MIT students find security flaws in Boston transit system

Aug. 14, 2008
Transit authority granted restraining order against students

A San Francisco-based watchdog group has pledged to fight on behalf of three Massachusetts Institute of Technology (MIT) students whose presentation about vulnerabilities within the Boston transit system was canceled Saturday after Massachusetts authorities secured a temporary restraining order against the trio.

"The court's order is an illegal prior restraint on legitimate academic research in violation of the First Amendment," Jennifer Granick, civil liberties director at the Electronic Frontier Foundation (EFF), said in a statement. "The court has adopted an interpretation of the statute that is blatantly unconstitutional, equating discussion ina public forum with computer intrusion."

Zack Anderson, R.J. Ryan and Alessandro Chiesa were scheduled to present their findings Sunday at the annual Defcon security conferencein Las Vegas. Specifically, the students had uncovered vulnerabilities within the magnetic stripe and RFID card payment systems used for Boston Charlie Cards and Charlie Tickets.

That did not sit well with the Massachusetts Bay Transit Authority(MBTA), which sued the students and MIT in United States District Court in Massachusetts on Friday, claiming they would violate the Computer Fraud and Abuse Act if they provided conference attendees with information on how to defraud the MBTA of transit fares.

The court granted MBTA a 10-day restraining order.

"Squelching research and scientific discussion won't stop the attackers," EFF's Granick said. "It will just stop the public from knowing that these systems are vulnerable and from pressuring the companiesthat develop and implement them to fix security holes."

EFF said it "will seek relief for the researchers in the courts."

EFF has taken on the case as part of its Coder's Rights Project, an initiative the organization launched at the Black Hat conference last week that is intended to protect programmers and developers from legal threats.

Sponsored Recommendations

Appdome releases new defenses to combat accessibility malware

Two of the most advanced variants focus on Android banking apps - BrasDex in Latin America and Xenomorph in the U.S. and Europe use Automated Transfer Systems (ATS) malware.

DigiFlight, Inc. welcomes Michael Perrin as Senior Vice President, National Intelligence

With a career spanning 27 years in the U.S. Department of Defense (DoD) and 20 years in the intelligence community, Perrin will serve as DFI's primary point of contact for all...

Sternum shines with UL Solutions’ Diamond Level Qualification for IoT defense

With this UL qualification, Sternum’s Embedded Security and IoT Observability platform is a leading full stack solution that delivers unparalleled runtime protection and continuous...

GSX highlights PKOC demonstration

With PKOC, interoperability is simple, the credential is secure with PKI level authentication and there is no cost for a PKOC compatible credential.