August 2008
Update on Laptop Border Searches (10 August 2008)
The MBTA versus (Student) Security Researchers (12 August 2008)

The MBTA versus (Student) Security Researchers

12 August 2008

As I’m sure many of you have heard, the MBTA (Massachusetts Bay Transportation Authority) has a very insecure fare payment system. Some students at MIT, working under the supervision of Ron Rivest — yes, that Ron Rivest, the "R" in RSA — found many flaws and planned a presentation at DEFCON on it. The MBTA sought and received an injunction barring the presentation, but not only were the slides already distributed, the MBTA’s court filing included a confidential report prepared by the students with more details than were in the talk

The Electronic Frontier Foundation is appealing the judge’s order, and rightly so. Not only is this sort of prior restraint blatantly unconstitutional, it’s bad public policy: we need this sort of security research to help us build better systems. I and a number of other computer scientists have signed a letter supporting the appeal. You can find the complete EFF web page on the case here.

Update: a judge has lifted the gag order against the students. Note, though, that the MBTA’s lawsuit continues.
Tags: security