Archive for February 27th, 2008

Take my life! Please

February 27th, 2008
I received a nice letter from the Blood Board informing me that I was one of those whose peronal records were on the laptop stolen in New York recently. While I sympathise with the IBTS and all the people involved, I suddenly find myself dubious about the potential security offered by 256-bit encryption keys. For example, I wonder where the key was stored or how it was accessed.

On behalf of the IBTS, I would like to notify you that a laptop that contained securely encrypted donor records belonging to the IBTS was stolen when a staff member of the New York Blood Centre (NYBC) was mugged in New York recently. Your personal records were on the laptop. These records comprise your name, address, date of birth and donation record. I sincerely apologise for the concern this must cause you.

The data was in New York because we are upgrading the software that we use to analyse our data to provide a better service to donors, patients, and the public service. To do this we have engaged the services of the New York Blood Centre, a public service blood bank in the USA. These records were given to the NYBC to customise their software application which will help the IBTS use all of the information contained in our computer systems in a more efficient way.

We are always aware of the potential for data loss, and took all measures to ensure that state-of-the-art encryption was used. The records were on a CD that was encrypted with a 256 bit encryption key. Those records were transferred to a laptop and re-encrypted with a 256 bit encryption key. This represents the highest level of security available.

I would like to assure you that the possibility of anyone breaking this encryption/security system is extremely remote. When you consider that the normal PIN we all use to access bank machines etc is a four character code the code on this laptop is thirty five characters. To our knowledge there has never been a report of a successful attack against a 256-bit encryption key.

I would also like to assure you that we will continue to take every measure to protect your personal records.

I also received a letter reminding me that there is a clinic in the Kilmurry Lodge on Thurs 28th Feb