Cambridge refuses censorship on chip-and-PIN vulnerabilities

According to BoingBoing, the UK banking trade association wrote to Cambridge to have a student’s master’s thesis censored as it documented a well-known flaw in the chip-and-PIN system, Cambridge University’s Ross Anderson replied with the following:

Second, you seem to think that we might censor a student’s thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values. Thus even though the decision to put the thesis online was Omar’s, we have no choice but to back him. That would hold even if we did not agree with the material! Accordingly I have authorised the thesis to be issued as a Computer Laboratory Technical Report. This will make it easier for people to find and to cite, and will ensure that its presence on our web site is permanent….

You complain that our work may undermine public confidence in the payments system. What will support public confidence in the payments system is evidence that the banks are frank and honest in admitting its weaknesses when they are exposed, and diligent in effecting the necessary remedies. Your letter shows that, instead, your member banks do their lamentable best to deprecate the work of those outside their cosy club, and indeed to censor it. [Source: Cambridge]

The reply is full of win, academic world scores one.

India government to access Blackberry encrypted messages

Seems like another loss for privacy advocates. On a lighter note, at least Blackberry can continue to function.

CrackBerry addicts rejoice: No ban in India. For now.

At an eleventh hour meeting with government officials Monday, Research in Motion (RIM) caved in to India’s demands for access to users’ emails and other data to avoid an immediate ban on its encrypted data services.

Under the agreement, RIM will immediately implement systems to grant “lawful access by law enforcement agencies” to customer data, India’s Home Ministry said in a statement. The
regulatory bodies will evaluate the feasibility of this arrangement for the next 60 days, even as India presses forward with demands to force not only RIM, but also Google and Skype to set up servers for hosting customer accounts in India — which would facilitate easier access to private data and wire tapping of voice-over-Internet-protocol (VoIP) phone calls. (via Globalpost)

To be honest, I don’t think this would work. If users are really going to send something really secret, there are still ways to do that unless encryption is entirely outlawed. What if the government monitor these supposedly encrypted messages and use them to gain competitive advantage in business that they have an interest in? I would rather trust corporations than government here.

BlackBerry to be banned in Saudi Arabia

Likely for censorship reasons. BlackBerry devices does some encryption that has been deemed as a obstacle toward censorship and surveillance practices.

Saudi Arabia to Ban BlackBerry Service on Friday

Saudi Arabia has ordered the suspension of Research in Motion’s BlackBerry service as of Friday, as it does not meet current regulations, according to the country’s telecommunications regulator.

The suspension will cover all services, including e-mail and instant messaging, said an official from the Communications and Information Technology Commission (CITC), who requested not to be named. He did not specify what were the current local regulations that BlackBerry did not comply with.

BlackBerry’s service is to be suspended in neighboring United Arab Emirates (UAE) from Oct. 11 because it does not fall in line with the country’s regulations, the UAE telecommunications regulator said on Sunday.

RIM is also in negotiations with the Indian government over the country’s demands that security agencies should be able to intercept BlackBerry data.

In a customer update earlier this week circulated to the media, RIM said that it does not possess a “master key,” nor does any “back door” exist in the system that would allow RIM or any third party to gain unauthorized access to the encryption key or corporate data. The symmetric key system used in the BlackBerry security architecture for enterprise customers ensures that only the customer possesses a copy of the encryption key. (Source: PC World)

I’m standing on the BlackBerry side for this one.