> > Alan Hassey and I thought we ought to tell the list about an attempted > > attack on PGP encrypted traffic involving me, him and two other GPs. > > My problem: I happen to believe the two of you. > But I do not have a paranoid character. Neither do I. I know that the spooks monitor what we do from time to time, and I don't care. They have tried to interfere with our research, for example, and we have seen them off. In fact, the reason the BMA got involved in clinical information system security was that GCHQ spiked the original plans to encrypt traffic on the NHS wide network. The story of this is told in http://www.cl.cam.ac.uk/users/rja14/bmaupdate/bmaupdate.html. > Perhaps there are other benign explanations possible? We looked fairly hard. It is possible that the attack was from a research student whom we have suspended for disciplinary reasons, but the balance of the evidence is strongly against that hypothesis. Also, the attack fits in with a pattern of government attempts to discredit BMA security efforts. For example, a couple of months ago there was a hacking incident at our computing service. This is quite separate from the computer laboratory, where I am. But IMG people were soon gleefully telling doctors' groups that the Cambridge computer lab had been hacked, so the BMA's advice obviously wasn't much good. > Because I don't like the thoughts I have, when I think of the > consequences of Spooks after E-Mail of GP's. National intelligence agencies have for years had standing orders to collect medical samples from foreign heads of gpvernment. Now that the cold war is over, we see the CIA declaring that its mission is now commercial intelligence; we see MI5 taking over civil government computer security from the CCTA; and a GCHQ director told us on Thursday at the IEE that in 1994 their mission was expanded from national classified information to all government information. So yes, there is a medical interest (though it will rarely be the top priority); and the boundaries of the game are spreading and blurring rapidly. Your patient who is the director of a small but strategic software company could well be an intelligence target. > One line of thought I have is that only technology controled by us/me, a > thinking human, as opposed to reliance on automated procedures using > software produced by goverments, is an absolute must for me/us. Agree 100%! Quite apart from the issue of control, there's the issue of competence. What on earth makes people believe that GCHQ is any more competent than IMG? I will post to the list a memo of the meeting held at the IEE on Thursday and you will see what I mean. Ross %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%