Judge Lets MIT Students Share Their Research On Boston Subway Vulnerabilities

from the first-amendment-wins-again dept

While it took about a week and a half, a judge has now lifted the gag order that had prevented some MIT students from sharing a presentation about vulnerabilities in the Boston subway system. The judge refused to ban the students from talking about it for a period of five months (which the MBTA insisted it needed to fix the system). This is definitely a win for free speech, though I’m sure the debate over how and when to disclose security vulnerabilities will continue for a long, long time.

Filed Under: , , , , , ,
Companies: mbta

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Judge Lets MIT Students Share Their Research On Boston Subway Vulnerabilities”

Subscribe: RSS Leave a comment
21 Comments
Nick Stamoulis (user link) says:

Kudos to MIT! We saw this on our local news and apparently the MBTA was getting all huffy and puffy over it claiming that they wanted to check out these claims first to see if they were valid before they were released. Uhhhh trust me MBTA – if genius students at MIT found the flaw, we’re highly doubting it needs to be confirmed by blue collar workers at the MBTA. MIT > MBTA

Grady says:

Re: Re:

Uhhhh trust me MBTA – if genius students at MIT found the flaw, we’re highly doubting it needs to be confirmed by blue collar workers at the MBTA. MIT > MBTA

There are so many things to say to you that I’m not going to.

The world would be nothing if it weren’t for those “blue collar workers”…..you need to show them more respect than that.

Anyways, I don’t agree with the judge, I believe this would be a case where a gag order is reasonable, at least to some extent.

Relonar says:

Re: Re: #3

well I have to disagree with you, it may be youth or stupidity, but I believe that words and ideas should be allowed to be spread freely without fear of government intervention. I believe that any information can be shared no matter what the context, bias, or content is. Both parties ‘should’ have acted differently towards each other, but what ‘should’ have happened rarely does in real-time. The students might have been better off giving a heads up to the MBTA to their vulnerability, but on the other hand there is little reason to have it ‘hushed’ after the fact.

Next time you have an idea you want to share, try thinking about how frightening it would be if you had to decide if it was worth an imaginary risk because a judge could issue a gag over that just on the whim of someones nerves it tweaked. Ok, this was overly simplified.

now away from principles and back to the relevancies of this case and why the gag order was extreme.
The vulnerability was discovered by students of an acknowledged academic body.
Before the order was issued documentation was already in circulation.
If an attack were to take place by producing counterfeit cards the information provided would have been far from a how-to leaving a vast majority of the work to the attacker.
now we let the lawyers battle with their fancy words, libraries, past cases, and all the other stuff that drove me away from law.

Grady says:

Re: Re: Re: #3

“I believe that any information can be shared no matter what the context, bias, or content is.”

So, if I got access to a government employees user name and password, and found a way into the system, you believe I should have the right to publish said information to whomever and however I please? Does that make sense? Where does security of state end and “freedom” begin? Should our “rights” really be that much more important than the security of a governmental body? Don’t get me wrong, I’m not saying freedom of speech isn’t important, but we as Americans have gone from a unified body to a state where it’s all about “me” and not about “us”. Twenty years ago they would have been told to be quiet till they got it fixed, and everyone would have agreed it was the right thing to do, but now….

I agree, the two bodies acting disrespectfully to one another. The students should have told MBTA of the discovery and given them proper time to correct it before making the presentation available. And the MBTA shouldn’t have filed for the gag. But I do believe they had a right to file, and all intents and purposes, the gag should have been given.

DanC says:

Re: Re: Re:2 #3

The reason the gag order should never have been granted in the first place is perfectly displayed by the MBTA’s initial reaction to the MIT students – FBI criminal investigations.

Twenty years ago they would have been told to be quiet till they got it fixed, and everyone would have agreed it was the right thing to do, but now….

The problem, however, is that the timetable for fixing the problem is determined by the company in that case. If you don’t have to worry about the initial disclosure of the problem, maybe you can put off fixing it for a year. Or two. Maybe you don’t have to actually fix it at all, or you can just say you fixed it. Delaying public knowledge of a problem only encourages delays in fixing the problem.

The release of the vulnerability puts the onus on the company to respond promptly to the problem.

Should our “rights” really be that much more important than the security of a governmental body?

Should? Our rights are more important than the security of a governmental body. If the MBTA uses faulty security measures, they don’t have to tell you. And because they don’t have to tell you, they can put off fixing the problem, because you don’t know about it. And if they can silence anyone who does know, they really don’t have a reason to fix the problem in a reasonable amount of time.

Which boils down to the main issue: hiding problems doesn’t encourage a company to fix them. It makes those systems less secure, while providing the illusion of security.

Anonymous Coward says:

What most don’t realize is that Mass. probably is more corrupt than almost any state in the US. The MBTA, Turnpike Authority, etc is populated by a bunch of people that couldn’t get and HOLD a real job in the real world. 70% of the people couldn’t make change in a toll booth without a computer. It isn’t Civil Service .. it is Corrupt Service. Having lived in Mass for 40 years, I have no respect for anyone that works in those organizations.

That being said, the idiots that bought the system were not “Blue Color”, they were no talent, no skill hacks with some sort of “White Collar” certification (ie, some Community college in MA) that got their jobs for who they knew, not what they knew.

The only way to get rid of corrupt idiots in Mass is for someone to get killed and the public to force the Governor to get pro-bono support from responsible lawyer firm located in Mass to fire the bozo. Even the Governor couldn’t get the job done. (Look up the Big Dig firing.)

YouKnowNothing says:

Re: Re:

What most don’t realize is that Mass. probably is more corrupt than almost any state in the US.

After living in MA for many years, I used to think this way, too.

Until I moved to Rhode Island. There isn’t even the attempt to disguise or hide government corruption down here. It’s openly acknowledged and mocked as “just the way things are” in RI.

bobbknight says:

Stupidity

What Is Stupidity? The MBTA
Sue to stop kids from giving a security lecture.
1) Put all the exploit info in the public domain.
2) Accuse the kids of theft.
A) By the way they had to buy more ride cards than they would have used to ride the system.
Right now someone is riding the MBTA for free.
Me I laugh at the stupid idiots at the MBTA for inuring the Streisand effect.

So here’s the story line so far:
MIT kids go to MBTA and say we have found out how to get free rides on the MBTA, and we are going to give a Black Hat presentation on the exploit. We will leave out the secret, and only tell of the net result. MBTA say ok cool and gives no indication of any other intentions.
But before the Black Hat conference MBTA sues the kids and gets an gag order, placing the full exploit with the secret part into the suit, placing it into the public domain.
The gag order gets lifted the day it was to expire. Everyone jumps for joy at the victory for First Amendment rights.

As I see it the kids rights were trampled and they should sue the MBTA and the original judge should be sanctioned.

NO ONE WON HERE
Rights were truncated
The sheeple lost another one to semi government and governmental elites and to the judiciary.

Grady, in both of your paragraphs you are wrong, as I have outlined above.

Dan says:

Soooo the MBTA are to lazy to fix their problem and they use a patsy judge as a tool to gag disclosure. Like a little kid with his hands over his eyes saying “you can’t see me”. Forget that the MIT students offered the MBTA details of the flaws FIRST and got blown off. Now the MBTA is moaning it will take 5 months to fix, maybe they should have in with a smile and an ataboy handshake and dinner instead of kiss off. I said the first judge was an idiot and now we have a higher ruling on the matter.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...