CNET reports on yet another case of security-by-obscurity-by-court-order…
Three MIT students had planned to give a presentation at this year’s DEFCON, but the MBTA got a judge to issue a TRO preventing them from going ahead.
The presentation itself is available via the campus newspaper, as well as having been included in attendees conference materials.
Bruce Schneier recently wrote about the Mifare hacking paper that suffered a similar court challenge, although eventually allowed by the Dutch courts to be published.
The card system in Boston (and a number of other cities) uses the same technology, with the same weaknesses… (“Monoculture Bad”)
UPDATE: Discussion of the case in JOLT Digest, “An online companion to the Harvard Journal of Law & Technology”. (via saqib on The Cryptography Mailing List)
UPDATE: Nice overview from Ars Technica, highlighting the First Amendment issues in play here.
UPDATE: EFF Press Release: Judge Lifts Unconstitutional Gag Order Against MIT Students
The court found that the Massachusetts Bay Transportation Agency (MBTA) had no likelihood of success on the merits of its claim under the federal computer intrusion law and denied the transit agency’s request for a five-month injunction. In papers filed yesterday, the MBTA acknowledged for the first time that their Charlie Ticket system had vulnerabilities and estimated that it would take five months to fix.
Note that the MBTA suit is still alive, even though at least one judge apparently understands it to be a weak case. I hope that if it isn’t dropped, the expense involved comes up in the looming fare increase debate…
UPDATE: Popular Mechanics interview with Zack Anderson, one of the MIT students, on how this went down, and what happens now.
What happens next? There’s still a lawsuit from the MBTA, right?
Probably the next thing is, hopefully at this point we’ll be able to settle this and make it go away. If not, we’re going to have to file a motion to dismiss the case, but I think, and I definitely hope, that things are kind of over now. We didn’t give the talk, which was I think a primary aim that they had. That was effective on their part.
