Skip navigation

Category Archives: Security

Greats news from the EFF today!   They’ve succeeded in lifting the gag order on the group of MIT security researchers and their MBTA/Charlie Card vulnerability research.   The students were originally scheduled to debut their report during the security conference DEFCON.   However, the MBTA sued the students, claiming that their report, which would have excluded details needed to pull off the attack, violated the Computer Fraud and Abuse Act(a law passed primarily to prevent fraud using computers).   As part of the lawsuit, the students had a gag order placed on them.   While this is certainly great news for the MIT students, and security researchers in general, the lawsuit still stands.

The case was interesting in the choice of the CFAA as a tool to prevent academic researchers from exposing gaping security holes in public infrastructure.   The MBTA claimed that the students were going to be aiding others in defrauding the MBTA.  The only problem with the claim is that the students gave the MBTA advance noticed and told them that they would withold details in order to prevent people from easily exploiting the problems.   In the end it’s difficult to wonder how much better this whole experience would have gone if the MBTA had embraced their responsibility, taken the vulnerability serious, and worked with the students, rather than abusing the CFAA in order to protect their butts.   With that in mind, I’m going to end with a short quotation from the EFF press release(link below).

“The students have already voluntarily provided a 30-page security analysis to the MBTA and have offered to meet with the MBTA and walk the transit agency through the security vulnerability and the students’ suggestions for improvement.

“The only thing keeping the students and the MBTA from working together cooperatively to resolve the fare payment card security issues is the lawsuit itself,” said EFF Senior Staff Attorney Kurt Opsahl. “The MBTA would be far better off focusing on improving the MBTA’s fare payment security instead of pursuing needless litigation.””

EFF: “Judge Lifts Unconstitutional Gag Order Against MIT Students


Recently there has been a lot of noise about law enforcement and/or security guards harassing photographers in the US and England over taking pictures of just about anything.   Bruce Schneier, of computer security fame, made a great list in his newest cryptogram newsletter.  It can be found here, and is completely free, so check it out.   With that in mind, here comes the ever helpful “How to Shoot (Photographs) Like A Terrorist”. The whole row over photographing public buildings, especially around here at the Union Station are disappointing from a stand point of security and personal rights.

There is nothing wrong or illegal about taking pictures of public buildings.   But more importantly, there is nothing about preventing people from taking pictures which makes us safer.   As Mr. Schneier succinctly pointed out, no terrorists ever used photography as a way to prepare for an attack.   Even if they were to decide to somehow use photography in their plans, it would be nearly impossible to stop all photographers, and in the end they could always simple visit the area themselves rather than take those pictures.  Trying to stop terrorism by stopping photography is like trying to stop wars by banning maps.   In my mind, there’s only one good answer to all of this.  Stop.  Or, on our part, take more pictures and stand up against what has seemed to be primarily based around intimidation.

I know it’s not my usual fare, but I’ve been reading through these stories and thought it a good topic to mention.