I just want to clarify that by “PKI mafia” I mean people-that-whatever-the-cost-claim-that-user-to-user-encryption-and-signing-is-the-only-thinkable-way-to-send-electronic-prescriptions. So that doesn’t include you.

And yes, I know that it doesn’t need to be a lot of work to use PKI encryption if standard libraries can be used.

And no, I don’t thing that user-to-user is worth a lot market-wise. But I could be wrong.

Thank you.

But before diving into the detailed replies, I want to emphasize that my article wasn’t about introducing smart cards and PKI, but how to avoid a couple of important problems once you do. And the problems I pointed to were trust of the workstation, which to a large part eliminates the security advantages of smart cards in the first place. But, no problem, your points are valid anyway.

> But does that automatically mean that I, being responsible for the
> development of one of the most used electronic health care record
> application in Sweden (Profdoc Journal III), should strive for the
> adoption these super-smart smart cards? Or even, as some PKI
> fundementalists in this country would have it, prohibit the sending
> of unsigned prescriptions?

Yes, it does, theoretically and morally speaking. Not that I think you will, since you’ve got a business perspective that is more important to your employer. But the expedient idea, popular in business and very understandable, to only implement things when the pain of not doing it becomes unbearable, is what has brought the Internet to the miserable state it is today. In other words, you and all the other producers of software really should be more proactive, but I have no illusion whatsoever that any one of you will be. History tells us that. Just look at the most used operating system that has gotten away with an abysmal design for a very long time. Good business, but poor technology. And you are, after all, a business. I would (maybe) do the same thing in your place.

So, as a business person, I’d say you’re doing fine. You’re not going to lose any business by not implementing good security, since nobody else does it either. Not right now, anyway.

> Of course not. Sending unsigned prescriptions electronically is a big
> safety improvement over paper based prescriptions. The way things
> look right now, we should gladly keep promoting our current, not
> really really safe, way of doing things.

No, sending unsigned prescriptions is a disaster waiting for a trigger; it’s much worse than paper.

But you don’t do that, you do send encrypted and signed prescriptions using state-of-the-art cryptographic technology. I know that, because I designed and developed that application for you. So your solution is much better than what you’ll find elsewhere. It would be even better if the entire process, from the source user to the destination user was covered, but that is the next stage. I’m sure you’ll get there, too. At the very minimum, I’m sure you’ll provide for the ability to do that, since it would make great business sense. Your communication system, by the way, is designed to easily adapt in this direction, since it’s such an obvious future road.

> The difficult question for me is therefore not technical (I’m not a
> deep technician) but timing. When is the right time for me to join
> the ranks of the PKI mafia and say “let’s stop this unsafe electronic
> handling of medical information and start doing it right”?

Well, if you call them/us a “mafia”, I figure it won’t be anytime soon, will it? But if I were you, I’d start figuring out how you will allow it into your records applications, once disaster strikes and it becomes a requirement. If you’re a little proactive, it would be a great sales argument, too. I’m sure you’d win clients by telling them that you’re working to achieve better security than your competitors. Trying to tell clients that PKI is only high-faluting theory will not enhance credibility. Especially since Profdoc is practically the only company today in its speciality that actually does use state-of-the-art PKI, albeit for only some applications.

Let me make another observation here: most people seem to think that using decent crypto, like PKC’s, is somehow very complicated, expensive or resource demanding. That is simply not true. It does require some knowledge on the part of the developers and project leads, but nothing you can’t learn. For the users, if correctly implemented, it’s practically invisible. In short, it is not rocket science. It also does not require everyone to agree on a system beforehand, as too many people seem to think. You can do it, in your end-user apps, on your own, in a decent timeframe and without loss of user-friendliness. But someone has to show you how.

> I feel that the time is probably quite distant. There are hardly any
> smart cards out there in the hands of my current users and the few
> pilot installations that use personal smart card often get into
> trouble.

It’s a chicken-and-egg problem. Also, we need a serious incident with really embarrassing data compromise to make this happen. We need a medical Enron or Card Systems event. Let’s just hope it doesn’t involve Profdoc.

The pilot installations I have seen that got into trouble did it wrong. You really have to have someone design it that understands it. You can’t run it politically, for instance.

> Or is this attitude just me being lazy and backwords, unwilling to
> adapt to the future? I dont’t know.

No, it’s missing a great business opportunity. Users really do want better security and they’ll flock to the first vendor that takes it seriously. To the first vendor that actually begins doing something, even if it’s incomplete.

Again, I don’t understand you entirely, since you are doing something, but don’t seem to exploit that fact very much in your marketing (but I may be wrong, though).

But does that automatically mean that I, being responsible for the development of one of the most used electronic health care record application in Sweden (Profdoc Journal III), should strive for the adoption these super-smart smart cards? Or even, as some PKI fundementalists in this country would have it, prohibit the sending of unsigned prescriptions?

Of course not. Sending unsigned prescriptions electronically is a big safety improvement over paper based prescriptions. The way things look right now, we should gladly keep promoting our current, not really really safe, way of doing things.

The difficult question for me is therefore not technical (I’m not a deep technician) but timing. When is the right time for me to join the ranks of the PKI mafia and say “let’s stop this unsafe electronic handling of medical information and start doing it right”?

I feel that the time is probably quite distant. There are hardly any smart cards out there in the hands of my current users and the few pilot installations that use personal smart card often get into trouble.

Or is this attitude just me being lazy and backwords, unwilling to adapt to the future? I dont’t know.