Skip navigation

Tag Archives: DEFCON gag order

Greats news from the EFF today!   They’ve succeeded in lifting the gag order on the group of MIT security researchers and their MBTA/Charlie Card vulnerability research.   The students were originally scheduled to debut their report during the security conference DEFCON.   However, the MBTA sued the students, claiming that their report, which would have excluded details needed to pull off the attack, violated the Computer Fraud and Abuse Act(a law passed primarily to prevent fraud using computers).   As part of the lawsuit, the students had a gag order placed on them.   While this is certainly great news for the MIT students, and security researchers in general, the lawsuit still stands.

The case was interesting in the choice of the CFAA as a tool to prevent academic researchers from exposing gaping security holes in public infrastructure.   The MBTA claimed that the students were going to be aiding others in defrauding the MBTA.  The only problem with the claim is that the students gave the MBTA advance noticed and told them that they would withold details in order to prevent people from easily exploiting the problems.   In the end it’s difficult to wonder how much better this whole experience would have gone if the MBTA had embraced their responsibility, taken the vulnerability serious, and worked with the students, rather than abusing the CFAA in order to protect their butts.   With that in mind, I’m going to end with a short quotation from the EFF press release(link below).

“The students have already voluntarily provided a 30-page security analysis to the MBTA and have offered to meet with the MBTA and walk the transit agency through the security vulnerability and the students’ suggestions for improvement.

“The only thing keeping the students and the MBTA from working together cooperatively to resolve the fare payment card security issues is the lawsuit itself,” said EFF Senior Staff Attorney Kurt Opsahl. “The MBTA would be far better off focusing on improving the MBTA’s fare payment security instead of pursuing needless litigation.””

EFF: “Judge Lifts Unconstitutional Gag Order Against MIT Students