Judge refuses to lift gag order on MIT students in Boston subway-hack case
Restraining order remains in place until Aug. 19; judge requests more info from students
Computerworld - A federal judge in Boston today refused to lift a temporary restraining order preventing three MIT students from publicly discussing details of several security vulnerabilities that they found in the electronic ticketing system used by the city's mass transit authority.
The decision means that the gag order imposed on the students last Saturday will remain unchanged at least until Aug. 19, when U.S. District Judge George O'Toole is scheduled to hold another hearing in the case. The restraining order, which was issued in response to a lawsuit filed by the Massachusetts Bay Transportation Authority (MBTA), will expire that same day unless it's extended or turned into a permanent injunction.
At today's hearing, O'Toole also asked the MIT students to submit a copy of a class paper in which they detailed the vulnerabilities that they had found, according to the Electronic Frontier Foundation (EFF), a high-tech civil rights group that is representing the students in the case. The MBTA requested a copy of the paper in a motion that it filed, the EFF said.
In addition, O'Toole asked the three undergrads — Zack Anderson, Russell "RJ" Ryan and Alessandro Chiesa — to provide copies of programming code that they included in a planned presentation to show how the MBTA's e-ticketing system could be hacked.
The San Francisco-based EFF had filed a motion in court this week asking O'Toole to lift the restraining order (download PDF). A spokeswoman for the group expressed disappointment at the judge's refusal to do so and said that the EFF will now go ahead with a planned appeal of the decision to issue the gag order in the U.S. Appeals Court for the First Circuit.
The restraining order was handed down by another judge one day before Anderson, Ryan and Chiesa were scheduled to detail the MBTA's vulnerabilities at the Defcon hacker convention in Las Vegas. In its motion requesting the restraining order (download PDF), the MBTA claimed that it was forced to seek the court's intervention because neither MIT nor the students had given the transit agency enough information to assess the vulnerabilities that were about to be publicly disclosed.
The MBTA said that its intention wasn't to permanently gag the students but to give itself some time to determine the validity and seriousness of the issues being raised by the students and to develop a course of action for addressing them.
In a statement sent via e-mail today, the MBTA said it was pleased that a second federal judge had upheld the restraining order, but "disappointed at the defendants' continued resistance to provide the information" requested by the agency. The MBTA added that it remains hopeful that all of the defendants will be "cooperative" as the case continues.
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- Software Asset Management: Ensuring Today's Assets Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Malware and Vulnerabilities White Papers | Webcasts