Civil liberties groups are stepping into the battle between the federal government and three students from MIT.
The trio of students was planning to give a presentation on Sunday at the DEFCON conference in Las Vegas. The presentation detailed security flaws in the "Charlie Card" automatic payment system used by the Massachusetts Bay Transit Authority (MBTA).
The authority argued that the presentation would give users the ability to tamper with the Charlie Card system and ride Boston's subways for free. As such, the MBTA claims that the presentation violated the Computer Fraud and Abuse Act (CFFA).
In response to the claim, a US district court judge has issued a ruling which prevents the three students from disclosing any information on the subject for ten days, well after the conference has ended.
The judge's decision to issue prior restraint on the students caught the attention of the Electronic Frontier Foundation, which is now representing the three researchers in their appeal of the Judge's order.
The EFF claims that the temporary restraining order violates the students' free speech rights and distorts the CFFA.
"The court has adopted an interpretation of the statute that is blatantly unconstitutional, equating discussion in a public forum with computer intrusion, " said Jennifer Grannick, civil liberties director for the EFF.
"More importantly, squelching research and scientific discussion won't stop the attackers. It will just stop the public from knowing that these systems are vulnerable and from pressuring the companies that develop and implement them to fix security holes."
The group also argues that security flaws in RFID and magnetic stripe systems used by the MBTA and other transit systems are well-documented and have already been disclosed.
Courts in the Netherlands recently wrapped up a similar case involving London's public transit system. The judges ruled that a group of professors would be allowed to publish their findings on hacking London's Oyster card payment system.
Legal spat over MIT subway hack
By Shaun Nichols on Aug 12, 2008 10:29AM