Return-Path: 
Received: from doc.ic.ac.uk by swan.doc.ic.ac.uk id <09937-0@swan.doc.ic.ac.uk>;
          Fri, 18 Nov 1994 10:54:18 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 18 Nov 1994 10:54: 01 +0000
To: all-staff@doc.ic.ac.uk
From: cdsm@doc.ic.ac.uk (Chris Moss)
Subject: Request for IBM mainframe programmer
Message-ID: <"swan.doc.i.922: 18.10.94.10.54.07"@doc.ic.ac.uk>
Sender: postmaster@doc.ic.ac.uk
Status: OR

I've received an appeal for assistants with IBM mainframe skills
(especially assembler and ACF2) from Ross Anderson, a lawyer (I think) with
computing skills at Cambridge who has been an expert witness in the appeal
for a police officer who complained about 'phantom withdrawals' from an ATM
machine and was successfully prosecuted by Halifax building society for
fraud. They have now won a disclosure order against Halifax, which will
probably not be followed up but if it is, they need help.  Consultancy fees
will be payable.
  Most of the details are contained within the (rather long) emails below
so I won't repeat them. I think you will see the relevance to the concerns
of a computing department. The complacency of the building society is
appalling. I might be able to dig up an earlier description of the trial if
you're interested.
  If you or someone you know can help please contact Ross directly (and cc
me too please).

Chris Moss

------- Blind-Carbon-Copy

To: xopr04@email.mot.com
Subject: John Munden's appeal
Date: Mon, 14 Nov 1994 18:58:06 +0000
From: Ross Anderson 


Hi folks,

The machinery for John Munden's appeal has finally ground into motion, and
the case should be heard at Bury Crown Court in Suffolk from the 21st
November.

John Munden, as you may recall, was one of our local police constables, who
complained about six phantom withdrawals on his account with the Halifax
Building Society when he returned from holiday in Greece. Their response was
to have him prosecuted and convicted for attempting to obtain money by
deception.

I spoke with John over the weekend and he has lost a lot of weight. He had a
burst duodenal ulcer, and his wife Lorraine even attempted suicide. They have
been very depressed, but are perking up at the prospect of the appeal.

John and Lorraine both send their heartfelt thanks to everybody who wrote in
to the chief constable complaining about the verdict. Had it not been for you,
he would have lost his job and been evicted from his house; as it is, he is
still suspended on full pay, pending the outcome of the appeal.

In fact, a new chief constable took office on the 14th February, and your
letters started arriving on his desk on the following day. They were his first
challenge in office, and he is not at all pleased about how things have turned
out. He took the unprecedented step of suspending John rather than throwing
him out of the force.

Anyway, it is now the Halifax who are making the running for the prosecution.
They have just purchased a large report from their external auditors, KPMG
Peat Marwick, whose `expert' opinion is that as controls were allegedly in
place to prevent all the ATM frauds they can think of, it must have been
Munden who did it.

This report is understandable, given that their clients are also defending an
ATM test case which the Consumers' Association is funding in Scotland, But it
avoids discussing the main problems which we pointed out at the trial, such
that the Halifax had no quality assurance or computer security management
function, and that it did PIN encryption in software (like another UK bank
whose own operations staff were responsible for a spate of thefts in 1985). It
also avoids discussing the fact that the Halifax has hundreds of other
`unresolved' transactions (and has declined to provide details of these).

If they get away with it, then there might be no reason for UK banks to buy
encryption hardware or security consultancy ever again. Roll-your-own Caesar
ciphers will satisfy the requirements of due diligence, and why spend more if
customers who complain are dealt with at the expense of the taxpayer rather
than the bank? However, the bank security community is not exactly rushing to
help.

So the trial has all the makings of a serious firefight, and it may well be in
Munden's favour to have a computer literate audience. This will not just help
impress on the judge (who will be sitting with two stipendiary magistrates)
that this is not the proforma appeal of a villain who is chancing his arm, but
a serious matter of wide public interest. It will also impress on KPMG that
they cannot tell whoppers with impunity.

Ross

------- End of Blind-Carbon-Copy

To: rja14
Subject: Munden case update
Date: Thu, 17 Nov 1994 18:20:53 +0000
From: Ross Anderson 

Hi folks,

We managed to get an adjournment and a disclosure order against the
Halifax at a directions hearing this morning. The trial will not now
go ahead until at least February.

The disclosure order gives me complete access to the Halifax's
`computer systems, records and operational procedures'. On the basis
of past experience, I would say that it is 80% likely that they will
refuse to comply with this order and that Munden's appeal will
therefore succeed.

However, they have lost considerable face from the incident, and it is
possible that they will be stupid enough to tough it out. In order to
cover this possibility, I need to recruit assistants with IBM mainframe
skills (especially assembler and ACF2). I have not worked in this
environment since 1989, so we need some strengthening here.

It might also be useful if we had access to a modern mainframe
environment, in which - configuration difficulties always permitting -
we could test code fragments if need be. We only have a rather ancient
3084 (which is due for the scrapyard next August), so we might not
even be able to read a new format MVS/ESA PDS.

As for payment, it is possible to charge one's normal consultancy rate
once the work starts. However, as Munden is legally aided, payment
will be subject to `taxation' - this does not mean Mr Clarke, but is a
legal term which means that your payment is subject to review by a
special court. You might get about a half of your invoice paid, and
about a year late. However, that is just one of the handicaps under
which defence experts have to work in this country.

If you would like to get involved with this task, then please ship me
a CV to put before Munden's solicitor. Please also let me know if you
have access to a suitable mainframe, and whether you would be able to
assist with visits to assorted sites in Yorkshire, where the bank's
own systems are kept,

Regards

Ross Anderson

------- End of Blind-Carbon-Copy

----------------------------------------------
DOC, Imperial College, 180 Queens Gate, London SW7 2BZ  Tel: +44(71)594 8220
----------
Logic will get you from A to B, but with imagination you can circle the world.
A. Einstein.

This is a boundary between two documents. Next document:

(Extracted from Risks Digest Volume 18, Issue 25, Friday 12 July 1996.) The Risks Digest Volume 18: Issue 25
Previous Issue Index Next Issue Info Searching Submit Article

The Risks Digest Volume 18: Issue 25

Friday 12 July 1996

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents

o John Munden is acquitted at last!
Ross Anderson
o Info on RISKS (comp.risks)
---------------------------------------------

John Munden is acquitted at last!

Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Mon, 08 Jul 1996 18:26:10 +0100

At twenty past two today, John Munden walked free from Bury Crown
Court. This resolved a serious miscarriage of justice, and ended an
ordeal for John and his family that has lasted almost four years.

In a judgment loaded with significance for the evidential value of
cryptography and secure systems generally, His Honour Justice John
Turner, sitting with two assessors, said that `when a case turns on
computers or similar equipment then, as a matter of common justice,
the defence must have access to test and see whether there is anything
making the computers fallible'. In the absence of such access, the
court would not allow any evidence emanating from computers.

As a result of this ruling, the prosecution was not in a position to
proceed, and John Munden was acquitted.

John was one of our local policemen, stationed at Bottisham in the
Cambridge fenland, with nineteen years' service and a number of
commendations. His ordeal started in September 1992 when he returned
from holiday in Greece and found his account at the Halifax empty. He
complained and was told that since the Halifax had confidence in the
security of its computer system, he must be mistaken or lying. When
he persisted, the Halifax reported him to the police complaints
authority for attempted fraud; and in a trial whose verdict caused
great surprise, he was convicted at Mildenhall Magistrates' Court on
the 12th February 1994.

I told the story of this trial in a post to comp.risks (see number
15.54 or get ftp.cl.cam.ac.uk/users/rja14/post.munden1). It turned out
that almost none of the Halifax's `unresolved' transactions were
investigated; they had no security manager or formal quality assurance
programme; they had never heard of ITSEC; PIN encryption was done in
software on their mainframe rather than using the industry-standard
encryption hardware, and their technical manager persisted in claiming
(despite being challenged) that their system programmers were unable
to get at the keys. Having heard all this, I closed my own account at
the Halifax forthwith and moved my money somewhere I hope is safer.

But their worships saw fit to convict John of attempted fraud - which
made the national papers.

An appeal was lodged, but just before it was due to be heard - in
December 1994 - the prosecution handed us a lengthy `expert' report by
the Halifax's accountants claiming that their systems were secure.
This was confused, even over basic cryptology, but it was a fat and
glossy book written by a `big six' firm with complete access to the
Halifax's systems - so it might have made an impression on the court.
We therefore applied for, and got, an adjournment and an order giving
me - as the defence expert witness - `access to the Halifax Building
Society's computer systems, records and operational procedures'.

We tried for nine months to enforce this but got nowhere. We complained,
and an order was made by the judge that all prosecution computer evidence
be barred from the appeal. The Crown Prosecution Service nonetheless
refused to throw in the towel, and they tried to present output such as
bank statements when the appeal was finally heard today.

However, the judge would have none of it.

Many thanks to all those who helped, and especially to guys like Brian
Randell, Chuck Pfleeger and John Bull who wrote in to the Chief Constable
and pointed out that the original judgment was patently absurd. It was
largely due to their letters that John was suspended from the force rather
than sacked.

For the computer security community, the moral is obvious: if you are
designing a system whose functions include providing evidence, it had better
be able to withstand hostile review. This is understood by designers of
forensic systems, and the value of hostile review is also well known to the
military and the utilities. But with one or two exceptions - such as SET -
the banks are just not on the same planet, and the risk to them should be
clear!

Ross
---------------------------------------------

Previous Issue Index Next Issue Info Searching Submit Article

Report problems with the web pages to Lindsay.Marshall@newcastle.ac.uk.