“A security breach affecting an unknown number of Canadian citizens came to light last week in the Canadian province of Newfoundland and Labrador when a consultant for the Provincial Public Health Laboratory took a laptop containing patient health information home. The consultant was contacted by a person who identified himself as a representative of a computer security company and who claimed that he was able to access to data on the laptop through the consultant’s home Internet connection.”

…”The exposed information includes names, Medical Care Plan numbers, age, sex, physician and test results for infectious diseases, including HIV and hepatitis.”

In a related news story…. “Trust is fundamental to the effective management of security and privacy in the public realm. Surprised? “Results from a ground-breaking pan-European study show that when it comes to security and identity in electronic public services, trust is a critical issue for European eGovernment. Given recent negative press stories about the security risks associated with personal data on social networking sites such as Facebook, and recent events in the UK where the personal details of some 25 million citizens appear to have been lost, this paper comes as a timely reminder about the need to manage trust and security effectively.” …”The cc:eGov study has identified exceptional good practice in Europe, for example in Estonia where an integrated ID card provides access to public and private services. However, the Estonian Government is rigorous and thorough in its protection of citizens’ data, to the extent where sustained cyber attacks on their systems earlier this year did not result in a breach of security. The trust of citizens was therefore reinforced.”

Well, hope I got the Latin right. This is a bit unnerving (not this part–no application is perfect): “Antivirus software must open and inspect data in hundreds, if not thousands, of file formats. One bug in the software that does this can lead to a serious security breach. Zoller and his colleague Sergio Alvarez have been looking into this issue for the past two years and they’ve found more than 80 parser bugs in antivirus software, most of which have not yet been patched.”

“The flaws they’ve found affect every major antivirus vendor, and many of them could allow attackers to run unauthorized code on a victim’s system, Zoller said.”

It’s this part that is scary–the type of denial that has been the prelude to IT disasters for 20 years:

“Zoller says he has been criticized by his peers in the security industry for “questioning the very glue that holds IT security all together,” but he believes that by bringing this issue to the forefront, the industry will be forced to address a very real security problem. Between 2002 and 2005, nearly half of the vulnerabilities that were discovered in antivirus software were remotely exploitable, meaning that attackers could launch their attacks from anywhere on the Internet. Nowadays, that percentage is close to 80 percent, he said.”

Russ Cooper, a senior scientist with Verizon Business, had some criticism for the work of n.runs. “The research almost appears to be goading criminals into ‘getting better’ at attacking vulnerabilities… hardly helpful,” he said via instant message. “There’s no doubt that the list of vulnerabilities they have already published in security products looks daunting. However, historically, we have not seen this type of vulnerability exploited.”

And if I read this right, I do not want to do business with this company at all–he seems to be saying that there’s no need to fix it until it gets hacked: “Though Cooper agrees that antivirus file parsing vulnerabilities do pose a risk, he said there are several reasons they have not yet been the focus of widespread criminal attacks. For one, criminals are already being effective enough with their current tactics, such as sending malicious e-mail attachments. A second reason is that security software tends to get more scrutiny, meaning that any vulnerability that was being exploited would be quickly patched, and that any criminal involved in an exploit would be more likely to be caught.”

Coda

Security vendors have long known about vulnerabilities in their software, said Marc Maiffret, chief technology officer with eEye digital security. “Security software is just as vulnerable as any other software,” he said via instant message. “We all hire the same developers that went to the same colleges as Microsoft and learned the same bad habits.”

(From Popular Mechanics)” It looks like the latest smartphone-on-steroids, teeming with everything from GPS and wireless to a touchscreen and a stylus. Throw in an SD memory slot, fingerprint authentication and Windows Mobile 5.0, and you’ve got a powerful, easy-to-use PDA in your hands. Trouble is (besides being clunky at nearly twice the size of BlackBerry), once inefficient bureaucrats will be the only ones allowed to use it come 2010.”

(First reaction–why a device that is department specific? Why not a flexible device programmable for different department needs? Nonetheless, the time, cost and (human) energy savings seem real and visible.)

“It’s the U.S. Census Bureau’s first handheld computer (HHC), and it’s coming to survey a home near you. Developed as part of a federal mandate to make census data collection more secure, officials hope the HHC will cut down on time, paper and human error during the next census. “We’re expected to save a billion dollars,” says Mike Murray, the HHC project leader for Harris Corp., the government contractor working on the device, more than 500,000 of which are being manufactured by mobile giant HTC.”

(Does it really take 500,000 people to count 300 million? How many will it take using this device?)

“When census takers get their hands on them, the HHCs will come with 10 hours of battery life to get through a day’s worth of door knocking—plus a built-in GPS unit to them to those doors in the first place. After collecting data with a stylus and step-by-step touchscreen interface, they can simply upload the information to U.S. Census headquarters via Sprint’s encrypted data network. (A dial-up modem comes embedded for remote areas without wireless.) It’s all secured by a biometric fingerprint reader that keeps non-authorized users off the device—and the authorized ones off the phone with the bureau for forgetting passwords (21st-century bureaucracy wasn’t built in a day).”

(Ticking the right boxes so far–encrypted data network, biometric gummy print reader–what happens when it’s lost or stolen?)

“Now U.S. Census officials say the HHC should cut the number of printed forms from 130 million to about 90 million, and save $525 million in workforce reprioritization. And you thought cutting red tape only came for the holidays.”

Big question is, what happens to all 500,000 for the ten-year period between censuses? (censi? What’s the plural of census?)

The iconoclastic Tim Worstall starts the ball rolling here, and refers us to Ben Goldacre’s Guardian column here: “But it’s not. The leak last week wasn’t because of unauthorised access, it couldn’t have been stopped with biometrics; it happened because of authorised access which was managed with a contemptible, cavalier incompetence. The damaging repercussions for 25 million people will not be ameliorated by biometrics.

So will biometrics prevent ID theft? Well, it might make it more difficult for you to prove your innocence. And once your fingerprints are stolen, they are harder to replace than your pin number. But here’s the final nail in the coffin. Your fingerprint data will be stored in your passport or ID card as a series of numbers, called the “minutiae template”. In the new biometric passport with its wireless chip, remember, all your data can be read and decrypted with a device near you, but not touching you.”

Ben Goldacre also has a piece here that refers to an academic paper enchantingly titled “Impact of Artificial “Gummy” Fingers on Fingerprint Systems” by Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada, and Satoshi Hoshino of the University of Yokohama. “This paper reports that gummy fingers, namely artificial fingers that are easily made of cheap and readily available gelatin, were accepted by extremely high rates by 11 particular fingerprint devices with optical or capacitive sensors. We have used the molds, which we made by pressing our live fingers against them or by processing fingerprint images from prints on glass surfaces, etc. We describe how to make the molds, and then show that the gummy fingers, which are made with these molds, can fool the fingerprint devices.”

We believe it important that a free and open discussion takes place on the HMRC incident and related issues. For a variety of reasons, we think the best place for this is at Ideal Government. We look forward to engaging with you there.

Maybe we all need something to take our minds off the debacle at HMRC, so here’s a bit more about wireless networking devices in hospitals.

Last week we published a post about medical clinical assistants, mobile devices for use by hospital professionals. We profiled one that is coming to market soon. We received two comments which I’m dragging out of the comments box and putting in a post of their own, as I think they deserve a bit more exposure:

Responses to “Information Security and Healthcare”
David French Says:
November 7th, 2007 at 8:22 pm e
… I suspect that the subject of healthcare privacy needs a shake up from top to bottom. A few questions …

* Is it clear what the customer (that’s us, not the health managers) wants?
* What ‘need’ do these ‘wants’ reflect?
* Do the legislation and ethical requirements reflect this underlying need?
* Is there suitable compliance and enforcement of the legislation and ethical requirements?
* Should we get anaesthetists and paediatric cancer specialists before worrying about privacy and security?

When we have a good answer to those, we may be able to evaluate the technical questions about encrypting data at point of entry; securing information over wifi; ensuring that laptops and tablet devices are not attractive to thieves of information, identity or property (because they certainly will be available to all of those). …

Louise Ferguson Says:
November 19th, 2007 at 7:45 pm e
A tablet device is too large and heavy for any kind of pocket (and hospital staff don’t have anything other than pockets), so tends to get treated much as a paper file would: left around on top of drug or record trolleys, unattended in corridors, on patient beds, or just plugged into a base unit for recharging in an often unattended clerk’s area of the ward. At one hospital I was told they had for years had a serious problem with theft of equipment, drugs and so on, reportedly by local junkies, and I understand the same problem exists elsewhere. Ward drug trolleys had to be chained to immovable objects, so tablet devices might suffer similar problems.

If devices are shared, there is no device owner so nobody really takes responsibility for the device (security, recharging and so on). And until costs really come down, I don’t see such devices becoming personal (each ward would require dozens). (Of course many doctors already use their own PDAs, which do fit comfortably in the pocket and are very much personal devices. They don’t get talked about as they are often not hospital equipment or part of a procurement strategy.)

I think hacking and malware come a little way down the list of problems, which tend to be pretty mundane. For example, it’s actually difficult getting a reliable wi-fi connection throughout a hospital ward (partly owing to the built environment in healthcare I guess). If a single set of paper notes is missing, things can be rejigged while they are located, but if you can’t access any patient records at all for several hours across an entire ward (and I’ve seen that happen), the problem is a little more serious.

Picking up a tablet PC from the clerk’s desk and popping into the toilets with it would, in my view, not be a problem in the average hospital ward. Data is stored remotely, but password-sharing is widespread and indeed passwords may be available in the clerk’s area. Many people do not always logout anyway, so as long as the machine has not already auto logged out already, you’re in.

It has to be said that data privacy never seems to have been much of a concern in the paper era: files lie around everywhere for anyone to pick up and read, white boards display sometimes quite personal info to any ward visitor, and telephone conversations about patients take place in the hearing of any passer by. But the difference is in the volume of data to be had for so little effort.

I don’t see any online systems doing away with the traditional informal records that every patient has - handwritten notes tucked into the nurse’s pocket, prepared at shift handover. Or on the SHO’s PDA. Wireless tablet devices promise data input and data availability at the bedside, but I don’t see tablets being used for any serious volume of input. Which may mean people are going to continue writing things down in paper files…

Here’s the story on the day after…

I have said this before on this blog. There are countries where a national identification card is completely non-controversial. There are possible benefits to society from a well run and properly managed system.

But in my heart of hearts I do not believe that this country’s government (and I do not distinguish between political party here) is capable of building and operating an ID management system at this point in time without disastrous consequences to information assurance.

The Open Rights Group posted today its annual review, including its first full year’s accounts. (Like a number of people who read here, I’m on its Advisory Board.) ORG wants the link blogged as widely as possible…

Some months back a photographer practically made the sign of the cross when I mentioned ORG in an interview. I think one of the challenges ORG has is to make people understand that it’s not against people making a living from IPR - after all, many of its AB members, its patron (Neil Gaiman), and one of its founders (Cory Doctorow) all make their livings by creating and selling intellectual property. What it’s against is the extension of copyright beyond all reason. Since the primary beneficiaries of that are the same publishers who have been grabbing rights from people like photographers, journalists, et al it’s hard for me to understand why the “enemy of my enemy is my friend” principle doesn’t apply…

For Blindside, I suppose the relevance is that if you make a sufficient number of sufficiently anti-public access laws for long enough, eventually you will spark enough opposition to create something like ORG, which really seems to me to have grown on Internet time.

wg

From Popular Mechanics:

(Let’s count how many network connections we find in the police car of the future).

1. “The E7 would go from 0 to 60 mph in six seconds, with a top speed of 155 mph, and a slew of humble-sounding improvements, like seats that can accommodate radios and other bulky equipment. According to Li, the E7 would start in the “high-20’s,” climbing up to as much as $70,000 with options like license-plate-reading cameras and even WMD sensors.” (Is that two?)

2. “Researchers at the University of New Hampshire have developed a system that lets officers use voice commands to run a license plate, turn on the lights and siren, and even clock a speeding car.”

3. “If the (suspect) car suddenly takes off, the officer can say, “Pursuit,” activating the lights and siren, as well as his own vehicle’s GPS tracking system.”

4. “It gets even more futuristic: A handful of officers are testing Project54 with PDAs, checking a driver’s license on the handheld’s screen and running voice commands through the PDA’s mic. The system has also been installed on six motorcycles, using helmet mics, as well as handlebar-mounted, WiFi-enabled touchscreens, which can be detached and used up to 300 ft. from a bike-mounted Panasonic Toughbook. No specialized gear, no experimental hardware—just a smart application.”

Too futuristic for your tastes? Short-Term Impact: Project54 is currently installed on about 1000 vehicles, most of which are in New Hampshire. But Lenharth insists demand is increasing rapidly. “We aren’t selling anything,” he says. “This is basically an open-source system.” The Texas state police, for example, are looking into outfitting some 2000 vehicles with the voice-command technology. The Coast Guard is currently testing an installation on a boat, using a waterproof tablet, and a Project54-enabled ATV is being tested by the National Guard.

5. We call it ANPR, but in the states it’s ALPR: “The most common configuration is a three-camera system. All of the cameras have a fixed position and focal length, with two facing forward—one scanning the lane to the right of the car, the other scanning the lane to the left—and a side-mounted camera intended for parking lots. Each camera sends a constant stream of infrared and full-color images back to a processor in the trunk, which searches them against current warrant lists, Amber alerts and other records that are updated daily.” PIPS hasn’t provided exact numbers, but despite its relatively high price tag—a three-camera system costs around $25,000—ALPR systems are already in use across the United States, including agencies in California, Arizona, Texas and New Jersey.

6. StarChase GPS Launcher: This system is behind schedule—when we (Popular Mechanics, not Blindside) last covered it, the plan was for a deployment by the end of this year—but Virginia-based StarChase now claims that the Los Angeles Sheriff’s Department is closing in on the final stage of its testing, which could put a deployed GPS launcher on the road early next year.
The purpose of StarChase is to stop high-speed pursuits, by letting officers launch a sticky GPS tracker onto a fleeing vehicle. Everything is riding on the LA test. If StarChase is considered effective in one of the most chase-heavy regions in the country, other agencies are likely to start their own field-tests.

How many network connections did you count?

Via Kable: “Buckinghamshire and Milton Keynes Fire and Rescue Service is planning to use handheld technology for fire risk inspections. It intends to replace its paper based scheme with electronic forms on handheld devices, which make it possible to transmit the reports immediately to headquarters servers.”

Progress marches on. However, “Information captured is stored on the device until completed and automatically updated to a Fire Safety Management application provided by Consilium, which manages Fire Safety Inspections and produces statutory reports.”

A couple of things I hope they’ve thought of: What happens to the data in the device after the Consilium Fire Safety Management application is automatically updated? Does it stay on the device? Is it transmitted securely? And, of course, what happens if a device is left in a pub?

I don’t (at first glance) see that this information needs MI5 level of security, but the providers of this information do have rights under the Data Protection Act, and as property is money these days, I should hope there is some provision regarding this.