[LINK] The "health" record security model
Karl Auer
kauer at biplane.com.au
Tue Nov 13 10:23:45 AEDT 2018
On Tue, 2018-11-13 at 09:32 +1100, Jim Birch wrote:
> What are your improved design element?
How often do we have to point them out?
1: Uploaded documents should be inaccessible by default (except to the
user)
2: The user should be able to upload any document.
3: The user should be able to permanently delete any document
4: Others should be unable to delete any document
5: People uploading or accessing documents should be individually
identified
And these should be attributes of a coherent approach; I'm aware that
each has implications to be dealt with.
The legislative changes needed are huge, and even then cannot really
address the intractable problem of all this data being centralised.
> does that work? These are your health records! What are they going
> to do: send you spiteful emails about your arthritic elbow to make
> you vote liberal? Make the flu punishable with a two year jail
> term? Please explain how that might work in actual harms and actual
> mechanisms.
There will be close to a million people with essentially anonymous
read/write access to this system. Systemic abuse is almost a certainty.
That means blackmail opportunities for a start. For Government abuse,
look no further than Alan Tudge using Centrelink information to attack
a citizen; and that was a pretty tame case.
In security, you don't fart about with what people *say* the system can
do, or what the system is *intended* to do. You look at what the system
CAN do, and plan around that.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
More information about the Link
mailing list