IBM has joined up with a number of other firms to develop encryption products with `key recovery' so that they will be exportable. It makes the front page of www.ibm.com. The idea appears to be that by combining the market muscle of Apple, Atalla, DEC, Bull, Hewlett-Packard, IBM, NCR, RSA, Sun, TIS and UPS, with the regulatory muscle of the NATO governments they can force solutions acceptable to the US intelligence community on everybody else in the world. IBM's view on health care computing is: o Internet Health Care With an Internet-based health care system, patient records can be stored in a central location and accessed immediately by all properly authorized personnel required in the various processes. The information may be used by a primary care physician, by medical specialists, in the hospital and pharmacy and by the insurance company. Cryptographic functions, such as confidentiality, integrity, and authentication, are necessary and are invoked by the application, transparent to the users. Smart cards could also be incorporated, as a method of transporting patient medical records. (source: www.ibm.com/Security/crypto/html/wp_sc3.html) The assumption that health records must be centralised may come naturally to a mainframe vendor, but it doesn't exactly give me a warm feeling! Ross %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%