[Cryptography] another security vulnerability / travesty

[Jerry Leichter]

> 
>> Fax is a lot harder to get at than email. 
> 
> Yes harder ... but wow, that's a really low bar.
> Are you claiming it is "hard enough"?
> Hard enough for what purpose?
Hard enough that attackers will choose other routes.

For the vast majority of people communicating health information with their doctors - the example with which we were dealing - fax communication is much more secure than the computer sitting in the practice's back room.  Or even the paper records sitting in the office.

But really the whole question is a mess.  Your medical information goes from you to the doctor by some route.  It's stored by the doctor - somewhere.  The doctor sends it to the insurance company - somehow.  He sends you prescriptions (often almost as telling as your full medical history) to your pharmacy - somehow.  Spending time looking at one of the many places your medical stuff goes, while ignoring the rest, is rather pointless.  Personally, I would rather not send sensitive stuff through email, because it's so easily tapped and we *know* it's being tapped.  FAX may be a small step up, but at least it keeps things somewhat more limited:  The FAX message isn't stored indefinitely in what could be an easily network-accessible server.  But that's about as far as it makes sense to me to go.

                                                        -- Jerry