12 August 2008
As I'm sure many of you have heard, the MBTA (Massachusetts Bay Transportation Authority) has a very insecure fare payment system. Some students at MIT, working under the supervision of Ron Rivest — yes, that Ron Rivest, the "R" in RSA — found many flaws and planned a presentation at DEFCON on it. The MBTA sought and received an injunction barring the presentation, but not only were the slides already distributed, the MBTA's court filing included a confidential report prepared by the students with more details than were in the talk…
Electronic Frontier Foundation
is appealing the judge's order, and rightly so. Not only is this
sort of prior restraint blatantly unconstitutional, it's bad
public policy: we need this sort of security research to help
us build better systems. I and a number of other computer scientists
a letter supporting the appeal. You can find the complete EFF
web page on the case
Update: a judge has lifted the gag order against the students. Note, though, that the MBTA's lawsuit continues.
10 August 2008
The government has now published its policy on laptop searches here. It raises more questions than it answers. For one thing, they don't just claim the right to search — and seize — your laptop when you enter the country; they can search it when you leave the country, too. They also claim the right to do this at the "functional equivalent of the border, or extended border". Declan McCullagh explained these and related issues. He also points out that CBP is enforcing trademark and copyright laws, which (at least in theory) gives them the right to look for illegally-copied songs on your iPod.
Peter Swire, a respected law professor and former Clinton administration official, has written on the subject as well. In his Congressional testimony, he, too, points out the similarity of laptop searches to cryptographic key escrow.