 Okay, so he's an integrated citizen and knows his way around IT security and data processing. Okay, and here's the talk. Thank you. I'm glad so many people are here at this late hour. So this talk is about your health data records. It's more safe than online banking. Well, let's have a look if this is actually the case. So Vivi, maybe some of you have heard about this. So a couple of months ago, this showed up as the electronic health record. You can exchange X-ray pictures. You can track which vaccinations you've taken. So all these health-related information you can exchange with Vivi. And you can send documents to your doctor and the doctor can provide health data, diagnosis and so on to you. So these are three screenshots of this iOS and Android app. It was published on the 17th of September at a large media echo. That was because so many private and public health insurance companies was adopted by this system. So 13 million insurers, more by now, basically paid this app in the end. So typically this costs about five euros per month. But the insurance companies basically pay this for their customers. One day after the release, there was another large media echo regarding privacy issues with this app. So somebody looked at this app and it turns out that telemetry data is sent to different servers in the US and Singapore. And well, this isn't really kind of what we want to hear from an app that has health record data. So that was when I got interested and downloaded this app to have a look at it. So this is the result. A month later, this was the result, even more news coverage about all the security issues. Patient data in danger, serious security issues. And together with Thorsten Schroeder, I published my work. So we're going to have a look at the things that went wrong in this VV app. So VV is mainly for exchanging documents between a patient and a doctor. So the patient has a smartone, has some X-ray pics, various documents and wants to send them to his doctor. This goes over this VV cloud platform like this. So I send my documents to the cloud. VV generates a session. This is a five-digit session ID made from lowercase characters. Okay, a few already got it here in the audience. I'll continue for the rest of you. Okay. And now the doctor gets this link maybe by email, fax, telephone personally. And the doctor can then look at this document in this session. So because a lot of people left here, okay. So five-digit session ID, that's not really kind of the level of security people want to see here. So five-digit IDs from lowercase letters, you can basically brute force them in one day. Up by hand, obviously, you write a small script and then you run this. And just to check if there's a document. And yes, indeed. So when you actually find a session ID that exists and then you get this here as an answer. This is a set of metadata. So the name of the insured person, address of the doctor, age, gender, language and so on. Metadata. But of course, I mean, this is still data you don't want to have public, right? I mean, especially if you go to the doctor because of a sensitive topic, say an abortion or just anything related to reproduction or maybe if you go to a psychiatrist. So basically everyone can look at this metadata on this VV platform. If I want to actually see the document that was transported in this session, I actually need to enter a four-digit PIN. Okay, so I see I don't really have to explain this. How many tries do you need? 1000. Yeah, right. So 1000 tries and then I got this document and then I got this. I only have to be faster than the doctor and then I have this document. Okay, there were more problems. So phishing, for example, you don't really expect this in a health app. So it allows to exchange documents between an insured person and a doctor. So we see here an invoice, two invoices and a prescription from a doctor. And if I open the lower invoice, then what happens here? Oh, I need to log in again. This actually happens a lot in VV. So that's a security feature. It expires fast. But in this case here, when I enter a password, it actually doesn't go to VV, it goes to me. So it turns out I injected HTML code in this web view and basically could build anything I wanted in here. So yeah, phishing is really not what you expect from this health app. Thank you very much. If I got the password, I'm still not in the app because it's a two-factor identification. Yeah, you pros with you know that phishing in a two-factor identification doesn't work that easy. I don't have it yet. If I don't have it yet, I get a following request, HTTP. Here's a password and a code. It's a TTP code. I need that code. If I don't have it, what do I do? Oh, let's try. Brute forcing, big topic. It's as simple as that. But all metadata of this platform are open. I could circumvent two-factor identification, but this is not the end, it'll go further. VV has an end-to-end encryption. If I, as a user, send my documents directly via the air, the doctor opens this in his browser and this browser generates a key in JavaScript and it's stored in the browser. The browser sends this key to the patient, on the app of the patient. The app uses this key to encrypt the document and then sends it to the doctor, okay? Problem is, this is in local storage in the browser if anybody in here knows what this is about. And browser apps are cross-scriptable, attackable, and VV was attracted by three different... All I had to do is send a link to the doctor and if he clicks on that link, I get his air in a key. I got 15 data of high-critical content. I published that together with Thorsten Schwerer. He just presented himself. Thank you very much for that because coordinated disclosure. Thank you very much for that. So this is how it should have been done. We, on the 17th, that was published on the 21st, we found the first security at Kitsch. There was a telephone conference next day on the 22nd. We had a meeting for this later with Vivi and the Alliance. And on the 3rd of October, we had the final talk. And the reaction of Vivi to our publication was, a real risk for the data is not perceivable. At no point. I think you guys are going to see it differently. NetPolitik.org published this and said the makers to publish false data or fake news and everybody said no, it wasn't me, I can't do that, you can't do that, it's not true. At least there were some people, at least at NetPolitik.org, that published what happened in the background. Vivi was trying to correct reporting from this and correct the contents. The HHS was called by a crisis PR manager and tried, did we practically test brute force and then he was trying to threaten us with juridical consequences. From our point of view, we really tried proper disclosure, follow proper disclosure rules and I'm going to go on like this. Every Vivi has realized that it doesn't work that way. And this is the way it should be done and not as the way they see it. What lessons, how many people believe that within 24 hours all the faults were corrected. I looked for you, I looked for weeks ago, there was a funny, no not funny, it's an attack, no you shouldn't say call it funny. Send a document as an insured client to the doctor. I can send him a malignant document and see what happens. And that document, the JavaScript has an applet and it will run the applet and it will send other documents to me. That is critical from my point of view. Within 24 hours, let's see on the one hand, the attacker and he says, the attacker says is a Vivi user, the browser on the right side is the doctor and he's waiting for the link. I have to show this as a video, I have to change the app here locally, sorry where's my video app, here it is, here we go. The doctor enters his session ID, now it's not four, it's five digits. Now they've corrected, he enters his pin, I'm a malignant user, I give him the pin, he loads. Now he opens the document in the browser, what happens? The document concerns the JavaScript applet and it just took Peter's diagnosis and sent him to me. All two, it all happens in the browser of the doctor, I'm still the attacker, no, not corrected. Okay, so something else that works, so one thing they fixed, you can't really just grab the key, it's now read protected, but it's not write protected. Of course I can just overwrite your private key with that one of the attacker, because in the future, if I ever get some documents, I can decrypt this with my key. That's a problem with end to end encryption without identity management for the doctor without being able to identify the doctor. This way I really have to accept every key I get, I can't verify the authenticity. So what, there's thousands of broken apps, why is VV interesting? So let's have a quick look at this e-health law, it was passed in 2015, so this introduces the kind of video doctor's appointment in 2017, in Baden-Württemberg, this actually exists. Visit your doctor by video call and actually also get kind of remote treatment. In 2018 we had the Bundeseneinheitliche Medikationsplan and in 2019 the first electronic patient record should be available and by 2021 it should be available everywhere. So the electronic health record exists since 2004, insurance companies may actually use this, it runs on the existing infrastructure and doctors may use it but must not and the electronic patient record needs separate IT infrastructure as a minimum requirement and it's also mandatory to support for doctors. This is starting in 2019. So there was an update this year for this e-health law because IT infrastructure and health card, it's not really running smoothly so we need to do something. So our minister of health said tablets and smartphones, that's the way we want to access our health records and this Gesundheit's card is old fashioned. So he also said online banking is kind of a good example in terms of security and all these changes, we can't really afford to push this out any longer. In three months this all needs to be ready to standard. So this is the background and VV is kind of the test case of the insurance companies for this electronic patient record because both the public and private insurance companies are interested in a lot of users using this because surely there will be also savings related to introduction of this infrastructure. So what? I mean so we looked at VV, now how about some other competitors? So there's a CGM live Vita book, that's kind of the dinosaur and then there's the TK safe that's still in beta and also regarding kind of the video doctors appointment, there's a doc direct and made by doctors themselves, there's mine arts direct. So who can do it better than VV? That's a question I asked myself, okay so kind of one quantitative analysis here. So Vita book exists in 2011, I already have experience here, they were the first customer of Microsoft cloud Germany. So they have privacy and data protection on the highest level. So this is what it looks like, this is Susanne kind of a test account, you can look at it here. Same with VV, I can save documents here, share documents with the doctor, enter my data, information on vaccinations, I can manage my whole health with this. It's called a health account. So kind of like a checking account but for your health, okay, well so in 2018 you don't expect this but okay SQL injection, you can access unencrypted documents, you don't have yeah unencrypted, you have unsalted SHA1 password messages, yeah so serious data leaks. So if you test this and log in, there are test documents, where do you take test documents from? Well you photograph them from your desk. So for example, the emails that are lying on the desk of Vita books employees here about security in the app, okay, yeah so this is kind of some findings from ITSec analysis and well yeah, so Susanne has this document for you. So Vita book, flatlining in terms of security, yeah okay so never mind Vita book. One thing interesting here, they were the first one who retweeted Vivi, yeah so here look at Vivi, yeah you shouldn't do that, yeah I mean we weren't really about Schadenfreude here that was kind of another intention, okay yeah so typical tech startup, I think that's a foreign system manager, not sure, I mean that's just speculation, well typical of them, never mind okay so let's see, let the doctors do it, they know how sensitive this data is, I mean they also, they are personally at risk if they disclose patient information, so let's see what happens when doctors co-sponsor such a development, okay so there's Mind House Arts Direct, that's a general practitioner that started this project, so if we don't develop the digitization of our world as doctors, we lost, okay so let's see what this doctor is doing, so this is Mind Arts Direct, this is what it looks like, so I try to access an invoice here, it's forbidden since obviously I can't just access other people's invoices, I mean I just wanted to see if I can view this, view ID 1 as you can see in the URL, okay so okay what if I don't want to see this in the browser if I want to print this, oh there we are what's that, okay never mind let the professionals try it, we're building it ourselves, okay teleclinic, okay so it's the board of directors is one doctor, one IT specialist, lots of money behind it, the state Baden-Württemberg, that's here the video doctors appointment here, okay so you can try this on DocDirect, okay that well not with real data I hope, okay so login, I want to talk to a doctor, get a diagnosis here, okay here I mean those insurance companies here also support this, so we have maximal data protection and prevent abuse on every level, we have a four stage security system which offers the highest data security in Germany, applause please for teleclinic, okay so if I want to change my password at teleclinic it looks like this, you have in red here my user ID and in yellow my password my new password and I sent this HTTP request, okay so I asked myself what happens if I change my user ID here, oh yeah your password has been changed, this isn't funny, this is the highest data security standard in Germany, yeah small people let the big guys do it, the really big guys, you know the people that have the money the big company, yeah let's we can laugh about the small companies but let's look what the big guys are doing, take a safe, good example, take out of end to end encryption, I didn't look at it, here's your key, the key is generated within the app for the user, if that key disappears or you lose it, access should be barred completely, if you lose your handy, if you lose your handy all your data is gone so you don't want that, so you export that key, we're not that good with key, do we know exactly how to handle passwords and keys, this key we got to export and save somewhere how do you do that, it's as a QR code in your gallery, oh yeah in the gallery, here's the path, that's an android screen, there's the QR code, yeah that's in the public gallery on your handy, oh Google pictures will have it and all the other apps can, if you replace the key with a passport and it says please store your password in unsalted clear text in your gallery, this shows how difficult it is to implement this, it's only beta, they're not live on it yet, you can go and try it, you know small errors happen, let's go to those that people that have been around for a long time, compute group 5000, people 6 million, turn over in 55 countries, they got a platform, these people got to know how to handle it, it's a secure medical cloud, many different apps run here and use the CGM cloud and exchange data via this, some of these apps use to factor authentication, if you're with AXA with this insurance, I'm privately insured at AXA, you should know, don't show who it is, you need an authenticator code, yeah you can't brute force it that, it's a platform, maybe I use AXA but I could use somebody else, I go to CGM, I use CGM live for access and I don't need to factor identification, that's a bit stupid, I mean what's the use of having two doors in a house, one is saved and the other one is just open or you can open it with a single key, that's the same happens as with VV, probably VV copied from them and not because they're the only ones, I can six digit pin, I get a six digit pin, I give this pin to my doctor and the doctor uses then his six digit pin to access to my file, six digit pin is brute force pretty easily, okay here we go again and I got all the access to the health data and take it all off, okay there's another parallel, the big problem of this platform is it makes everything properly and run, it got an elliptic curve, encryption implemented, AI is on the client side, there's no password exchange via the cloud, I just send my email address, I get my public key back and oops, why do I get a secret code if I just send my email, it's a key derivation secret, I got a key derivation function, I give my password, I give my secret that I get here, oh I get client side offline my private key, wow access to all that, if I got the proper, if I took the proper password I get my private key or the other guy's private key and I log in as him and if it's not right I'll have to try again, if I'm not Mr. Maya I just try as long until it works, I got his public key and I have a secret, I don't have to, I can do it offline, download it, excuse me and they patented the whole thing including that error, don't copy it, it's not worth it, I looked at if it's relevant, oh they took Dropbox, oh online banking, same, same and I took all the email addresses of the Germans I found there and I found who's recorded with CGM, I took a dictionary and let's see how many passwords I can take out of there and they're not very creative, I would have expected more from the Germans that are so high-nosed with their 3% of all Dropbox users where CGM uses and I had them on my little notebook three years ago, I could handle that, I mean this is only an example, we sort of looked at, no not yet, they're not quite as they say that, oh there's the prescription account, that CGM bates as well, there's Dr. Tileklik, the TikaSafe, all those, they're all not quite make it and we still don't talk about online banking, sorry, okay so what I mean there's no perfect security you will never reach that so I mean you have to you know this is a numbers game, you have to look at the probabilities so let's look at the numbers I mean companies like CGM they have to publish risk so there's IT processing risks that's in their financial reports so the customers of us use our products to manage very sensitive information about their own health so if there are security problems this could lead to damages we need to pay and so on and so on so it's a risk for CGM because there's financial damages so let's see towards the customer a paramount priority security is everything that's what they tell the customer and here they say we expect four million euro of damages per year on average and well the highest we could go in a year 18 million and with 5% probability there's a higher unexpected risk so I mean it could be that their whole IT goes down a drain IT goes down a drain but it's also possible that all the stuff goes public so I mean let's just take this 95% and see what happens in one year 95% probability you're safe second year 90% third year 86% the problem with health data is they're around for a long time and I mean I can't really change my health data you know if I had a hereditary disease back then then I still have it today right so except of course the future brings a definitive solution to my ailment but so after 50 years I have an 8% chance yeah so I mean that's not really what we want so but maybe these 5% are just unrealistically higher or maybe that's not also just patient records public or maybe they made a mistake let's have a look at the US so in the US on average per year 30 million patient records were stolen and those are just the ones that had mandatory disclosure so yeah that's 10% of the US population I mean I just estimated 5% before so I mean that's a reasonably close then we have Norwegian in 2018 so it's not just the Americans here we have a 3 million affected documents this year yeah so you're now very well known towards an unknown attacker in terms of your health records then in 2016 there was another case here two CDs with with almost all medical records of the Danish population accidentally went to the Chinese visa ministry in Copenhagen well I don't know if they actually sent those CDs back but maybe we should double-check that okay but we're in Germany here so we can just test this we can certify this we can create new standards so do these certifications help these here are all from the apps I've just shown you so we have various certification agencies here to trusted privacy then there's the ministry for data security of a Rheinland Faltz and so on and so on so apparently certificates can solve the problem okay so they might be good for something but not that they're no bugs let's go back to Vivi they had they got certificates got an example and a two certificates two different pen tests from two different companies I did not this don't those unpublished I couldn't tell well they got two again complaint pen tests and after that as we had that was the result was what I showed at the beginning all this certification blah blah for nothing and now what do we do now basic problems all electronic health apps that take and keep security is is is bad for concurrence you have to certificate it they can most of them used to turn it to think there's no proper architecture if you have to go and if you if you report security you found there is no proper security responsible on the side of Vivi all the apps that I showed to you now there has there are no disclosure procedures if I hadn't if I hadn't recorded in myself nobody of you would have known that if I'm an attacker I won't make it public and now in 2019 the patient data specification it's online since a couple of days it should be completely safe specs in three months they will add specs for mobile and tablet look into those they should really be safe hmm who knows it's not relevant basically if why should I offer a patient if I can you if you can offer a health paper and I don't follow all these Vivi's is a it's a health act and not a patient act that nobody will realize the difference but if they follow two different laws and have two different security specs this is not this is not bank data I can't have a risk analysis and say okay I'll lose 18 million pay those and forget that it's okay you can't do that health health data are permanent you lose them or they make public then Europe there is there is no secure long-term storage place for that if you're infected with certain diseases you can't there's nothing now as I as I showed this is not a financial but it's a generation it's a social problem we don't have no information if there's anything happened there to now but if I if I save my health data in the app I can inherit that to my children Professor Bucher from Darmstadt two weeks ago that's a cryptologist in Germany I just published we just published the fact there is no safe data storage available that will keep safety for 20 years all encrypted data that you collect now that is a that's a long term broad problem if I collect all your health data they they they have the same value 20 years later on if I collect bank data today in 20 years nobody cares about them that's not me that's professor Johannes Buchmann of Darmstadt and if he says that he should nobody's talking about about the future the newspaper world developed a sphere of data misuse patient must know that data misuse is not only punishable by law but really difficult to do whoever if whoever does not want to join who she whoever one does not want to join should not have disadvantages but will not be treated quicker or faster and the resume is if you a long-term lack of confidence will result in in lower quality of medical treatment now there's a lot of positive things to be said about electronic data I can I can follow the I can story it all together I have it all and the one I can I can avoid a lot of problems there is a lot of advantages for such a digital act and if you decide that you do not want for your kids such an act do you have do you have the responsibility that your kids will wait longer or have a less qualitative approach to the health if 90% or 95% of the population uses this health app and you don't and it's it will be your disadvantage and that is the reality this is the end of the talk are you you have more questions I just wanted to show what it is what's coming and I want to start the debate now because now we can see the influence and we can still enforce some kind of update to the law or whatever not we can still write to our representatives we can still fight back and we can still think about what happens to society where all health information is opening is that what we wanted this is what we do here in general at the Congress go ahead questions suggestions I'll be pleased are there questions from the Internet? there are questions from the Internet so with that from the beginning so so about using Vivi and how does it work there with identification systems and or can you use a throwaway email address or something so with Vivi you need to record a video of yourself with your actually photo ID and you know I have a twin so I wanted to test this with him so and basically the doctor then checks the data on the photo ID and and records this in the VV system there's also different methods for different insurers so I have a question here so this awesome software how much did this cost Vivi so Bitmark develop this was I don't actually know but this would be a project for Fragtenstadt okay microphone eight hello so I just wanted to give a comment over I phrase it as a question so a few talks ago we had this images used by metric identification you think I might we missed my data splatter then the way in the from in the dotten schleuder we need to publish those images of famous Mr. I mean we really need the patient record of a minister so this is my question can we do that yeah probably not this one be well respected in society at large I think so but I mean other people have another opinion on this but yeah microphone for the in the last time we had news articles in the last few days that miss Dote bear that the the problem of digitization in the health care system there wasn't OECD report where we came second last and the problem is data protection and kind of we knew we need to remove barriers there I mean we can say we compare Germany to the rest of you because we all have the same legal framework in terms of privacy so I don't really understand argument ever everybody has kind of plays in the same ball court here and as I said North Norwegian they had this problem so yeah I'm not sure about reducing the privacy here I think the opposite should be the case next question from the internet so you just talked about public insurance companies how about private companies actually there were a few private ones teleclinic for example I mean yeah they have the kind of on-site doctors of companies VV teleclinic CGM data point they are both private and public health insurance companies and they work with private insurance companies together so do a little bit more research there okay microphone free so it's their possibility to do something with a reader and the health card I mean everybody of us has this chip which could manage keys and I mean couldn't we build something on the basis of this secure authentication system that's a good question I mean yeah we have a trust anchor this card that actually already has a private key on it yeah so the problem is of course you don't have an USB card reader that you can attach to your smartphone and the idea is that you can do it with your smartphone just like online banking otherwise nobody's gonna use it then there's no benefit to the health insurance companies okay so another thing in the current version of the standard for a few days I think it was a week ago so the electronic patient dossier is specified like this that the access is only possible through the electronic health record but of course nobody's ever gonna use this except a couple of weirdos that yeah attach their card to the PC and run an Android simulator so nobody's gonna use this so basically they already said that up to March 2019 there will be an update and that's a patient health record 1 point version 1.1 and it's going to be specified how you can access it without this e-health card and yeah so but the problem is the only safe way to do it is with this health card they're gonna be providers like Vivi we're gonna say well we can do it without the card so you know just come to us and then the majority of in in short patients will use the easy way so yeah it's it's really a competitive disadvantage the the safe specific case specification variant will not be used microphone six okay so a comment it's going to be interesting when quantum computers exist that have enough physical qubits to actually simulate real qubits in a in a realistic way so that we can actually brute use brute force attacks on different encryption standards yeah so it's going to be a really interesting to have keep data like this secret I mean especially if you've seen reactions like how slow these issues are taken care of so as soon as it's public that that the quantum computer exists that can crack this encryption we need to switch to a different encryption scheme that's safe from quantum computers yeah I mean sure you need to fall back on to quantum safe crypto obviously I mean we had an introductory talk I mean who was there actually maybe that guy can answer a question the problem is in we can't really say if now Gordon we have today still is safe in 20 years even if it's a quantum safe crypto algorithm so we really need an idea how to save patient records for 20 years into the future and I think we should think about the distributed storage system is splitting up documents I don't know how exactly this could work but I've read a paper about this yeah I mean so there are approaches without changing the cryptography that might still make documents secure for 20 years and beyond the problem is the specification requires a central data storage microphone 5 so you mentioned the general data regulation policy and the financial risk so how many affected people need to actually take legal action or maybe join a class action or something with for privacy issues so that the companies really get hurt financially so they change something so this is actually not my area of expertise but yeah I can't really say anything maybe someone from the audience knows this the problem is how do you put a price tag on the damages I mean there's no personal kind of risk for that that your data gets public and then there's something 10 years down the road that that happens to you that's bad I mean how can you prove this in court how can you put a number a dollar number on this yeah I mean so yeah when your health record is now public for maybe the next 70 years of your life or so depending on how all the gap so with the issues you discovered in these apps you there probably it won't be we don't have to wait for 20 years until the data gets public and this statement there is no no medium to save documents safely for 20 years into the future that's based on a centralized data system and all these management system we have now for for data you can make a very similar point and I mean I'm surprised we think in terms of 20 years yeah so these 20 years I got from a newspaper article so maybe you should actually check the literature so for the moment the documents are distributed between all the doctors and clinics and so stuff is being leaked from one or the other place but but if we have a centralized storage then it's really more easily attackable if it's all in one place and yeah it's also gonna be used more and and there's a single place where I can actually steal a whole lot of documents or where was this question going so you mentioned CGM they have several competitors that they bought and they offer to their doctors that they can convert data from the other products since they don't offer those anymore and then your data basically from the doctor gets converted so there there is already it's somewhat centralized yeah the problem is of course this is not very public yet where leaks actually happened I mean the thing that I showed from the US those were all cases where it was legally required to report this and in Germany we haven't really heard a lot about this microphone for so these health data records should be used for research in a pseudonymized form can you say something more about that I mean I didn't put it in the talk that's kind of a whole topic on its own well VV also saves data in a pseudonymous code but since your two-factor authentication code with that yes so basically when you log into VV it also logs you in into your pseudonym account so there's a shadow profile to every real profile and you're logged in two times and so yeah with your device with your token so on sides of the VV platform it's really easy to to identify you again so you really have to trust the service provider here then there's the idea that you can actually kind of donate your data maybe that it can even be enforced legally to provide data to medical research I thought the exchange of encrypted documents or just sensitive data was solved in the places I can look into we manage to exchange data safely I mean my my C file software can do this why why can't doctors do this is there maybe a solution that doctors could use that we can propose to them I mean I don't know about post quantum cryptography and and what they can do in Nevada but yeah the problem is specification is not always that which is implemented I mean for VV there's a white paper where everything is specified nicely but but it's not necessary the thing that was actually implemented so they don't actually check that it was implemented the way it says so in the white paper and so what was the question again is there an alternative we can offer the doctors now to exchange documents with the patients it's very very difficult try to have it as decentralized as possible I can't really recommend anything I mean print it out and and and fax it to them yeah I don't know the problem is you know he's right so if we have end to an encrypted maybe with PGP then you need to exchange keys you need to verify the keys this needs to be automated somehow and well I mean this is missing now so we have the IT infrastructure for the doctors now there is identity management on the side of the on the patient and there's the electronic health card but nobody wants to link these two things because there there's no utility number four what's the difference between health data and patient data so the health record and the patient record so so when you have a patient record the doctors have to save it in that the health record uses optional so another question to Vivi so the private key was saved in in as a read encrypted read protected in the browser of the doctor so the web crypto API allows you to mark a key as exportable or not so there's an object it prevents access if as long as the JavaScript engine is implemented correctly so you give your data in there and the engine does that crypto yeah so you have an object and you have a method encrypt and decrypt but you can't access the key okay want to share an idea here that's not really on a technical level but yeah so all health records are sensitive especially things like abortion as I said or my HIV state or psychological disorders and I mean an idea would be to that we ex-network with interest groups that actually are in these domains just to kind of see what they want or what they have I mean technically in the end this type of information is going to be public and it's more question of how as a society will we deal with it when that happens this is actually what I want to say with my talk so we have I mean the technical things I've talked about but we as a society have to ask ourselves how do we deal with this okay another question so another comment so about a year ago I got a mail from CGM I found this one again so from a doctor I got a link it's HTTP first of all and I was supposed to enter my personal information on this site and I said well I'm not actually gonna do this I mailed them I would rather have HTTPS and I got a answer regarding the encryption so so they said they have an internal secure connection and data is transferred in encrypted form and that's legally required so that's the answer I got yeah interesting comment yeah so that's the kind of quality we can look forward to