On 15-09-2002 11:26, "Karsten Hilbert" <Karsten.Hilbert at gmx.net> wrote:
> 1) How do I know that the passphrase I typed in to be used for > the secret key is used to sign what I see on screen and > nothing else ? >>>> Because a special secure device does all the encrypting. After having inserted the Health professional Card > > 2) How does the court know that a signed screenshot was > actually shown on screen and not just fabricated and never > shown ? (It is my responsibility to _inspect_ what is being > shown but I cannot prove that signed "screenshots" were > actually displayed (on current-day systems). >>>>> Because the secure device is able to place the information on the screen. Having a screenshot provides a richer picture than a set of bits and bytes down deep in the database. > This isn't about 100% proof, this is about level of trust, > feasability, deniability and due process. Even with signing > screenshots. > >>> True. I'll have more confidence in a message displayed on a screen than bits and bytes in a distributed database in an Health Information Infrastructure > Or did I miss something ? > > Since it is my responsiblity to carefully inspect the > on-screen information I could just as well extend that view to > that it is my responsibility to use a system that I can trust > to show me what is actually in the database. Thusly I could > just as well sign database content. Gerard himself remarked > that we cannot sign that anyone actually reviewed any > information, only that it was made available. The latter can > be at the level of a screenshot - or at the level of database > content. After all it is my responsibility to inform myself > no matter where I get the information from. Say, I am using an > SQL shell and sign screenshots of my queries. Does this mean I > am not liable for the anaphylactic reaction just because I > didn't do the query for the known penicillin allergy ?!? > Obviously not, although I understand your position to be: "It > hasn't been shown to me hence I am not to blame." What other > purpose might a signed screenshot server ? To shift blame to > the EHR software manufacturer ? >>>>> The whole thing has to do with liability and legal proof. If next to the information in a database the style sheet used to display is stored, it is possibly good enough for legal proofs. > Lastly, one simple question. How does TNO propose to handle > the audit trail of signed screenshots simply in terms of > storage requirements ? > >>>> This is a simple problem. Now every year one hospital needs 1 kilometre of shelf space. Have you ever compressed XML documents? Have you ever looked at diskspace and prices? >> Making a hash of a screen dump indicates: This is the information as I saw >> it on a screen and take responsibility for it by signing. > Nah, I doubt you really believe in the coherency of this > statement. A screendump merely shows what a screen _may_ have > looked like. > >>>> I think it is fully coherent. Yes. But systems that have been certified will have a perfect screendump. This is something that can be tested easily. To proof that in a distributed environment all informationsystems worked 100% is much more difficult? Right? Or wrong? Gerard > Karsten Hilbert -- <private> -- Gerard Freriks, arts Huigsloterdijk 378 2158 LR Buitenkaag The Netherlands +31 252 544896 +31 654 792800 - If you have any questions about using this list, please send a message to d.lloyd at openehr.org