Friday, July 13, 2007

Digital signatures hit the road

There is a long discussion ongoing on the ORG list about how to explain the futility of drm to an MP. A nice little parallel gem that has come out of it is a reference to Ross Anderson's story that the use of digital tachographs by road transport companies is increasing.

"For about thirty years now, security researchers have been talking about using digital signatures in court. Thousands of academic papers have had punchlines like “the judge then raises X to the power Y, finds it’s equal to Z, and sends Bob to jail”. So far, this has been pleasant speculation...

So do magistrates really raise X to the power Y, find it’s equal to Z, and send Eddie off to jail? Not according to enforcement folks I’ve spoken to. Apparently judges find digital signatures too “difficult” as they’re all in hex. The police, always eager to please, have resolved the problem by applying standard procedures for “securing” digital evidence. When they raid a dodgy trucking company, they image the PC’s disk drive and take copies on DVDs that are sealed in evidence bags. One gets given to the defence and one kept for appeal. The paper logs documenting the procedure are available for Their Worships to inspect. Everyone’s happy, and truckers duly get fined.

In fact the trucking companies are very happy. I understand that 20% of British trucks now use digital tachographs, well ahead of expectations. Perhaps this is not uncorrelated with the fact that digital tachographs keep much less detailed data than could be coaxed out of the old paper charts. Just remember, you read it here first."

Ross's paper on the subject is terrific. He concludes that the new digital tachographs "will be extremely vulnerable to wholesale forgery of smartcards and system level manipulation; it has the potential to lead to a large scale breakdown in control." Another hi-tech success story then.

No comments: