> But is all this key > certification etc going to be practical without adding huge bureaucracy? Yes, if we do it right. GCHQ had wanted a single key management centre for the whole of the NHS (presumably to minimise the effort neded to subvert it). However that would not have worked evry well. Whenever you got a new employee in your practice or hospital - or even a locum or an agency nurse for the day - you'd have to phone up spook central and get them authenticated to the system. Maybe government departments can work this way, but a health service with 12,000 independent providers can't. You have to do the key management where the personnel management is done, or it costs you plenty. I learned this the hard way almost a decade ago when working in a bank which managed its 25,000 employees from seven regional head offices. We put in centralised password administration (to be more precise, one of my colleagues did). It took thirty staff to cope with all the messages flying back and forth saying that we've just hired Jones, sacked Smith, and moved Bloggs to the Station Street branch. I also hear from system developers I know in New Zealand that they had originally planned there to have all medical keys managed by a single person the the dictrict general hospital, but when they stopped to think about the logistics they realised that GPs' keys had to be managed in the practice. The sort of thing we'll have to think about carefully is how you get people to do something well which they don't do often. So the human computer interface will need a bit of thought - and field testing. Thankfully I have a postdoc research fellow arriving next month who wants to do all this thinking and testing! Ross %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%