The Dependability of Computer Evidence

Date01 February 1995
DOIhttps://doi.org/10.1108/eb025677
Published date01 February 1995
Pages75-79
AuthorRoss Anderson
Subject MatterAccounting & finance
FORENSIC COMPUTING
The Dependability of Computer Evidence
Ross Anderson
Journal of Financial Crime Vol. 3 No. 1 Forensic Computing
INTRODUCTION
The prosecution of many (if not most) white-col-
lar crimes depends on evidence produced by bank
computers, and rests ultimately on the assumption
that these systems are secure. One might think
that this assumption was reasonable after all, no
bank whose customer records can be altered at will
by hackers is likely to remain in business long.
However, a number of recent cases have shown
that banks' computer security claims cannot be
relied on in evidence, for the simple reason that
they are unwilling to allow defence experts to
examine their security systems. The paper
describes a number of recent cases, and discusses
their implications.
Many computer security systems are designed to
achieve some particular legal result. Banking com-
puter systems have many logs, journals and audit
trails,
in the hope that any argument over a trans-
action can be resolved by tracing the money all the
way through the clearing process. The 'informa-
tion superhighway' may entail even greater reliance
on computer security mechanisms: many of the
highway's builders assume that the only way an
electronic document can be made acceptable to the
courts is by using cryptography. The idea is that
just as paper documents are authenticated by a
manuscript signature, so electronic documents will
be authenticated by a digital signature. This is a
number with the property that only someone who
knows a certain secret cryptographic key can com-
pute it, while anyone can verify it from the
contents of the document.
For example, to facilitate CREST (the Bank of
England's new share registration scheme), the Brit-
ish Government proposes to amend English law so
that the existence of a digital signature on a stock
transfer order will create 'an equitable interest by
way of tenancy in common in the ... securities
pending registration'.1 However, this may not be
straightforward; there has been serious controversy
about some of the technical mechanisms involved,2
and this might be used in the course of a civil
dispute over securities registration, or a criminal
prosecution for fraud.
It may therefore be of interest that some of the
first cases involving disputed evidence from and
about computer security mechanisms have recently
come to court, and in this paper some of the prac-
tical wisdom that can be gleaned from them is
distilled.
RECENT CASES
Since early 1992, Cambridge University Computer
Laboratory has advised in a number of cases
involving disputed withdrawals from ATMs. These
now include five criminal and three civil cases in
Britain, two civil cases in Norway, and one civil
and one criminal case in the USA. Since ATMs
have been in use the longest, and are an obvious
target of crime, it is not surprising that the first
real legal tests of claims about computer security
systems should have arisen in this way.
All the cases had a common theme of reliance
by one side on claims of computer security; the
bank involved typically said that since its PINs
were generated and verified in such a way that
they could not be known to any member of its
staff,
it followed that any disputed withdrawals
must be the customer's fault.
However, these cases threw up a large number
of ways in which security systems could and did
fail;
almost all of the actual frauds were due to
blunders in application design, implementation
and operation. The only recourse is to be very
explicit about precisely what security claims are
being made, and then to verify in great detail that
these claims are supported by all the relevant parts
of the system.3
However, there is another lesson to be learned
from the 'phantom withdrawal' cases. This is that
many security systems are as much about provid-
ing evidence as about reducing risk; but the
Page 75

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT