Judge denies five-month gag in transit hack case

Share this article:
Updated on Wednesday, Aug. 20 at 2:07 p.m. EST

A U.S. District Court judge has sided with three Massachusetts Institute of Technology (MIT) students in their quest to present findings on vulnerabilities in the Massachusetts Bay Transportation Authority's (MBTA) subway fare collection system.

Ten days ago, a judge in Boston issued a temporary restraining order to the students -- Zack Anderson, R.J. Ryan and Alessandro Chiesa, preventing them from giving their planned talk Aug. 10 at the Defcon hacker conference in Las Vegas.

The students were set to show how flaws in the MBTA's transit fare payment system -- namely its CharlieCard and CharlieTicket passes -- could be exploited through forgery and cloning to gain passengers free rides. The project had earned them an "A" from their MIT computer science professor.

The judge who issued the gag order said the students were in violation of the federal Computer Fraud and Abuse Act. But the Electronic Frontier Foundation (EFF), a digital rights watchdog representing the students, said the law applied to computer intrusions -- not research talks at conferences.

On Tuesday, the MBTA asked another judge to extend the restraining order for five months while it fixed the vulnerabilities.

U.S. District Judge George O'Toole Jr., however, ruled against this request, agreeing with the EFF that federal computer intrusion laws do not apply to this case.

"A presentation at a security conference is not some sort of computer intrusion," EFF Staff Attorney Marcia Hofmann said in a statement. "It's protected speech and vital to the free flow of information about computer security vulnerabilities. Silencing research does not improve security -- the vulnerability was there before the students discovered it and would remain in place regardless of whether the students publicly discussed it or not."

The MBTA has filed a separate lawsuit against MIT and the students. The EFF said this has prevented the students and the agency from working together cooperatively.

But MBTA said it wants to try.

"Now that the court proceedings are behind us, I renew my invitation to the students to sit down with us and discuss their findings," MBTA General Manager Daniel Grabauskas said in a statement. "A great opportunity now presents itself."

The MIT students also could not be reached on Wednesday.
Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Carbon Grabber crimeware kit being distributed in spam campaign

A spam campaign involving the Carbon Grabber crimeware kit is ongoing against the automotive industry in Europe, according to Symantec.

Errors in ZeroLocker means paying ransom may not decrypt files

A piece of ransomware known as ZeroLocker contains various errors that may prevent files from being decrypted even if the ransom is paid.

Rogue AV scammers find success with new tatics

Although the number of rogue anti-virus malware campaigns have decreased overall, the threat isn't totally gone, according to researchers at Microsoft.