By Colin Fernandez
Last updated at 5:34 PM on 28th December 2010
Storm: Ex-Labour MP Melanie Johnson tried to have the research suppressed
Britain's banks were accused of a cover-up today after they tried to silence a Cambridge University scientist who highlighted a fatal flaw in 'chip-and-pin' card security.
The UK Cards Association, which represents the country's biggest banks, objected to research that showed how a simple 20 hand-held device could be used by fraudsters to buy goods without entering a PIN code at the till.
Ex-Labour MP Melanie Johnson, a former Treasury minister who now works in the private sector as chair of the UKCA tried to stop the embarrassing research being published.
But in a blistering defence of academic freedom, Cambridge professor Ross Anderson warned the attempt to gag the scientists was 'a nasty piece of spin doctoring' and 'deeply offensive'.
The professor said that the university would not bow to external pressures and would continue to publish controversial research just as it had done in the past with famous Cambridge scientists such as Sir Isaac Newton and Charles Darwin.
The chip and PIN system, introduced in 2006, was intended to reduce card fraud as thieves would not be able to use stolen cards without knowing the PIN.
Scientists at Cambridge University, including Professor Anderson began to investigate whether there were flaws in the system after a number of card users said their cards' had been stolen and their PIN numbers had been used - something the banks still deny is happening.
The UKCA became incensed after Cambridge research student, Omar Choudary, described in a MPhil research project how to build a gadget that tricks chip-and-pin machines into accepting cards without a valid PIN.
Mr Choudary bought books and CDs worth 50 in Cambridge HMV using a card borrowed from a French journalist connected to the cigarette-packet sized gadget he was carrying.
Miss Johnson, on behalf of the UKCA, wrote to the university's communication department demanding that it remove all details of Mr Choudary's device from its website.
Security flaw: 20 device could be used by fraudsters to buy goods without entering a PIN code, researchers found
She said publication on the web 'oversteps the boundaries of what constitutes reasonable disclosure' and gave too much detail on how the chip-and-pin system could be overcome.'
She also claimed that the police had expressed concern that the student was 'allowed to falsify a transaction ... without first warning the merchant'.
Professor Anderson, from Cambridge University's Computer Laboratory, said yesterday that Miss Johnson had launched an attack on academic freedom - and showed naivety by trying to get the university's PR department to withdraw it from the website.
He told the Daily Mail: 'This is a nasty piece of spin doctoring. It's not the PR department who decides what gets published at a university.
'It might have been Alastair Campbell who decided what was said by Tony Blair, but Cambridge University doesn't work that way.'
In a stern letter to Miss Johnson he said her request 'showed a misconception of what universities are and how we work.
'You seem to think that we might censor a student's thesis which is lawful and already in the public domain simply because a powerful interest group finds it inconvenient.
'Cambridge is the university of Erasmus, of Newton and of Darwin. Censoring writings that offend the powerful is offensive to our deepest values.'
He continued: 'I have authorised the thesis to be issued as a computer laboratory technical report. This will make it easier for people to find and to cite, and will ensure that its presence on our website is permanent.'
Professor Anderson said the transaction had been carried out with the consent of the card owner, adding: 'At no time was there any intent to commit fraud; the [card owner's] account was debited in due course ... and the merchant [from whom he had purchased goods] was paid.'
Fury: Professor Ross Anderson said there was 'no intention to commit fraud'
He added: 'You complain that the work may undermine public confidence in the payments system. What will support confidence in the payments system is evidence that the banks are frank and honest in admitting weaknesses when they are exposed, and diligent in affecting the necessary remedies.
'Your letter shows that ... your member banks do their lamentable best to deprecate the work of those outside their cosy club and indeed to censor it.'
In a statement, the UKCA said yesterday: 'The UK Cards Association has written to Cambridge not to challenge the work of the university's security academics but only to challenge whether publishing explicit details of how to attempt a fraud - specifically one which there is no evidence of a fraudster yet undertaking - is necessary and serving the public's best interest.
'We remain hopeful that the academics concerned will work with us rather than against us to help defeat the fraudsters - as unfortunately it is only the fraudsters who stand to gain from any lack of cooperation between us'.
Melanie Johnson was elected MP for Welwyn Hatfield in 1997 she worked as a junior minister at the Treasury, then as consumer affairs minister at the Dti, and as a health minister until she lost her seat in 2005.
On leaving office she reportedly received a benefits package worth 200,000, and soon attracted criticism for 'cashing in' on her time in government.
On leaving office she landed a series of lucrative private sector jobs in her areas of ministerial expertise which included working for groups representing the pharmaceutical and insurance industry before taking up her post at the UKCA last year.
No hay comentarios:
Publicar un comentario