From the strong-network/weak-transaction model hits the wall dept....
Cheers, Bob Hettinga --- begin forwarded text To: set-discuss@commerce.net Subject: Important UK court case Date: Tue, 09 Jul 1996 12:13:28 +0100 From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk> Sender: owner-set-talk@commerce.NET Precedence: bulk +----------------------------------------------------+ Addressed to: set-discuss@commerce.net +----------------------------------------------------+ At a trial in England yesterday, a judge decided that if a bank was not prepared to let their computer systems be examined by a hostile expert witness, then they could not even present bank statements in evidence. At least SET has been done right - I believe it is the first significant banking protocol to have undergone an open design review. I hope that there will be implementations that have also undergone credible scrutiny. I append a note of the case that I posted to our supporters. Ross Anderson ********************************************************************* John Munden is acquitted at last! At twenty past two today, John Munden walked free from Bury Crown Court. This resolved a serious miscarriage of justice, and ended an ordeal for John and his family that has lasted almost four years. In a judgment loaded with significance for the evidential value of cryptography and secure systems generally, His Honour Justice John Turner, sitting with two assessors, said that when a case turns on computers or similar equipment then, as a matter of common justice, the defence must have access to test and see whether there is anything making the computers fallible. In the absence of such access, the court would not allow any evidence emanating from computers. As a result of this ruling, the prosecution was not in a position to proceed, and John Munden was acquitted. John was one of our local policemen, stationed at Bottisham in the Cambridge fenland, with nineteen years' service and a number of commendations. His ordeal started in September 1992 when he returned from holiday in Greece and found his account at the Halifax empty. He complained and was told that since the Halifax had comfidence in the security of its computer system, he must be mistaken or lying. When he persisted, the Halifax reported him to the police complaints authority for attempted fraud; and in a trial whose verdict caused great surprise, he was convicted at Mildenhall Magistrates' Court on the 12th February 1994. I told the story of this trial in a post to comp.risks (see number 15.54 or get ftp.cl.cam.ac.uk/users/rja14/post.munden1). It turned out that almost none of the Halifax's `unresolved' transactions were investigated; they had no security manager or formal quality assurance programme; they had never heard of ITSEC; PIN encryption was done in software on their mainframe rather than using the industry-standard encryption hardware, and their technical manager persisted in claiming (despite being challenged) that their system programmers were unable to get at the keys. Having heard all this, I closed my own account at the Halifax forthwith and moved my money somewhere I hope is safer. But their worships saw fit to convict John. An appeal was lodged, but just before it was due to be heard - in December 1994 - the prosecution handed us a lengthy `expert' report by the Halifax's accountants claiming that their systems were secure. This was confused, even over basic cryptology, but it was a fat and glossy book written by a `big six' firm with complete access to the Halifax's systems - so it might have made an impression on the court. We therefore applied for, and got, an adjournment and an order giving me - as the defence expert witness - `access to the Halifax Building Society's computer systems, records and operational procedures'. We tried for nine months to enforce this but got nowhere. We complained, and the judge ordered that all prosecution computer evidence be barred from the appeal. The Crown Prosecution Service nonetheless refused to throw in the towel, and they tried to present output such as bank statements when the appeal was finally heard today. However, the judge would have none of it. For the computer security community, the moral is clear: if you are designing a system whose functions include providing evidence, it had better be able to withstand hostile review. Ross ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This message was sent by set-discuss@commerce.net. For a complete listing of available commands, please send mail to 'majordomo@commerce.net' with 'help' (no quotations) contained within the body of your message. --- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/