On Tue, 2018-11-13 at 09:32 +1100, Jim Birch wrote: > What are your improved design element?
How often do we have to point them out? 1: Uploaded documents should be inaccessible by default (except to the user) 2: The user should be able to upload any document. 3: The user should be able to permanently delete any document 4: Others should be unable to delete any document 5: People uploading or accessing documents should be individually identified And these should be attributes of a coherent approach; I'm aware that each has implications to be dealt with. The legislative changes needed are huge, and even then cannot really address the intractable problem of all this data being centralised. > does that work? These are your health records! What are they going > to do: send you spiteful emails about your arthritic elbow to make > you vote liberal? Make the flu punishable with a two year jail > term? Please explain how that might work in actual harms and actual > mechanisms. There will be close to a million people with essentially anonymous read/write access to this system. Systemic abuse is almost a certainty. That means blackmail opportunities for a start. For Government abuse, look no further than Alan Tudge using Centrelink information to attack a citizen; and that was a pretty tame case. In security, you don't fart about with what people *say* the system can do, or what the system is *intended* to do. You look at what the system CAN do, and plan around that. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75 Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A _______________________________________________ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link