“Here is a quiz: Suppose that there is a one-in-1,000 chance that a woman in her 40s with no symptoms has breast cancer, and that 90 percent of the time a mammogram correctly classifies women as having cancer or not. If a woman in this group tests positive on her mammogram, what is the chance that she has cancer? The answer is not 90 percent. It is less than 1 percent, because of the large number of false positive results.”

My point wasn’t that SSL warnings are bad, as such. My point is that the false positive rate for SSL warnings seems to be high, so that the average user could be led to make mistakes of comission (blocking otherwise valid sites) or omission (turning off the SSL warning and then opening them up to fraudulent sites).

I’m not an expert in this particular area so I have no recommended modifications or alternatives. But the people who *are* experts should be designing such systems (including the whole certificate process) to reduce the false positive rate.

This article plus the comments provide interesting insights into the situation: http://royal.pingdom.com/2008/08/19/new-ssl-policy-in-firefox-hurting-tens-of-thousands-of-sites/

From one comment: “the whole point here is that inexperienced users are *supposed* to be scared away be the new error pages. Think about it: how can an inexperienced user tell the difference between a site that, while legitimate, just happens to use an invalid cert, versus a site that is trying to attack them?

This policy was known long before FF3 shipped and anyone using self-signed certs should have known that the world’s second-largest browser was heading in this direction. The key is educating and preparing users by letting them know how to install the self-signed cert beforehand.”

Care to elaborate on why you think SSL warnings for self-signed certs are actually a bad idea? Given what we’ve seen coming out as tools such as sslstrip, and the hacking of wifi hotspots, it isn’t clear to me why browsers are incorrect in not just sending a user along to a site.

SSL without cert warnings amounts to no SSL, which on public networks is a recipe for disaster.

What are yo proposing instead?

=============================================================

Breast Cancer: Radiologists Need to Do More Reading

Here is what has substantially changed in the clinical evidence regarding breast-cancer screening since 2002: The British randomized Age Trial limited to younger women under 50 and beginning at age 40 found a relative risk reduction of 17% and absolute risk reduction of 0.4/1000, but the results were not statistically significant (Lancet, 2006). Perhaps radiologists do not best know the medical literature, since the Lancet study has been cited six times in PubMed and 67 times in Google Scholar, but never by a radiology journal.

Furthermore, according to the 2006 Cochrane Review, about 10 women receive harmful overtreatment including mastectomies for pseudodisease found by “false true-positive” exams (not the false-positive evaluations) for every life saved. Finally, the relevant statistic with screening is not the lifetime development risk but the 5/1000 (0.5%) screen-free death risk from breast cancer for 40-year-old women over 15 years (Keen, 2009).

What is now clear is that the American College of Radiology knows that $3.3 billion is spent annually on mammography (The Wall Street Journal, Nov. 17). There is an obvious conflict of interest with screening mammography for radiologists and other doctors, including oncologists, which is a good reason for the USPSTF to be made up of independent experts using evidence-based methods clearly described in the Annals. I encourage my radiologist colleagues to read the study before condemning it, and to support informed decision-making regarding screening.

John D. Keen, M.D., M.B.A.
Brookfield, Ill.

=============================================================

Regarding the Dec. 2 letter from Dr. John Keen: I am a 60-year-old, board-certified radiologist who used to teach mammography. I got retrained at the ripe old age of 58 and changed careers again to specialize in PET/CT.

Mammography is the number one modality source of malpractice suits for radiologists. Many radiologists my age are discontinuing this public service (reading mammograms) because they are tired of dreading the lawsuit that could wipe out their retirement plans. A significant percentage of younger radiologists don’t even deal with mammography, mainly because of low reimbursement for RVU (relative value unit of work) and the malpractice exposure.

I can read a CT exam in the same time that it takes to read a four-view screening mammogram with comparisons. The CT evaluation typically pays two-and-a-half times the reimbursement received for reading a screening mammogram. I could read two MRIs in the time it takes to read one multiple-view diagnostic mammogram. The MRI pays about six times the mammogram reimbursement.

David S. Archie, M.D.
Memphis, Tenn.

=============================================================

Much of the argument against early routine breast cancer screening is related to the increased cost and morbidity of follow-up evaluations related to routine screening mammograms.
As an obstetrician-gynecologist I witness the high frequency of more in-depth mammograms, ultrasounds and biopsies that result from screening mammograms. I also witness how much needless anxiety and expense this causes my patients. I agree that the benefit of all of this follow-up testing is hard to justify; in the vast majority of cases no true abnormality is found. What is missing from the debate so far is why all the follow-up testing is being performed in the first place.

I would contend that most radiologists would agree that the majority of follow-up testing is done because of the high liability associated with reading mammograms.

The vulnerability of radiologists in reading mammograms is great; miss one breast cancer on a screening mammogram and a radiologist may be out of business. If the liability concern was eliminated from the equation in how mammograms were interpreted, there would be a dramatic decline in unnecessary follow-up testing and biopsies; this would allow mammography to resume its appropriate role as a screening test. This is another expensive example, to the detriment of patients and society, of practicing defensive medicine. This is also another egregious example of the glaring omission of malpractice reform from the current health-care legislation being considered in Washington.

Patrick J. Naples, M.D.
Medina, Ohio

=============================================================