Not more secure to keep it shut than shown

John Munden is a very relieved man. On July 9th he was acquitted of fraud charges, brought after he complained of "phantom withdrawals" from his Halifax Building Society account. His case may, however, make everyone involved in electronic transfer of cash (or other measures of value, like shares) a bit nervous.

The Cambridgeshire policeman got back from Greece in October 1992, to find [UKpound]460 missing from his account. So he complained -- and says that the branch manager greeted him by asking how his holiday in Ireland had been, since one of the disputed cash machine transactions seemed to originate there. In February 1993 he was arrested at his own police station and charged with fraud for making false claims. A year later a magistrates' court convicted him.

But it was not the untidy details of who was where when which overturned his conviction. It was a fundamental question about evidence from computer systems.

In November 1994 an appeal judge ordered the Halifax to give John's defence team access to their computer and network security systems, to evaluate the chances of error or fraud. The Halifax instead commissioned a report from consultants KPMG -- but the judge was not satisfied.

As barrister Alistair Kelman puts it, "There is a presumption [in court] that mechanical devices work correctly, which is what the banks have relied upon. This case has thrown into question whether that presumption applies to electronic devices."

So should we go through our credit card statements, crossing off all the items which aren't authenticated by pigment signatures on paper, and challenge our banks -- "so prove it?"

Not just yet. The Bury St Edmunds court judgement does not bind other judges. But, as Ross Anderson -- the Cambridge University security researcher who acted as John Munden's expert witness -- says: "A fundamental of justice is that people are allowed to examine in the open court the evidence against them."

In any future case where an electronic transaction was challenged, a judge could issue the same Order. If the bank (say) agreed, the evidence would stand on the merits of its computer security. If it refused, the evidence would fall.

Ross Anderson invites us to consider CREST, the all-electronic London share-dealing system turned on a week after John Munden's acquittal. Academic cryptographers have offered CrestCo a "hostile review". CrestCo's Chris Piper says this "was a rather meaningless challenge -- the claim was that it would take 900 computers nine years" to break CREST's public-key encryption, which currently uses keys "more than 33 decimal digits long".

Much thought has gone into CREST: Chris Piper says it has "audit trails and message dispute procedures; we have two independent systems which we can use to audit and verify the authenticity of messages, one taking data from the communications system and one from the central system... Two independent parties can nominate up to three world-renowned experts."

But what if, just for nightmare's sake, some alleged money- launderer denied that share dealings had ever taken place and said the appointed experts wouldn't do, she wanted Dr Dorothy Denning? Next day: "On reflection, I can't see why it shouldn't happen, but it would depend on the case and the time."

There's clearly no love lost between academic cryptographers and the banks: some of the former suspect the latter of practising security through obscurity.

Brian Gladman, for one, has just left NATO after 22 years working in military computer security. "Going from the public evidence," he says, "the banks... cannot be as pristine as they claim... I hope that as a result of the Munden case there will be many more challenges to them." John Munden just wants his [UKpound]460 back, and he wants a bank account to put it in, please.

home

An edited and doubtless thus improved version of this article appeared in Wired (UK).

This version is © copyright 1996 Mike Holderness; moral rights are asserted.

W. Shakespeare, Pericles, Prince of Tyre Act 1, Scene 1