This is another campaign in which I've been involved. The Zergo/DTI
proposals on encryption make it sudddenly topical in medicine too
Ross
*******************************************************************
At twenty past two today, John Munden walked free from Bury Crown
Court. This resolved a serious miscarriage of justice, and ended an
ordeal for John and his family that has lasted almost four years.
In a judgment loaded with significance for the evidential value of
cryptography and secure systems generally, His Honour Justice John
Turner, sitting with two assessors, said that `when a case turns on
computers or similar equipment then, as a matter of common justice,
the defence must have access to test and see whether there is anything
making the computers fallible'. In the absence of such access, the
court would not allow any evidence emanating from computers.
As a result of this ruling, the prosecution was not in a position to
proceed, and John Munden was acquitted.
John was one of our local policemen, stationed at Bottisham in the
Cambridge fenland, with nineteen years' service and a number of
commendations. His ordeal started in September 1992 when he returned
from holiday in Greece and found his account at the Halifax empty. He
complained and was told that since the Halifax had comfidence in the
security of its computer system, he must be mistaken or lying. When
he persisted, the Halifax reported him to the police complaints
authority for attempted fraud; and in a trial whose verdict caused
great surprise, he was convicted at Mildenhall Magistrates' Court on
the 12th February 1994.
I told the story of this trial in a post to comp.risks (see number
15.54 or get ftp.cl.cam.ac.uk/users/rja14/post.munden1). It turned out
that almost none of the Halifax's `unresolved' transactions were
investigated; they had no security manager or formal quality assurance
programme; they had never heard of ITSEC; PIN encryption was done in
software on their mainframe rather than using the industry-standard
encryption hardware, and their technical manager persisted in claiming
(despite being challenged) that their system programmers were unable
to get at the keys. Having heard all this, I closed my own account at
the Halifax forthwith and moved my money somewhere I hope is safer.
But their worships saw fit to convict John of attempted fraud - which
made the national papers.
An appeal was lodged, but just before it was due to be heard - in
December 1994 - the prosecution handed us a lengthy `expert' report by
the Halifax's accountants claiming that their systems were secure.
This was confused, even over basic cryptology, but it was a fat and
glossy book written by a `big six' firm with complete access to the
Halifax's systems - so it might have made an impression on the court.
We therefore applied for, and got, an adjournment and an order giving
me - as the defence expert witness - `access to the Halifax Building
Society's computer systems, records and operational procedures'.
We tried for nine months to enforce this but got nowhere. We
complained, and an order was made the judge that all prosecution
computer evidence be barred from the appeal. The Crown Prosecution
Service nonetheless refused to throw in the towel, and they tried to
present output such as bank statements when the appeal was finally
heard today.
However, the judge would have none of it.
The damage that this ordeal has caused to John and his family has been
appalling. His father died of cancer, his wife tried to kill herself,
and he has not been at all well (these are the publicly known aspects).
However I hope that the verdict will start to turn things round.
For the computer security community, the moral is obvious: if you are
designing a system whose functions include providing evidence, it had
better be able to withstand hostile review.
For those engaged in the debate on encryption, another question is
this: what prudent man will engage a bank as a `trusted third party',
as proposed by the DTI report on encryption, to manage his keys?
Ross
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|