December 26th, 2010
Professor Ross Anderson's response to a request by the UK Cards Association1 that the university take down an MPhil thesis published by a student that included information about the No-PIN attack and "give [the UK Cards Association] comfort about [the university's] policy towards future disclosures." may not be as pithy as the best reply ever committed to paper, but it's equally robust:
Your letter of December 1st to Stephen Jolly has only this week been passed to me to deal with. I'm afraid it contains a number of misconceptions and factual errors.
First, your letter was not correctly addressed. The University of Cambridge is a self-governing community of scholars rather than a corporate hierarchy. [...] Omar's work was not 'published by the university' as you claim but by him. If you wanted him to take his thesis offline, you should have asked him.
However, given that the material on the No-PIN attack appears on my page as well as Omar's and Steven's, and given that Mr Jolly passed the matter to me to deal with, I expect that I can save us all a lot of time by answering directly.
Second, you seem to think that we might censor a student's thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values. [...]
[Via James Nicoll]
- That's 'cards' as in credit/debit cards, not playing cards or collectible card games. ↩