LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Announcements page

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

EFF: Judge Lifts Unconstitutional Gag Order Against MIT Students

[Posted August 19, 2008 by cook]

From:  EFF Press <press-AT-eff.org>
To:  presslist-AT-eff.org
Subject:  EFF: Judge Lifts Unconstitutional Gag Order Against MIT Students
Date:  Tue, 19 Aug 2008 12:47:14 -0700
Message-ID:  <48AB2342.5090107@eff.org>

Electronic Frontier Foundation Media Release

For Immediate Release: Tuesday, August 19, 2008

Contact:

Rebecca Jeschke
   Media Coordinator
   Electronic Frontier Foundation
   press@eff.org
   +1 415 436-9333 x125

Kurt Opsahl
   Senior Staff Attorney
   Electronic Frontier Foundation
   kurt@eff.org
   +1 415 436-9333 x106

Judge Lifts Unconstitutional Gag Order Against MIT Students

Free Speech Victory for Security Researchers

Boston - Today, a federal judge lifted an unconstitutional
gag order that had prevented three Massachusetts Institute
of Technology (MIT) students from disclosing academic
research regarding vulnerabilities in Boston's transit fare
payment system.  The court found that the Massachusetts Bay
Transportation Agency (MBTA) had no likelihood of success
on the merits of its claim under the federal computer
intrusion law and denied the transit agency's request for a
five-month injunction.  In papers filed yesterday, the MBTA
acknowledged for the first time that their Charlie Ticket
system had vulnerabilities and estimated that it would take
five months to fix.

Tuesday's ruling lifts the restriction preventing the
student researchers from talking about their findings
regarding the security vulnerabilities of Boston's Charlie
Card and Charlie Ticket -- a project that earned them an
"A" from renowned computer scientist and MIT professor Dr.
Ron Rivest.  The Electronic Frontier Foundation (EFF)
represents the students as part of its Coders' Rights
Project.

"We're very pleased that the court recognized that the
MBTA's legal arguments were meritless," said EFF Legal
Director Cindy Cohn, who argued at the hearing.  "The
MBTA's attempts to silence these students were not only
misguided, but blatantly unconstitutional."

The students had planned to present their findings earlier
this month at DEFCON, a security conference held in Las
Vegas, while leaving out key details that would let others
exploit the vulnerability. The students met with the MBTA
about a week before the conference and voluntarily provided
a confidential vulnerability report to the transit agency.
However, the MBTA subsequently sued the students and MIT in
United States District Court in Massachusetts less than 48
hours before the scheduled presentation, without providing
any advance notice to the students.  The lawsuit claimed
that the students' planned presentation would violate the
Computer Fraud and Abuse Act (CFAA) by enabling others to
defraud the MBTA of transit fares.  A different federal
judge, meeting in a special Saturday session, ordered the
trio not to disclose for ten days any information that
could be used by others to get free subway rides.

"The judge today correctly found that it was unlikely that
the CFAA would apply to security researchers giving an
academic talk," said EFF Staff Attorney Marcia Hofmann.  "A
presentation at a security conference is not some sort of
computer intrusion.  It's protected speech and vital to the
free flow of information about computer security
vulnerabilities.  Silencing researchers does not improve
security -- the vulnerability was there before the students
discovered it and would remain in place regardless of
whether the students publicly discussed it or not."

Although the gag order was lifted, the MBTA's litigation
against the students still continues.  The students have
already voluntarily provided a 30-page security analysis to
the MBTA and have offered to meet with the MBTA and walk
the transit agency through the security vulnerability and
the students' suggestions for improvement.

"The only thing keeping the students and the MBTA from
working together cooperatively to resolve the fare payment
card security issues is the lawsuit itself," said EFF
Senior Staff Attorney Kurt Opsahl. "The MBTA would be far
better off focusing on improving the MBTA's fare payment
security instead of pursuing needless litigation."

This case is part of EFF's Coders' Rights Project, launched
two weeks ago to protect programmers and developers from
legal threats hampering their cutting-edge research.  EFF
was assisted in this case by John Reinstein, ACLU of
Massachusetts Legal Director, and Fish & Richardson
attorneys Adam Kessel, Lawrence Kolodney, and Tom Brown.

For more on MBTA v. Anderson:
http://www.eff.org/cases/mbta-v-anderson

For this release:
http://www.eff.org/press/archives/2008/08/19

About EFF

The Electronic Frontier Foundation is the leading civil
liberties organization working to protect rights in the
digital world. Founded in 1990, EFF actively encourages and
challenges industry and government to support free
expression and privacy online. EFF is a member-supported
organization and maintains one of the most linked-to
websites in the world at http://www.eff.org/


     -end-

_______________________________________________
presslist mailing list
https://falcon.eff.org/mailman/listinfo/presslist
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds