Entries Tagged "UK"

Page 11 of 19

Master Forger Sentenced in the UK

Fascinating:

Magic fingers and an unerring eye gave “Hologram Tam,” one of the best forgers in Europe, the skills to produce counterfeit banknotes so authentic that when he was arrested nearly £700,000 worth were in circulation.

Thomas McAnea, 58, who was jailed for six years and four months yesterday, was the kingpin of a professional operation based in Glasgow that, according to police, had the capacity to produce £2 million worth of fake notes a day ­ enough potentially tom destabilise the British economy. More may remain out there undetected.

[…]

“Some of Hologram Tam’s money is still out there. It’s that good that if I gave you one of his notes, you wouldn’t know it,” a police source said.

The detectives also found templates for other forgeries including passports, driving licences, ID cards, bank statements, utility bills, MoT certificates, postage and saving stamps and TV licences.

Posted on October 12, 2007 at 11:34 AMView Comments

UK Police Can Now Demand Encryption Keys

Under a new law that went into effect this month, it is now a crime to refuse to turn a decryption key over to the police.

I’m not sure of the point of this law. Certainly it will have the effect of spooking businesses, who now have to worry about the police demanding their encryption keys and exposing their entire operations.

Cambridge University security expert Richard Clayton said in May of 2006 that such laws would only encourage businesses to house their cryptography operations out of the reach of UK investigators, potentially harming the country’s economy. “The controversy here [lies in] seizing keys, not in forcing people to decrypt. The power to seize encryption keys is spooking big business,” Clayton said.

“The notion that international bankers would be wary of bringing master keys into UK if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction,” he added. “With the appropriate paperwork, keys can be seized. If you’re an international banker you’ll plonk your headquarters in Zurich.”

But if you’re guilty of something that can only be proved by the decrypted data, you might be better off refusing to divulge the key (and facing the maximum five-year penalty the statue provides) instead of being convicted for whatever more serious charge you’re actually guilty of.

I think this is just another skirmish in the “war on encryption” that has been going on for the past fifteen years. (Anyone remember the Clipper chip?) The police have long maintained that encryption is an insurmountable obstacle to law and order:

The Home Office has steadfastly proclaimed that the law is aimed at catching terrorists, pedophiles, and hardened criminals—all parties which the UK government contents are rather adept at using encryption to cover up their activities.

We heard the same thing from FBI Director Louis Freeh in 1993. I called them “The Four Horsemen of the Information Apocalypse“—terrorists, drug dealers, kidnappers, and child pornographers—and have been used to justify all sorts of new police powers.

Posted on October 11, 2007 at 6:40 AMView Comments

Latest Terrorist False Alarm: Chili Peppers

In London:

Three streets were closed and people evacuated from the area as the search was carried out. After locating the source at about 7pm, emergency crews smashed their way into the Thai Cottage restaurant in D’Arblay Street only to emerge with a 9lb pot of smouldering dried chillies.

Baffled chef Chalemchai Tangjariyapoon, who had been cooking a spicy dip, was amazed to find himself at the centre of the terror scare.

“We only cook it once a year—it’s a spicy dip with extra hot chillies that are deliberately burned,” he said.

“To us it smells like burned chilli and it is slightly unusual. I can understand why people who weren’t Thai would not know what it was but it doesn’t smell like chemicals. I’m a bit confused.”

Another story.

Were this the U.S., that restaurant would be charged with terrorism, or creating a fake bomb, or anything to make the authorities feel better. On the other hand, at least the cook wasn’t shot.

EDITED TO ADD (10/4): Common sense:

The police spokesman said no arrests were made in the case.

“As far as I’m aware it’s not a criminal offense to cook very strong chili,” he said.

EDITED TO ADD (10/11): The BBC has a recipe, in case you need to create your own chemical weapon scare.

Posted on October 3, 2007 at 10:28 AMView Comments

London's Security Cameras Don't Help

Interesting article. London’s 10,000 security cameras don’t reduce crime:

A comparison of the number of cameras in each London borough with the proportion of crimes solved there found that police are no more likely to catch offenders in areas with hundreds of cameras than in those with hardly any.

In fact, four out of five of the boroughs with the most cameras have a record of solving crime that is below average.

EDITED TO ADD (10/11): This is a follow-up to a 2005 article.

Posted on September 20, 2007 at 2:03 PMView Comments

Computer Forensics Case Study

This is a report on the presentation of computer forensic evidence in a UK trial.

There are three things that concern me here:

  1. The computer was operated by a police officer prior to forensic examination.
  2. The forensic examiner gave an opinion on what files construed “radical Islamic politics.”
  3. The presence of documents”in the “Windows Options” folders was construed as evidence that that someone wanted to hide those documents

In general, computer forensics is rather ad hoc. Traditional rules of evidence are broken all the time. But this seems like a pretty egregious example.

Posted on August 31, 2007 at 6:13 AMView Comments

Security Theater

Nice article on security theater from Government Executive:

John Mueller suspects he might have become cable news programs’ go-to foil on terrorism. The author of Overblown: How Politicians and the Terrorism Industry Inflate National Security Threats, and Why We Believe Them (Free Press, 2006) thinks America has overreacted. The greatly exaggerated threat of terrorism, he says, has cost the country far more than terrorist attacks ever did.

Watching his Sept. 12, 2006, appearance on Fox & Friends is unintentionally hilarious. Mueller calmly and politely asks the hosts to at least consider his thesis. But filled with alarm and urgency, they appear bewildered and exasperated. They speak to Mueller as if he is from another planet and cannot be reasoned with.

That reaction is one measure of the contagion of alarmism. Mueller’s book is filled with statistics meant to put terrorism in context. For example, international terrorism annually causes the same number of deaths as drowning in bathtubs or bee stings. It would take a repeat of Sept. 11 every month of the year to make flying as dangerous as driving. Over a lifetime, the chance of being killed by a terrorist is about the same as being struck by a meteor. Mueller’s conclusions: An American’s risk of dying at the hands of a terrorist is microscopic. The likelihood of another Sept. 11-style attack is nearly nil because it would lack the element of surprise. America can easily absorb the damage from most conceivable attacks. And the suggestion that al Qaeda poses an existential threat to the United States is ridiculous. Mueller’s statistics and conclusions are jarring only because they so starkly contradict the widely disseminated and broadly accepted image of terrorism as an urgent and all-encompassing threat.

American reaction to two failed attacks in Britain in June further illustrates our national hysteria. British police found and defused two car bombs before they could be detonated, and two would-be bombers rammed their car into a terminal at Glasgow Airport. Even though no bystanders were hurt and British authorities labeled both episodes failures, the response on American cable television and Capitol Hill was frenzied, frequently emphasizing how many people could have been killed. “The discovery of a deadly car bomb in London today is another harsh reminder that we are in a war against an enemy that will target us anywhere and everywhere,” read an e-mailed statement from Sen. Joe Lieberman, I-Conn. “Terrorism is not just a threat. It is a reality, and we must confront and defeat it.” The bombs that never detonated were “deadly.” Terrorists are “anywhere and everywhere.” Even those who believe it is a threat are understating; it’s “more than a threat.”

Mueller, an Ohio State University political science professor, is more analytical than shrill. Politicians are being politicians, and security businesses are being security businesses, he says. “It’s just like selling insurance – you say, ‘Your house could burn down.’ You don’t have an incentive to say, ‘Your house will never burn down.’ And you’re not lying,” he says. Social science research suggests that humans tend to glom onto the most alarmist perspective even if they are told how unlikely it is, he adds. We inflate the danger of things we don’t control and exaggerate the risk of spectacular events while downplaying the likelihood of common ones. We are more afraid of terrorism than car accidents or street crime, even though the latter are far more common. Statistical outliers like the Sept. 11 terrorist attacks are viewed not as anomalies, but as harbingers of what’s to come.

Lots more in the article.

Posted on August 15, 2007 at 6:18 AMView Comments

House of Lords on Computer Security

The Science and Technology Committee of the UK House of Lords has issued a report (pdf here) on “Personal Internet Security.” It’s 121 pages long. Richard Clayton, who helped the committee, has a good summary of the report on his blog. Among other things, the Lords recommend various consumer notification standards, a data-breach disclosure law, and a liability regime for software.

Another summary lists:

  • Increase the resources and skills available to the police and criminal justice system to catch and prosecute e-criminals.
  • Establish a centralised and automated system, administered by law enforcement, for the reporting of e-crime.
  • Provide incentives to banks and other companies trading online to improve the data security by establishing a data security breach notification law.
  • Improve standards of new software and hardware by moving towards legal liability for damage resulting from security flaws.
  • Encourage Internet Service Providers to improve customer security offered by establishing a “kite mark” for internet services.

If that sounds like a lot of the things I’ve been saying for years, there’s a reason for that. Earlier this year, I testified before the committee (transcript here), where I recommended some of these things. (Sadly, I didn’t get to wear a powdered wig.)

This report is a long way from anything even closely resembling a law, but it’s a start. Clayton writes:

The Select Committee reports are the result of in-depth study of particular topics, by people who reached the top of their professions (who are therefore quick learners, even if they start by knowing little of the topic), and their careful reasoning and endorsement of convincing expert views, carries considerable weight. The Government is obliged to formally respond, and there will, at some point, be a few hours of debate on the report in the House of Lords.

If you’re interested, the entire body of evidence the committee considered is here (pdf version here). I don’t recommend reading it; it’s absolutely huge, and a lot of it is corporate drivel.

EDITED TO ADD (8/13): I have written about software liabilities before, here and here.

EDITED TO ADD (8/22): Good article here:

They agreed ‘wholeheartedly’ with security guru, and successful author, Bruce Schneier, that the activities of ‘legitimate researchers’ trying to ‘break things to learn to think like the bad guys’ should not be criminalized in forthcoming UK legislation, and they supported the pressing need for a data breach reporting law; in drafting such a law, the UK government could learn from lessons learnt in the US states that have such laws. Such a law should cover the banks, and other sectors, and not simply apply to “communication providers”—a proposal presently under consideration by the EU Commission, which the peers clearly believed would be ineffective in creating incentives to improve security across the board.

Posted on August 13, 2007 at 6:35 AMView Comments

Security-Theater Cameras Coming to New York

In this otherwise lopsided article about security cameras, this one quote stands out:

But Steve Swain, who served for years with the London Metropolitan Police and its counter-terror operations, doubts the power of cameras to deter crime.

“I don’t know of a single incident where CCTV has actually been used to spot, apprehend or detain offenders in the act,” he said, referring to the London system. Swain now works for Control Risk, an international security firm.

Asked about their role in possibly stopping acts of terror, he said pointedly: “The presence of CCTV is irrelevant for those who want to sacrifice their lives to carry out a terrorist act.”

[…]

Swain does believe the cameras have great value in investigation work. He also said they are necessary to reassure the public that law enforcement is being aggressive.

“You need to do this piece of theater so that if the terrorists are looking at you, they can see that you’ve got some measures in place,” he said.

Did you get that? Swain doesn’t believe that cameras deter crime, but he wants cities to spend millions on them so that the terrorists “can see that you’ve got some measures in place.”

Anyone have any idea why we’re better off doing this than other things that may actually deter crime and terrorism?

Posted on August 6, 2007 at 3:23 PMView Comments

British Report on E-Voting

In even more voting news, the UK Electoral Commission released a report on the 2007 e-voting and e-counting pilots. The results are none too good:

The Commission’s criticism of e-counting and e-voting was scathing; concerning the latter saying that the “security risk involved was significant and unacceptable.” They recommend against further trials until the problems identified are resolved. Quality assurance and planning were found to be inadequate, predominantly stemming from insufficient timescales. In the case of the six e-counting trials, three were abandoned, two were delayed, leaving only one that could be classed as a success. Poor transparency and value for money are also cited as problems. More worryingly, the Commission identify a failure to learn from the lessons of previous pilot programmes.

Posted on August 6, 2007 at 10:21 AMView Comments

1 9 10 11 12 13 19

Sidebar photo of Bruce Schneier by Joe MacInnis.