EFF to appeal court order halting subway hacker talk
IDG News Service - The Electronic Frontier Foundation plans to appeal a U.S. District Court order imposing a temporary injunction on a Defcon presentation that would have detailed flaws in the Massachusetts Bay Transportation Authority's (MBTA) electronic ticketing system.
"The court ultimately came to a very, very wrong conclusion," EFF senior staff attorney Kurt Opsahl said during an EFF discussion at Defcon a few hours after Judge Douglas Woodlock of the U.S. District Court for the District of Massachusetts issued a court order halting the planned talk about the transit-system security flaws.
The MBTA filed a lawsuit Friday seeking to stop three MIT students from giving the talk. The lawsuit also named the university as a defendant. The Boston-area transportation authority argued that the presentation would cause "significant damage to the MBTA's transit system," according to an online posting of the lawsuit.
MIT students Zack Anderson, Russell "RJ" Ryan and Alessandro Chiesa, had been scheduled to talk about "The Anatomy of a Subway Hack: Breaking Crypto RFIDs & Magstripes of Ticketing Systems" at the Defcon conference Sunday. They received an "A" grade on the project in an MIT class, Opsahl said.
"The first notice that the MBTA provided that they were going to the court was after they had gone to the court," Opsahl said at the EFF session. The judge cited a computer-intrusion statute in issuing the order, he said.
"The statute, on its face, appears to be discussing sending code programs or similar type of information to a computer and does not appear to contemplate somebody who is giving a talk to humans," Opsahl said. "Nevertheless, the court disagreed with that interpretation."
The court order seems to say that a magnetic strip on a paper card or a smart card counts as a computer, and the EFF disagrees with that interpretation, he said.
The temporary restraining order "reflects the court's view that they believe that the [MBTA] was likely to succeed on the merits -- we think that's actually not the case," Opsahl said.
Some of the material in the students' talk regarding security problems with the MBTA's electronic ticketing system had been previously reported in The Boston Globe and Boston Herald newspapers, Opsahl said.
"Courts have found that the First Amendment covers these things," Opsahl said. "We believe that this is a protected speech activity. When you discuss security issues, if you are telling the truth, that is something that should be protected."
Though the students are barred by court order from providing information that would have helped others circumvent the talk, their presentation slides had already been included in a conference CD given to Defcon attendees. The MBTA itself put some details in the public record by filing a confidential assessment of its security system with the court.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 4 Customers who never have to refresh their PCs again This paper illustrates a common theme: the combination of desktop virtualization and thin client computing helps organizations deliver an up-to-date user experience more...
- Mobile Devices: The New Thin Clients Get essential guidance for understanding the role thin clients plus virtual desktops play in the enterprise today.
- Taking Windows Mobile on Any Device Taking Windows applications mobile has many advantages, but the process of identifying a solution is complex. Learn how to solve this complex problem...
- PaaS - Powering a New Era of Business IT Why PaaS has suddenly become relevant and irresistible to many organizations. Dive into the opportunities and considerations associated with using PaaS from an...
- Redefine Your IT Operations: Remote Office IT Has Never Been Simpler Join us to see why PC Pro named Dell PowerEdge VRTX the "2013 Server of the Year." PowerEdge VRTX may be just what...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have. All Hardware White Papers | Webcasts