Friday, September 6, 2013

N.S.A. Able to Foil Basic Safeguards of Privacy on Web, Including Medical Records - Yet Another Reason To Be Concerned About What You Tell Your Physician

There's already a major issue with privacy and protection of medical records in electronic form.  See the multiple blog posts at this query link:  http://hcrenewal.blogspot.com/search/label/medical%20record%20privacy

Now this from the New York Times:

N.S.A. Able to Foil Basic Safeguards of Privacy on Web
By NICOLE PERLROTH, JEFF LARSON and SCOTT SHANE
September 5, 2013

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.  

But don't worry, your electronic medical records are secure, and will NEVER be used for political purposes by your adversaries...

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth. 

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

At least we may have gotten faster PC's as a side result of the research that supported these efforts.

... the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network. 

Might as well just send them a copy of all your communications to spare them the effort...

... Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

Hey, how about let's ALL have our medical records stored by health IT companies providing ASP (Application service provider, http://en.wikipedia.org/wiki/Application_service_provider) offsite EHR hosting services to hospitals and clinics...

From the site "techdirt.com":

Allegedly the NSA and GCHQ (UK Government Communications Headquarters) have basically gotten backdoors into various key security offerings used online, in part by controlling the standards efforts, and in part by sometimes covertly introducing security vulnerabilities into various products. They haven't "cracked" encryption standards, but rather just found a different way in. The full report is worth reading ... (http://www.techdirt.com/articles/20130905/12295324417/nsa-gchq-covertly-took-over-security-standards-recruited-telco-employees-to-insert-backdoors.shtml).

Half facetiously: unless you're a real nobody, if you, say, contracted V.D. from that sexy prostitute at that Vegas Convention, you perhaps better not tell your doctor about it.

Maybe this is what it will take to get the government to start taking electronic medical record privacy, confidentiality and security more seriously.

Our legislators, like everyone else, have a stake in the game.

-- SS


No comments:

Post a Comment