Sunday, December 21, 2014

Pharmaceutical Price-fixing

I use a nasal spray, for which I was given a prescription and told to use it every single day. When I was given my prescription with 20 repeats, it cost almost $50 for a bottle that would last one month. It was an unexpected lifetime mobile phone contract worth of preventative health care.

I saw it advertised on TV the other day, and wondered if it was actually the same thing, because it was an over-the-counter drug they were advertising.

I asked a pharmacist, and the drug has been deregulated, so no more need to organise trips to the doctor just to get more of the same.

Now for the point of the story: in being deregulated, the price has changed from $50 per bottle to $20. I don't know exactly the cause of this, but I can only imagine it comes down to less access to government money through people with health care cards, or something like that.

That's a bloody outrage, that is. We're not meant to have that American kind of system where insurance drives up prices.

There should be an inquiry into the effects of regulation on medication prices. I don't know if it would find that there are any practical solutions, but regulation should not add 150% onto the price of the medication.

Wednesday, November 5, 2014

Hey Bill, No Thanks, Love Tony

So, Bill Shorten is concerned that the new National Security laws might restrict freedom of speech and result in journalists going to jail for reporting on stories with a public interest...

Better late than never, I guess, but only marginally so. I can't imagine Tony Abbott will be all that concerned.

Tuesday, October 28, 2014

Australia: The Torture State

The following is a translation of an article about Australia's refugee policy from the original German version featured in Handelsblatt. It's a very interesting international perspective, which is enlightening for those of us who only see Australia from within the prism of our local, mainstream media's agenda.

Friday, October 17, 2014

Indelible email

Here's another idea for a form of secure messaging. This time, it's middleware for a secure email ecosystem.

The idea is to have businesses set up bitcoin wallets, manage the private keys, and to use bitcoin for email.

This would just be middleware to abstract bitcoin from users. On top of this would be a normal email server layer, where users can request their inboxes from the corporate server, with or without encryption and other features.

Using bitcoin for email would allow records to be created that could not be destroyed or altered, and would make compliance easier for businesses, and discovery (with subpoenas) easier for the courts.

With message sizes growing massively if this system were used, the blockchain messages could instead contain hashes of payloads located in parallel systems. Each business with a node, for example, could expose the payloads through web services, which would be encrypted so that only the recipient's public key could decrypt it.

I once wrote an idea for a client-encrypted email system, and the biggest criticism I could find of similar systems is that a user wouldn't, in practice, know it wasn't secretly compromised, no matter what protections were in place in the client. Using this corporate middleware that relies on the blockchain would solve those problems, at least for businesses.

Now, I've specifically said to use bitcoin, rather than a non-currency blockchain, because one benefit of this system could be requiring messages to have some payment made for processing of the messages. The amount would be set so that spamming would be costly, but normal email would cost little.

Emails could still be read and relied on pretty well without even being verified, subject to being revokable on discovery of a fraud within an hour. And any messages that are sent without payment could be ignored by the middleware as spam.

One challenge of this system would be how to communicate addresses. They could be actual bitcoin addresses communicated by text or QR code, but it seems like a more user-friendly approach would be to have a directory on each node, or to use TXT DNS records or something, so that normal email addresses could be looked up and converted into bitcoin addresses.

Anyway, thoughts on this system? Ideas for refinement of the idea, or criticisms of why it wouldn't work or is stupid?

Friday, September 26, 2014

I'm still here

Now that we live in a police state, we need a way to inform our loved ones when the secret police have taken us away subject to a preventative detention order to be held incommunicado.

Well, there's an app for that. Or there might be... I don't really know. But there could be, and here's how it would go:

Firstly, there needs to be a trustworthy authority for holding, though not issuing, public keys. A web of trust is suitable for the purpose, though using the blockchain would be more resilient.

Then, there needs to be an actual app.

The app would use your private key to sign a message. The message could contain your whereabouts, but that would be a risk of its own. Instead, the message could contain your whereabouts encrypted with the public key of 1...n trusted people. Actual content of the message, such as state of mind, e.g. "I feel safe" or "I think I'm being followed" could be selected from a list or preprogrammed into buttons.

Then, all that's left is to hit the button, which would encrypt the whole message with your private key, doing whatever digest stuff is necessary to be secure, and post the encrypted message to Facebook, Google+, and, if the message can be split up, to Twitter.

Now, you can't expect to oust the plain text message asking with the encrypted message and expect anyone to verify that the encrypted message is valid and matches the plain text message. That's why only the encrypted message would be posted.

To make the system functional, the app would allow the use to follow other people. Their encrypted messages would be downloaded and decrypted using relevant public keys, and the messages would be logged in the app.

From there, it's a simple matter to alert the user when friends of the user haven't checked in for more than a day or so.

So, if you're reading this and give a crap about civil liberties, and know about infosec-related programming, and want to help me out, or just give me opinions, advice, or let me know that this has already been done, then leave a comment or tweet at me @dcrafti.