You are invited to a series of lectures to be presented by Prof. Prof. Ross Anderson from Computer Laboratory, University of Cambridge, according to the following program:

Lecture 1:
Safety and Privacy – Health Systems in the Age of Biodata
Tuesday, December 10, 2013, 14:30
Room 337, Computer Science Taub Building

There have been serious tussles over health privacy in the UK, the USA and elsewhere over the safety and privacy of health IT systems. Many countries are moving medical records away from family doctors, clinics and hospitals to central cloud systems. This can cut costs and increase resilience: Hurricane Katrina wiped out many New Orleans patients' records, but those covered by the Veterans' Administration could walk into any VA hospital and find their files waiting for them. But centralisation can bring serious privacy failures: following the UK health service's National Programme for IT (NPfIT) receptionists found they could access psychiatric casenotes, and over 700,000 people opted out of an early centralised system. Such systems can also impair functionality: once they are no longer bought by doctors but by large firms or ministries, they become less good at supporting healthcare in many subtle ways. And once the records are available in one place, there are huge pressures for access by all manner of organisations, benevolent and otherwise; lobbying over the new EU data protection regulation is so fierce that the European Parliament and Council may not be able to agree on it. Regulation is poor, as regulators are captured by powerful lobbies; the safety of medical equipment still awaits its Ralph Nader. Medical records are a hard problem not just because the subject matter and the workflow are complex, but because support systems embody power relationships and are the scene of fierce struggles for control and for money. Into this cauldron, we are about to add genomics. How will the world change once patients can add their DNA sequence data to their records?

Bio:
Ross Anderson is Professor of Security Engineering at Cambridge University. He holds a Brandeis award for lifetime achievement in health privacy; he has worked for the British and Icelandic medical associations, been a special advisor to the UK parliament's health committee, and was an author of "Database State" – a report that led the UK government in 2010 to cancel two large systems to collect data on children. He has made a number of technical contributions to security, from cryptography through hardware tamper-resistance to API security; and he is one of the founders of security economics, which brings the tools of game theory and microeconomic analysis to bear on complex multistakeholder systems.

Lecture 2:
How Can we Recover from Protocol Failure?
Thursday, December 12, 2013, 11:00
Room 337, Computer Science Taub Building

Security protocols are the foundations on which the digital age is built. SSL/TLS is the basis for online commerce, email privacy and much else; EMV is taking over the world of card payments; and lesser-known protocols such as SSH and DNSSEC protect the infrastructure. Stable, reliable platforms are the basis on which others can innovate; but what happens when the platforms themselves fail? We have so far seen about a dozen failures of SSL/TLS, and had to patch them in very ad-hoc ways because it is not feasible to replace whole ciphersuites quickly, or even to change the clients and the servers at the same time. There has been a whole series of attacks on EMV, many of which are still not really patched. And now we find, pace Snowden, that many protocols have been the subject of deliberate attempts to weaken them; we are dealing not just with bugs and blunders but with adversarial behaviour. One of the most challenging problems we face is how to repair broken protocols when some of the participants are obstructive; we may have to move beyond protocol analysis and security-economic analysis to think in terms of strategy,
politics and even diplomacy. A related problem is how to design protocols that will be as resilient as possible against future adversarial behaviour.

Your are all invited.[Back to the news index]