RSSSubway agency wants to keep MIT students quiet over hack
By Ed Oswald | Published August 15, 2008, 10:36 AM
10:30 am EDT August 15, 2008 - A federal judge has sided with the Massachusetts Bay Transit Authority, ordering the students to continue to stay quiet beyond the original Tuesday expiration of their restraining order.
Presiding Judge George O'Toole, Jr. scheduled a hearing for that same Tuesday to debate the order's merits, and will decide then whether it should be modified or lifted altogether. As was reported initially early Thursday, copies of the presentation continued to be available on the Internet.
In addition, the judge also ordered the students to surrender code that was to be released as part of the presentation, along with a report that was to be submitted to their professor on the topic.
The Electronic Frontier Foundation, representing the students, said it would appeal the ruling. It also argued that the judge's most recent demands ran afoul of the student's First Amendment rights.
1:27 pm EDT August 14, 2008 - Although the Defcon conference has ended, Massachusetts' transit agency is looking to prevent three student researchers who uncovered holes in its fare collection system from divulging their discoveries to anyone else.
The two sides had attempted to work things out through negotiations. The Massachusetts Bay Transit Authority offered to engage in mediation through a third-party without any preconditions. The Electronic Frontier Foundation apparently rejected that offer, but would not confirm so publicly, saying it would not disclose any discussions with the agency.
Rather, the EFF seems to be interested in the legal route. It is urging a federal court in Boston to lift what it calls "an unconstitutional gag order," and arguments are scheduled there Thursday.
Modifications to the original restraining order have been proposed by the MBTA, which is asking the courts to only prohibit "non-public information." However, the EFF said in its own motion to dismiss that no harm was meant by the presentation, and that it was aimed instead at urging the agency to improve security.
"The First Amendment does not allow people to be silenced because their speech exposes flaws, even if those flaws might someday be illegally misused by others," EFF civil liberties director Jennifer Granick said. "To protect our clients' rights, we had no choice but to ask the court to reconsider the gag order."
Continuing the gag order on the students specifically may now be pointless, as details of the presentation, including actual slides, are now available online; and complete copies of the presentation were given to all conference attendees in DEFCON's materials, during registration. This may be part of the reason why the MBTA proposed a motion to modify the restraining order.
The original ruling was set to expire on August 19. After that, the court can either extend the order in the form of a preliminary injunction, or do nothing. In the latter case, the MIT students would then be allowed to speak on the topic, or even give the presentation elsewhere.
what is needed is "DIS-INFORMATION"
just call the white house and ask them how its done..
Score: 0
ITS ALREADY LEAKED SO IT DOESNT MATTER YOU FOOLS!
ITS ALREADY LEAKED SO IT DOESNT MATTER YOU FOOLS!
ITS ALREADY LEAKED SO IT DOESNT MATTER YOU FOOLS!
ITS ALREADY LEAKED SO IT DOESNT MATTER YOU FOOLS!
Score: 0
Denial has worked wonders for the DRM community.
Score: 0
"Ordering the students to continue to continue"
Huh? Ed?
Score: 0
Proofreading is for the weak!
Score: 0
What has become rather evident is that, like so many aspects of Defcon, the effort was not an attempt to merely mitigate a problem, it is instead the attempt to gain notoriety through the exploitation of a weakness at others expense...but like so many others do when they stand to benefit but who scream the loudest when they are the victims (ie P2P music distribution), unfortunately the principle of the freedom of speech is NOT the fundamental concern here.
Score: 0
How about someone fixes the flaws? Then, it doesn't matter anymore.
Score: 0
Hush !
(If they did that, then there would be no need for lawyers, press conferences, committee meetings and political grandstanding. Also, it wouldn't be a controversial news story and fodder for the media to have endless interviews with their "experts".)
Score: 0
We don't know the nature of the flaws, but chances are that they will take some time to fix and test. A public transportation system is both large and critical, so you can't just throw something together on a whim. On top of that, we all know about the efficiency of government efforts.
Score: 0
Did these students take the ethical route of bringing the the holes to the attention of the agency and allow for a reasonable amount of time for a fix?
Should they be able to share their findings freely? Probably. The big issue in the security research field is in dealing with the DMCA, which has severely stifled the sharing of information. It's very shaky legal ground and just not worth the risk for many.
The motivation behind such cracking isn't always the most noble, but it helps people learn from their mistakes and therefore build stronger systems. In the meantime though, the current iterations get kind of screwed.
Score: 0
SKAPIG: Did these students take the ethical route of bringing the the holes to the attention of the agency and allow for a reasonable amount of time for a fix?
Exactly. If you find a problem you tell the appropriate people so they can fix the issue. If they don't then maybe spilling the beans about the loophole will get their butts in gear. Thats a serious loss of revenue to them, placing a gag order will not fix the problem!
Score: 0
I agree that the gag order will not fix the problem, but its the government's way of ignoring the problem and hoping it will go away. Things like this have happened many times before and will continue to happen because they never learn their lesson.
Score: 0