Letters

Encryption algorithms are effective in maintaining security

The suggestion that "Pentagon computers can be infiltrated by hackers almost to the point of starting a nuclear war" owes more to Hollywood than to any documented event. His comment that "once you connect your computer to the Internet the files on your system can be retrieved by anyone with the right resources. If your computer is connected to a network--for instance, in a hospital--the entire information on that network is vulnerable" is couched in such general terms that it is at best misleading and in many circumstances untrue, akin to talking about orchidectomy as the cure for cancer.

Sellu raises concerns about the security of email messages and concludes by dismissing passwords "as one of the least innovative ways of protecting access to computer data." He seems to ignore the fact that the use of robust public key encryption software can prevent email messages from being read by anyone other than the intended recipient(s) and provide a digital signature, allowing verification that the message is truly from who it seems to be from, and verification that the contents of the message have not been changed.² Such software exists in the form of a programme called PGP (pretty good privacy). So effective are the encryption algorithms used by this program that the United States government forbids its export from the North American continent. Several "kludges" have been used to ensure that an international version is available to anyone. In the "cash strapped NHS" it will be reassuring for people to know that this program is available free from a variety of sources, including anonymous ftp (file transfer protocol) from ftp://ftp.ox.ac.uk/pub/crypto/pgp/pc/dos/pgp262i.zip. Use of this software has been advocated by Ross Anderson, who has drawn up for the BMA interim guidelines on maintaining security in computerised information systems.³

The Internet presents many challenges to the provision of health care,⁴ but our responses as doctors must be based on critical examination of the facts rather than knee jerk responses to media myths and gross generalisations.

Senior registrar Department of Histopathology, Christie Hospital, Manchester M20 4BX

David A Agbamu 

1. Sellu D. Clinical encounters in cyberspace. BMJ 1996;312:49. (6 January.) [Free Full Text]
2. Adreae M. Confidentiality in medical telecommunication. Lancet 1996;347:487-8. [Medline]
3. Anderson R. Clinical system security: interim guidelines. BMJ 1996;312:109-11. (13 January.) [Free Full Text]
4. Coiera E. The Internet's challenge to health care provision. BMJ 1996;312:3-4. (6 January.) [Free Full Text]