UK credit card industry tries to gag student security research

A row has broken out between Cambridge University and the UK's credit and debit card industry over a student's work on the flaws of chip-and-pin.

The card lenders' association (UKCA) has attempted to put pressure on the university to withdraw a paper, written by MPhil student Omar Choudary, that reveals some of the limitations of the card technology. In it, Choudary claimed to demonstrate that chip-and-pin authentication could be side-stepped by means of a small device.

The chair of the UKCA, Melanie Johnson, wrote to Cambridge University, claiming that publishing the details of the procedure overstepped "the boundaries of what constitutes reasonable disclosure." She went on to suggest that the publication of such details would encourage "nuisance attacks" and give organised crime new weapons to undermine the banking system.

And Choudary's professor, Ross Anderson, has waded into the dispute, accusing the card industry of trying to suppress research and stifle academic freedom instead of dealing with the problems with chip-and-pin.

In a blog, Professor Anderson, criticised the bankers' action, pointing out that only Barclay's has addressed the flaws in the technology and bemoaning the attack on academic freedom - which included attempts to not only Choudary's thesis withdrawn from the university website but to get the student's own blog taken down. To date, the university has resisted such moves and the material is still available - although the UKCA's actions have alerted many more people to what would have been an obscure research paper.