References

1

``Transaction Security System'', DG Abraham, GM Dolan, GP Double, JV Stevens, in IBM Systems Journal v 30 no 2 (1991) pp 206-229

2

`Fast Software Encryption -- Fist International Workshop', R Anderson (editor), Springer Lecture Notes in Computer Science no 809

3

``Why Cryptosystems Fail'', RJ Anderson, in Communications of the ACM vol 37 no 11 (November 1994) pp 32-40

4

``On Fibonacci Keystream Generators'', R Anderson, in `Fast Software Encryption -- Second International Workshop', B Preneel (editor), Springer Lecture Notes in Computer Science no 1008 pp 346-352

5

``Robustness principles for public key protocols'', RJ Anderson, RM Needham, in Advances in Cryptology -- Crypto 95 Springer LNCS vol 963 pp 236-247

6

``NHS Network Security'', RJ Anderson, 30 May 1995

7

``NHS wide networking and patient confidentiality'', RJ Anderson, in British Medical Journal v 310 no 6996 (1 July 1996) pp 5-6

8

`Security in Clinical Information Systems', RJ Anderson, published by the British Medical Association, January 1996

9

``Clinical system security: interim guidelines'', RJ Anderson, in British Medical Journal v 312 no 7023 (13 Jan 1996) pp 109-111

10

``Patient Confidentiality -- At Risk from NHS Wide Networking'', RJ Anderson, in Proceedings of Healthcare 96

11

``A Security Policy Model for Clinical Information Systems'', in Proceedings of the 1996 IEEE Symposium on Security and Privacy pp 30-43

12

``The Zergo Report -- Initial Comments'', RJ Anderson (May 1996)

13

``On the Reliability of Electronic Payment Systems'', RJ Anderson, SJ Bezuidenhoudt, in IEEE Transactions on Software Engineering v 22 no 5 (May 1996) pp 294-301

14

``The GCHQ Protocol and its Problems'', RJ Anderson, MR Roe, to appear at Eurocrypt 97; available from www.cl.cam.ac.uk/users/rja14

15

Discussion between B Beeby, R Anderson, G Kelly and J Williams, 20th November 1996

16

``A Fast New DES Implementation in Software'', E Biham, in Preproceedings of the Fourth Fast Software Encryption Workshop (Technion, Haifa, 20-22 January 1997) pp 241-252

17

`Secure Computer Systems: Mathematical Foundations', DE Bell, LJ LaPadula, Mitre Corporation report ESD-TR-73-278

18

`Cipher Systems', H Beker, F Piper, Northwood 1982

19

``Directed Acyclic Graphs, One-way Functions and Digital Signatures'', D Bleichenbacher, UM Maurer, Advances in Cryptology -- Crypto 94 (Springer LNCS v 839) pp 75-82

20

`Draft guidance for the NHS on the confidentiality, use and disclosure of personal health information', N Boyd, Department of Health, 10 August 1994

21

`Chipkarten im Gesundheitswesen', Bundesamt für Sicherheit in der Informationstechnik, Bundesanzeiger 4 May 1995

22

``Optimizing a Fast Stream Cipher for VLIW, SIMD and Superscalar Processors'', CSK Clapp, in Preproceedings of the Fourth Fast Software Encryption Workshop (Technion, Haifa, 20-22 January 1997) pp 254-268

23

``Confidentiality of medical records: the patient's perspective'', D Carman, N Britten, British Journal of General Practice v 45 (September 95) pp 485-488

24

`Securing Electronic Mail within HMG', CESG document T/3113TL/2776/11, 21st March 1996

25

``A Comparison of Commercial and Military Computer Security Policies'', D Clark, D Wilson, in Proceedings of the 1987 IEEE Symposium on Security and Privacy pp 184-194

26

``United States pushes key escrow, security in OECD'', in Computer Fraud and Security Bulletin (Mar 96) pp 7-9

27

`Cryptography's Role in Securing the Information Society', K Dam, H Lin, National Academy Press, Washington, D.C. 1996

28

`How to Keep a Clinical Confidence', B Darley, A Griew, K McLoughlin, J Williams, HMSO 1994

29

`Keeping it Confidential -- Protecting business information', Department of Trade and Industry, 1996

30

``New Directions in cryptography'', W Diffie, ME Hellman, in IEEE Transactions on Information Theory v IT-22 no 6 (Nov 76) pp 644-654

31

``Exhaustive Cryptanalysis of the NBS Data Encryption Standard'', W Diffie, ME Hellman, in Computer v 10 no 6 (June 77) pp 74-84

32

`Product Block Cipher for Data Security', WF Ehrsam, CHW Meyer, RL Powers, JL Smith, WL Tuchman, US Patent 3,962,539 (8th June 1976)

33

``HMG's Unified Incident Reporting and Alert Scheme'', P Fleury, talk given at `Information Security -- is IT Safe?', IEE, 27th June 1996

34

``The law and its impact on the way data security issues are addressed'', E France, at Information Security -- is IT Safe?'', IEE, London, 27 June 1996

35

``Future frameworks for data and privacy protection'', E France, at Liberty on the Line: Opportunities and Dangers of the Superhighway, 14th November 1996

36

``Encryption Trials -- Aims, Objectives & Issues'', D Garwood, 1996

37

`Good Medical Practice', General Medical Council

38

`Confidentiality', General Medical Council

39

`A Strategy for Security of the Electronic Patient Record', A Griew, R Currell, IHI, University of Wales, Aberystwyth, 14/3/95

40

P Gutman, personal communication, July 96

41

A Hassey, Talk at Personal Information workshop, Cambridge, June 96

42

N Hickson, Department of Trade and Industry, speaking at `Information Security -- Is IT Safe?', IEE, Savoy Place, London, 27th June 1996

43

`Information Technology Security Evaluation Criteria', EU document COM(90) 314 (6/91)

44

``GMSC and RCGP guidelines for the extraction and use of data from general practitioner computer systems by organisations external to the practice'', Appendix III in `Committee on Standards of Data Extraction from General Practice Guidelines' Joint Computer Group of the GMSC and the RCGP, 1988

45

``A Proposed Architecture for Trusted Third Party Services'', N Jefferies, C Mitchell, M Walker, in proceedings of Cryptography Policy and Algorithms Conference, 3-5 July 1995, pp 67-81; published by Queensland University of Technology

46

``A Proposed Architecture for Trusted Third Party Services'', N Jefferies, C Mitchell, M Walker, in Cryptography: Policy and Algorithms, Springer LNCS v 1029 pp 98-104; also appeared at the Public Key Infrastructure Invitational Workshop at MITRE, Virginia, USA, in September 1995 and PKS '96 in Zürich on 1st October 1996

47

``Information and the NHS (for me or for them?), S Jenkins, in Personal Information -- Security, Engineering and Ethics (21-22 June 1996), preproceedings published by the Isaac Newton Institute, Cambridge, pp 1-21

48

`The Codebreakers', D Kahn, Macmillam 1967

49

`La Cryptographie Militaire', A Kerkhoffs, in Journal des Sciences Militaires, 9th series, IX (Jan 1883) pp 5-38; (Feb 1883) pp 161-191

50

``Constructing digital signatures from a one-way function'', L Lamport, SRI TR CSL 98 (1979)

51

Talk given by J Leach at meeting organised by `Scientists for Labour', 14th November 1996

52

B Molteno, comments at BMA House, 13th June 1996

53

`Information Systems Security: Top level policy for the NHS`, IMG document 2009 (b)

54

`NWN Threats and Vulnerabilities', 5 April 1995, IMG document NWNS/T1.22

55

`NHS-wide networking: data security policy', IMG document NWNS/T3.3

56

`NHS wide networking security architecture`, 3 April 1995, IMG document NWNS/T1.21

57

Security Guide for IM&T Specialists', 3 April 1995, IMG document NWNS/T5.11

58

`NHS/CCTA Internet Security Report' version 1.3

59

`NHS IS Reference Manual', December 1995

60

Press release, NHS Executive, 17th October 1996

61

NHS Wide Clearing System, Encryption Pilot Project, Project Board Minutes for 18/11/96

62

NHS Wide Clearing System, Encryption Pilot Project, Project Board Minutes for 29/1/97

63

``Announcing Development of a Federal Information Processing Standard for Advanced Encryption Standard'', National Institute of Standards and Technology, in Federal Register v 62 no 1 (Jan 2 1997) pp 93-94

64

``Managing Health Data Privacy and Security: a case study from New Zealand'', R Neame, in Personal Information -- Security, Engineering and Ethics (21-22 June 1996), preproceedings published by the Isaac Newton Institute, Cambridge, pp 207-215

65

``Encryption and the Global Information Infrastructure: An Australian Perspective'', S Orlowski, in proceedings of Cryptography Policy and Algorithms Conference, op. cit., pp 31-39

66

``Euro-Clipper chip scheme proposed'', D Peachey, in Communications Week no 151 (18 September 1995) pp 1, 81

67

``Providing Secure, Recoverable Email'', P Peterson, in Network Security (Aug 96) pp 15-19

68

``GP Practice computer security survey'', RA Pitchford, S Kay, in Journal of Informatics in Primary Care (September 95) pp 6-12

69

``Move to Strengthen Information Security'', Press Association, 06/10 1808

70

``UK to license information encryption services'', Reuter RTf 06/10 1355, London, June 10th

71

``Institutionell-organisatorische Gestaltung informationstechnischer Sicherungsinfrostrukturen'', A Roßnagel, in Datenschutz und Datensicherheit (5/95) pp 259-269

72

``For Sale: your secret medical records for £150'', L Rogers, D Leppard, Sunday Times 26/11/95 pp 1-2

73

R Rogers, in discussion at BMA house, 2nd May 1996

74

``Keynote Address'', AW Saunders, in Information Security -- is IT Safe?, IEE, London, 27 June 1996

75

``CESG Recommendations for Secure Electronic Mail -- A Statement by Andrew Saunders, Director CESG'', available at http://www.cesg.gov.uk/cesghtml/news/25_2_97.htm

76

``The Blowfish Encryption Algorithm'', B Schneier, Dr. Dobbs Journal v 20 no 4 (Apr 94) pp 38 - 40

77

`Applied Cryptography', B Schneier, second edition, Wiley 1995

78

``The History of Subliminal Channels'', GJ Simmons, in Information Hiding (proceedings of first international workshop), Springer Lecture Notes in Computer Science v 1174 pp 237-256

79

``Proposal for a Council Decision -- in the field of security of information systems, concerning the establishment of a Europe-wide network of Trusted Third Party Services (ETS)'', SOGIS (Senior Officials' Group, Information Security) 23/11/95

80

`Medical Ethics Today -- Its Practice and Philosophy', A Sommerville, BMA 1993

81

`Project Initiation Document -- Tees Security Pilot', Issue 1 draft 3, Syntegra, 23rd October 1996

82

Letter from Ian Taylor MP MBE to the writer, 16 December 1996

83

``EC plans encryption rules in bid to police information superhighway'', J Thorel, in Nature v 377 no 6547 (28/9/95) p 275

84

Urteil im Zivilprozess Winter/Dresdner Bank AG, Amtsgericht Darmstadt, 24. Februar 1989, Geschäftsnummer 36 C 4386/87, Richter Jerschenkowski

85

``The use of encryption and related services with the NHSnet'', Zergo Ltd., published as NHSE IMG document number E5254, April 1996

86

``Zergo's response to `The Zergo report -- initial comments' by Dr Ross Anderson'', Zergo Ltd., 17th May 1996