backtop


Print 11 comment(s) - last by sevesteen.. on Aug 20 at 8:36 PM

Regardless, MBTA was still successful in stopping the DEF CON presentation

A federal judge lifted the temporary gag order placed on three MIT students Tuesday, who were originally set to give a presentation at DEF CON that outlined a number of security holes in the Massachusetts Bay Transportation Authority’s RFID-based fare infrastructure.

The MBTA originally sued the three student researchers earlier this month in an attempt to stop the trio from delivering their presentations. While its efforts were successful — the presentation was snuffed – the lawsuit was one day late. Slides of the presentation were already published in a CD-ROM handed to DEF CON attendees earlier in the day, and soon after posted online (PDF) by MIT student newspaper The Tech.

In his ruling, Federal Judge George O’Toole said that the chances of the MBTA prevailing on its claims under the Computer Fraud and Abuse Act was “minimal,” in which it tried to invoke the Act’s protections from “transmission” of a damaging computer program for the trio’s verbal presentation.

Critics feared the courts’ seemingly hasty decision had inadvertently attacked free speech, because the Act only prohibits the transmission of “code programs” in a computer, not damaging presentations. O’Toole’s interpretation equated free speech with computer hacking, feared some.

“So the attempt to stretch the Computer Fraud and Abuse Act has failed. Please read the statute for yourself, and ask yourself: do you want talking about computers and security to become a crime punishable by fines and imprisonment and subject to FBI and Secret Service oversight?” asks law and technology blog Groklaw. “That's what almost just happened.”

“At first glance, the issues at play may appear obscure, and of interest only to technical researchers and lawyers,” reads an EFF analysis of the situation. “But … the right to publish without pre-publication review is part of the purpose of the 1st amendment, and one of the reasons Americans fought the Revolutionary War.”

The MIT students were behaving as good citizens within this culture of security research. They met with the MBTA before the presentation. They never planned to expose the full details of their successful expose of the vulnerability of the MBTA's fare system … The free speech implications are even more important because showing faults with a government agency's systems is core political speech. The Boston Herald reports that an MBTA Advisory Council Member was concerned with the fare card payment systems (in light of this controversy), and noted that the ‘T gave a no-bid contract for CharlieCard services to a former government employee.’ This makes the public interest in this matter even stronger,” it reads.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: I'm all for free speech...
By BeenThere2 on 8/20/2008 4:45:35 PM , Rating: 2
Responsible adults fix the problem and move on...

Whatever the reason, MBTA should not have tried to hide the research which uncovered the vulnerability, especially since the researchers discussed their findings with MBTA well before "going public." Instead of denying/discrediting, then employing legal means to stifle the research, I am curious why MBTA did not make use of this free research to verify the facts (scientific method works every time), then resolve any proved issues.

Seems to me that, under a cooperative agreement, the researchers would be more likely to postpone publication (without losing credit), MBTA would gain a "fixed" system, and the PR would be positive.

Except for the small victory of preventing publication at DEFCON, MBTA lost the war: MBTA comes off as a big government agency bullying the little guy(s). That's not exactly the kind of PR MBTA wants or needs...


"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki