[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freehaven-dev] [Fwd: Phantom withdrawals on the Internet (fwd)]

> ----- Forwarded message from Ross Anderson <Ross.Anderson@cl.cam.ac.uk> -----
> Resent-Message-Id: <200007122252.SAA08661@weathership.homeport.org>
> To: ukcrypto@maillist.ox.ac.uk
> Subject: Phantom withdrawals on the Internet
> Date: Wed, 05 Jul 2000 12:35:45 +0100
> From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
> Precedence: bulk
> Reply-To: ukcrypto@maillist.ox.ac.uk
> Resent-From: adam@homeport.org
> Resent-Date: Wed, 12 Jul 2000 18:52:36 -0400
> Resent-To: adam@zks.net
> List members might be interested in the following press release. It's
> a new FIPR report, by Nick, Brian and Ian, on nonrepudiation. This is
> about to become hot again as the DTI contemplates the regulations to
> be issued under the EC Act, and as Americans start digesting the
> implications of their own new E-sign Act.
> I do hope that Nigel's old colleagues at the DTI don't use the current
> furore over the RIP bill to sneak through something unpleasant!
> Ross
> ****
> At present, the risk of a forged signature is carried by whoever
> relies on it. If a shopkeeper accepts a forged cheque on your account,
> that is his bad luck; and if the bank pays it, it's the bank's bad
> luck. Governments and banks are now trying to change the rules so that
> with electronic transactions it will be the customer's bad luck if a
> payment from his account gets forged.
> It's often claimed that new technologies, such as digital signatures
> generated by smartcards, are secure enough to justify this change in
> the rules. They are not.
> A new report from the Foundation for Information Policy Research not
> only looks at what can go wrong technically, but also analyses the
> practices of some leading UK online banks. Despite advertising claims
> that consumers at not at risk, the terms and conditions imposed in the
> small print pass almost all of the risk to the customer.
> This extensive and detailed report shows that all is not as well with
> e-commmerce as some would have us believe.
> The report is at:
>         http://www.fipr.org/WhoCarriesRiskOfFraud.htm
> The report's authors are Nicholas Bohm, a member of the Law Society's
> working group on electronic commerce; Brian Gladman, recently retired
> as head of strategic electronics at NATO; and Ian Brown, of the
> computer science department at University College, London.
> Nicholas Bohm said:
> ``It will do grave damage to the public confidence in electronic
> commerce that is vital to its success if its advent is used as an
> excuse to transfer to consumers the risks that should be carried by
> those who implement new electronic systems.''
> Ian Brown said:
> ``Could a computer virus sign away your house? Or a hacker transfer
> your savings to her account? Computer insecurity means digital
> signatures aren't all they're cracked up to be''
> Brian Gladman said:
> ``I hope that this paper alerts people to the dangers of assuming that
> on-line banking services will protect their interests in the same way
> that conventional banking services do.''
> The chairman of the Foundation for Information Policy Research, Ross
> Anderson of Cambridge University Computer Laboratory, said:
> ``The history of the `cash machines that could never go wrong' seems
> set to repeat itself. Phantom withdrawals on the Internet seem
> destined to be a part of our future''
> * The Electronic Communications Act 2000 - the first bill to have
> received the Royal Assent this millennium - gives ministers the power
> to make regulations which would change the rules in just this way. The
> reulations are expected to be published soon. An EU directive on
> electronic signatures is pushing all the countries in Europe to move
> in this direction. The US E-sign bill, which Bill Clinton signed into
> law last week, enables all sorts of electronic acts - not just digital
> signatures, but even clicking on a web link - to have the same legal
> force as signatures.
> These laws can't just be ignored by British businesses and consumers.
> Clicking by accident on a link on the world-wide web can give rise to
> contractual obligations which can result in a judgment in a foreign
> court and be enforced against you here in the UK under international
> treaty.
> * It is vitally important that ministers take care when writing the
> regulations. The Act can be found online at:
>         http://www.hmso.gov.uk/acts/acts2000/20000007.htm
> * The Foundation for Information Policy Research is an independent body
> that studies the interaction between information technology and
> society. Our goal is to identify technical developments with
> significant social impact, commission research into public policy
> alternatives, and promote public understanding and dialogue between
> technologists and policy-makers in the UK and Europe.
> Contact: Brian Gladman 01905 748990
>          Ross Anderson 01223 334733
> ----- End forwarded message -----
> --
> The privacy you save may be your own.          http://jobs.zeroknowledge.com
> _______________________________________________
> Spectre mailing list  -  Spectre@smartypants.zks.net
> http://smartypants.zks.net/mailman/listinfo/spectre

"Not all those who wander are lost."      mfreed@zeroknowledge.com