Re: Part 2: System Structure

[Marcus Brinkmann]

At Thu, 18 May 2006 16:29:53 -0400,
"Jonathan S. Shapiro" <address@hidden> wrote:
> there is universal agreement that some form of
> digitally enforced disclosure control will be part of the technical
> solution.

Well, according to your first mails on the subject this means
necessarily some form of DRM.  According to your latest clarification
on the subject, it means something that is "reasonably diligent",
which does not necessarily mean DRM.  Even an outspoken pro-DRM
publication like "www.drmwatch.com" says that "we have yet to be
convinced, for example, that DRM technology applies to regulatory
compliance scenarios like HIPAA and GLB at more than a superficial
level", whatever _that_ means.
http://www.drmwatch.com/drmtech/article.php/3294391

It's interesting to note that in the one criminal enforcement of HIPAA
that Peter mentions, the case was about the abuse of patient
information which were accessed under authorization (the case of
Richard Gibson, a lab assistant).

Despite your impression otherwise, I have never proposed that any
information is disclosed to anybody involuntarily.  So, I find myself
in agreement with the words I quoted above, but I don't think we are
in agreement in spirit.  If the issue of contention is what
constitutes "reasonable diligence", I think that this issue alone
would widen up the discussion considerably, and a narrow view on
protection alone would not be sufficient.

Thanks,
Marcus