MIT students find security flaws in Boston transit system
Source LexisNexis
A San Francisco-based watchdog group has pledged to fight on behalf of three Massachusetts Institute of Technology (MIT) students whose presentation about vulnerabilities within the Boston transit system was canceled Saturday after Massachusetts authorities secured a temporary restraining order against the trio.
"The court's order is an illegal prior restraint on legitimate academic research in violation of the First Amendment," Jennifer Granick, civil liberties director at the Electronic Frontier Foundation (EFF), said in a statement. "The court has adopted an interpretation of the statute that is blatantly unconstitutional, equating discussion ina public forum with computer intrusion."
Zack Anderson, R.J. Ryan and Alessandro Chiesa were scheduled to present their findings Sunday at the annual Defcon security conferencein Las Vegas. Specifically, the students had uncovered vulnerabilities within the magnetic stripe and RFID card payment systems used for Boston Charlie Cards and Charlie Tickets.
That did not sit well with the Massachusetts Bay Transit Authority(MBTA), which sued the students and MIT in United States District Court in Massachusetts on Friday, claiming they would violate the Computer Fraud and Abuse Act if they provided conference attendees with information on how to defraud the MBTA of transit fares.
The court granted MBTA a 10-day restraining order.
"Squelching research and scientific discussion won't stop the attackers," EFF's Granick said. "It will just stop the public from knowing that these systems are vulnerable and from pressuring the companiesthat develop and implement them to fix security holes."
EFF said it "will seek relief for the researchers in the courts."
EFF has taken on the case as part of its Coder's Rights Project, an initiative the organization launched at the Black Hat conference last week that is intended to protect programmers and developers from legal threats.