Judge Lets MIT Students Share Their Research On Boston Subway Vulnerabilities
from the first-amendment-wins-again dept
While it took about a week and a half, a judge has now lifted the gag order that had prevented some MIT students from sharing a presentation about vulnerabilities in the Boston subway system. The judge refused to ban the students from talking about it for a period of five months (which the MBTA insisted it needed to fix the system). This is definitely a win for free speech, though I'm sure the debate over how and when to disclose security vulnerabilities will continue for a long, long time.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: boston, first amendment, free speech, gag order, research, subway, vulnerabilities
Companies: mbta
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
There are so many things to say to you that I'm not going to.
The world would be nothing if it weren't for those "blue collar workers".....you need to show them more respect than that.
Anyways, I don't agree with the judge, I believe this would be a case where a gag order is reasonable, at least to some extent.
[ link to this | view in chronology ]
Re: #3
Next time you have an idea you want to share, try thinking about how frightening it would be if you had to decide if it was worth an imaginary risk because a judge could issue a gag over that just on the whim of someones nerves it tweaked. Ok, this was overly simplified.
now away from principles and back to the relevancies of this case and why the gag order was extreme.
The vulnerability was discovered by students of an acknowledged academic body.
Before the order was issued documentation was already in circulation.
If an attack were to take place by producing counterfeit cards the information provided would have been far from a how-to leaving a vast majority of the work to the attacker.
now we let the lawyers battle with their fancy words, libraries, past cases, and all the other stuff that drove me away from law.
[ link to this | view in chronology ]
Re: Re: #3
So, if I got access to a government employees user name and password, and found a way into the system, you believe I should have the right to publish said information to whomever and however I please? Does that make sense? Where does security of state end and "freedom" begin? Should our "rights" really be that much more important than the security of a governmental body? Don't get me wrong, I'm not saying freedom of speech isn't important, but we as Americans have gone from a unified body to a state where it's all about "me" and not about "us". Twenty years ago they would have been told to be quiet till they got it fixed, and everyone would have agreed it was the right thing to do, but now....
I agree, the two bodies acting disrespectfully to one another. The students should have told MBTA of the discovery and given them proper time to correct it before making the presentation available. And the MBTA shouldn't have filed for the gag. But I do believe they had a right to file, and all intents and purposes, the gag should have been given.
[ link to this | view in chronology ]
Re: Re: Re: #3
Twenty years ago they would have been told to be quiet till they got it fixed, and everyone would have agreed it was the right thing to do, but now....
The problem, however, is that the timetable for fixing the problem is determined by the company in that case. If you don't have to worry about the initial disclosure of the problem, maybe you can put off fixing it for a year. Or two. Maybe you don't have to actually fix it at all, or you can just say you fixed it. Delaying public knowledge of a problem only encourages delays in fixing the problem.
The release of the vulnerability puts the onus on the company to respond promptly to the problem.
Should our "rights" really be that much more important than the security of a governmental body?
Should? Our rights are more important than the security of a governmental body. If the MBTA uses faulty security measures, they don't have to tell you. And because they don't have to tell you, they can put off fixing the problem, because you don't know about it. And if they can silence anyone who does know, they really don't have a reason to fix the problem in a reasonable amount of time.
Which boils down to the main issue: hiding problems doesn't encourage a company to fix them. It makes those systems less secure, while providing the illusion of security.
[ link to this | view in chronology ]
Re: Re: Re: #3
I'm not sure if you are dyslexic but I believe that should have read "Where does security of state begin and "freedom" end?" Since with out freedom there is no need for security only perceived security.
[ link to this | view in chronology ]
Re: Re:
Stupid people working for the government wasted money buying a stupid system and someone want so to prove it...
So much for a Open Society...
[ link to this | view in chronology ]
Re: Nick
[ link to this | view in chronology ]
Boston Baked Beans
For those with a short memory:
http://www.cnn.com/2007/US/02/01/boston.bombscare/
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
That being said, the idiots that bought the system were not "Blue Color", they were no talent, no skill hacks with some sort of "White Collar" certification (ie, some Community college in MA) that got their jobs for who they knew, not what they knew.
The only way to get rid of corrupt idiots in Mass is for someone to get killed and the public to force the Governor to get pro-bono support from responsible lawyer firm located in Mass to fire the bozo. Even the Governor couldn't get the job done. (Look up the Big Dig firing.)
[ link to this | view in chronology ]
Re:
What most don't realize is that Mass. probably is more corrupt than almost any state in the US.
After living in MA for many years, I used to think this way, too.
Until I moved to Rhode Island. There isn't even the attempt to disguise or hide government corruption down here. It's openly acknowledged and mocked as "just the way things are" in RI.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Stupidity
Sue to stop kids from giving a security lecture.
1) Put all the exploit info in the public domain.
2) Accuse the kids of theft.
A) By the way they had to buy more ride cards than they would have used to ride the system.
Right now someone is riding the MBTA for free.
Me I laugh at the stupid idiots at the MBTA for inuring the Streisand effect.
So here's the story line so far:
MIT kids go to MBTA and say we have found out how to get free rides on the MBTA, and we are going to give a Black Hat presentation on the exploit. We will leave out the secret, and only tell of the net result. MBTA say ok cool and gives no indication of any other intentions.
But before the Black Hat conference MBTA sues the kids and gets an gag order, placing the full exploit with the secret part into the suit, placing it into the public domain.
The gag order gets lifted the day it was to expire. Everyone jumps for joy at the victory for First Amendment rights.
As I see it the kids rights were trampled and they should sue the MBTA and the original judge should be sanctioned.
NO ONE WON HERE
Rights were truncated
The sheeple lost another one to semi government and governmental elites and to the judiciary.
Grady, in both of your paragraphs you are wrong, as I have outlined above.
[ link to this | view in chronology ]
Re: Stupidity
[ link to this | view in chronology ]
Re: Stupidity
this was no win for free speech :(
they were silenced for no good reason - the conference is over the talk will never happen - they were censored without a reason good enough to violate their free speech right.
[ link to this | view in chronology ]
Re: Re: Stupidity
Then they should have had the guts to have the talk anyway. Let the chips fall were they may. They may have had a few nights in jail but I doubt much more then that would have come from it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
MBTA Thought Analysis
[ link to this | view in chronology ]