Feeds

Stinky databases for tech support tales?

Plus prior art on bullet passwords

  • alert
  • submit to reddit

SANS - Survey on application security programs

Letters There are a few sure-fire ways to anger the average Register reader.

You could, for example, book him on a three day Microsoft certified basic Office 2003 training course. You could tell him he is being outsourced to Bangalore, or ask him for help accessing the millions of pounds of your Granfather's money left in his bank account when he sadly passed away.

But if you really want to wind him up? Stick him on a database as part of a government IT project.

I had to take my father into the local hospital for an outpatient appointment, a couple of weeks ago.

His records are still on paper, with the older stuff on microfilm somewhere.

Mine are likely the same, though when I broke my leg the x-rays were on the doctor's computer.

And there were problems finding my father's records. They tend to stick at the previously-visited outpatient clinic.

An NHS database would, if it worked, solve all these problems. Solving these problems at a local level, using a uniform data format, might be a much easier problem, and it would incidentally make it much easier to transfer records when needed.

The efforts to solve the problems of patient records look to be more about centralisation than about solving the problem.

Antonia


Bugger the ID database, this NHS IT database is a lot further forward and the disclosures that could be made from it much more personal and embarressing than anything that an ID database could every hope to achieve.

I wonder if this breaches the Data Protection Act as I don't remember ever signing anything that said that anyone but those medical people actually involved directly with my medical health had a right to access this data...

And given that the thing is a complete shambles what are the chances of the security being anything other than an even greater shambles?

Wait, what am I saying... my bet is that there is _no_ security (other than _maybe_ IP address.

maybe I should start an insurance company... plenty of money to be made in health insurance I'm sure... especially when you can turn down clients claims because they didn't tell you their entire medical history and you just happen to have acquired a copy!

The government as representative of the people? Possibly and if it is it's the worst indictment I've seen of the state of society today.


Having worked on the NPfIT I know a few people who still work on the project. Recently, the teams working on the 'SPINE' (the central messaging system) got orders to remove a particular patient, their NHS number and all the relevent data from the system. From what I've heard its been no easy task with data hiding on just about every component a message travels through.

For example, if a message can't be delivered its retried a few times and then put in a undeliverable queue. Great, but nothing actually processes the undeliverable queue. This is what happens when developers design, build and run the infrastructure.

Anon


I spent 2 years working on a secure psychiatric unit for the NHS, reading the patients notes and seeing who had access to them. Given the haphazard way they were stored, a central database is an appalling idea. every man and his dog will be able to read them, and it will certainly lead to checks on peoples medical history (almost certainly without their knowledge) before they can apply for anything (loans, mortgages, jobs, etc).

Considering some of the people i looked after, their horrific histories (things done both to and by them), and how much progress some had made, a history like that would prevent them from doing pretty much anything.

If you have been committed, whether simply for evaluation or for an actual illness, you are already branded for life. This central database is only going to make things much, much worse.

one patient in particular, had episodes of severe mania and psychosis, usually lasting only a couple of weeks at a time, with a frequency of no more than once every 6 to 8 months. during these episodes they were a serious danger to themselves and their children, and i witnessed them nearly taking a finger off when attempting to make a cup of tea with a breadknife!

However, when well, there was absolutely nothing wrong with this person, and they held down a full-time management post, and took care of 2 children, as well as playing an active role within a large extended family.

in cases such as this, would this person be able to retain their employment if it became known the periodoc absences were not due to family issues or holidays, but in fact stays in a secure psych unit? i very much doubt it.

This database could easily ruin everything this person has acheived. and for what?

here is the email i sent (c)hewitt earlier....

Good morning,

I am emailing you as you are secretary of state for health. I have been reading recently about the proposed, and it would appear, under development, NHS database. There are several points I would like to raise about this database, and I would appreciate a frank and honest dialogue.

As far as I can tell, this database is, in fact, illegal, and a contravention of my human rights, as I have not been asked permission for my details to be added, I have not been consulted about this database, and I have not even been personally notified. In fact, I found out about this database from several news stories on the internet. My medical records are legally confidential between myself and my doctor, unless I give specific written permission for someone else to access them. I have not given the government permission, and again, I have not been asked or even notified that my records were to be added to a national register. Quite frankly I am disgusted at this blatant disregard for my rights, my privacy, and for your own laws.

I want written assurance that my details will not be included within the database, without my explicit written consent, which you do not, and will not have.

I look forward to your prompt reply.

Name withheld.

As do we.


From rights-stomping databases, to the future of policing

Quote: "Nice Systems call this "policing with a more human face"." I'm sure Himmler used the same terms once or twice... Davide


An interesting article about our future Robocops. Surely this information should be freely available under everybodies favourite act, the Freedom of Information Act? I think the public have a right to know who is lobbying their police force and what the precise nature of that lobbying entails. After all, in my best News of The World voice, "they spend our taxes".

If there's nothing wrong with this video what have they got to hide?

Kind regards, -ed


March has certain strengths versus NICE (and Verint) but they mainly have to do with reliability, searchability and compression algorithms.

March doesn't do voice, so the sort of 911 (or whatever the UK equivalent is) automated recognition of the word "gun" isn't part of their solution, whereas voice/audio is in fact about 2/3 of both NICE and Verint's revenue base, and they are quite good at integrating voice and video. Many applications don't care about audio - transport systems, ATMs, retail for instance.

Anon


3 Big data security analytics techniques

More from The Register

next story
Spanish village called 'Kill the Jews' mulls rebranding exercise
Not exactly attractive to the Israeli tourist demographic
Sleuths find nosy NORKS drones on the Chinternet
UAVs likely to have been made in the Middle Kingdom
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Och aye! It's the Loch Ness Monster – but only Apple fanbois can see it
Fondleslab-friendly beastie's wake spotted... OR WAS IT?
Dorian Nakamoto gets $23,000 payout over Bitcoin invention saga
Maintains he didn't create cryptocurrency, but will join community
Japanese boffin EYES up big bucks with strap-on digi-glasses
AgencyGlass saddles user with creepy OLED display
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.