Ross's TCPA paper

[Ross Anderson]

Yes, this is a debate I've had with the medical privacy7 guys, some of
whom like the idea of using Palladium to protect medical records.

This is a subject on which I've a lot of experience (see my web page),
and I don't think that Palladium will help. Privacy abuses almost always
involve abuse of authorised access by an insider.

Recent case: 15-year old girl in Croydon, England, gets termination of
pregnancy without telling her mother. This is reported to the local 
health authority, where her uncle works; he sees the report and tells 
the family.

Palladium doesn't help here. Even if the unclse is constrined by the
Fritz chip from doing anything other than look at the screen, he still
has the information.

The fix for this problem is anonymous reporting, with the identity of
the girl known only to the treating physician. It is a policy issue, 
not a techjnology issue; if technology such as Palladium is introduced
it will most likely be by health authorities trying to find an excuse
to retain access to data that they shouldn't have in the first place.
(We've seen a similar effect with smartcards in healthcare, and in fact
the general phenomenon has an interesting similarity with what the
environmental economists call the `social reward trap': making `green'
goods available often increases pollution as people consume green goods
rather than consuming less.)

Ross

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com