Your shout: NHS e-mail, password security and e-recycling

Computer Weekly readers have their say


Computer Weekly readers have their say

E-mail is a great way for NHS to make Contact

I wish to clarify a number of points in your article "NHS agency defends low demand for e-mail system" (Computer Weekly, 4 October).

The contract for Contact was awarded to Cable & Wireless on 1 July 2004 and the service was designed, built and implemented in 15 weeks. As well as delivering an integrated e-mail, calendar, directory, fax and SMS solution, the implementation migrated 12 million e-mails and 90,000 accounts over the course of a single weekend, maintaining business continuity for NHS staff.

NHS Connecting for Health would welcome comparisons with other examples of systems delivery in either the public or private sectors.

The article chose to headline on "low demand" for the Contact service, completely ignoring the fact that 42,000 new frequent users have chosen to take up the new service since going live - and this without any active marketing.

It also made reference to "compensation" being paid to EDS for termination of its e-mail service. No compensation was paid to EDS. As part of a mediated settlement the Authority paid EDS for assets which were reusable as part of entirely normal termination arrangements.

The contract for service provision for EDS did not require it to measure active users and the figure of 25,000 represents a "best guess".

Contact is already achieving performance levels rarely matched elsewhere. In September, availability of the Contact web portal was measured at 99.91%, and 100% for access via Imap (that is, via Outlook).

Instead of recognising the achievements of NHS CfH and its supplier in delivering the service in record time and to these levels of performance, the article gave an unfair picture of this part of NHS CfH's activities.

Will Moss
Contact programme head, NHS Connecting for Health

Computer Weekly responds:

We do not believe our article gives an unfair picture of Connecting for Health's Contact e-mail service. Indeed, we received strongly expressed reactions to our article from readers, none of whom criticised it, and all of whom made points that added to concerns about the structural reasons for the low take-up of the e-mail service.

Our article was balanced by extensive comment from a spokesman for CfH who pointed out there had been an increase in active users, from 25,000 under the previous contractor EDS, to 65,000.

Even so, the 42,000 frequent users CfH refers to is a tiny proportion of NHS staff - more than 90% still do not actively use the service, which raises questions about whether it is value for money. We note that CfH has not provided any figures of how fast it expects to increase take-up and over what period. We also note that the low take-up is despite Cable & Wireless having taken over the contract from EDS more than a year ago, in July 2004.

The CfH letter emphasises the performance of Contact, but the focus of our article was on whether most NHS staff will use the national system when they have local systems they seem satisfied with.

The figure of 25,000 mentioned in the letter was given to us by CfH, and the figure of £9m to EDS for cancellation of its contract to provide an e-mail was put to CfH before publishing the article, and was not disputed. If Will Moss will provide a breakdown of what was paid to EDS, for what, and how the figures were arrived at, we will happily publish it.

CfH says that we should have recognised the achievements of NHS CfH and its supplier in delivering the e-mail service in record time and to high levels of performance. But Computer Weekly in its articles reflects the views of our readers, and of our readers only CfH has written to us in praise of the system.

We await evidence to show that cancelling EDS' contract at some expense and bringing in Cable & Wireless to run the e-mail service has proved a wise use of public money.


Password system means that we all pose a risk

Regarding the recent letters on password security and staff ignorance of basic security measures, I think the point has been missed that the password system is basically flawed as it relies on humans.

Passwords offer a cheap and reasonably secure method of protection, but will never be 100% infallible. This is before you take into account the threats from Trojan key loggers, brute force password cracking, audio keyboard decoders that can now listen to what you type, and someone looking over your shoulder.

One thing people who devise security systems should remember, is the more complex the password, and the more frequently it changes, the more likely it is to be written down.

I must admit that I write passwords down. I also use the same passwords for different logons and I reuse passwords, but then I have a lot to remember.

I work in IT and have passwords for two PCs, 10 databases, six servers, 10 applications, plus some others I have probably forgotten. That is about 30 passwords, some of which change regularly.

Then I have personal passwords: three for my internet provider, plus Hotmail, eBay, the bank, credit cards, BT, Amazon, plus logons for bulletin boards etc, which amounts to probably another 30.

That is 60 before things like Pins, security keywords and the numbers to punch into the door to get into the office.

I am a security risk, but I do not think I am far from the average. I am not saying there is currently a better system than passwords, though a similar situation has arisen with phone numbers.

Fifteen years ago I could remember all the phone numbers I needed. Now I use my mobile phone to remember them for me. Perhaps the solution is therefore hardware-based.

What I do know is that the person who invents a cheap, infallible method of securing a computer will soon be rich.

Neil Deaville


Discover the modern art of recycling

David Viner asks (Letters, 11 October) how he can recycle his electronic copy of Computer Weekly. He should ask the Electronic Freedom Foundation, which for many years distributed its Effector electronic newsletter ending with the claim, "This newsletter is printed on 100% recycled electrons."

Steve Holden


Read more on E-commerce technology