encrypted, or after they are decrypted. If a telephone or computer used by either a psychoanalyst or a patient has been compromised, unencrypted data may be being copied to a third party by malware that has been installed without the user’s knowledge. Thus, even if ‘end-to-end’ encryption across the network is good enough, the security of the communication system as a whole can be vitiated by inadequate endpoint security at either end. A chain is only as strong as its weakest link. It is unclear whether it would be possible for anyone to make a telecommunications system that could absolutely guarantee privacy. In a corporate, military or governmental organisation, with strict regulation of hardware and software, it is possible to provide a relatively high degree of privacy. For example, clinicians who work in hospital environments or for large healthcare organisations, and who use only devices supplied and controlled by the organisation, are sometimes able to benefit from this. The fact that breaches occur regularly even in such organisations, however, demonstrates that the privacy achieved is still limited. Clinicians who work in relative isolation, for example in private practice, might in principle be able to achieve comparable results, but they would need sufficient technological resources, both they and their patients would need to maintain a rigid discipline in using their devices, and they would need to acquire a high level of specialist technical knowledge of computer security, which would need to be constantly updated. Psychoanalysts do not generally possess, and are typically reluctant to acquire, the technical knowledge they would need to establish or maintain such systems. Nor are our professional culture and practice compatible with the kind of social regulation that would be required to use them. Even if we could acquire and maintain such a system, it would involve a substantial financial outlay, and we would be obliged to subject both our patients and ourselves to extremes of discipline and control in using it. Patients would be required to set up, and presumably pay for, expensive specialist equipment, and to learn how to use it effectively. Perhaps the most serious difficulty for many psychoanalysts is that the discipline and control required would hardly be compatible with a psychoanalytic setting. Whenever and wherever modern telecommunications form part of the means of communication, the assurance of privacy historically afforded by the classical setting is therefore no longer available. 4.4 Loss of privacy in the classical setting Much of the above discussion implicitly assumes that the classical setting today is continuing to offer relative privacy in comparison with telecommunicative settings, but the extent and severity of the risk of eavesdropping even in the contemporary classical setting is uncertain. When analyst and analysand are physically co-present in the consulting room or office, and if one or both parties has a phone or other device in the room, or nearby, there is still a degree of risk. If a phone has been compromised by malware, for example because its owner has unknowingly responded to a 'phishing' message, it may be being remotely
19
Made with FlippingBook interactive PDF creator