A US district court judge has barred MIT students from disclosing security flaw in Charlie Card automatic payment system which they vowed to disclose in the Defcon conference that took place between 8 and 10 August.
The Charlie Card automatic payment system is used by Massachusetts Bay Transit Authority (MBTA) and the three students decided to disclose the security flaw in Defcon which is world’s largest annual hacker convention, held every year in Las Vegas, Nevada.
A row has been erupted between civil rights group and government over this gag order.
MBTA states that disclosing this information is against Computer Fraud and Abuse Act (CFFA) which would have given users the ability to tamper with the Charlie Card system and ride Boston’s subways for free.
In its order the judge barred the students from disclosing any information on the subject for 10 days, well after the conference has ended.
In response to this decision the Electronic Frontier Foundation (EFF) has come forward to help students in filing an appeal against this order.
The EFF claims that the temporary restraining order violates the students’ free speech rights and distorts the CFFA.
According to Jennifer Grannick, civil liberties director for the EFF:
The court has adopted an interpretation of the statute that is blatantly unconstitutional, equating discussion in a public forum with computer intrusion. More importantly, squelching research and scientific discussion won’t stop the attackers. It will just stop the public from knowing that these systems are vulnerable and from pressuring the companies that develop and implement them to fix security holes.
The group also argues that security flaws in RFID and magnetic stripe systems used by the MBTA and other transit systems are well-documented and have already been disclosed.
It should be interesting to note that recently a similar case happend in Netherlands in which judges ruled that a group of professors would be allowed to publish their findings on hacking London’s Oyster card payment system.
0 responses so far
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.