Thrawn Rickle 83

Controlling Conflict Diamonds

© 2004 Williscroft

What do Sierra Leone, Liberia, the Democratic Republic of the Congo, and Angola have in common? Besides their being in Africa, that is?

Each is a renowned source for Conflict Diamonds.

Diamonds are known world-wide as symbols of love and affection. Who hasn’t heard the phrase coined by De Beers: “A Diamond is Forever.”

Most diamonds are legitimately mined, and are accounted for during their often tortuous journey from the earth to the New York, Tel Aviv, or Amsterdam diamond markets, or wherever else they eventually appear, ready for a ring, broach, or investor’s safe.

Most, but not all. A portion ends up funding genocidal wars and international terrorism. According to John Pickrell as reported in the August 10, 2002, Science News, during the 1990s the Angolan rebel army Unitas generated $3.7 billion over six years trading Conflict Diamonds. During 1999 world-wide diamond production was around $6.8 billion, so if one presumes that this is an average annual production, Unitas controlled nearly 10% of global diamond production and distribution.

Controlling 10% of anything is phenomenal, but controlling 10% of the world diamond trade is extraordinary. Diamonds are small and easy to conceal, and high-quality diamonds command and get very high prices the world over. A small bag of high quality diamonds can easily contain several million dollars of value, which is easy to transport, and very liquid at any destination around the world. These gems are invisible to normal airport scans, and don’t trigger any of the typical alarms used by security stations everywhere. Short of an actual physical search, they are unlikely to be found.

Legitimate governments around the world are expressing an interest in discovering how to identify diamonds that originate in the four African nations most responsible for the Conflict Diamond trade: Sierra Leone, Liberia, the Democratic Republic of the Congo, and Angola .

Shortly before President Clinton left office, he convened a White House conference on this subject, attended by diplomats, commercial diamond experts, and interested scientists. The fundamental question at that conference was how to identify the geographic origin of diamonds.

The underlying thought was that since diamonds come from different geologic times and regions on the Earth, it might be possible to discover some kind of “fingerprint” that would absolutely identify a  diamond’s source.

With emeralds and rubies, for example, their more complex chemical structures make such identification feasible. With diamonds, however, the best are pure crystalline carbon, with absolutely no chemically identifying features. As you move down the value scale, diamonds begin to take on some color and to have small inclusions. At some point, these become sufficiently present to enable a kind of geological fingerprinting. Unfortunately, these gems are not the kind used in the Conflict Diamond trade.

Another approach is based on carbon-14 dating. Since Diamonds are pure carbon, and since carbon comes in at least two isotope forms, C13 and C14, and since at different times in the Earth’s past, the ratio of these isotopes was different from today, it is possible to identify the time of origin for anything containing carbon. The thought was that diamonds coming from different areas might exhibit different ratios of these isotopes. To date, unfortunately, this method has not proved practical, since most diamonds seem to exhibit essentially identical ratios.

Scientists also have developed an approach that uses a unique characteristic of diamonds that have been exposed to a radiation source. They bombard a diamond with electrons which causes it to generate a pattern of light characterized by the original radiation exposure. The resulting pattern can possibly be used to identify diamonds that have the same source. This technique is only applicable, however, to gems that have been so exposed, and thus is not applicable to the entire range of the diamond trade.

The scientific community hasn’t given up on this project, but scientists now are saying that a solution may lie years in the future. In the meantime, the best way of maintaining oversight is for each diamond mined to be given a certificate of authenticity, which remains with the diamond throughout its life. This is already being done for some of the higher-end diamonds, but it can only be an effective deterrent against money flowing into terrorist hands if it is universal.

Another problem is that certificates, like passports, can be forged. With billions of dollars at stake, even a costly investment in forging equipment is cost-effective.

With billions of dollars being funneled to terrorist organizations each year through the Conflict Diamond trade, we really need to find a solution now, not years away.

Is there any way to approach this problem that will stem the flow of illicit funds and gems without disrupting the entire industry?

Yes there is.

The first and second elements of the solution are partially in place now: The Kimberly Process and authentication certificates.

The Kimberly Process is an international system of checks and counter checks for bulk shipments of rough cut diamonds that is designed to identify and certify the country of origin of the rough cut diamonds in the certified shipment. It contains no provisions for identifying any particular diamond, and once diamonds are removed from a certified shipment, they no longer can be identified using this process. Kimberly is good for getting diamonds from a legitimate mining into the hands of cutters and processors. It ensures the cutter that the diamond he or she is cutting is not a conflict diamond.

Legitimate cutters create cut stones, generate authentication certificates, and send them into the market. As currently used, however, anyone can forge a certificate.

A retail purchaser or a wholesaler has no way of knowing (1) whether the original rough stone REALLY was certified by the Kimberly Process, (2) whether the cut stone and its matching certificate are genuinely paired and actually originated from the identified cutter, and (3) whether the certificate is genuinely issued by the certifying agency (and thus the stone is not really a conflict diamond slipped into the retail pipeline).

The balance of this solution is to make the certification and authentication forgery proof.

With advancing technology, the diamond industry partially solved this problem by laser inscribing actual serial numbers on legitimate diamonds, and then issuing certificates carrying the same serial number. The problem is that such certificates, even very complex difficult to forge certificates, CAN be forged, so that illegitimate diamonds (conflict diamonds mostly) can easily enter the trade. Forged certificates are sometimes discovered, but the industry simply is not set up to find them, and the cost to put into place an industry-wide tracking network would be prohibitive.

This is where the “Williscroft Process” enters. The “Williscroft Process” absolutely guarantees that a particular diamond and its accompanying certificate were produced together by a licensed cutter.

To understand the process, it is helpful to understand how encrypted emails are produced. In a nutshell, the original information is encrypted using one of several 128 Kbit algorithms. The process uses three elements: (1) the original data, (2) a “private” key, and (3) a “public” key. The “public” key can be used by anyone to encrypt the information. The resulting encrypted data are virtually impossible to decrypt - certainly by any mechanism available even to the most well-heeled criminal outfit. The “private” key is the only method to decrypt the original data. Whoever has the private key has access to the data. The public key is useless for decryption. It can be used ONLY to encrypt.

So - a unique serial number is generated by the cutter using exactly the same technique presently used, generating a serial number in exactly the ordinary way they are generated today. Step (1): Using any available PC, the cutter encrypts the serial number AND his “official ID number” using a “serial number public key” supplied by the certifying organization. This “encrypted serial number (with ID)” (which will appear as a series of numbers, letters, and symbols) is inscribed on the cut diamond in exactly the same way current unencrypted numbers are inscribed. Step (2): Using any available PC, the cutter encrypts the serial number with his ID a second time using a “certificate public key” supplied by the certifying organization. This second public key will produce an entirely different set of numbers, letters, and symbols which contain - and this is important - exactly the same serial number and ID as the first encryption. This “encrypted certificate number” is holographically emblazoned on the certificate just like the “VISA Card” symbol is holographically inscribed on VISA cards. Thus, there is no way by looking at the certificate and the diamond to verify that they belong together, since the numbers appear completely different.

The identification process then proceeds like this. A diamond merchant scans the number from a diamond and the number from the matching certificate, using an instrument that will quickly become available to service this need, since millions of diamonds will need to be processed each year. These two encrypted numbers are sent electronically (and automatically) to two different computer-servers (ideally in two different locations to enhance security) belonging to the certifying organization.

Receiving servers automatically decrypt the incoming numbers using the “private” key in each server. The two resulting numbers should, of course, be identical. Using two separate processes (one in each server) with two entirely different public/private key sets, each server automatically encrypts the decrypted number and sends it to the other server where it is once again decrypted. Now each server contains two decrypted numbers which should be identical. If they are, each server checks the ID number against its internal list of certified cutters, and notifies the originator of the request electronically of the match, and if the requestor receives two OK signals, the certification is complete. The entire process should take a few microseconds, or a few seconds at most in a busy traffic situation.

The result is absolute assurance that the diamond scanned is the diamond originally assigned the matching certificate. Forgery is completely impossible using this scheme. The only possible point of compromise is the set of servers containing the original private keys. By employing appropriate security measures to these machines, they can be permanently and completely protected from intrusion.

The process seems convoluted, but the reason is to ensure that there is no compromise of either the number on the diamond OR the number on the certificate, AND that there is no compromise in the certifying servers. Furthermore, the two certifying servers need to be physically secure. They should be high-speed, broadband access to ensure very short certifications wait-times. There is no need for any central database of serial numbers, unless the industry wants one. A serial number database is immaterial to the security. The only database the servers need is the list of certified cutters, which already exists.

The two central servers will cost about $10,000 each. The broadband connections less than $5,000 each. The broadband connections can be maintained for a few hundred dollars a month. The public/private keys cost a few hundred dollars. The supporting software to make the process happen automatically will cost perhaps $20,000 or less.

Each cutter will need nothing more than a PC, probably already on hand, an inexpensive scanner - a few hundred dollars, a broadband connection (or even dial-up) for a few dollars per month, and the software.

Each dealer will need essentially the same equipment as the cutters.

Industry-wide, the cost is virtually nothing at all.

All it takes to do this is for De Beers to create the standard unilaterally, purchase and install the two servers at separate secure locations, buy the public/private keys, select standardized scanning equipment off-the-shelf, and develop and distribute the software.

A few months to a year, and everything can be in place and working.

The cost to individual diamond purchasers is virtually nothing at all, because the total cost of the entire system to De Beers is less than $50,000, and the cost to each end-user is a few hundred dollars.

It’s just a matter of will - nothing more.

Since it appears that as much as 10% of the world diamond market is being diverted into the Conflict Diamond trade, funding genocidal wars and world-wide terrorism, it is extremely important and urgent that we find a way to stem this flow of illicit funds.

Only two approaches appear to have any hope of succeeding. The fingerprint approach based upon presumed geological differences in diamonds from different areas appears several years away, and may never work sufficiently well. The only other way appears to be certification of each produced diamond.

The computerized encrypted technique described here, the “Williscroft Process,” is viable today, and can be implemented within a few short months.

It solves the problem.