PGP for Personal Privacy, version 5.5 - Evaluation

Journal of Family Practice, Oct, 1998 by John Leo Zimmer

PGP for Personal Privacy, version 5.5. Network Associates, Inc, 2805 Bowers Ave, Santa Clara, CA 95051; (408) 988-3832.

Price: $39.00

Documentation: Printed manual with CD-ROM. 111-page Adobe Acrobat file. Windows Help file.

How Supplied: CD-ROM

Hardware & Software Requirements: Windows 95/NT, 9.4MB hard disk space. Versions available for UNIX and Macintosh.

Customer Support: (408) 988-3832

Demonstration Disk: Download From http:\\www.pgp.com. Free for noncommercial use. Full-featured; some limits in backward compatibility.

Rating: Two thumbs up. Makes strong encryption widely accessible.

In the mid-1980s I helped establish a medical school's E-mail system. One night, I noticed an unfamiliar routine running and, on investigation, found an outside consultant scrolling through our E-mail. When confronted, he stopped this practice. However, most of our system's users never learned of this--and most E-mail users today would be just as unaware if this were to happen to them. A solution to such problems appeared in the mid-1990s with the development of software that allows messages to be encrypted for transmission. An example of a message encrypted by one such program, Pretty Good Privacy (PGP), is depicted in Figure 1.

[Figure 1 ILLUSTRATION OMITTED]

Why should this be of interest to family physicians? Patients are becoming more computer literate and are searching the Internet for health information. Some patients and physicians are already using it for communication, including transmittal of potentially sensitive information. This is a logical extension of traditional mail service, answering machines, and other common methods of physician-patient communication. Because of the advantages of electronic communication, including timeliness, ease of use, and efficiency, odds are that such correspondence will increase. Obviously, one major concern when communicating medical information is security.

In truth, unencrypted (plain text) E-mail is much like a simple postcard. It resides on a computer as a file like any other file, usually relatively easy to display. Anyone who finds it can access the contents without expending effort to "steam it open." When the E-mail is transmitted via the Internet, it hops from computer to computer along the route. At any of these stops, someone may choose to read other people's messages. A hospital, university, or other corporate E-mail facility may seem more secure, but the law grants no guarantee of privacy to a worker using company hardware. Because of these confidentiality issues, the American Medical Informatics Association's Internet Working Group has produced a set of Guidelines for the Clinical Use of Electronic Mail with Patients.[1] They suggest encryption of all E-mail going to patients. They suggest that the alternative -- corresponding without such protection -- should require prior informed consent.

The result of a cervical cytology is the type of report that a physician might send to a patient by telephone but not (without prior agreement) to an answering machine or to another member of her household. Most physicians would consider a sealed letter appropriate, but not a postcard. Similarly, encryption allows the protection of sensitive information within a digital envelope. Depending on the quality of the encryption applied, the contents are rendered unreadable to casual and, if properly implemented, even determined attack. Not all encryption software is created equal. Highly specialized expertise is required to evaluate the true strength of such software. PGP is considered "strong encryption" in the technical sense used by cryptographers to describe highly secure mathematical encryption algorithms.

Let me illustrate use of PGP to send a laboratory result to my patient Jane. I would first compose the message in my E-mail package. (Eudora Pro, a type of popular Windows E-mail software, works very nicely with PGP.) To encrypt the message to Jane, I use PGP and Jane's "public key," which she has previously provided to me. I send the encrypted E-mail in the same fashion as any other E-mail. Rather than traveling through the Internet as plain text, it travels as encrypted text. Jane receives it in the same encrypted fashion that I sent it. She then uses PGP and her "private key" to unencrypt my message. Note that PGP uses Jane's public key to encrypt a message that only her private key can decode. Figure 2 has the same content rendered accessible only to Jane.

[Figure 2 ILLUSTRATION OMITTED]

The signature in Figure 2 was produced using the physician's private key. It can be verified by anyone who has his public key. The "signature" is an authentication code added to a file or message, which anyone can use to confirm that the information remained unaltered during transit and truly originated from the purported author. Use of the signature also serves to indicate the sender's ability to employ the PGP software.

PGP is a good starting point for computer users concerned with the security of on-line information transmission or who simply want to learn more about secure transmission.