as opposed to reliance on automated procedures using
> software produced by goverments, is an absolute must for me/us.

Agree 100%!

Quite apart from the issue of control, there's the issue of
competence.  What on earth makes people believe that GCHQ is any more
competent than IMG? I will post to the list a memo of the meeting held
at the IEE on Thursday and you will see what I mean.

Ross


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%