February 2nd, 2010

The Electronic Patient File

My country introduced what is called EPD (Electronic Patient File) a while ago by law. It is a huge system where all medical information is to be stored, so that when for instance, somebody is brought into a hospital after a car crash, their medical records can be retrieved. All medical providers are supposed to be be hooked up soon. Sounds pretty state-of-the-art huh? Well, apart from that bratty privacy thingy of course that not many of my countrymen care about, but “that has been taken care of very well”.

Yeah, well, the truth is that all users can get access to all medical records of all people and the only safeguard is hindsight: everything is logged and users can be held accounted for what they retrieve. The statement about that was that “Generally, doctors will use the EPD in an honorable way, and logging will have a dampening effect”. B.T.W., even I fully admit there is some sense in this methodology, as you can never know who will be rolled in where and when.

But then who are the users of the EPD and thus have that access?

  • doctors
  • specialists
  • nurses
  • doctors-assistants
  • physiotherapists
  • MD’s
  • pathologists
  • pharmacists
  • co-assitants
  • medical students
  • biochemists
  • physics
  • paramedics
  • dietists
  • their sub’s
  • ICT staff
  • police and secret service (in “special circumstances”)

Does this suddenly sounds less interesting? Not done yet: the law did not regulate who is responsible for the supervision of the EPD and how it should be done. Nor is there any budget for supervision allotted. Let alone who’s head will roll when the inevitable data leak is discovered. With a widely distributed system as the EPD and the nature of it (spotlight please!) hackers cannot wait to get their hands on it. As there is no such supervision, MD’s see dark clouds rolling in above their heads: they will be in the front line and patients will call on them first.

The responsible administration stated that misuse will be prevented through “the coherency between laws, security, supervision (?), communication and the chain of identification, authenticity, authorization and logging”. Riiiight. So I used the one escape left: send in a form that forbids the use of the EPD for my personal data.

How are things working on your end of the pond?

January 27th, 2010

To not forget

Today, after 112 hours, the reading of 102.000 names of people who were transported through the Nazi deportation camp Westerbork in my country and then onwards by cattle train to the extermination camps in Poland came to an end with the last name on the memorial, Heinrich Zysmanowicz.

The youngest reader was 11, the oldest 80. A few by telephone from the US and Israƫl.

Let us not ever forget the evil that can be created and nourished by hatred. Let us not forget what administrations can do if they know too much (is that why they are called “administrations”?); the round up of Jews in WWII was ultra efficient in my country because of the wonderfully complete and precise record keeping.

September 20th, 2009

The little error

I have blogged about my country being the most wiretapped in the world before. Now often when I discuss privacy issues, the response is: “I don’t care, I have no secrets, and I rather have a government keep an eye on the bad boys”. Erm, right. History will tell a different story, as well as actuality.

There was a fatal stabbing. The police could not crack the case, but was pretty convinced Mrs X was a witness to the crime. Therefor a wiretap was requested and granted. Later on she decides, on her own account, to cough up what she saw and heard to a recently introduced governmental agency called M, that guarantees anonymity. You can call their number, report crime and through a series of rather well publicized measures they ensure it is forwarded anonymously to the crime fighting authorities. And here, oopsie, things went wrong. As she was wiretapped, the conversation was transcribed and put in the file of the prosecutors against the suspect. And that file is now public, including her identity. Nice, really nice.

The prosecutors office is hardly sorry and even stated Mrs X should have been more careful than to call M (WTF?!?!?!?). The director of M is furious, but the damage is done. Nothing to hide eh?

Next in line: other than all other countries in the EU, my country decided to not only put fingerprints in the new passport (required by European legislation), but also store those fingerprints in a centralized database. Court filings by a Dutch privacy organisation were dismissed by the European courts, as that is only an appeal court. Big brother isn’t coming. It’s already here. TBC.

October 2nd, 2008

The breach of trust

Skype is a communication platform for instant messaging, video and voice. One of it’s virtues is that the communication is end to end encrypted, meaning any middleman cannot intercept the communications, an important reason I use it a LOT.

In China, you cannot download Skype, only a localized version, distributed by a company called TOM. I already knew this version blocks IM sentences that contain a set of “unsafe” words. What probably not many people know is that when these words are encountered (and god knows what other criteria like usernames), the conversation is being logged by the TOM skype client on (insecure) webservers in China.

Major Findings

  • The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.
  • These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
  • The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China. (y-t: I can confirm it blocks the word “fuck” too.)
  • Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

Sounds a bit like yahoo and google eh?

If you happen to chat with Chinese people, do NOT rely on the security model of Skype. While I am reasonably convinced skype is one of the best secured applications and I like it’s end to end encryption a lot better than my conversations going over say Microsoft’s servers, the Chinese client is proven spyware. And to be honest, it makes you wonder what “our” cient is doing.

Skype, the company allowed this is telling us TOM did this without their knowledge. I am very disappointed.

Added: whoa, this is all over the place. Herald Tribune‘s on it. Others will follow soon.

Added: Skype president’s response.

You may have seen some reports in the media about a security and privacy breach in the software provided by our Chinese partner, TOM Online. I’m writing to let you know where we stand, and what we’re doing to resolve the problem.

Some brief background: In China, TOM is the majority local partner in our joint venture that brings Skype functionality to Chinese citizens. The software is distributed in China by TOM and TOM, just like any other communications company in China, has established procedures to meet local laws and regulations. These regulations include the requirement to monitor and block instant messages containing certain words deemed “offensive” by the Chinese authorities.

It is common knowledge that censorship does exist in China and that the Chinese government has been monitoring communications in and out of the country for many years. This, in fact, is true for all forms of communication such as emails, fixed and mobile phone calls, and instant messaging between people within China and between China and other countries. TOM, like every other communications service provider operating in China, has an obligation to be compliant if they are to be able to operate in China at all.

In April 2006, Skype publicly disclosed that TOM operated a text filter that blocked certain words in chat messages, and it also said that if the message is found unsuitable for displaying, it is simply discarded and not displayed or transmitted anywhere. It was our understanding that it was not TOM’s protocol to upload and store chat messages with certain keywords, and we are now inquiring with TOM to find out why the protocol changed.

We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach. In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM.

It’s important to remind everybody that the issues highlighted in yesterday’s Information Warfare Monitor / ONI Asia report refer only to communications in which one or more parties are using TOM software to conduct instant messaging. It does not affect communications where all parties are using standard Skype software. Skype-to-Skype communications are, and always have been, completely secure and private.

I passionately believe in Skype’s mission to enable the world’s conversations. Allowing the world to communicate for free empowers and links people and communities everywhere. Our challenge is to bring this valuable service to people all over, including China, while being transparent to our users and staying within the boundaries of the local laws. We are committed to meet this challenge.

Please note that “fixing” (my emphasis) means: securing the breached webserver where the logs are stored, not killing the logging.

Added: I am not copying Josh’s second post. Yack yack local laws, yack yack continue in the Chinese market, yack yack looking into. BS. My prediction is a follow up version will tell the user the counterpart is using TOM-Skype and will, in very vague words hint that might not be ENTIRELY secure. Trust is plummeting. Oh well, probably everybody will have forgotten about this in less than a week. Again, trust is very affected.

July 3rd, 2008

The files

Dutch Euro-parliament (kinda congress-euro-style) member Sophie in ‘t Veld has filed a complaint in the US. She is constantly picked for further questioning (“secondary screening”) when entering the US and wants to know why. 9 months ago she requested what was on file about here, based on the Freedom of Information act. Most departments did not respond, although after pressure the state department has written to her laywer there is “something”.

Her goal is twofold. First of all to show how hard it is as a normal, law abiding citizen to see what’s on record. But if course there is a more fundamental issue. The US and Europe have secretly and unofficially almost completed ironed out the issues regarding information exchange on travelers: CC numbers, meals, we’ve covered that before. There is one issue left: where does John Doe go when something is wrong with those records, which, I may add, are completely flawed in the first place. Are we safer now?

Good job Sophie.

June 25th, 2008

The chipcard (and the shame)

The administration is trying to get all public transport companies (who are heavily subsidized anyway) to use a unified chipcard. Unfortunately, they used Myfair one, a Mickey Mouse card when it comes to security (I am not even going into the privacy issues). The University of Nijmegen exposed this and delved deeper and deeper, until they copied a card in less than 2 seconds, enough to do it standing close to a clueless traveler.

And then they stepped it up a bit, went to London, where London Underground uses the same card. And published their results. Bravo right? Exposing weak systems compromising the wallet of the consumer, right?

Wrong. The responsible minister is arm twisting the University board and the research group is more or less stifled, using the argument of “acting responsible”. Shame, shame, shame on you, minister Huizinga.

May 30th, 2008

The Wiretappers of Europe re-revisited

The numbers are out:

  • US: 2.208 calls in 2007 (that is, the legal ones, not the NSA illegal tapping) [see update]
  • NL: 1.681 calls active taps per day in 2007.

OK, read that again. My country taps 280 times more calls. If we assume that on average every US and NL citizen makes the same number of calls, then corrected for the number of inhabitants, there is up to a 5000 times higher chance to be tapped here than in the US. The terrorists won.

Update and correction Nov 2009: I might have compared apples with oranges. The NL numbers represent the mean number of phone numbers tapped in a day. I will try to do some digging if the US number represented the same rationale. Anyway, for 2008 NL: total numbers (so not calls) tapped: 26.424, mean number of taps per day: 1946. This implies 1 out of every 605 citizens is being tapped.

Earlier on the nest: The Wiretappers of Europe, The Wiretappers of Europe revisted.

May 21st, 2008

The tunnel vision

1994. 22 Year old stewardess Christel Ambosius is raped and killed in the house of her grandmother in the village Putten. A drop of semen is found on her leg and preserved. Soon, two men are arrested.

1995. While they admit under intense police pressure, they later deny any involvement. The interviews were not recorded on video. The two are convicted to 10 years imprisonment.

2002. The two are set free after serving 7 years. Only after they are set free, the highest court tosses out the conviction in not to be misunderstood words. Police had tunnel vision, evidence against the two was withheld, etc. They are set free and are given compensation, but of course their innocence is not accepted by everyone. Where there is smoke, there must be fire. The case is wide open again, stirring up the village. By now, this is already the most discussed case in my country’s history.

2005. A 29 year old man is convicted of beating up his girlfriend.

2007. After fierce legal protesting, he is forced to give DNA material, which is analyzed and stored in the national database for convicted offenders.

2008. The National Forensic Laboratory calls the cold case team: a coincidence, a present, a gift: the DNA of the man shows a match with the semen found on Christel Ambrosius’s leg 14 years earlier. The then 18 year old man (boy?), now 33, lived in the same village at the time of the murder, but he was never seen as suspect. Police cries victory, evidence is, as it seems, conclusive and undeniable. Kristel’s family keeps quiet, but the earlier convicted men are relieved the case seems to come to a close.

This is not the first time police is said to have serious tunnel vision in high profile cases. I have very mixed feelings about this.

  • Record keeping of one’s DNA? Hmmmmm, I am not too sure I like that. It is now mandatory for convicted criminals. The profiles are destroyed for the suspects not guilty.
  • I am thrilled the bastard is caught, and two innocent (but scarred) men walk.
  • Once a criminal, always a criminal? I like to think not.
  • How the hell did it take 3 years to find the match?

BTW: Anyone in favor for the death penalty, hmmmm? Sure, sure, for THIS guy of course yes, but we wouldn’t know that would we? (“Ok, ok, we killed the wrong ones, sorry, SORRY!!! But we are most definately sure we got the real bastard now, so, let’s kill him too”)

May 13th, 2008

The photo’s once more

As I said earlier, geotagging photo’s has just passed the corner. Cool stuff, but I urge everybody to be very VERY careful. The privacy implications are massive. Wired probably has it right although I disagree:

We’re expecting privacy issues, too, but giving up some personal information in return for convenience is one of the hallmarks of the internet. And we’re cool with that. Just give us the GPS already.

March 18th, 2008

The vision on the world

FlickrVision is supposed to take a snapshot of a randomly just uploaded photo on flickr (redflag: soon-to-be-Microsoft) and display it on the globe, every second a new one.

FlickrVision

Currently it seems to take the location from the uploader’s profile (I saw alpine skiing in my country, yeah sure), but suppose it would take GPS coordinates, that are embedded as tags in jpg’s sooner than later? And almost real-time uploaded to services like flickr? Oh but wait, didn’t I write earlier about that? Oh, and now Yahoo (flickr) is going to be Microsoft’s soon eh?

Still, pretty cool I’ll admit.

Earlier on the nest: The world of pictures revisited, The world of pictures.