Inaccurate study quoting, Re: anti-crypto rhetoric (Ellison,

Peter Sommer hcorn at cix.co.uk
Sat, 4 Apr 1998 6:41 +0000 (GMT) 

The problem with the Denning / Baugh report is that some of the "cases"
are very difficult to verify. For example:  the London Cryptoviral
extortion is  attributed to "McCormack96" which turns out to be Elsevier's
Computer Fraud & Security newsletter (for which I am listed as an advisor,
btw) but the newsletter article is just a rehash of a discredited London
Sunday Times piece;  few people here in London now believe the story.  The
"Cali cartel" story, checked back to the cited source,  has few details.
 Nothing is cited for "Terrorist attacks on business".   Emma Nicholson,
the former UK MP and presenter of the failed Anti-Hacking Bill and cited
as a source for a "British blackmailer"  never produced her "large
dossier" of cases for any scrutiny.

There is simply too much unsupported  "there is a rumor.."  "we have also
heard..."

Academics,  however distinguished,   really should do more than simply
repeat convenient rumours.

On the question of CART's estimates of the numbers of computer forensics
cases - how on earth can anyone know?  I don't publish the details of most
of the ones I handle - some of the criminal defence cases end up as guilty
pleas or are dropped by the prosecution before trial so that there is no
way anyone can guess whether computer forensics played a part or not.  For
civil cases it is even more difficult to tell.  Even though I know a fair
number of people in this field here in the UK I couldn't even begin to
make an estimate - there are 44 police forces,  Customs & Excise have a
large specialist unit,  many of the forensics labs now have facilities,
there are some private practitioners.   As Donn Parker says,  why do
people persist in providing "statistics" when it is obviously almost
impossible to produce anything remotely worthwhile?

FWIW:  I have come across a few instances of encrypted or
partially-encrypted disks but none of encrypted comms.


|---->   Peter Sommer   ------------------------------------------->|
|---->   hcorn@cix.co.uk   P.M.Sommer@lse.ac.uk  ------------------>|
|---->   Academic URL:  http://csrc.lse.ac.uk/csrc/pmscv.htm  ----->|
|---->   Commercial URL:  http://www.virtualcity.co.uk  ----------->|