The fundamental reason why this is a big deal is that in the UK, the repercussions of fraud are skewed towards customers rather than the banks. The relevant legal standard is that customers must exercise "reasonable care" with their PIN if the bank is to bear the cost of fraud. Of course, banks always insist that their systems are secure, and that it was the customer's fault. http://www.timesonline.co.uk/tol/money/consumer_affairs/arti...
The Cambridge team has been investigating vulnerabilities in the EMV standard underlying Chip and PIN (ubiquitous in the UK) for a long time.
From 2006: http://www.lightbluetouchpaper.org/2006/03/15/chip-and-skim/
If I understand correctly they first started to find serious vulnerabilities in 2009.
Blog post: http://www.lightbluetouchpaper.org/2009/08/25/defending-agai...
Paper: "Optimised to Fail: Card Readers for Online Banking" http://www.cl.cam.ac.uk/~sd410/papers/optimised_fail.pdf
They escalated that attack in 2010.
The private key cannot be read from the chip without the use of a tunneling microscope or other hardware exotics. In fact it is not untypical for a chip to have a built-in protection against key retrieval that is set to physically fry the chip. The PIN is used to tell the chip to do the digital signing. No PIN = no signing.
That's how it works in general. This application of the smartcard technology is almost 20 years old, so while there are some variations one could still call it sufficiently mature :grin
That may or may not be case (there is no way for customers to check that), but the problem is that this encrypted communication is between some third party's terminal and my bank, not between my chip and my bank. IIRC correctly, the protocol in the end boils down to:
- bank asks terminal 'Can you verify that the customer is who he claims to be?'
- terminal asks user for PIN
- terminal asks chip: is this PIN correct?
- chip replies: yes.
So, I have to trust that the terminal will not e.g. put my PIN on Twitter.
Worse, that terminal-chip communication is not encrypted. Hence, it is vulnerable to a man-in-the-middle attack. That is what 'chip and PIN is broken' demonstrated.
- bank asks terminal "Here's a random token, have the chip sign it with its private key"
- terminal asks the customer for the PIN
- terminal feeds PIN into the chip, and this enables signing function
- terminal feeds bank's token into the chip, gets the signature back and forwards it to the bank
What you described looks like something designed by a layman with very basic understanding of the cryptography. I will not be shocked if this was in fact deployed, but I still find it very unlikely.
A man in the middle can hide the "check this PIN" request that the terminal sends from the chip and send a "PIN is OK" reply to the terminal. That way, the terminal thinks PIN check succeeded, and the chip thinks it is doing a payment without PIN check.
This has actually happened: http://business.timesonline.co.uk/tol/business/law/article71...
So it's not sufficient just to host a fake machine and expect it to be accepted within the EMV infrastructure (cards, POC machines and backend processors).
The University of Cambridge is legally obliged to stand behind this research under the 1986 Education Act which states:
(2) The duty imposed by subsection (1) above includes
(in particular) the duty to ensure, so far as is
reasonably practicable, that the use of any premises
of the establishment is not denied to any individual
or body of persons on any ground connected with—
(a)the beliefs or views of that individual or of any
member of that body; or
(b)the policy or objectives of that body.
Perhaps not in written law, but I think you'd have a hard time convincing a judge that the British constitution does not guarantee freedom of speech.
As my legal friends as fond of pointing out, an unwritten constitution has the important advantage that its words can't be twisted the way that a written constitution can.
Can you be transported to Australia for poking the Duchess of Cornwall with a stick? What about shouting "Off with their heads!" at the Prince of Wales? 
The absence of a constitutional guarantee of free speech, and the persistence of lèse majesté offenses should be a point of embarrassment.
No, and no.
The British constitution is not a computer program applied by an automaton; issues are decided by experienced judges who, above all else, apply common sense.
(The British constitution isn't even self-consistent: The supremacy of parliament is absolute, but the 1931 Statute of Westminster places limits on that power. Constitutional scholars routinely shrug their shoulders at such matters and fall back to "well, we all know what they meant".)
I don't think that anyone will be convicted of Felony Treason. No one thinks that James Hewitt will be put to death under the Treason Act of 1351. This doesn't make the existence of such laws any less absurd or offensive.
In the US, there seems to be a proud tradition of using archaic or seldom applied laws to harass those who fail to show deference. (For example, jaywalking as a pretext for a walking-while-black offense, or wiretapping for filming police brutality.) We might as well keep a clean house to forestall that sort of nonsense.
Edit: There's also the matter of British libel law and the jurisdiction shopping that it encourages as a mechanism for harassing those who might exercise their speech rights.
I don't think anyone can seriously claim that the commerce clause of the US constitution was intended to grant the vast powers which it has been used to uphold; but because the US constitution is -- theoretically -- not subject to growth and reinterpretation the way that the Canadian or British constitutions are, a legal fiction has been adopted instead.
If the commerce clause had been interpreted within the context of the Canadian or British constitutions, it would probably have been handled as "we're going to read one new power into this" on a number of occasions, rather than the "yes, this clause gives you the power to do everything" which seems to have occurred in the US.
A constitution that can be easily re-interpreted may allow for your government
to 'turn on a dime,' but it makes no claims to whether your government is
turning in a good or bad direction.
As to the US Constitution:
* The US Constitution can be re-interpreted by the US Supreme Court through the
setting of legal precedent.
* The US Constitution can be amended by Congress. (Prohibition was a
* The current interpretation of the commerce clause could be overturned by the
US Supreme Court should a case come before them, and the make-up of the
justices leans towards overturning the current state of affairs.
Let's use your example, the Court suddenly ruling to overturn the current interpretation of the Commerce Clause. Assuming "current" means "1964 and later", this would also overturn the Civil Rights Act. The CRA was based upon the Commerce Clause, and Heart of Atlanta Motel v. United States (1964) upheld its broad definition of interstate commerce .
I would have a hard time believing Congress would follow along with a ruling that simultaneously overturned a hugely popular law and decreased their powers. (However, I am aware that there have been a few rulings that might be counterarguments.)
Epstien, Walker. Constitutional Law for a Changing America: Rights, Liberties, and Justice 5th ed. Page 658.
The Congress shall have Power...
To regulate Commerce with foreign Nations, and among the several States, and with the Indian tribes;"
Again, I mention this without endorsement of either side; I mention this just because I only recently learned about this myself.
If the Federal Government can regulate growing a half-dozen cannabis plants for personal
consumption (not because it is interstate commerce, but because it is inextricably bound up
with interstate commerce), then Congress' Article I powers -- as expanded by the Necessary
and Proper Clause -- have no meaningful limits. Whether Congress aims at the possession of
drugs, guns, or any number of other items, it may continue to "appropria[te] state police
powers under the guise of regulating commerce."
Trees that grow in unexpected ways get cut down.
Explicit amendments are far more legitimate.
The US has amended its constitution several times. If something really is a good idea, the amendment process is no real obstacle.
Except for 1000 years of legal precedence
1, Send developers to all their seminars to learn something
2, Buy them drinks
3, Sue them
in many cases banks refused to reimburse cardholders who reported unauthorised card use, claiming that their systems could not fail
p.s my reference is a blue screen of death on one :)
1 and 2 are not mutually exclusive. Exactly why is the seminar not at the local pub?
The Security II course is especially relevant. I am not sure that everyone can access these resources but the lecture notes cover a variety of modern hardware approaches to security (including chip-and-pin). Try:
I highly recommend Anderson's Security Engineering, the first edition is available online:
We have had enough "Dark Ages" in the past. Let's learn something from history.
http://www.cl.cam.ac.uk/~osc22/scd/ "Smart Card Detective"
Totally the same thing. How did I miss this?
So sure, do whatever you can get away with under your AUP, just don't expect me to respect you for it (or trust you with my data).
A news story about the initial issue:
The take down notice (pdf):