Donate for the Cryptome archive of files from June 1996 to the present

17 January 2013. Credit for Thales' recantation goes to incorruptible security critic Ross Anderson who blogged and telephoned Thales to thrash the zealots:

16 January 2013

Thales e-Security Supports Bank Security Critique

DMCA notice:

From: Dave Harrop <Dave.Harrop[at]>
To: "cryptome[at]" <cryptome[at]>
Date: Wed, 16 Jan 2013 12:59:03 +0000
Subject: Re: Cryptome Copyright Infringement - DMCA Takedown Notice

Dear Mr Young

Further to my letter to you dated 11 January 2013 in connection with (a) the Zaxus Host Security Module RG7000, Operations and Installations Manual, 1270A513 Issue 3; and (b) the Zaxus Host Security Module RG7000, Programmer’s Manual, 1270A514 Issue 3 both of which are published on the website.

Thales is in no way trying to censor information that would benefit banking security research.

The information concerned, as has been noted, has been available since 2003 and is in fact obsolete.  It also does not reflect the current Thales payment hardware security module.

It is not unusual for Thales to suggest that out-of-date information is removed from web sites so that it doesn’t cause confusion or mislead our customers.  This would normally be handled with a polite request to the web site owner; on this occasion, unfortunately, we were over-zealous in initiating a takedown notice.

Thales fully appreciates the benefits of openly sharing information relating to our security products and fully supports legitimate academic research in this area.  The most up-to-date and accurate information can be obtained directly from Thales.

Thales e-Security actively participates in key technical forums such as ASC X9, Global Platform, NACHA, PCI SSC, Smart Card Alliance and OASIS, which contribute heavily to banking security research and future requirements around security for the payment industry. Thales has always respected and continues to support external forums to further security within the banking industry.

I therefore wish to withdraw my earlier request for you to remove or disable access to the material in question and apologise for any distress it may have caused.

Yours faithfully,

Dave Harrop
Head of Contracts (EMEA & APAC)
Thales E-Security
Jupiter House, Station Road, Cambridge, CB1 2JD
t: +44 7802 555148
e: dave.harrop[at]

[Attached letter]