On Sun, 6 Dec 1998 15:46:58 -0000, you wrote:
>But Paul, why would anyone invest the effort in distributing and
>managing encryption keys when there is no demonstrable need for
>them?
I think there is a need - technical facilities are there to reflect
our professional needs. Not the other way round. I think there is a
risk (!) that we are not establishing the ethics before designing or
even specifying the software.
Are you suggesting there is not a need for each UK clinician to have a
means of guaranteed private electronic communication?
>Until the facility is part of our software specification, there is
>no business case for sorting out the security.
And no reason exists to put it in the software spec if no UK
clinicians have secret keys approved by the professional bodies...
Its chicken and egg. And its actually under the sole control of the
profession to issue keys as part of registration.
No obligation exists to escrow them centrally if (because they are
secret) only the issued GP has the key. If (for example) the GMC
doesn't keep the keys bulk key escrow is not an issue except with the
individual GP's, who will do whatever their individual consciences
dictate under the law.
>
Professional ethics and confidentiality have nothing to do with anyone
except the profession, Adrian.
Certainly expecting the NHS Management to understand respect and spend
money on them is the thing that is in fact fraught with danger.
We have no need to be apologists to the NHS Management about our
ethics.
Lets do them for ourselves, get it right, and send a clear message to
NHS management about it.
Not negotiate ethics away in committees consisting largely of the
clinically ignorant.
Kind regards,
Paul
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|