12 August 2008
As I'm sure many of you have heard, the MBTA (Massachusetts Bay Transportation Authority) has a very insecure fare payment system. Some students at MIT, working under the supervision of Ron Rivest — yes, that Ron Rivest, the "R" in RSA — found many flaws and planned a presentation at DEFCON on it. The MBTA sought and received an injunction barring the presentation, but not only were the slides already distributed, the MBTA's court filing included a confidential report prepared by the students with more details than were in the talk...
Electronic Frontier Foundation
is appealing the judge's order, and rightly so. Not only is this
sort of prior restraint blatantly unconstitutional, it's bad
public policy: we need this sort of security research to help
us build better systems. I and a number of other computer scientists
a letter supporting the appeal. You can find the complete EFF
web page on the case
Update: a judge has lifted the gag order against the students. Note, though, that the MBTA's lawsuit continues.