Category Archives: News coverage

Media reports that may interest you

Health privacy … breaking news …

2006-12-01Legal issues, News coverage, Privacy technologyRoss Anderson

The Chief Medical Officer, Sir Liam Donaldson, has written a letter to all GPs and hospital medical directors telling them that if patients try to opt out of the central collection of their medical data, the Secretary of State must be told. This follows a campaign that I’ve been helping and that has attracted strong support – in the press, from GPs and from public opinion.

This letter orders GPs to break patient confidentiality – and apparently for the noble purpose of news management. I understand that at least one GP will be reporting Sir Liam to the General Medical Council. It is entirely up to the patient to decide whether to send an opt-out letter to their GP, to Ms Hewitt, or to both. It is not for a civil servant – even a very grand one like Sir Liam – to unilaterally override the wishes of those patients who decide to write to their GP but not to Ms Hewitt. (It’s also somewhat amusing as, only a month ago, officials were telling patients who tried to opt out that their GPs would decide whether to upload data.)

Developing …

Developments on health privacy…

2006-11-27Legal issues, News coverage, Privacy technologyRoss Anderson

The Register reports a leaked document from the NHS which concludes that sensitive patient records would probably be safer held locally, rather than stored on a national database as the Government proposes.

This follows a poll last week in which a majority of GPs said they would not upload their patients’ records to the national database. Together the poll and the leak are a double whammy for the misguided and wasteful project to centralise all computer systems in the NHS.

On Wednesday we are launching a campaign to persuade patients to opt out too. The inaugural meeting will be from 7 to 9 PM in Imperial College, London. For background, see recent posts on opting out and on kids’ databases.

Kids’ databases

2006-11-22Legal issues, News coverage, Privacy technology, Security engineeringRoss Anderson

The Information Commissioner has just published a report we wrote for him on the UK Government’s plans to link up most of the public-sector databases that contain information on children. We’re concerned that aggregating this data will be both unsafe and illegal. Our report has got coverage in the Guardian, the Telegraph (with a leader), the Daily Mail, the BBC and the Evening Standard.

Shishir wins BCS best student award

2006-11-08Awards, News coverage, Security economics, Security engineeringRoss Anderson

Security group member Shishir Nagaraja has won the BCS best PhD student award for his paper The topology of covert conflict. The judges remarked that “the work made an important contribution to traffic analysis in an area that had been previously overlooked; the authors used realistic models with clear results and exciting directions for future research.”

Opting out of the NHS Database

2006-11-01News coverage, Privacy technologyRichard Clayton

The front page lead in today’s Guardian explains how personal medical data (including details of mental illness, abortions, pregnancy, drug taking, alcohol abuse, fitting of colostomy bags etc etc) are to be uploaded to a central NHS database regardless of patients’ wishes.

The Government claims that especially sensitive data can be put into a “sealed envelope” which would not ordinarily be available… except that NHS staff will be able to “break the seal” under some circumstances; the police and Government agencies will be able to look at the whole record — and besides, this part of the database software doesn’t even exist yet, and so the system will be running without it for some time.

The Guardian has more details in the article: From cradle to grave, your files available to a cast of thousands, some comments from doctors and other health professionals: A national database is not essential and a leading article: Spine-chilling.

The Guardian give details on how to opt-out of data sharing: What can patients do? using suggestions for a letter from our own Ross Anderson who has worked on medical privacy for over a decade (see his links to relevant research).

If you are concerned (and in my view, you really should be — once your data is uploaded it will be pretty much public forever), then discuss it with your GP and write off to the Department of Health [*]. The Guardian gives some suitable text, or you could use the opt-out letter that FIPR developed last year (PDF or Word versions available).

[*] See Ross’s comment on this article first!

New website on NHS IT problems

2006-10-10Legal issues, News coverage, Privacy technology, Security engineeringRoss Anderson

At http://nhs-it.info, colleagues and I have collected material on the NHS National Programme for IT, which shows all the classic symptoms of a large project failure in the making. If it goes belly-up, it could be the largest IT disaster ever, and could have grave consequences for healthcare in Britain. With 22 other computer science professors, I wrote to the Health Select Committee urging them to review the project. The Government is dragging its feet, and things seem to be going from bad to worse.

The real hustle on BBC3: watch it!

2006-09-06News coverageFrank Stajano

For UK residents: BBC Three is re-running their wonderful 10-episode series “The Real Hustle” in which three skilled con artists give, with hidden cameras, a revealing and entertaining guided tour of the most popular scams used to rip off people today. Some computer-based (including keyloggers, bluejacking and bank card cloning), most not.

This series should be required viewing for all security professionals and most definitely for all security students. The only way to understand security is by understanding what crooks actually do. It’s also great fun.

Each episode is re-broadcast several times, from prime time to middle-of-the-night, so you usually get several chances to set your digital video recorder if the programme overlaps with something else you want to watch or record. Check the EPG.

With a single bound it was free!

2006-08-25Banking security, Cryptology, Hardware & signals, Internet censorship, Legal issues, Meta, News coverage, Security economics, Security engineeringRoss Anderson

My book on Security Engineering is now available online for free download here.

I have two main reasons. First, I want to reach the widest possible audience, especially among poor students. Second, I am a pragmatic libertarian on free culture and free software issues; I believe many publishers (especially of music and software) are too defensive of copyright. I don’t expect to lose money by making this book available for free: more people will read it, and those of you who find it useful will hopefully buy a copy. After all, a proper book is half the size and weight of 300-odd sheets of laser-printed paper in a ring binder.

I’d been discussing this with my publishers for a while. They have been persuaded by the experience of authors like David MacKay, who found that putting his excellent book on coding theory online actually helped its sales. So book publishers are now learning that freedom and profit are not really in conflict; how long will it take the music industry?

RIP

2006-08-16Legal issues, News coverageRoss Anderson

On Monday we organised the eighth Scrambling for Safety conference to help inform debate about the implementation of the Regulation of Investigatory Powers Act. There was press coverage by the BBC and silicon.com; you can find the speakers’ slides here. (Video of the talks should appear in due course.) The aim was to help people respond to Home Office consultations on access to keys and on communications data.

"Identity fraud" again

2006-08-08Banking security, Legal issues, News coverage, Security economicsRoss Anderson

The National Consumer Council has published a report on “identity fraud” which is rather regrettable.

Identity fraud is not fraud, from the consumer’s viewpoint. If someone pretends to be me, borrows 10K from the Derbyshire Building Society and vanishes, it’s the building society that’s the victim, not me. If Experian then says I’m a loan defaulter when I’m not, that’s libel. Suing for libel may be expensive, but the Information Commissioner has announced his willingness to issue enforcement notices against the credit agencies in such circumstances. The NCC should have advertised this fact and encouraged people to go to him.

“Identity fraud” is an objectionable concept, an attempt by the banks to dump some liability. The Home Office egg them on because they think that rebadging credit-card fraud as “identity fraud” will help sell identity cards. But it’s a bad show when consumer organisations collude with an attempt to make consumers the victims of bankers’ and credit reference agencies’ negligence.

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Light Blue Touchpaper

Security Research, Computer Laboratory, University of Cambridge