Monday, 9 September 2013

Encrypted messaging

Secure messaging for sensitive information - such as that used in healthcare - would be very useful. Who writes things on pieces of paper these days or sees so few people that they can remember it all! It is important for us in the health business to understand more about the underlying technologies so we can be wary of circumstances where data, entrusted to us, may be snooped on by others.

We do not want patients to lose trust in the health system because their confidential information is stored electronically. We believe that electronic is more secure than paper. The news of the intelligence services routinely storing communications and particularly the accusation that they have even manipulated cryptography standards is alarming.

There is a claim that if more of us routinely used encrypted email it would make the work of those who want to snoop on communications a whole load harder.

Whether you support that notion or not it doesn't really seem to make sense at the moment since so few want to use encrypted email. Why send a message in a complicated way making it hard for someone else to decode when all you're talking about is daily trivia anyhow? I posted a public key for over a year and nobody sent me anything. (Probably because I'm not very popular). An old friend dared others on Facebook to send him an encrypted email and, even though he's got lots of techie friends, hardly any did.

I was one of them ... and have posted a new public OpenPGP key.

So here goes. Anyone use encrypted email? Mailvelope has an easy to use browser plugin. Send me something.

The big problem however, is that really confidential encrypted email is not so vulnerable in transit. It is when it is un-encrypted at each end (the endpoints), or the private keys are not secured properly.

Also, there's useful advice on would be secrecy from Bruce Schneier in the Guardian last week.