Thrawn Rickle 83
Controlling Conflict Diamonds
© 2004 Williscroft
What do Sierra Leone, Liberia, the Democratic Republic of the Congo, and Angola have in common? Besides their being in Africa, that is?
is a renowned source for Conflict Diamonds.
are known world-wide as symbols of love and affection. Who hasn’t heard the
phrase coined by De Beers: “A Diamond is Forever.”
diamonds are legitimately mined, and are accounted for during their often
tortuous journey from the earth to the New York, Tel Aviv, or Amsterdam
diamond markets, or wherever else they eventually appear, ready for a ring,
broach, or investor’s safe.
but not all. A portion ends up funding genocidal wars and international
terrorism. According to John Pickrell as reported in the August 10, 2002, Science
News, during the 1990s the Angolan rebel army Unitas generated $3.7
billion over six years trading Conflict Diamonds. During 1999 world-wide
diamond production was around $6.8 billion, so if one presumes that this is an
average annual production, Unitas controlled nearly 10% of global diamond
production and distribution.
10% of anything is phenomenal, but controlling 10% of the world diamond trade
is extraordinary. Diamonds are small and easy to conceal, and high-quality
diamonds command and get very high prices the world over. A small bag of high
quality diamonds can easily contain several million dollars of value, which is
easy to transport, and very liquid at any destination around the world. These
gems are invisible to normal airport scans, and don’t trigger any of the
typical alarms used by security stations everywhere. Short of an actual
physical search, they are unlikely to be found.
governments around the world are expressing an interest in discovering how to
identify diamonds that originate in the four African nations most responsible
for the Conflict Diamond trade: Sierra Leone, Liberia, the Democratic Republic
of the Congo, and Angola .
before President Clinton left office, he convened a White House conference on
this subject, attended by diplomats, commercial diamond experts, and
interested scientists. The fundamental question at that conference was how to
identify the geographic origin of diamonds.
underlying thought was that since diamonds come from different geologic times
and regions on the Earth, it might be possible to discover some kind of
“fingerprint” that would absolutely identify a
emeralds and rubies, for example, their more complex chemical structures make
such identification feasible. With diamonds, however, the best are pure
crystalline carbon, with absolutely no chemically identifying features. As you
move down the value scale, diamonds begin to take on some color and to have
small inclusions. At some point, these become sufficiently present to enable a
kind of geological fingerprinting. Unfortunately, these gems are not the kind
used in the Conflict Diamond trade.
approach is based on carbon-14 dating. Since Diamonds are pure carbon, and
since carbon comes in at least two isotope forms, C13 and C14,
and since at different times in the Earth’s past, the ratio of these
isotopes was different from today, it is possible to identify the time of
origin for anything containing carbon. The thought was that diamonds coming
from different areas might exhibit different ratios of these isotopes. To
date, unfortunately, this method has not proved practical, since most diamonds
seem to exhibit essentially identical ratios.
also have developed an approach that uses a unique characteristic of diamonds
that have been exposed to a radiation source. They bombard a diamond with
electrons which causes it to generate a pattern of light characterized by the
original radiation exposure. The resulting pattern can possibly be used to
identify diamonds that have the same source. This technique is only
applicable, however, to gems that have been so exposed, and thus is not
applicable to the entire range of the diamond trade.
scientific community hasn’t given up on this project, but scientists now are
saying that a solution may lie years in the future. In the meantime, the best
way of maintaining oversight is for each diamond mined to be given a
certificate of authenticity, which remains with the diamond throughout its
life. This is already being done for some of the higher-end diamonds, but it
can only be an effective deterrent against money flowing into terrorist hands
if it is universal.
problem is that certificates, like passports, can be forged. With billions of
dollars at stake, even a costly investment in forging equipment is
billions of dollars being funneled to terrorist organizations each year
through the Conflict Diamond trade, we really need to find a solution now, not
there any way to approach this problem that will stem the flow of illicit
funds and gems without disrupting the entire industry?
first and second elements of the solution are partially in place now: The
Kimberly Process and authentication certificates.
Kimberly Process is an international system of checks and counter checks for
bulk shipments of rough cut diamonds that is designed to identify and certify
the country of origin of the rough cut diamonds in the certified shipment. It
contains no provisions for identifying any particular diamond, and once
diamonds are removed from a certified shipment, they no longer can be
identified using this process. Kimberly is good for getting diamonds from a
legitimate mining into the hands of cutters and processors. It ensures the
cutter that the diamond he or she is cutting is not a conflict diamond.
cutters create cut stones, generate authentication certificates, and send them
into the market. As currently used, however, anyone can forge a certificate.
retail purchaser or a wholesaler has no way of knowing (1) whether the
original rough stone REALLY was certified by the Kimberly Process, (2) whether
the cut stone and its matching certificate are genuinely paired and actually
originated from the identified cutter, and (3) whether the certificate is
genuinely issued by the certifying agency (and thus the stone is not really a
conflict diamond slipped into the retail pipeline).
balance of this solution is to make the certification and authentication
advancing technology, the diamond industry partially solved this problem by
laser inscribing actual serial numbers on legitimate diamonds, and then
issuing certificates carrying the same serial number. The problem is that such
certificates, even very complex difficult to forge certificates, CAN be
forged, so that illegitimate diamonds (conflict diamonds mostly) can easily
enter the trade. Forged certificates are sometimes discovered, but the
industry simply is not set up to find them, and the cost to put into place an
industry-wide tracking network would be prohibitive.
is where the “Williscroft Process” enters. The “Williscroft Process”
absolutely guarantees that a particular diamond and its accompanying
certificate were produced together by a licensed cutter.
understand the process, it is helpful to understand how encrypted emails are
produced. In a nutshell, the original information is encrypted using one of
several 128 Kbit algorithms. The process uses three elements: (1) the original
data, (2) a “private” key, and (3) a “public” key. The “public”
key can be used by anyone to encrypt the information. The resulting encrypted
data are virtually impossible to decrypt - certainly by any mechanism
available even to the most well-heeled criminal outfit. The “private” key
is the only method to decrypt the original data. Whoever has the private key
has access to the data. The public key is useless for decryption. It can be
used ONLY to encrypt.
- a unique serial number is generated by the cutter using exactly the same
technique presently used, generating a serial number in exactly the ordinary
way they are generated today. Step (1): Using any available PC, the cutter
encrypts the serial number AND his “official ID number” using a “serial
number public key” supplied by the certifying organization. This
“encrypted serial number (with ID)” (which will appear as a series of
numbers, letters, and symbols) is inscribed on the cut diamond in exactly the
same way current unencrypted numbers are inscribed. Step (2): Using any
available PC, the cutter encrypts the serial number with his ID a second time
using a “certificate public key” supplied by the certifying organization.
This second public key will produce an entirely different set of numbers,
letters, and symbols which contain - and this is important - exactly the same
serial number and ID as the first encryption. This “encrypted certificate
number” is holographically emblazoned on the certificate just like the
“VISA Card” symbol is holographically inscribed on VISA cards. Thus, there
is no way by looking at the certificate and the diamond to verify that they
belong together, since the numbers appear completely different.
identification process then proceeds like this. A diamond merchant scans the
number from a diamond and the number from the matching certificate, using an
instrument that will quickly become available to service this need, since
millions of diamonds will need to be processed each year. These two encrypted
numbers are sent electronically (and automatically) to two different
computer-servers (ideally in two different locations to enhance security)
belonging to the certifying organization.
servers automatically decrypt the incoming numbers using the “private” key
in each server. The two resulting numbers should, of course, be identical.
Using two separate processes (one in each server) with two entirely different
public/private key sets, each server automatically encrypts the decrypted
number and sends it to the other server where it is once again decrypted. Now
each server contains two decrypted numbers which should be identical. If they
are, each server checks the ID number against its internal list of certified
cutters, and notifies the originator of the request electronically of the
match, and if the requestor receives two OK signals, the certification is
complete. The entire process should take a few microseconds, or a few seconds
at most in a busy traffic situation.
result is absolute assurance that the diamond scanned is the diamond
originally assigned the matching certificate. Forgery is completely impossible
using this scheme. The only possible point of compromise is the set of servers
containing the original private keys. By employing appropriate security
measures to these machines, they can be permanently and completely protected
process seems convoluted, but the reason is to ensure that there is no
compromise of either the number on the diamond OR the number on the
certificate, AND that there is no compromise in the certifying servers.
Furthermore, the two certifying servers need to be physically secure. They
should be high-speed, broadband access to ensure very short certifications
wait-times. There is no need for any central database of serial numbers,
unless the industry wants one. A serial number database is immaterial to the
security. The only database the servers need is the list of certified cutters,
which already exists.
two central servers will cost about $10,000 each. The broadband connections
less than $5,000 each. The broadband connections can be maintained for a few
hundred dollars a month. The public/private keys cost a few hundred dollars.
The supporting software to make the process happen automatically will cost
perhaps $20,000 or less.
cutter will need nothing more than a PC, probably already on hand, an
inexpensive scanner - a few hundred dollars, a broadband connection (or even
dial-up) for a few dollars per month, and the software.
dealer will need essentially the same equipment as the cutters.
the cost is virtually nothing at all.
it takes to do this is for De Beers to create the standard unilaterally,
purchase and install the two servers at separate secure locations, buy the
public/private keys, select standardized scanning equipment off-the-shelf, and
develop and distribute the software.
few months to a year, and everything can be in place and working.
cost to individual diamond purchasers is virtually nothing at all, because the
total cost of the entire system to De Beers is less than $50,000, and the cost
to each end-user is a few hundred dollars.
just a matter of will - nothing more.
it appears that as much as 10% of the world diamond market is being diverted
into the Conflict Diamond trade, funding genocidal wars and world-wide
terrorism, it is extremely important and urgent that we find a way to stem
this flow of illicit funds.
two approaches appear to have any hope of succeeding. The fingerprint approach
based upon presumed geological differences in diamonds from different areas
appears several years away, and may never work sufficiently well. The only
other way appears to be certification of each produced diamond.
computerized encrypted technique described here, the “Williscroft
Process,” is viable today, and can be implemented within a few short months.
It solves the problem.