Cambridge student Omar S Choudary has published his Master's thesis, which explains how to build a gadget that protects the hacking of bank cards. To do so, he has to include a fair amount of information on how the cards work and what the security flaws are. The UK Cards Association are in uproar, and are demanding that the material be taken down:
"The publication of this level of detail" goes beyond "the boundary of responsible disclosure. Essentially, it places in the public domain a blueprint for building a device which purports to exploit a loophole in the security of chip and PIN."You might think that, rather then blaming a clever student, they would ask themselves how their "crackproof" chip and pin system can be hacked by a young student working at sub-PhD level. But no, and they go on to issue a veiled threat:
Therefore, "we would ask that this research be removed from public access immediately, and would hope that you are able to give us comfort about your policy towards future disclosures."Here's the reply by Ross Anderson, Professor of Computer Security:
You seem to think that we might censor a student's thesis, which is lawful and already in the public domain, simply because a powerful interest ﬁnds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values. Thus even though the decision to put the thesis online was Omar's, we have no choice but to back him. That would hold even if we did not agree with the material!If only our noble institutions would be as robust about our ancient rights and privileges - Magna Carta, habeas corpus, free speech, that kind of thing.
Now you know who to support in the next Boat Race. Well done, Cambridge.
H/t Big Brother Watch.