Banks try to censor student for exposing chip-and-pin fault
Published 28/12/2010 | 05:00
CAMBRIDGE computer scientists have become embroiled in angry exchanges with Britain's banks and credit card lenders, accusing them of bullying and trying to "censor" a PhD student who was exposing flaws in chip-and-pin machines.
A leading Cambridge academic has now written to bankers' representatives demanding that they stop pressing for the removal of a student's doctorate work from the web.
Professor Ross Anderson, from Cambridge University's computer laboratory, has previously researched glitches in chip-and-pin banking that allow withdrawals to be made from accounts without needing to know the holder's PIN. As part of his thesis work, one of his students, Omar Choudary, exposed how easy it was to make such a withdrawal.
Then the UK Cards Association (UKCA), a trade body representing leading banking organisations, approached the university asking it to remove the thesis from his website, which is accessible through a university site.
Melanie Johnson, who chairs UKCA, argued that the web publication "oversteps the boundaries of what constitutes reasonable disclosure" by giving too much detail on how the chip-and-pin system could be breached.
Prof Anderson said her request "showed a misconception of what universities are and how we work . . . you seem to think that we might censor a student's thesis -- which is lawful and already in the public domain -- simply because a powerful interest group finds it inconvenient," he said.
"Cambridge is the university of Erasmus, of Newton and of Darwin. Censoring writings that offend the powerful is offensive to our deepest values."
He added: "I have authorised the thesis to be issued as a computer laboratory technical report.
"This will make it easier for people to find and to cite, and will ensure that its presence on our website is permanent."
He rejected her allegation that the student was encouraging fraud by giving details of a blueprint for a device which is alleged to exploit a loophole in the security of chip-and-pin technology. (© Independent News Service)