1) How do I know that the passphrase I typed in to be used for the secret key is used to sign what I see on screen and nothing else ?
2) How does the court know that a signed screenshot was actually shown on screen and not just fabricated and never shown ? (It is my responsibility to _inspect_ what is being shown but I cannot prove that signed "screenshots" were actually displayed (on current-day systems). This isn't about 100% proof, this is about level of trust, feasability, deniability and due process. Even with signing screenshots. Or did I miss something ? Since it is my responsiblity to carefully inspect the on-screen information I could just as well extend that view to that it is my responsibility to use a system that I can trust to show me what is actually in the database. Thusly I could just as well sign database content. Gerard himself remarked that we cannot sign that anyone actually reviewed any information, only that it was made available. The latter can be at the level of a screenshot - or at the level of database content. After all it is my responsibility to inform myself no matter where I get the information from. Say, I am using an SQL shell and sign screenshots of my queries. Does this mean I am not liable for the anaphylactic reaction just because I didn't do the query for the known penicillin allergy ?!? Obviously not, although I understand your position to be: "It hasn't been shown to me hence I am not to blame." What other purpose might a signed screenshot server ? To shift blame to the EHR software manufacturer ? Lastly, one simple question. How does TNO propose to handle the audit trail of signed screenshots simply in terms of storage requirements ? > Making a hash of a screen dump indicates: This is the information as I saw > it on a screen and take responsibility for it by signing. Nah, I doubt you really believe in the coherency of this statement. A screendump merely shows what a screen _may_ have looked like. Karsten Hilbert -- GPG key ID E4071346 @ wwwkeys.pgp.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346 - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
