Search for in
Home > Columns > L Files
The L-Files: Codes and keys - confidential email communication
“What one man can invent another can discover.”Sherlock HolmesEmail is an inherently unconfidential way of sending messages. Any particular email passes through many computers on the way to its destination, and can be read at any stage of the journey. An email therefore is like a postcard, with the message in plain view of all those who handle it between posting and delivery. Guest’s Law of Email warns that you should expect that any email you send will be seen by the person you least want to read it. Therefore, when sending confidential patient information like referrals, pathology results, discharge summaries and specialist reports, it behoves us to ensure that they are sent as confidentially as possible.

Cryptography
‘Cryptography’, the practice of converting information to an obscured form to prevent others from understanding it, has its origins in ancient times. Traditionally it was used by diplomats, spies and criminals for secret communications. Sherlock Holmes, tells us that he “was fairly familiar with all forms of secret writings” and was himself “the author of a trifling monograph upon the subject”. In the Internet Age, cryptography has broadened its usage and become an essential part of everyday, confidential communications, and is of particular importance for medical applications.

Classically, the encoding (or encryption) of information has relied on either transposition (rearrangement) of the order of the letters in a message, or the substitution of one letter or symbol for another. In the Sherlock Holmes story alluded to, little drawings of dancing men were substituted for the letters of the alphabet. Knowing the frequency in which letters appear in English, and with some good guesswork, such codes can be broken.

Mechanical devices began to be used last century to add complexity to encryption. The enigma machine was a rotor machine used for encryption by Germany during WWII, and the story of the cracking of this code by a large team of mathematicians at Cambridge University was one of the best kept secrets of the war.

Pretty Good Privacy
The mathematical capacity of computers has replaced mechanical machines as the tools for encryption, and rendered encrypted code essentially unbreakable. The most widely used cryptographic system was developed in America by Phil Zimmerman. He named the system ‘Pretty Good Privacy’, (PGP). ‘Pretty Good’ is here used in the same sense as ‘Johnny Wilkinson is a pretty good kicker’. PGP was so effective that the PGP system was classified as a ‘munition’ by the US military and its export was banned. This did not deter international PGP users, who (legally) retyped all the PGP program outside USA borders, forming an international version of PGP. There is now also a commercial version of the PGP system, and an open source free version has been developed.

Called gnupg, it is supported in part by German government funding. These different ‘forks’ are essentially compatible.

PGP in practice
Using PGP is significantly easier than describing how it works. ‘Plug-ins’ are available for most email applications (such as Outlook) that enable encryption and decryption with just a click. PGP is built into some medical database packages, and many practices are already using PGP for receiving pathology and Xray results.

Public key infrastructure
The PGP system is a version of Public Key Infrastructure, or PKI. (The HIC in its wisdom has chosen to use a different system of PKI that is not compatible with PGP). To participate in PKI , you use PGP software to create two different but matched keys. One key is the secret key, and is stored on your computer. The other key, the public key, is made available to anyone who wants to send you a confidential message. (A key looks like a meaningless paragraph of letters and numbers). A key-pair only needs to be generated once for each user.

If I want to send you an encrypted message, I need to know your public key. Given your name or email address, my computer can automatically look up a public keyserver on the internet for a particular public key, and then store it for future reference in its own keyring. My software will scramble the message that I intend to send, using your public key, so that it appears like a random string of letters and numbers. Just as Cinderella’s foot was the only match for the glass slipper, only you, the person who has the matching secret key, will be able to unscramble the message. Ugly stepsisters without the right key will be unable to decrypt it.

Digital signatures
PKI also enables the use of a digital signature. If you use the PGP software to ‘sign’ a message, your secret key is used to produce a small piece of code that is added to your text. Anyone who receives this message (and who has your public key in their keyring) can verify that the message does come from you, and that it has not been altered.

Web of trust
Cryptographers are paranoid by nature. A malicious individual might distribute a public key, falsely claiming it belongs to another person, and therefore be able to read messages encrypted using that key. Therefore it is important to make sure that a public key actually does belong to the person that it is ascribed to. If you are confident that a public key belongs to the right person, you can verify that key by using your software to ‘sign’ it. This is analogous to signing the back of a passport photo to confirm that the photo is truly that of the passport applicant. When you receive a public key from a keyserver, you also receive a list of people who have signed it. You can do your own checking to confirm that the key actually belongs to the correct person, or, you may decide to trust that key without further checking, if you know that those signatories are reliable witnesses. This is known as the ‘web of trust’.

Local implementation
To enable confidential communication between GPs, specialists and hospitals, the division has established a Public Key Infrastructure built around the open source program gnupg. All the requisite software is available from the internet or on CD from the division. It works on all operating systems, is free of all charge, and requires only small changes in current practice. The division hosts a public keyserver at keyserver.medicine.net.au where all participating doctors can make their public keys available.

If you would like to participate. please contact John Gable on email jgable@nrdgp.org.au, the division IT program officer.

References
Sir Arthur Conan Doyle , “The Adventure of the Dancing Men” in “The Return of Sherlock Holmes”
http://en.wikipedia.org/wiki/Cryptography
http://en.wikipedia.org/wiki/Public_key_infrastructure
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
Division Keyserver www.keyserver.medicine.net.au
© 2007 Northern Rivers General Practice Network
16 Carrington Street (PO Box 519), Lismore, NSW 2480, Australia.
Ph: +61 (0)2 6622 4453 Fax: +61 (0)2 6622 3185
Email: Webmaster Email: Feedback
Disclaimer and Privacy Statement