thomasbarker.com

What's wrong with this picture, from an affidavit filed into a random Los Angeles court concerning divorce proceedings (his emphasis): "I personally maintain and control ALL access security codes and passwords. I have been and am the ONLY individual in the company who can physically access the building, its contents AND precious metal vaults simultaneously, twenty-four hours a day. All others have limited access that is monitored and/or time-controlled (clock-based) and recorded in security records. Alarm calls are sent directly to me at all hours. ... ... I personally designed and customized the installation of a complex, ultra-sophisticated DOUBLE REDUNDANT security system that is both physical (in the building and its parameters) and virtual (reporting to his private office network round the clock.) This custom, high security system monitors and controls the safety of the corporate headquarters and all its contents, the safety of its employees, and the active 24/7 implementation of advanced, anti-theft, crime prevention. I oversee and monitor all security issues round the clock through a Virtual Private Network set-up at my home office." Nothing, as long as the above mentioned person is available forever. Unfortunately he is now in jail, charged with much the same situation as the e-gold founders faced over the last two years. Checking the webpage: Dear Customer, 05 August, 2008, 1:00pm PST: The e-Bullion website will be unavailable for a period of approximately four hours while our Tech Dept. performs routine maintenance. We apologize for any inconvenience caused by this interruption to service. e-Bullion Management Is this a coincidence? Maybe, but it is just another reminder that serious and professional operations do not subscribe to superhero status as described above, for any of a hundred routine and boring scenarios. (More details might be found here, written up by Ian Lamont of the Standard. Poking around a bit there is also a complication that the other side of the divorce proceedings, his wife, was murdered, and the LA police allege that there is a connection of some form.)...

Some things that have been disturbing my desktop for too long. First, a silver bullet spotted: Verisign Aims to Deflate 'Pump and Dump' Scams August 11, 2008 By David Needle. A fraud-detection service warns online brokerages when they're about to make a trade that looks fishy. Verisign is taking a new approach to the battle against so-called "pump and dump" schemes that artificially hype stocks. A new module for the company's VIP Fraud Detection Service, set for release this Friday, features a "self-learning" behavioral engine designed to help brokerages spot and avoid pump and dump activity. The system works by weighing a number of factors, including stock risk, user behaviors, how trading compares to known fraudulent trades and the volume of trading for a particular stock. The notion that a broker has to be told what is a dodgy stock and what is a scam is a bit like telling a mafiosa what is a crime, or the pope what is a heathen. Meanwhile, over in Euro-coin-land: A one euro coin has turned up in Spain bearing the face of cartoon couch potato Homer Simpson instead of that of the country's king, a sweetshop owner told Reuters on Friday. Jose Martinez was counting the cash in his till in the city of Aviles, northern Spain, when he came across the coin where Homer's bald head, big eyes and big nose had replaced the serious features of King Juan Carlos. "The coin must have been done by a professional, the work is impressive," he told Reuters. In the old days, the punishment for forging money was to lose ones head, so we expect Homer to be arrested any day now. I'm guessing that some artist has done this, and only after they did it did they find out how many years of jail they are facing. Question is, does the artist's right override the right of the Seignor to collect his seigniorage? Given the record of central banks lately, the latter's right is looking increasingly dodgy. Thanks to Ray for spotting both Homers!...

Over in San Francisco, we've no doubt all read about the guy who owned the city government's network deciding to ... own the network (1, 2). For the city at least there was a happy ending: The computer network hostage crisis in San Francisco is over, thanks to the city's mayor. Terry Childs, a network administrator for the city of San Francisco, has been in custody since July 13 on four felony charges of taking control of the city's computer network and locking administrators out. Access to much of the city's information was blocked, including law enforcement, payroll, and jail-booking records. Childs had reportedly refused to surrender the codes to his supervisors, but after a little more than a week as a guest of the city, he apparently had a change of heart and invited Mayor Gavin Newsom to meet with him, according to a report on the San Francisco Chronicle Web site Monday night. A secret meeting was arranged at the city jail on Monday afternoon, where Childs gave Newsom the codes to the network. The meeting reportedly was so secret that the police department and district attorney were not informed of the meeting ahead of time. Well, he built it, right? So why can't he tell the users what to do? Right? The serious question here is whether there is in fact a viable case where a systems administrator takes over and decides to lock his managers out: Erin Crane, Childs' defense attorney, is expected to cite his cooperation during a court hearing on Wednesday in a bid to have his $5 million bail reduced. Crane has argued that Childs was merely protecting the network from incompetent city officials who were trying to force him out of his job. "Mr. Childs had good reason to be protective of the password," Crane told the newspaper. "His co-workers and supervisors had in the past maliciously damaged the system themselves, hindered his ability to maintain it...and shown complete indifference to maintaining it themselves...He was the only person in that department capable of running that system." Tough call! It is rather rare, but this is essentially what whistleblowing seeks to exploit: the insider knowledge that a manager is manipulating the system for nefarious purposes. However, for all practical purposes this is an unlikely situation. Firstly, the managers who are doing the nefarious stuff are likely to then bury he who blows the whistle. See above, $5m bail buys a lot of dirt on this guy's coffin. Secondly, there is a huge difference between incompetence and fraud. Incompetence is routine, but also the full and proper legal and moral right of the manager. The system administrator that determines that the world should be protected from the manager's incompetence, is generally as deluded as the manager, and is technically and legally wrong. The way to do that is to write to higher-ups and lay paper evidence. Fraud, while another consideration entirely, is equally difficult: let's start with an easy question. Please define fraud! Now prove it! If you can get that far, the fun is only just starting.......

cwe points to this new way to improve your passport profile: Using his own software, a publicly available programming code, a £40 card reader and two £10 RFID chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports. A baby boy’s passport chip was altered to contain an image of Osama bin Laden, and the passport of a 36-year-old woman was changed to feature a picture of Hiba Darghmeh, a Palestinian suicide bomber who killed three people in 2003. The unlikely identities were chosen so that there could be no suggestion that either Mr van Beek or The Times was faking viable travel documents. OK, so costs is what we track here at FC-central: we need 60 quid of parts, and let's call it 40 quid for the work. Add to that, a fake or stolen passport, which seems to run to around 100 depending. Call it 200, all-up, for the basic package. The fake may possibly be preferred because you can make it with the right photo inside the jacket, without having to do the professional dicey slicey work. Now that the border people are convinced that the RFID chip is perfectly secure, they won't be looking for that definitively British feel. Folks, if you are going to try this at home, use your own passport, because using fake passports is a bit naughty! There are all sorts of reasons to improve ones image, and cosmetics is a booming industry these days. Let's say, we change the awful compulsory taliban image to a studio photo by a professional photographer. Easy relaxed pose, nice smile, and with your favourite Italian holiday scenes in the background. Add some photoshop work to smooth out the excess lines, lighten up those hungover dark eyes, and shrink those tubby parts off. We'll be a hit with the senior citizens. We can also improve your hard details: For the 40-somethings, we'll take 10 years taken off your age, and for the teenager, we'll boost you up to 18 or 21. For the junior industry leader, we can add a title or two, and some grey at the side. Would you prefer Sir or Lord? Your premium vanity upgrade, with all the trimmings, is likely to set you back around 500, and less if you bring your own base. Think of the savings on gym fees, and all the burgers you can eat! One small wrinkle: there is a hint in the article that the British Government is offering these special personality units only until next year. Rush now......

Electronic signatures are now present in legal cases to the extent that while they remain novel, they are not without precedence. Just about every major legal code has formed a view in law on their use, and many industries have at least tried to incorporate them into vertical applications. It is then exceedingly necessary that there be an authoritative tome on the legal issues surrounding the topic. Electronic Signatures in Law is such a book, and I'm now the proud owner of a copy of the recent 2007 second edition, autographed no less by the author, Stephen Mason. Consider this a review, although I'm unaccustomed to such. Like the book, this review is long: intro, stats, a description of the sections, my view of the old digsig dream, and finally 4 challenges I threw at the book to measure its paces. (Shorter reviews here.) First the headlines: This is a book that is decidedly worth it if you are seriously in the narrow market indicated by the title. For those who are writing directives or legislation, architecting software of reliance, involved in the Certificate Authority business of some form, or likely to find themselves in a case or two, this could well be the essential book....

The Fed roared into action mid July to rescue IndyMac, one of the USA's biggest banks. It's the normal story: toxic loans, payouts by the government, all accompanied by the USG moving to make matters worse. Chart of the week award goes to James Turk of Goldmoney: One of the basic functions of a central bank is to act as the 'lender of last resort'. This facility is used to keep banks liquid during a period of distress. For example, if a bank is experiencing a run on deposits, it will borrow from the central bank instead of trying to liquidate some of its assets to raise the cash it needs to meet its obligations. In other words, the central bank offers a 'helping hand' by providing liquidity to the bank in need. The following chart is from the Economic Research Department of the St. Louis Federal Reserve Bank. Here is the link: http://research.stlouisfed.org/fred2/series/BORROW. This long-term chart illustrates the amount of money banks have borrowed from the Federal Reserve from 1910 to the present. This chart proves there is truth to the adage that a picture is worth a thousand words. It's one thing to say that the present financial crisis is unprecedented, but it is something all together different to provide a picture putting real meaning to the word 'unprecedented'. It is an understatement to say that the U.S. banking system is in uncharted territory. The Federal Reserve is providing more than just a 'helping hand'. Also check the original so you can see the source!...

A heist provides a price for false identities: The thousands of UK ePassports stolen on Monday are likely to sell for up to £20m on the black market, say privacy experts. A van carrying about 3,000 blank ePassports and visas was hijacked on route to RAF Northolt, near London. The estimate of £20m seems to come from Simon Davies, the man who started the Big Brother awards, but there is no discussion as to where he got it from. Either way, that would suggest a price of £6-7000 which is an order of magnitude higher than previous numbers. Browse here....

Lynn picked it up: WASHINGTON, July 21 (UPI) -- An Internet digital currency business, E-Gold Ltd., and three principal directors, admitted to money-laundering charges, U.S. prosecutors said Monday. E-Gold and its corporate affiliate, Gold & Silver Reserve Inc., pleaded guilty to conspiracy to engage in money laundering and conspiracy to operate an unlicensed money transmitting business, U.S. Justice Department officials said. Dr. Douglas Jackson, 51, of Melbourne, Fla., the principal director of E-Gold and chief executive officer of Gold & Silver Reserve Inc., and E-Gold's other two senior directors, Barry Downey, 48, of Baltimore, and Reid Jackson, 45, of Melbourne, pleaded to related charges, the prosecutors said. The companies and three directors were indicted by a federal grand jury April 24, 2007. E-Gold and Gold & Silver Reserve face a maximum fine of $3.7 million. Douglas Jackson faces up to 20 years in prison and a fine of $500,000. Downey and Reid Jackson each face a maximum of five years in prison and a $25,000 fine. As part of the plea, E-Gold and Gold & Silver Reserve also agreed to a pay a judgment of $1.75 million. Sentencing for all defendants has been set for Nov. 20. Here is the DoJ Announcement but no actual ruling is seen as yet. The case against the founders of e-gold went under wraps shortly after starting, possibly due to too much interest on the net. So analysis of the case is not easy, which is a shame: financial cryptographers can do with more clarity in this area. Douglas Jackson posted a blog entry that announced the backing-out of that which was special to e-gold: uncontrolled creation of accounts and unidentified movement of funds: A systemic flaw in the e-gold design, present from the very beginning, made it vexingly difficult for e-gold to expel a User, in a truly effective way, for criminal abuse of the system. e-gold investigative staff might detect suspicious activity, block or freeze the offending account, and later discover the same perpetrator had created additional accounts. One element was logic that allowed an e-gold account full privileges from the moment of creation and only revoked those privileges in the event of suspicion that the account holder was seeking to mask their identity or actually engage in illicit activity. Compounding this weakness was an unrestricted ability for Users to create multiple accounts without any obligatory indicator that they were all under the control of one person. The next generation of the e-gold application will undertake to enforce a "one-human being/one e-gold User" rule.... Of course, DJ's blog post would have been approved by the prosecution, and to call it a systemic flaw is a politeness agreed by both parties. Hopefully, this finally brings in sight the close of a long and difficult story for all those involved. Disclosure: I was intimately involved with the story from 1998 through to around 2003, when my own dispute with the founders was ruled upon. Like many of the other cases, the ruling awarded me a complete but pyrrhic victory. We were all losers, and DJ just took a longer path to that result. If there is a lesson to be learnt here for the FC community, it is the unwritten law that you have to make your peace with the regulators one day, and that day is better chosen with an eye to strategic success....

Hasan recalls: Lewis Carroll had some deep insight on this issue :-) The King turned pale, and shut his note-book hastily. `Consider your verdict,' he said to the jury, in a low, trembling voice. `There's more evidence to come yet, please your Majesty,' said the White Rabbit, jumping up in a great hurry; `this paper has just been picked up.' `What's in it?' said the Queen. `I haven't opened it yet, said the White Rabbit, `but it seems to be a letter, written by the prisoner to--to somebody.' `It must have been that,' said the King, `unless it was written to nobody, which isn't usual, you know.' `Who is it directed to?' said one of the jurymen. `It isn't directed at all,' said the White Rabbit; `in fact, there's nothing written on the outside.' He unfolded the paper as he spoke, and added `It isn't a letter, after all: it's a set of verses.' `Are they in the prisoner's handwriting?' asked another of they jurymen. `No, they're not,' said the White Rabbit, `and that's the queerest thing about it.' (The jury all looked puzzled.) `He must have imitated somebody else's hand,' said the King. (The jury all brightened up again.) `Please your Majesty,' said the Knave, `I didn't write it, and they can't prove I did: there's no name signed at the end.' `If you didn't sign it,' said the King, `that only makes the matter worse. You MUST have meant some mischief, or else you'd have signed your name like an honest man.' There was a general clapping of hands at this: it was the first really clever thing the King had said that day. `That PROVES his guilt,' said the Queen. `It proves nothing of the sort!' said Alice. `Why, you don't even know what they're about!' `Read them,' said the King. The White Rabbit put on his spectacles. `Where shall I begin, please your Majesty?' he asked. `Begin at the beginning,' the King said gravely, `and go on till you come to the end: then stop....

Whoops: SEC Spares Market Makers From `Naked-Short' Sales Ban July 18 (Bloomberg) -- The U.S. Securities and Exchange Commission exempted market makers in stocks from the emergency rule aimed at preventing manipulation in shares of Fannie Mae, Freddie Mac and 17 Wall Street firms. The SEC granted relief for equity and option traders responsible for pairing off orders from a rule that seeks to bar the use of abusive tactics when betting on a drop in share prices. Exchange officials said limits on ``naked-short'' sales would inhibit the flow of transactions and raise costs for investors. ``The purpose of this accommodation is to permit market makers to facilitate customer orders in a fast-moving market,'' the SEC said in the amendment. A reader writes: "that lasted what, 12 hours ?" I don't know, but it certainly clashes with the dramatic news of earlier in the week from the SEC, as the Economist reports: Desperate to prevent more collapses, the main stockmarket regulator has slapped a ban for up to one month on “naked shorting” of the shares of 17 investment banks, and of Fannie Mae and Freddie Mac, the two mortgage giants. Some argue that such trades, in which investors sell shares they do not yet possess, make it easier to manipulate prices. The SEC has also reportedly issued over 50 subpoenas to banks and hedge funds as part of its investigation into possibly abusive trading of shares of Bear Stearns and Lehman Brothers. Naked selling is technically illegal but unenforceable. The fact that it is illegal is a natural extension of contract laws: you can't sell something you haven't got; the reason it is technically easy is that the markets work on delayed settlement. That is, all orders to sell are technically short sales, as all sales are agreed before you turn up with the shares,. Hence, all orders are based on trust, and if your broker trusts you then you can do it, and do it for as long as your broker trusts you. "Short selling" as manipulation, as opposed to all selling, works like this: imagine I'm a trusted big player. I get together with a bunch of mates, and agree, next Wednesday, we'll drive the market in Microsoft down. We conspire to each put in a random order for selling large lumps of shares in the morning, followed by lots of buy orders in the afternoon. As long as we buy in the afternoon what we sold in the morning, we're fine. On the morning of the nefarious deed, buyers at the top price are absorbed, then the next lower price, then the next ... and so the price trickles lower. Because we are big, our combined sell orders send signals through the market to say "sell, sell, sell" and others follow suit. Then, at the pre-arranged time, we start buying. By now however the price has moved down. So we sold at a high price and bought back at a lower price. We buy until we've collected the same number we sold in the morning, and hence our end-of-day settlement is zero. Profit is ours, crack open the gin! This trick works because (a) we are big enough to buy/sell large lumps of shares, and (b) settlement is delayed as long as we can convince the brokers, so (c) we don't actually need the shares, just the broker's trust. Generally on a good day, no more than 1% of a company's shares move, so we need something of that size. I'd need to be very big to do that with the biggest fish, but obviously there are some sharks around: The S&P500 companies with the biggest rises in short positions relative to their free floats in recent weeks include Sears, a retailer, and General Motors, a carmaker. Those driven by morality and striven with angst will be quick to spot that (a) this is only available to *some* customers, (b) is therefore discriminatory, (c) that it is pure and simple manipulation, and (d) something must be done! Noting that service of short-selling only works when the insiders let outsiders play that game, the simple-minded will propose that banning the insiders from letting it happen will do the trick nicely. But, this is easier said than done: selling without shares is how the system works, at its core, so letting the insiders do it is essential. From there, it is no distance at all to see that insiders providing short sales as a service to clients is ... not controllable, because fundamentally all activities are provided to a client some time, some way. Any rule will be bypassed *and* it will be bypassed for those clients who can pay more. In the end, any rule probably makes the situation worse than better, because it embeds the discrimination in favour of the big sharks, in contrast to ones regulatory aim of slapping them down. Rules making things worse could well be the stable situation in the USA, and possibly other countries. The root of the problem with the USA is historical: Congress makes the laws, and made most of the foundational laws for stock trading in the aftermath of the crash of 1929. Then, during the Great Depression, Congress didn't have much of a clue as to why the panic happened, and indeed nobody else knew much of what was going on either, but they thought that the SEC should be created to make sure it didn't happen again. Later on, many economists established their fame in studying the Great Depression (for example, Keynes and Friedman). However, whether any parliament in the world can absorb that wisdom remains questionable: Why should they? Lawmakers are generally lawyers,and are neither traders nor economists, so they rely on expert testimony. And, there is no shortage of experts to tell the select committees how to preserve the benefits of the markets for their people. Which puts the lie to a claim I made repeatedly over the last week: haven't we figured out how to do safe and secure financial markets by now? Some of us have, but the problem with making laws relying on that wisdom is that the lawmakers have to sort out those who profit by it from those who know how to make it safe. That's practically impossible when the self-interested trader can outspend the economist or the financial cryptographer 1000 to 1. And, exactly the same logic leads to the wide-spread observation that the regulators are eventually subverted to act on behalf of the largest and richest players: The SEC’s moves deserve scrutiny. Investment banks must have a dizzying influence over the regulator to win special protection from short-selling, particularly as they act as prime brokers for almost all short-sellers... The SEC’s initiatives are asymmetric. It has not investigated whether bullish investors and executives talked bank share prices up in the good times. Application is also inconsistent. ... Like the Treasury and the Federal Reserve, the SEC is improvising in order to try to protect banks. But when the dust settles, the incoherence of taking a wild swing may become clear for all to see. When the sheepdog is owned by the wolves, the shepherd will soon be out of business. Unlike the market for sheep, the shareholder cannot pick up his trusty rifle to equalise the odds. Instead, he is offered a bewildering array of new sheepdogs, each of which appear to surprise the wolves for a day or so with new fashionable colours, sizes and gaits. As long as the shareholder does not seek a seat at the table, does not assert primacy over the canines, and does not defend property rights over the rustlers from the next valley, he is no more than tomorrow's mutton, reared today....

The following is either explicitly taken from Stephen Mason (2007), Electronic Signatures in Law, Tottel, 2nd edition; or implicitly builds on that book. The Definition of the Signature A definition of a signature is: a token of the intent of a person to authenticate and give legal effect to a document. This is primarily a restatement of the evidentiary functions, below, but with the addition of two key parts: that there is a token, and that its creation or use signals an intent. Signatures as Evidence of a Function Traditionally, signatures have been described more by their function than by their form, or manifest objectivity. That is because their importance lies more in their function than their form, any token that might give evidence to a signing function can be accepted as a signature. Hence, let's look at function first. There are many functions of a signature. To summarise Mason (2007 pages 21-22): Primary evidence of approval, adoption, binding and legal effect, and significance of a document Secondary evidential functions of identity and role. Secondary evidential functions of non-binding purposes such witnessing, acknowledging, or verification. Cautionary function to the signing person Protective function to the relying person Channelling function to collect previous events into a time, place and document Record keeping to ensure the durability of the record. These functions are complex and varied, and the above only gives a taste. The mental trick here is to consider the the signature as no more than a mere token that is slaved to the wider functions above. Hence the function of the signature is far more important than the form of the token, and this is generally established early on in any protocol. This function then goes on to inform what form of token might be appropriate in the case at hand, but the reverse might not be true. (Cryptographers might recognise a trap-door function: the signing will inform as to the form of the signature, but the form will not necessarily inform as to the function behind the signing.) Classical Tokens of the Act of Signing With that in mind, we can now describe what it is that might be the manifest form of the token that makes up the signature. Classically, a signature is considered to be a customary and individual form of a person's name, inscribed in running-writing by the person on a document. However, this is just a custom, not a rule. In different cases, at varying times, the following have all been accepted as a signature before the courts (Mason, 2007 2.9 - 2.32): a cross like X when marked by the person a thumbprint a number unique in the context an illegible scrawl, or a name in block letters a first name only, a surname only, or initials only a mark made by the pen moved by a second person, but touched by the signatory a name written by an auctioneer of a buying party typewritten name at the top, or other form of letterhead with the name stated the wrong name in the right context a trading name, or a short form of a name "mother" or other nicknames the use of a wax seal, where augmented by a thumbprint or impression. These examples form a fascinating array of possibilities, which reflects the courts' preference to look at the function and wider protocol, rather than any mere token. A brief foray into the use of Electronic Tokens for Signing From that historical position, it should be no difficult leap to consider the following as potentially valid forms of signatures from the electronic world (Mason 2007 Chapter 10): typed name within a document, image of a signature pasted into an electronic document, headers in the email, without any typed name, where part of a 'mosaic' of other emails, 'click-wrap' agreements with a checkbox and 'I agree', typing in a PIN ("personal identification number") (Mason 2007) describes many cases where an email is signed by means as simple as a typed name. For example, in a case in Northern Territory, Australia, an email laying out a separation agreement ended with the words 'Regards, Angus' (Mason 2007 10.6). The judge applied the appropriate electronic signature law (s9 ETA(NT)2000) and said: I am satisfied that the printed signature on the defendant's emails identifies him and indicates his approval of the information communicated, that the method was as reliable as appropriate and that the plaintiff consented to to the method. I am satisfied that the agreement is 'signed' for the purposes of s 45(2). Signing without a Signature Where things get more difficult is why headers to an email would help to signify that a document is signed. In the cases listed (Mason 2007 10.21, 10.24), the courts leaned heavily on a 'mosaic' of emails that authenticated that an exchange had taken place (such as an offer and acceptance in contract law) and that the parties were aware of the import. Thus, the courts accepted that emails could be accepted as signed apparently on the basis of (a) a header including a recognised and familiar email address, and (b) participation in a wider context that made the function and purpose clearly indicate a conclusion of intent. The same logic would apply to faxes and to telexes. Which leads us to an important conclusion on the form of a signature, as opposed to signing; you may take the above to mean that a header is a signature , and indeed the bullet list above suggests precisely that. That is the wrong conclusion. Instead, the courts generally concluded that the emails were signed, resting partly on the identification function of the header, but also on the intent found in the words. They did not designate or declare the header itself to be a form of signature. Hence, it is possible to sign without a signature. In such cases, it can be suggested that any form of the signature is absent, as there is no token in particular. Once again we must thrash this horse; it is the act and function of signing the document that is at issue, not the form of any signature. Indeed there may appear no tangible or identifiable form or token that can be designated as a signature. What Fails to be a Token of Signing Equally important then is to investigate what forms have been found not to be a signature. Tantalisingly, Mason (2007, Chapter 2) drifts from signing across to sealing , or the use of a traditional seal. These older customary marks come in several forms, being wax with impression of some pattern, a pre-printed patterned paper circle pasted on a document, or a physical impression made over a document with a crimping tool. Curiously, the use of a seal is separate and distinct to signing; it seems to be based on customs and laws that certain documents such as Wills & Last Testaments should be sealed as well as signed. Consider the following illustrative quotes: "that sealing is signing, I am not convinced; for sealing identifies nothing; it carries no character ... and most seals are affixed by the stationers, who prepare the paper." Sir John Strange, (Mason 2007 page 58). "It is true that one piece of wax may serve a number of people, if each of them impress it himself, or one for all, but the proper authority, or in the presence of all, .." Lord Denman CJ, (Mason 2007 page 60). "Now, whether the mark is made by a pen or by some other instrument cannot make a difference, neither can it in reason make a difference that a fac-simile of the whole name was impressed on the will instead of a mere mark or X." Sir C. Creswell, (Mason 2007 page 73). Hence, sealing is not signing, nor is signing, sealing. Then, the presence or absence of the (impression of a) seal then is not enough for the court to decide a document was or was not signed (which, again, is a different question as to whether it is sealed). A court will look for other clues to help that determination. For example, in the USA, use of a Japanese seal, or "chop", has been accepted as signing a commercial contract (Mason 2007 2.36). I would speculate (Mason does not) that the court incorporated the customs of Japan into its analysis, where the chop is traditionally used in the signing function. In contrast, a seasonal greeting paper seal, containing the words "Merry Christmas. American Red Cross, 1912 Happy New Year." was accepted for a will, as the seal was also manually inscribed with the initials of the testator (Mason 2007 2.36). The writing of the testator's initials, by pen, was evidence that the testator was intending to sign the document. Note that I stress the case law on use of seals for two purposes: sealing is in Mason as not always being accepted automatically as signing (although cases went both ways), and because of the similarity between seals and electronic signature devices. What would make a good Signature We can now move to create a set of requirements that capture the above. A good mechanism for signing would include these features: identifies the signatory, indicates an intent, identifies the entire document, or to paraphrase Sir William Grant, "authenticates the instrument so as to govern the whole instrument" (Mason 2007 10.22), and and is appropriate for the function so being intended. Conclusions for Electronic Signatures In summary, the fundamental need is to understand and interpret the act of signing before any discussion of the form of signature can take place. By considering the functions needed, we can also understand why forms are so varied. By considering how courts aim to identify intent, and do not stress form, we can also consider how systems might be built to meet that goal. Casting an eye to the above requirements, it can be easily seen then that electronic signatures, and their narrow siblings, digital signatures, only succeed well at the first requirement: to identify the signatory. Especially, digital signatures fail to establish intent in any reliable sense, and their ability to identify an entire instrument is easily broken (c.f., Ricardian Contracts). Finally, as form follows function, and as purposes of signing vary tremendously, severe doubt is cast on any one form being a catch-all or universal method. Thus, contemporary technological discussions that discuss mechanisms of signatures are built on a foundation of sand. Treat with care any such discussion. Afterword There endeth this poor scribe's attempt to define signatures and signing. Why do I need this? Other than the general joy of wisdom, I wish to examine whether a digsig can form part of the function of signing. Obviously, some people have sold this as a done deal; painfully, the english common law will likely have no truck with their intentions, as I hope is outlined above. It seems that the presence of a digsig will likely be ignored by courts in many cases, simply because it is poor evidence of intent. That controversy aside, what should a wayward supplier of digsigs do? What would a CPS need to state if it were to rule on the use of digsigs in an evidentiary fashion? Is a digsig a signature and can its presence provide any useful evidence of intent? Or, are they mere "authenticators", cryptographically-sound evidence of documents unchanged, with no intent in mind? If they are not signatures, what could be used as signatures? And, how would you describe a protocol that would allow all of these things to work together? Two Caveats: I'll change this article if better wordings turn up. Defining signatures and signing is a work-in-progress. Secondly, this article assumes the English common law approach, and does not cover the European or civil-law approach. That should be done as well....

If you read the last few days' posts on the crisis market sometimes but erroneously known as Banking (and you should check up on Lynn's comments on CDOs to see more detail) then you might be forgiven for thinking that the job of the regulators is to ride into town and clean up all the dirty games: subprime, CDOs and toxic mortgages. It could be that way, but the truth is more complicated. The Bear Stearns affair is illustrative of the dilemmas. At one level, it's just another dirty chip in a card game where seedy reputations are being made, and dirty cards are being played, to mangle the metaphors. At another level, it is indicative that the problem is far more systemic than just another failed bank to be rescued. In short, this story was about a major bank in the US that very nearly folded its cards. At the time, Bear Stearns went through its "Barings moment" when the bad news of its impending bankrupcy turned up late Friday. By next Monday, however, instead of collapsing, a white knight rescuer in the form of Goldman Sachs JP Morgan, a top-tier investment bank, turned up to offer a charitable price of $2 per share. Bear-Stearns itself was major because it handled the biggest chunk of securities settlement. That is, the boring back-office task of swapping money for shares, or owners for owners, depending on how you look at it. Which brings to mind that if the major back-end settlement bank failed, this could clog the markets. Can you say systemic risk ? Alan Greenspan can say that with authority, and this was what prompted his fabled rescue of another major player, LTCM (for Long Term Capital Management) back in the late 1990s. When LTCM was rescued from its too-big-to-comprehend positions, the financial world sucked much breath between collective teeth. Weren't we supposed to be passed the notion of rescuing failed financial players? Wasn't the Barings failure a wake-up call that we should take our risks and carry them too? Was LTCM really that big? In the event, Alan Greenspan proved to be the supreme player of poker: The Fed didn't spend any money on the deal, and instead fingered the banks who were to share the risk. A strong implication was that the big financial players (such as Morgan and Goldman) were in deep for the profits, and they should pay up for the losses. History suggests that he more or less got it right, or right enough, even to the extent of a few rebels who short-sold him and had to be punished later on. For LTCM, the collective breath was slowly let out as the news and rumours trickled in as to how deep it was. Because of its core role in settlements, Bear Stearns may have been the same, or maybe not. The financial brethren collectively drew breach in, but early fears of systemic risk were quickly replaced by cries of "rip-off!" Just exactly how did Goldman Sachs JPMorgan manage to engineer a bargain-basement price for a key player and competitor? After some huffing and puffing, the price went up to $10, which tells us something about the real value here. Just maybe, the regulators have now moved to ask those questions: BOSTON, July 16 (Reuters) - Dozens of hedge funds and broker dealers are scrambling to send reams of e-mails and trading records to U.S. regulators probing suspected stock price manipulation, several sources at hedge funds said. The U.S. Securities and Exchange Commission recently sent subpoenas to more than 50 firms concerning trading in investment banks Bear Stearns, which was rescued in March, and Lehman Brothers Holdings Inc (LEH.N: Quote, Profile, Research), whose shares have been hurt badly by rumors about its financial health, said four sources, who have seen the documents but were not authorized to speak about them publicly. Among those receiving subpoenas was investment bank Goldman Sachs Group Inc (GS.N: Quote, Profile, Research) and prominent hedge fund firms SAC Capital Advisors LLC and Citadel Investment Group. All three were named in a recent article about the Bear collapse in Vanity Fair. Is this good news? On the surface, it sounds like hard dealing. Finally, the regulators are riding into town. Hip hip hooray! But a few things are disquieting, and cheers may be premature. Firstly, the regulators were already in on the deal, so they were already in-the-know. If they are now investigating a game they were in on, this looks no good: Either they were duped, or they were players. Secondly, the SEC has no particularly good reputation for these sorts of investigations (remember Lazio, mutual funds, etc?). It is an agency that is thought to be understaffed, under-missioned, under-enforced and generally turns up to the party after the barn has burnt to the ground. Indeed, perhaps minded by the SEC's record as a political hired-gun, Congress is musing on the possibilities of a UK-style super-regulator, and/or handing that power to the Federal Reserve. Thirdly, subpoenas are a two-edged sword. Although they might feed information to the issuer of the subpoena, they also shut down the information for anyone else. It's as simple as the players saying to everyone and anyone "we have no comment on running cases;" they've been handed a get-out-of-jail card at least as far as investigative reporting goes. Likewise, the subpoena is a club that can just as easily be wielded within an investment bank or hedge fund as against any outsider; it's a licence to martyr any whistleblower who might accidentally have a momentary attack of morals. Not only that, the information is now likely to be locked down within the SEC's investigation department, which would typically protect it fiercely for several years in a real investigation, and as long as it takes for the heat to die down in a political paid-favour. Fourthly, of the investigations I have seen, the good ones are done quietly, with surgical strikes for information. A subpoena is sent only after other tools have been exhausted because it raises the stakes in the game so high. To send 50 out at once is about as surgical as carpet-bombing. The overall sense then remains. The Bear Stearns affair smells, and rumour has it that the Brothers Lehman were seen washing at the same laundry. Who else? IndyMac? It might be a coincidence, but there is no end to the bad news for the USA Federal investigative and regulatory arms in recent years. Which brings us to the point of the article, and the lesson as to why financial cryptographers read and understand the financial markets. The financial regulators promote a model of independent and fair regulation, but this is simply not the case. Briefly, sometimes, we experience periods in history where regulators do strive to stand apart and to regulate lightly and fairly. For the benefit of more than the incumbents. But more often than not, the regulators are the best heeled but least well-equipped players in a rigged game, always on the back foot, and operating to a steady series of political favours which will generally make matters worse. With the retirement of Greenspan, and the political assassination of Spitzer, the USA markets are now normalising towards a stability of chaos. For financial cryptographers, then, it is important to understand that the structure of the market is dominating, and the regulators are players in that structure, not fair policemen, or designers of that structure. Enter that game at your peril, and if you do, understand it better than they do. Addendum: of course, not getting the names right doesn't help understanding at all... JP Morgan bought Bear Stearns, not Goldman Sachs....

Mystified by how 'sub-prime' debt engulfed Wall Street's smartest and now threatens the wider global economy? BigMac points to the Telegraph's comic strip, which might help explain how the story started: The credit crisis explained in black and white. Click to The Telegraph for partial comic strip Or to here for the fuller adult version...Or to here for the original slide show...... to which a comment on BoingBoing says: "I have it on good sources that this was actually made at Countrywide Financial"which explains why no-one wants their name on it! Also see The Economist on Freddie and Fannie: it's turtles all the way down!...

In a response to yesterday's post on the fall of the US dollar, Gunnar points out that incentives being out of alignment is no stranger to the banking world: Interestingly enough Charlie Munger identified much the same themes (not all the particulars) way back in Wesco Financial's 1990 letter: Granting the presence of perverse incentives, what are the operating mechanics that cause widespread bad loans (where the higher interest rates do not adequately cover increased risk of loss) under our present system? After all, the bad lending, while it has a surface plausibility to bankers under cost pressure, is, by definition, not rational, at least for the lending banks and the wider civilization. How then does bad lending occur so often? It occurs (partly) because there are predictable irrationalities among people as social animals. It is now pretty clear (in experimental social psychology) that people on the horns of a dilemma, which is where our system has placed our bankers, are extra likely to react unwisely to the example of other peoples' conduct, now widely called "social proof". So, once some banker has apparently (but not really) solved his cost-pressure problem by unwise lending, a considerable amount of imitative "crowd folly", relying on the "social proof", is the natural consequence. Additional massive irrational lending is caused by "reinforcement" of foolish behavior, caused by unwise accounting convention in a manner discussed later in this letter. It is hard to be wise when the messages which drive you are wrong messages provided by a mal-designed system. In order to understand what is going on in the market for banks, I think there is something that is extremely important to bear in mind. And this is: banks are no longer in banking In other words, it is more or less a myth these days that banks engage in banking, so whatever we think about banking, we shouldn't apply it to banks. How can this be? Well, let's get the theory straight: The concept of banking is this: A market in which intermediaries borrow from the public on demand and lend to the public at term. So, these intermediaries take on a risk between "demand deposits" and "term loans" that is captured in the interest rates and is protected by security. Etc etc. "Term" here means a long time, long enough such that there is no easy way to predict the economic future. This is a highly significant risk, and what causes banking to be different. However, with the invention of securitization in the 1970s or so, while the intermediaries (sometimes known as banks) still borrowed from the public on demand, and created loans at term, they then went on to sell those term loans to the public. Banks are no longer lending at term, or more precisely are no longer exposed to the ramifications of term, themselves. They therefore enter into these term loans at little risk to themselves. Hence, although they are still styled as banks, and are regulated as "in banking", they are not actually engaging in the trade of banking. To be doing banking, you must engage in both sides of the equation; that special risk by being on both sides is the reason for the special subsidy and regulation of banking. Securitization removes that risk. Hence, banks are now encouraged to do as many loans as possible, without worrying about the term risks. That is someone else's problem. Do I hear subprime ? So while Charlie Menger's comment that there is a herd effect and a sociological effect that drives bad lending, the answer is much simpler. There is no dilemma, as banks don't need to lend wisely, they simply aren't at risk. Having said that, it is going to take another decade or so for regulators and the public to wake up to this state of affairs. The banking subsidy is a licence to make money, and no bank wants to lose such a franchise, especially now that they've got out of the risky business of banking. It'd be a crime to let the easy money go!...

Oil, geopolitics, those pesky Russians, irrational Bay Area exuberance, the drums of war, Sir Alan's folly, the cheeky Chinese, the conceit of monetarism, or, that inept circus known as the Bush Administration? We all know the dollar is collapsing, but what we don't know is (a) why, and (b) where to? JPM sent news last month of the latest RBS brief that says, in brief, to hell in a handbasket: The Royal Bank of Scotland has advised clients to brace for a full-fledged crash in global stock and credit markets over the next three months as inflation paralyses the major central banks. "A very nasty period is soon to be upon us - be prepared," said Bob Janjuah, the bank's credit strategist. A report by the bank's research team warns that the S&P 500 index of Wall Street equities is likely to fall by more than 300 points to around 1050 by September as "all the chickens come home to roost" from the excesses of the global boom, with contagion spreading across Europe and emerging markets. Heady stuff! The essential problem is that the US economy, and/or the government, and/or the Americans, has overspent. The old story is the inflation one: too many dollars washing around causes too much investment, and then a little inflation, and a little more and a little more and a lot more ... until the government decides to put the brakes on because the lenders want more than can be returned. But the brakes take a few years to change the pace, and a few more years of pain and a few more years of rebuilding. By the time all the damage is repaired, we have forgotten where it came from, so nobody really believes this stuff anyway, and we're ready to live the good times again! It's our turn! Hysteresis being a wonderful thing, we enter what is quaintly called the Austrian Business Cycle, and the economy bounces around like a yoyo from generation to generation. Except: supposedly with the death of Keynes and the rise of the Austrians and the new enlightened central banking age, we were supposed to be passed all that. What went wrong? That is what is flumoxing the fundamentalists amongst us. What we know is that we've never been here before, and like other complicated stories, there are *many factors*. Here's my attempt at listing the forces: 1. The 1990s Internet/tech boom caused a massive jolt to business, in effect a "productivity shock" albeit upwards. Productivity was kicked upwards in those areas effected. This released additional value into other areas, which had the effect of releasing additional investment into other areas. In a sense, the overall effect was inflationary, because the existing money stock was being used more effectively. 2. Because of the climb in productivity, the economy grew rapidly. This meant an increased demand for money, which central banks were happy to accomodate. However, because of the release of value, this also had the effect of increasing the supply of money. More inflation. 3. Around 2000, when most households in the USA had acquired their obligatory new-age accessory, the PC, the wheels came off the Internet boom. Which should have been expected to put an end to the general boom in the economy. Predictably, Alan Greenspan boosted up money creation to soften the blow. 4. In comes Bush: "Cry Havoc! and let slip the dogs of war!" Which unleashed the wildcats of spending. Well, maybe..., opinions might be divided on what the causes where, but the fact remains that this President has doubled the national debt of USA from 2001 to now, and that's one big achievement that we can all be proud of. 5. Which, as war talk inevitably does, leads to the observation that certain countries were targetted, and nobody has any clue what the metric was. If you know, please write in, with evidence if possible. Which, more importantly, resulted in an explosion of that old disease: Fear, Uncertainty and Doubt. In this case, monetary FUD meant that those who *might* be targetted worried about their over-dependency on that ultimate class of financial oil: the dollar. Gold went up . . . . 5.b Sometime around 2002-2003, countries started shifting out of the dollar. Slowly. Gently. Pretending not to. Refer to cartel and game theory to understand the theatre here. Either way, the shine was off, especially for those at the nexus of confusion: Islamic, oil-exporting, non-USA trade partners such as Libya, Iran, Iraq. 6. Which was extraordinarily lucky for Europe, as just around the right time, the Euro burst into life, giving a currency of impeccable (Bundesbank) anti-inflation credentials. The Bundesbank was located in Frankfurt. The ECB is located in Frankfurt, too. This is no accident. So, countries found it relatively easy to justify shifting a large part of their reserves to Euros. Slowly, Gently, Pretending Everything But. 7. Which meant all this dollar surplus went washing back to the US, at around the same time as the Bush administration was borrowing more, spending more, warring more. It may never be officially confirmed, but the Fed was on the case by 2003, and managing the process of absorbing a more than normal homeward bound flow of dollars. Not a happy picture. Monetarily speaking, although the tech boom was over, the money boom carried on, and there wasn't a darn thing the Fed could do about it, because those darn foreigners insisted on buying real assets in paper dollars. Hello, housing boom. 8. The dollar went down. Consistently, from around 2001. Which would have been fine, all things being equal, as this just means we buy less Airbuses, more Boeings, etc, until it all balances out. 9. However, as the dollar was the trading currency of the world, things were decidedly not equal. By fiat of Bretton Woods, as it were. Monetary policy has never really considered wholesale redemptions by the world's customers, so it was an open question as to what would happen. In this case, those wiley Europeans, those cunning Chinese, those devilish Japanese, and even the happy go lucky Aussies ... all decided to *help the Fed*. And, help in this case, turned out to be letting their currencies go down as well. Which means, they issued more money, and inflated under the umbrella, while the Fed was swallowing more, while the Bush administration was borrowing more. In essence, this meant the real corrections were delayed and hidden, because the currency markets were more or less in balance. 10. Not so real assets: Gold went up. Housing boomed. Dollars went down, and the other nationals went downish, enjoying the chance, because they won profit by their favour to the Fed. And, what happens when everyone inflates at the same time? 11. Commodities first, but then foodstuffs, and finally ordinary stuff went up in price. Tech stuff still continued going down because the tech machine was still rolling, if not booming. Stuff that was made in the new wunderfabrik of China went down in price, as that vast empire of cheap labour opened up. In sum, nobody noticed that the central banks, all of them, were stealing the bounty of the lowering dollar, the tech productivity shock, and the China export trade. So much for the vaunted anti-inflation reputations. 12. Hence, in short summary, the military expenditures took over from the tech bubble. The dogs-of-war chased dollar-holders who went scurrying across to the Euro, creating a dollar bubble which underwrote the housing bubble. All hard assets boomed around the western world. Everything boomed in the US, except fiscal balance. 13. Which all came to a close when the oil shock hit. The shock was triggered by the boys-own adventures of Bush and his chums in the great game (a euphemism for interference and manipulation in the Middle East). However, be careful: we have to factor in around 50 years of manipulation of the oil supply industry, which caused an imbalance waiting to collapse. This supply-side manipulation can be seen in new oil fields like Alaska, there is so much oil washing around there that some say that if it were fed to the US market, the prices would drop to around zero and Kissinger's fabled contracts with the sheikhs would collapse. Which would collapse the dollar. Apparently, if there's anything that Washington fears more than an open market in Middle Eastern democracy, it is an open market in oil. 14. Never minding the source of the shock, it was the straw that broke the camel's back: Cash that was previously washing around from other sources was sucked up by the new demands on oil (which feeds into practically every other sector of the physical goods economy) and this caused the investment, housing and other booms to break. Then, the fundamentalists (those traders who believe in long term trends and numbers) started to take a good hard look at the real numbers, and people got scared. "Withdraw from everything!" ... Fundamentalists knew the USA economy was out of balance in around 2000, when the tech bubble burst ... something should have happened then, but to our surprise, nothing much happened (unless you had a tech job, that was pretty dire). What caught us out is how many other factors were involved, how deep the USA trap was, and how long it took for these huge, massive imbalances to come home to roost. If it is any comfort, this is going to be as well studied as the Great Recession, for the same reasons: the monetary authorities and the governments got it all wrong. Here we are, staring at recession. It's hard to recommend what to do, but it should be to reduce dependency on the US dollar, anyway you can. Whatever you have in mind, do it quickly....

Since the famous Bill Gates Memo, around the same time as phishing and related frauds went institutional, Microsoft has switched around to deal with the devil within: security. In so doing, it has done what others should have done, and done it well. However, there was always going to be a problem with turning the super-tanker called Windows into a battleship. I predicted a while back that (a) Vista would probably fail to make a difference, and (b) the next step was to start thinking of a new operating system. This wasn't the normal pique, but the cold-hearted analysis of the size of the task. If you work for 20 years making your OS easy but insecure, you don't have much chance of fixing that, even with the resources of Microsoft. The Economist brings an update on both points. Firstly, on Vista's record after 18 months in the market: To date, some 140m copies of Vista have been shipped compared with the 750m or more copies of XP in daily use. But the bulk of the Vista sales have been OEM copies that came pre-installed on computers when they were bought. Anyone wanting a PC without Vista had to order it specially. Meanwhile, few corporate customers have bought upgrade licences they would need to convert their existing PCs to Vista. Overwhelmingly, Windows users have stuck with XP. Even Microsoft now seems to accept that Vista is never going to be a blockbuster like XP, and is hurrying out a slimmed-down tweak of Vista known internally as Windows 7. This Vista lite is now expected late next year instead of 2010 or 2011. It's not as though Vista is a dud. Compared with XP, its kernel—the core component that handles all the communication between the memory, processor and input and output devices—is far better protected from malware and misuse. And, in principle, Vista has better tools for networking. All told, its design is a definite improvement—albeit an incremental one—over XP. Microsoft tried and failed to turn it around, security+market-wise. We might now be looking at the end of the franchise known as Windows. To be clear, while we are past the peak, any ending is a long way off in the distant future. Classical strategy thinking says that there are two possible paths here: invest in a new franchise, or go "cash-cow". The latter means that you squeeze the revenues from the old franchise as long as possible, and delay the termination of the franchise as long as possible. The longer you delay the end, the more revenues you get. The reason for doing this is simple: there is no investment strategy that makes money, so you should return the money to the shareholders. There is a simple example here: the music majors are decidedly in cash-cow, today, because they have no better strategy than delaying their death by a thousand file-shares. Certainly, with Bill Gates easing out, it would be possible to go cash-cow, but of course, we on the outside can only cast our augeries and wonder at the signs. The Economist suggests that they may have taken the investment route: Judging from recent rumours, that's what it is preparing to do. Even though it won't be in Windows 7, Microsoft is happy to talk about “MinWin”—a slimmed down version of the Windows core. It’s even willing to discus its “Singularity” project—a microkernel-based operating system written strictly for research purposes. But ask about a project code-named “Midori” and everyone clams up. By all accounts, Midori (Japanese for “green” and, by inference, “go”) capitalises on research done for Singularity. The interesting thing about this hush-hush operating system is that it’s not a research project in the normal sense. It's been moved out of the lab and into incubation, and is being managed by some of the most experienced software gurus in the company. With only 18 months before Vista is to be replaced, there's no way Midori—which promises nothing less than a total rethink of the whole Windows metaphor—could be ready in time to take its place. But four or five years down the road, Microsoft might just confound its critics and pleasantly surprise the rest of us. Comment? Even though I predicted Microsoft would go for a new OS, I think this is a tall order. There are two installed bases in the world today, being Unix and Windows. It's been that way for a long time, and efforts to change those two bases have generally failed. Even Apple gave up and went Unix. (The same economics works against the repeated attempts to upgrade the CPU instruction set.) The flip-side of this is that the two bases are incredibly old and out-of-date. Unix's security model is "ok" but decidedly pre-PC, much of what it does is simply irrelevant to the modern world. For example, all the user-to-user protection is pointless on a one-user-one-PC environment, and the major protection barrier has accidentally become a hack known as TCP/IP, legendary for its inelegant grafting onto Unix. Windows has its own issues. So we know two things: a redesign is decades over-due. And it won't budge the incumbents; both are likely to live another decade without appreciable change to the markets. We would need a miracle, or better, a killer-app to budge the installed base. Hence the cold-hearted analysis of cash-cow wins out. But wait! The warm-blooded humanists won't let that happen for one and only one reason: it is simply too boring to contemplate. Microsoft has so many honest, caring, devoted techies within that if a decision were made to go cash-cow, there would be a mass-defection. So the question then arises, what sort of a hybrid will be acceptable to shareholders and workers? Taking a leaf from recent politics, which is going through a peak-energy-masquerade of its own these days, some form of "green platform" has appeal to both sides of the voting electorate....

Lots of chatter is seen in the security places about a patch to DNS coming out. It might be related to Dan's earlier talks, but he also makes a claim that there is something special in this fix. The basic idea is that DNS replies are now on randomised ports (or some such) and this will stop spoofing attempts of some form. You should patch your DNS. Many are skeptical, and this gives us an exemplary case study of today's "security" industry: Ptacek: If the fix is “randomize your source ports”, we already knew you were vulnerable. Look, DNS has a 16 bit session ID… how big is an ASPSESSIONID or JSESSIONID? When you get to this point you are way past deck chairs on the titanic, but, I mean, the web people already know this. This is why TLS/SSL totally doesn’t care about the DNS. It is secure regardless of the fact that the DNS is owned. Paraphrased: "Oh, we knew about that, so what?" As above, much of the chatter in other groups is about how this apparently fixes something that is long known, therefore insert long list of excuses, hand-wringing, slap-downs, and is not important. However, some of the comments are starting to hint at professionalism. Nathan McFeters writes: I asked Dan what he thought about Thomas Ptacek’s (Thomas Ptacek of Matasano) comments suggesting that the flaw was blown out of proportion and Dan said that the flaw is very real and very serious and that the details will be out at Black Hat. Dan mentioned to me that he was very pleased with how everything has worked with the multi-vendor disclosure process, as he said, “we got several vendors together and it actually worked”. To be honest, this type of collaboration is long overdue, and there’s a lot of folks in the industry asking for it, and I’m not just talking about the tech companies cooperating, several banking and financial companies have discussed forums for knowledge sharing, and of course eBay has tried to pioneer this with their “eBay Red Team” event. It’s refreshing to here a well respected researcher like Dan feeling very positive about an experience with multiple vendors working together (my own experience has been a lot of finger pointing and monkey business). Getting vendors to work together is quite an achievement. Getting them to work on security at the same time, instead of selling another silver bullet, is extraordinary, and Dan should write a book on that little trick: Toward addressing the flaw, Kaminsky said the researchers decided to conduct a synchronized, multivendor release and as part of that, Microsoft in its July Patch Tuesday released MS08-037. Cisco, Sun, and Bind are also expected to roll out patches later on Tuesday. As part of the coordinated release, Art Manion of CERT said vendors with DNS servers have been contacted, and there’s a longer list of additional vendors that have DNS clients. That list includes AT&T, Akamai, Juniper Networks, Inc., Netgear, Nortel, and ZyXEL. Not all of the DNS client vendors have announced patches or updates. Manion also confirmed that other nations with CERTs have also been informed of this vulnerability. Still, for the most part, the industry remains fully focussed on the enemy within, as exemplified by Ptacek's comment above. I remain convinced that the average "expert" wouldn't recognise a security fix until he's been firmly wacked over the head by it. Perhaps that is what Ptacek was thinking when he allegedly said: If the IETF would just find a way to embrace TLS/X509 instead griping about how Verisign is out to get us we wouldn’t have this problem. Instead, DNSSEC tried to reinvent TLS by committee… well, surprise surprise, in 2008, we still care about 16 bit session IDs! Go Internet! Now, I admit to being a long-time supporter of TLS'ing everything (remember, there is only one mode, and it is secure!) but ... just ... Wow! I think this is what psychologists call the battered-wife syndrome; once we've been beaten black and blue with x.509 for long enough, maybe we start thinking that the way to quieten our oppressor down is to let him beat us some more. Yeah, honey, slap me with some more of that x.509 certificate love! Harder, honey, harder, you know I deserve it! Back to reality, and to underscore that there is something non-obvious about this DNS attack that remains unspoken (have you patched yet?), the above-mentioned commentator switched around 540 degrees and said: Patch Your (non-DJBDNS) Server Now. Dan Was Right. I Was Wrong. Thanks to Rich Mogull, Dino and I just got off the phone with Dan Kaminsky. We know what he’s going to say at Black Hat. What can we say right now? 1. Dan’s got the goods. ... Redeemed! And, to be absolutely clear as to why this blog lays in with slap after slap, being able to admit a mistake should be the first criteria for any security guy. This puts Thomas way ahead of the rest of them. Can't say it more clearly than that: have you patched your DNS server yet?...

I've notched up two events in London: the International Conference on Digital Evidence 10 days ago, and yesterday I attended BarCampBankLondon. I have to say, they were great events! Another great conference in our space was the original FC in 1997 in Anguilla. This was a landmark in our field because it successfully brought together many disciplines who could each contribute their specialty. Law, software, cryptography, managerial, venture, economics, banking, etc. I had the distinct pleasure of a professor in law gently chiding me that I was unaware of an entire school of economics known as transaction economics that deeply affected my presentation. You just can't get that at the regular homogeneous conference, and while I notice that a couple of other conferences are laying claim to dual-discipline audiences, that's not the same thing as Caribbean polyglotism. Digital Evidence was as excellent as that first FC97, and could defend a top rating in conferences in the financial cryptography space. It had some of interactivity, perhaps for two factors: it successfully escaped the trap or fixation on local jurisdiction, and it had a fair smattering of technical people who could bring the practical perspective to the table. Although I'd like to blog more about the presentations, it is unlikely that I can travel that long journey; I've probably enough material for a month, and no month to do it in. Which highlights a continuing theme here at on this blog: there is clearly a hole in the knowledge-to-wisdom market. It is now even an archaic cliche that we have too much data, too much information to deal with, so how do we make the step up through knowledge and on to wisdom? Conferences can help; but I feel it is far too easy to fall into the standard conference models. Top quality names aimed at top paying attendees, blindness by presumptions about audience and presenters (e.g., academic or corporate), these are always familiar complaints. Another complaint is that so much of the value of conferences happens when the "present" button is set to "off". And that leads to a sort of obvious conclusion, in that the attendees don't so much want to hear about your discoveries, rather, what they really want is to develop solutions to their own problems. FC solved this in a novel way by having the conference in the Caribbean and other tourist/financial settings. This lucky choice of a pleasant holiday environment, and the custom of morning papers leaving afternoons freer made for a lot of lively discussion. There are other models. I experimented at EFCE, which Rachel, Fearghas and I ran a few years back in Edinburgh. My call (and I had to defend my corner on this one) was that the real attendees were the presenters. If you could present to peers who would later on present to you, then we could also more easily turn off the button and start swapping notes. If we could make an entire workshop of peers, then structure would not be imposed, and relationships could potentially form naturally and evolve without so many prejudices. Which brings us to yesterday's event: BarCampBankLondon. What makes this bash unusual is that it is a meeting of peers (like EFCE), there is a cross-discipline focus (finance and computing, balanced with some legal and consulting people) and there isn't much of an agenda or a selection process (unlike EFCE). Addendum: James Gardner suggests that other conferences are dead, in the face of BarCamp's model. I'm all for experimentation, and BCBL seemed to manage the leading and focussing issue with only the lightest of touches. What is perhaps even more indicative of the (this?) process was that it was only 10 quid to get in, but you consume your Saturday on un-paid time. Which is a great discriminator: those who will sacrifice to work this issue turned up, and those looking for easy, paid way to skive off work did not. So, perhaps an ideal format would be a BarCamp coupled with the routine presentations? Instead of a panel session (which I find a bit fruitless) replace one afternoon with a free-for-all? This is also quite similar to the "rump sessions" that are favoured in the cryptography world. Something to think about when you are running your next conference....

Spiegel reports that a German lower court ("Amtsgerichts Wiesloch (Az4C57/08)") has found a bank responsible for malware-driven transactions on a user's PC. In this case, her PC was infected with some form of malware that grabbed the password and presumably a fresh TAN (German one-time number to authenticate a single transaction) and scarfed 4000 euros through an eBay wash. Unfortunately only in German, and so analysis following is highly limited and unreliable. It appears that the court's logic was that as the transaction was not authenticated by the user, it is the bank's problem. This seems fairly simple, except that Microsoft Windows-based PCs are difficult to keep clean of malware. In this case, the user had a basic anti-virus program, but that's not enough these days (see top tips on what helps). We in the security field all knew that, and customers are also increasingly becoming aware of it, but the question the banking and security world is asking itself is whether, why and when the bank is responsible for the user's insecure PC? Shouldn't the user take some of the risk for using an insecure platform? The answer is no. The risk belongs totally to the bank in this case, in the opinion of the Wiesloch court, and the court of financial cryptography agrees. Consider the old legal principle of putting the responsibility with the party best able to manage it. In this case, the user cannot manage it, manifestly. Further, the security industry knew that the Windows PC was not secure enough for risky transactions, and that Microsoft software was the dominant platform. The banking industry has had this advice in tanker-loads (c.f. EU "Finread"), and in many cases banks have even heeded the advice, only to discard it later. The banking industry decided to go ahead in the face of this advice and deploy online banking for support cost motives. The banks took on this risk, knowing the risk, and knowing that the customer could not manage this risk. Therefore, the liability falls completely to the bank in the basic circumstances described. In this blog's opinion ! (It might have been different if the user had done something wrong such as participate in a mule wash or had carried on in the face of clear evidence of infection.) There is some suggestion that the judgment might become a precedent, or not. We shall have to wait and see, but one thing is clear, online banking has a rocky road ahead of it, as the phishing rooster comes home to roost. For contrary example, another case in Cologne (Az: 9S195/07) mentioned in the article put the responsibility for EC-card abuse with the customer. As we know, smart cards can't speak to the user about what they are doing, so again we have to ask what the Windows PC was saying about the smart card's activities. If the courts hold the line that the user is responsible for her EC-card, then this can only cause the user to mistrust her EC-card, potentially leading to yet another failure of an expensive digital signing system. The costs for online banking are going to rise. A part of any solution, as frequently described by security experts, is to not trust widely deployed Microsoft Windows PCs for online banking, which in effect means PCs in general. A form of protection is fielded in some banks whereby the user's mobile phone is used to authenticate the real transaction over another channel. This is mostly cheap and mostly effective, but it isn't a comprehensive or permanent solution....

My notes of a presentation by Dr Ugo Bechini at the Int. Conf. on Digital Evidence, London. As it touches on many chords, I've typed it up for the blog: The European or Civil Law Notary is a powerful agent in commerce in the civil law countries, providing a trusted control of a high value transaction. Often, this check is in the form of an Apostille which is (loosely) a stamp by the Notary on an official document that asserts that the document is indeed official. Although it sounds simple, and similar to common law Notaries Public, behind the simple signature is a weighty process that may be used for real estate, wills, etc. It works, and as Eliana Morandi puts it, writing in the 2007 edition of the Digital Evidence and Electronic Signature Law Review: Clear evidence of these risks can be seen in the very rapid escalation, in common law countries, of criminal phenomena that are almost unheard of in civil law countries, at least in the sectors where notaries are involved. The phenomena related to mortgage fraud is particularly important, which the Mortgage Bankers Association estimates to have caused the American system losses of 2.5 trillion dollars in 2005. OK, so that latter number came from Choicepoint's "research" (referenced somewhere here) but we can probably agree that the grains of truth sum to many billions. Back to the Notaries. The task that they see ahead of them is to digitise the Apostille, which to some simplification is seen as a small text with a (dig)sig, which they have tried and tested. One lament common in all European tech adventures is that the Notaries, split along national lines, use many different systems: 7 formats indicating at at least 7 softwares, frequent upgrades, and of course, ultimately, incompatibility across the Eurozone. To make notary documents interchangeable, there are (posits Dr Bechini) two solutions: a single homogenous solution for digsigs; he calls this the "GSM" solution, whereas I thought of it as a potential new "directive failure". a translation platform; one-stop shop for all formats A commercial alternative was notably absent. Either way, IVTF (or CNUE) has adopted and built the second solution: a website where documents can be uploaded and checked for digsigs; the system checks the signature, the certificate and the authority and translates the results into 4 metrics: Signed - whether the digsig is mathematically sound Unrevoked - whether the certificate has been reported compromised Unexpired - whether the certificate is out of date Is a notary - the signer is part of a recognised network of TTPs In the IVTF circle, a notary can take full responsibility for a document from another notary when there are 4 green boxes above, meaning that all 4 things check out. This seems to be working: Notaries are now big users of digsigs, 3 million this year. This is balanced by some downsides: although they cover 4 countries (Deustchland, España, France, Italy), every additional country creates additional complexity. Question is (and I asked), what happens when the expired or revoked certificate causes a yellow or red warning? The answer was surprising: the certificates are replaced 6 months before expiry, and the messages themselves are sent on the basis of a few hours. So, instead of the document being archived with digsig and then shared, a relying Notary goes back to the originating Notary to request a new copy. The originating Notary goes to his national repository, picks up his *original* which was registered when the document was created, adds a fresh new digsig, and forwards it. The relying notary checks the fresh signature and moves on to her other tasks. You can probably see where we are going here. This isn't digital signing of documents, as it was envisaged by the champions of same, it is more like real-time authentication. On the other hand, it does speak to that hypothesis of secure protocol design that suggests you have to get into the soul of your application: Notaries already have a secure way to archive the documents, what they need is a secure way to transmit that confidence on request, to another Notary. There is no problem with short term throw-away signatures, and once we get used to the idea, we can see that it works. One closing thought I had was the sensitivity of the national registry. I started this post by commenting on the powerful position that notaries hold in European commerce, the presenter closed by saying "and we want to maintain that position." It doesn't require a PhD to spot the disintermediation problem here, so it will be interesting to see how far this goes. A second closing thought is that Morandi cites ... the work of economist Hernando de Soto, who has pointed out that a major obstacle to growth in many developing countries is the absence of efficient financial markets that allow people to transform property, first and foremost real estate, into financial capital. The problem, according to de Soto, lies not in the inadequacy of resources (which de Soto estimates at approximately 9.34 trillion dollars) but rather in the absence of a formal, public system for registering property rights that are guaranteed by the state in some way, and which allows owners to use property as collateral to obtain access to the financial captal associated with ownership. But, Latin America, where de Soto did much of his work, follows the Civil Notary system! There is an unanswered question here. It didn't work for them, so either the European Notaries are wrong about their assertation that this is the reason for no fraud in this area, or de Soto is wrong about his assertation as above. Or?...