Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

John Munden is acquitted at last!

70 views
Skip to first unread message

Lawrence Kestenbaum

unread,
Jul 8, 1996, 3:00:00 AM7/8/96
to

I don't know how many Wordslers were following this case, but the
following is really excellent news.

John Munden was the English police constable who found six apparently
fraudulent ATM withdrawals on his statement and reported them to the bank.
The bank, taking the position that "the computer is always right," had him
prosecuted, and despite Ross Anderson's expert testimony, he was convicted.
Now that conviction has been reversed. Details follow.

Oh, "the Halifax" is the bank. And the ATM was so insecure that a person
observing you typing your PIN, and retrieving your receipt from the trash
for your account number, could easily make a fake card and do withdrawals
as "you". No cameras, either. But read Ross's files for the exact
specifics.

---
Lawrence Kestenbaum, pol...@intranet.org
(posted from another account)

----------------------------Original message----------------------------

Subject: John Munden is acquitted at last!
Date: Mon, 08 Jul 1996 18:12:08 +0100
From: Ross Anderson <rj...@cl.cam.ac.uk>

At twenty past two today, John Munden walked free from Bury Crown
Court. This resolved a serious miscarriage of justice, and ended an
ordeal for John and his family that has lasted almost four years.

In a judgment loaded with significance for the evidential value of
cryptography and secure systems generally, His Honour Justice John
Turner, sitting with two assessors, said that `when a case turns on
computers or similar equipment then, as a matter of common justice,
the defence must have access to test and see whether there is anything
making the computers fallible'. In the absence of such access, the
court would not allow any evidence emanating from computers.

As a result of this ruling, the prosecution was not in a position to
proceed, and John Munden was acquitted.

John was one of our local policemen, stationed at Bottisham in the
Cambridge fenland, with nineteen years' service and a number of
commendations. His ordeal started in September 1992 when he returned
from holiday in Greece and found his account at the Halifax empty. He
complained and was told that since the Halifax had comfidence in the
security of its computer system, he must be mistaken or lying. When
he persisted, the Halifax reported him to the police complaints
authority for attempted fraud; and in a trial whose verdict caused
great surprise, he was convicted at Mildenhall Magistrates' Court on
the 12th February 1994.

I told the story of this trial in a post to sci.crypt on the 14th
February 1994; this is now archived at ftp.cl.cam.ac.uk as the file
/users/rja14/post.munden1. It turned out that almost none of the
Halifax's `unresolved' transactions were investigated; they had no
security manager or formal quality assurance programme; they had never
heard of ITSEC; PIN encryption was done in software on their mainframe
rather than using the industry-standard encryption hardware, and their
technical manager persisted in claiming (despite being challenged)
that their system programmers were unable to get at the keys. Having
heard all this, I closed my own account at the Halifax forthwith and
moved my money somewhere I hope is safer.

But their worships saw fit to convict John of attempted fraud - which
made the national papers.

An appeal was lodged, but just before it was due to be heard - in
December 1994 - the prosecution handed us a lengthy `expert' report by
the Halifax's accountants claiming that their systems were secure.
This was confused, even over basic cryptology, but it was a fat and
glossy book written by a `big six' firm with complete access to the
Halifax's systems - so it might have made an impression on the court.
We therefore applied for, and got, an adjournment and an order giving
me - as the defence expert witness - `access to the Halifax Building
Society's computer systems, records and operational procedures'.

We tried for nine months to enforce this but got nowhere. We
complained, and an order was made the judge that all prosecution
computer evidence be barred from the appeal. The Crown Prosecution
Service nonetheless refused to throw in the towel, and they tried to
present output such as bank statements when the appeal was finally
heard today.

However, the judge would have none of it.

Many thanks to all those who helped, and especially to guys like Brian
Randell, Chuck Pfleeger and John Bull who wrote in to the Chief
Constable and pointed out that the original judgment was patently
absurd. It was largely due to their letters that John was suspended
from the force rather than sacked.

For the computer security community, the moral is clear: if you are
designing a system whose functions include providing evidence, it had
better be able to withstand hostile review. This is understood by
designers of forensic systems, and the value of hostile review is also
well known to the military and the utilities. But with one or two
exceptions - such as SET - the banks are just not on the same planet.

Ross


PS: now who would want the Halifax to be their `Trusted Third Party'
and provide them with a `key recovery service' in line with the recent
DTI/GCHQ proposals?!

roy_jaques_-_ens_benelux_-_system_technologist_28704

unread,
Jul 9, 1996, 3:00:00 AM7/9/96
to

> Oh, "the Halifax" is the bank. And the ATM was so insecure that a person
> observing you typing your PIN, and retrieving your receipt from the trash
> for your account number, could easily make a fake card and do withdrawals
> as "you". No cameras, either. But read Ross's files for the exact
> specifics.

The Halifax is a Building Society. These are mutual organisations in theory
owned by the investors and borrowers. Banks have are subject to far more
regulation by the Bank of England, they also have the ability to borrow from
and lend to comercial organisations on the open market.

Having said that, the Halifax is in the process of completing a merger with
the Leeds Building Society. After this the two will be changed to a bank
by giving shares in the bank to the investors and floating the company on
the stock market. To do this members of the society must agree to the change
in a ballot ( most people don't bother to return the ballot paper and those
who do tend to vote yes ).

These shares are being given to the people who already own the society. I
can't remember how much they are worth, but most will be sold for an instant
profit, probably back to the society. So the society is being sold to its
owners by itself. The Halifax is not the only building society to go through
this process, it is however the largest.

> ---
> Lawrence Kestenbaum, pol...@intranet.org

Roy

0 new messages