SHARP PRACTICE IN E-BANKING - FIPR REPORT -
FOR IMMEDIATE USE 5th July
At present, the risk of a forged signature is carried by whoeverrelies on it. If a shopkeeper accepts a forged cheque on your account, that is his bad luck; and if the bank pays it, it's the bank's bad luck. Governments and banks are now trying to change the rules so that with electronic transactions it will be the customer's bad luck if a payment from his account gets forged.
It's often claimed that new technologies, such as digital signaturesgenerated by smartcards, are secure enough to justify this change in the rules. They are not.
A new report from the Foundation for Information Policy Research notonly looks at what can go wrong technically, but also analyses the practices of some leading UK online banks. Despite advertising claims that consumers at not at risk, the terms and conditions imposed in the small print pass almost all of the risk to the customer.
This extensive and detailed report shows that all is not as well withe-commmerce as some would have us believe.
The report is at:
The report's authors are Nicholas Bohm, a member of the Law Society'sworking group on electronic commerce; Brian Gladman, recently retired as head of strategic electronics at NATO; and Ian Brown, of the computer science department at University College, London.
Nicholas Bohm said:
``It will do grave damage to the public confidence in electroniccommerce that is vital to its success if its advent is used as an excuse to transfer to consumers the risks that should be carried by those who implement new electronic systems.''
Ian Brown said:
``Could a computer virus sign away your house? Or a hacker transferyour savings to her account? Computer insecurity means digital signatures aren't all they're cracked up to be''
Brian Gladman said:
``I hope that this paper alerts people to the dangers of assuming that on-line banking services will protect their interests in the same waythat conventional banking services do.''
The chairman of the Foundation for Information Policy Research, RossAnderson of Cambridge University Computer Laboratory, said:
``The history of the `cash machines that could never go wrong' seemsset to repeat itself. Phantom withdrawals on the Internet seem destined to be a part of our future''
NOTES FOR EDITORS:
* The Electronic Communications Act 2000 - the first bill to havereceived the Royal Assent this millennium - gives ministers the power to make regulations which would change the rules in just this way. The regulations are expected to be published soon. An EU directive on electronic signatures is pushing all the countries in Europe to move in this direction. The US E-sign bill, which Bill Clinton signed into law last week, enables all sorts of electronic acts - not just digital signatures, but even clicking on a web link - to have the same legal force as signatures.
These laws can't just be ignored by British businesses and consumers.Clicking by accident on a link on the world-wide web can give rise to contractual obligations which can result in a judgment in a foreign court and be enforced against you here in the UK under international treaty.
* It is vitally important that ministers take care when writing theregulations. The Act can be found online at:
* The Foundation for Information Policy Research is an independent bodythat studies the interaction between information technology and society. Our goal is to identify technical developments with significant social impact, commission research into public policy alternatives, and promote public understanding and dialogue between technologists and policy-makers in the UK and Europe.
Brian Gladman 01905 748990
Ross Anderson 01223 334733