Boston subway ‘hackers’ no longer silenced
A federal judge has thrown out the gagging order imposed on three students who uncovered serious security loopholes in Boston’s subway ticketing system. It’s too late for a security conference where they planned to unveil their findings, though many of the details are already available online.
As you may remember, the legal dispute began when management at the Massachusetts Bay Transportation Authority (MBTA) discovered three MIT students were planning to give a presentation to the DEFCON 16 conference. The students had already outlined their findings to the transit bosses, but the MBTA went to court after seeing promotion for the presentation asking “Want free subway rides for life?”
The students had to pull out of the conference after a judge issued a 10-day injunction keeping their findings under wraps. Comically enough, though, the MBTA included many of the details in its court filings, allowing the university’s student newspaper to publish them online as public record.
The MBTA today failed to get a five-month extension on the injunction after claiming the students had violated the Computer Fraud & Abuse Act. The court ruled that this federal law, dating back to 1986, was designed to prevent computer viruses rather than public speaking.
In their arguments, the students said their presentations were protected by the First Amendment; the court specifically did not make any ruling on this point.
What happens next will be interesting. The MBTA’s requested injunction was based on the idea it will take five months to fix the loopholes which the students said could be exploited.
However, the students insist there is no serious danger of this delay resulting in any criminal activity because they have never intended revealing enough specific detail to allow this. They say publicists for the DEFCON 16 event over-hyped their presentation and shouldn’t have implied it would be a how-to guide for fare-dodgers.
Related Posts:
