Judge refuses to lift gag order on MIT students in Boston subway-hack case
Restraining order remains in place until Aug. 19; judge requests more info from students
Computerworld - A federal judge in Boston today refused to lift a temporary restraining order preventing three MIT students from publicly discussing details of several security vulnerabilities that they found in the electronic ticketing system used by the city's mass transit authority.
The decision means that the gag order imposed on the students last Saturday will remain unchanged at least until Aug. 19, when U.S. District Judge George O'Toole is scheduled to hold another hearing in the case. The restraining order, which was issued in response to a lawsuit filed by the Massachusetts Bay Transportation Authority (MBTA), will expire that same day unless it's extended or turned into a permanent injunction.
At today's hearing, O'Toole also asked the MIT students to submit a copy of a class paper in which they detailed the vulnerabilities that they had found, according to the Electronic Frontier Foundation (EFF), a high-tech civil rights group that is representing the students in the case. The MBTA requested a copy of the paper in a motion that it filed, the EFF said.
In addition, O'Toole asked the three undergrads — Zack Anderson, Russell "RJ" Ryan and Alessandro Chiesa — to provide copies of programming code that they included in a planned presentation to show how the MBTA's e-ticketing system could be hacked.
The San Francisco-based EFF had filed a motion in court this week asking O'Toole to lift the restraining order (download PDF). A spokeswoman for the group expressed disappointment at the judge's refusal to do so and said that the EFF will now go ahead with a planned appeal of the decision to issue the gag order in the U.S. Appeals Court for the First Circuit.
The restraining order was handed down by another judge one day before Anderson, Ryan and Chiesa were scheduled to detail the MBTA's vulnerabilities at the Defcon hacker convention in Las Vegas. In its motion requesting the restraining order (download PDF), the MBTA claimed that it was forced to seek the court's intervention because neither MIT nor the students had given the transit agency enough information to assess the vulnerabilities that were about to be publicly disclosed.
The MBTA said that its intention wasn't to permanently gag the students but to give itself some time to determine the validity and seriousness of the issues being raised by the students and to develop a course of action for addressing them.
In a statement sent via e-mail today, the MBTA said it was pleased that a second federal judge had upheld the restraining order, but "disappointed at the defendants' continued resistance to provide the information" requested by the agency. The MBTA added that it remains hopeful that all of the defendants will be "cooperative" as the case continues.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Malware and Vulnerabilities White Papers | Webcasts