[OpenID] Law 1 and EMTs

Troy Benjegerdes hozer at hozed.org
Sat Feb 10 17:03:34 UTC 2007

I think you should probably start by quantifying the risk of dieing
because of lack of lack of access to medical records. If you can write a
whitepaper documenting how likely someone is to die because of lack of
access to records, then you have something to convince individual
patients to put their electronic records in control of an ibroker.

The big risk with doing this electronically is that one hacker (or
organized crime group funding hackers) can break the protocol and then
get *everyone*'s medical records. The case of stealing someone's records
by non-digital is definitely possible, but you only get one person's records.
If there is an exploitable security hole in the ibroker's web site, or
in the protocol itself, everyone's records could be disclosed. This risk
can't be quantified unless you start talking about formal methods
verificiation of the protocol, and all the software the ibroker runs.
Now we're back into astronomical costs again ;)

I suppose you start by assuming that whatever method you use to protect
medical records *will* be broken, and then you convince people that
having some organized crime group in another country get their medical
records is worth the benefits of having their life be saved by the
medical professionals having access.

On Fri, Feb 09, 2007 at 02:53:16PM -0600, Jaco Aizenman wrote:
> How about giving all the liability problems to a third party? (answer me to
> my email please)
> I mean, the owner of the iBroker can be a local CR company,
> http://www.labstein.com/ , and not your company.
> BTW, today if someone really wants it, most probably can get a medical
> info/record, using also non digital means (with the "help" of clerks working
> on hospitals for example...). But most probably today a doctor can not get
> all your medical record, and many times this mean dead or serious problems
> if the person survives....
> It is incredible to find out that more poeple die for this reasons than for
> car accidents!.
> On 2/9/07, Troy Benjegerdes <hozer at hozed.org> wrote:
> >
> >On Fri, Feb 09, 2007 at 11:17:38AM -0600, Jaco Aizenman wrote:
> >> Jon, in emergency situations, in most countries, security forces will
> >get
> >> all info needed to save the people. For all other cases the Supreme
> >Court
> >> and other?s, should protect the fundamental right of not having virtual
> >> personality (not letting others see your vp content, or  contact you
> >> without passing your presence  choices).
> >>
> >> Eric, my father is a Doctor in CR, and he and others I talked in the
> >health
> >> sector, want the best(*) content of the patient virtual personality,
> >> available at all times, in all the places.
> >
> >Two words: Cost/benefit.
> >
> >Getting the 'best' patient information to everyone *that needs it*,
> >everywhere,
> >at all times, *without* disclosing this information to unauthorized
> >persons
> >is either going to be horrendously expensive, or horrendously insecure
> >first then horrendously expensive in the resulting litigation from
> >inevitable security breaches.
> >
> >How much are you willing to pay an iBroker to accept that liability? Who
> >is going to pay for it? If you have several hundred thousand to just get
> >started documenting the security process, and then a few million to
> >implement it, then let's talk about this more.. But right now, I think
> >we need to see OpenID deployed for *low risk* information like online
> >blogs first. If you feel you need to discuss this now, put a dollar
> >value on it.
> >
> >>
> >> Some local CR actors in the health sector, including Government, want to
> >> find an iBroker that can provide this service of projecting the medical
> >> record content,to the right people, at the right time, at the right
> >places.
> >>
> >> (*) Just critical content for emergency situations, and the full patient
> >> medical record for non emergency situations.
> >>
> >>
> >>
> >>
> >> On 1/29/07, Jon Callas <jon at pgpeng.com> wrote:
> >> >
> >> >
> >> >Discussions of this sort set off my own special form of paranoia.
> >> >
> >> >When I hear that we have to have identity information opened up so
> >> >the EMTs can get them, I really hear that we need to do this so that
> >> >the security forces can get them when you're declared an enemy
> >> >combatant, or attend the wrong public gathering.
> >> >
> >> >        Jon
> >--
> >--------------------------------------------------------------------------
> >Troy Benjegerdes                'da hozer'                hozer at hozed.org
> >
> >Somone asked me why I work on this free (http://www.fsf.org/philosophy/)
> >software stuff and not get a real job. Charles Shultz had the best answer:
> >
> >"Why do musicians compose symphonies and poets write poems? They do it
> >because life wouldn't have any meaning for them if they didn't. That's why
> >I draw cartoons. It's my life." -- Charles Shultz
> >
> -- 
> Jaco Aizenman L.
> My iname is =jaco (http://xri.net/=jaco)
> Founder                - www.virtualrights.org
> XDI Board member - www.xdi.org
> Tel/Voicemail: 506-3461570
> Costa Rica
> What is an i-name?
> http://en.wikipedia.org/wiki/I-name

Troy Benjegerdes                'da hozer'                hozer at hozed.org  

Somone asked me why I work on this free (http://www.fsf.org/philosophy/)
software stuff and not get a real job. Charles Shultz had the best answer:

"Why do musicians compose symphonies and poets write poems? They do it
because life wouldn't have any meaning for them if they didn't. That's why
I draw cartoons. It's my life." -- Charles Shultz

More information about the general mailing list