Judge denies five-month gag in transit hack case

Share this article:
Updated on Wednesday, Aug. 20 at 2:07 p.m. EST

A U.S. District Court judge has sided with three Massachusetts Institute of Technology (MIT) students in their quest to present findings on vulnerabilities in the Massachusetts Bay Transportation Authority's (MBTA) subway fare collection system.

Ten days ago, a judge in Boston issued a temporary restraining order to the students -- Zack Anderson, R.J. Ryan and Alessandro Chiesa, preventing them from giving their planned talk Aug. 10 at the Defcon hacker conference in Las Vegas.

The students were set to show how flaws in the MBTA's transit fare payment system -- namely its CharlieCard and CharlieTicket passes -- could be exploited through forgery and cloning to gain passengers free rides. The project had earned them an "A" from their MIT computer science professor.

The judge who issued the gag order said the students were in violation of the federal Computer Fraud and Abuse Act. But the Electronic Frontier Foundation (EFF), a digital rights watchdog representing the students, said the law applied to computer intrusions -- not research talks at conferences.

On Tuesday, the MBTA asked another judge to extend the restraining order for five months while it fixed the vulnerabilities.

U.S. District Judge George O'Toole Jr., however, ruled against this request, agreeing with the EFF that federal computer intrusion laws do not apply to this case.

"A presentation at a security conference is not some sort of computer intrusion," EFF Staff Attorney Marcia Hofmann said in a statement. "It's protected speech and vital to the free flow of information about computer security vulnerabilities. Silencing research does not improve security -- the vulnerability was there before the students discovered it and would remain in place regardless of whether the students publicly discussed it or not."

The MBTA has filed a separate lawsuit against MIT and the students. The EFF said this has prevented the students and the agency from working together cooperatively.

But MBTA said it wants to try.

"Now that the court proceedings are behind us, I renew my invitation to the students to sit down with us and discuss their findings," MBTA General Manager Daniel Grabauskas said in a statement. "A great opportunity now presents itself."

The MIT students also could not be reached on Wednesday.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Pirate Bay co-founder found guilty for hacking IT service provider

Gottfrid Svartholm Warg was found guilty of hacking an IT service provider in Denmark. This is his second court case for illegally accessing data.

Assume Drupal 7 sites are compromised, unless patched or updated to 7.32 ...

Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.