Dutch Journalist In Legal Trouble For Showing How New Transit Card Is Easy To Defraud

from the imprison-the-messenger dept

Three years ago, the Boston Subway system (MBTA) got plenty of attention for getting a judge to block some MIT students from presenting a paper at DEFCON that showed how the MBTA’s magnetic strip cards were vulnerable to hacking. Of course, all that really did was provide that much more attention for the weaknesses in the MBTA system. It seems we may be in for a repeat performance, of sorts, of this kind of “blame the messenger” approach from a public transporation group — and this time it’s by the very journalist who stepped in and did a presentation to replace the MIT kids who could not…. DEFCON regular, Dutch journalist Brenno de Winter won’t be attending DEFCON this year because the Dutch transporation companies are taking legal action against him for daring to do his job as a reporter and highlight security problems with the Dutch transit system’s “OV transit chip card.” De Winter, quite reasonably, points out that both European and Dutch courts have supported journalists for reporting on security weaknesses — and yet he still faces a legal fight that could net him six years in prison. Even worse, it appears that even the threat of such things now has de Winter self-censoring:

“They are effectively banning me from doing my job because if I write about this card, I have to think about the consequences,” said 39-year-old de Winter, of Ede, The Netherlands. “I’m writing a book and I have to leave whole chapters out.”

This is no way at all to thank someone who finds a flaw for you to fix, but the Dutch transportation conglomerate appears hellbent on making life difficult for those who point out technical problems, rather than just fixing the problems.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Dutch Journalist In Legal Trouble For Showing How New Transit Card Is Easy To Defraud”

Subscribe: RSS Leave a comment
That Anonymous Coward (profile) says:

Color me not so surprised.

This has become the response of nearly every Government and Agency around the world.
Our systems are perfect and to say otherwise should be illegal.
If you make us look foolish, we make your life hell.
So what if we wasted millions on a project that is horribly flawed, we can just keep you from speaking and everything will be fine.

One has to wonder at what point will the people actually demand and get better from the people in charge.

That Anonymous Coward (profile) says:

Re: Re: Re:

I wonder why the people who stand to be hurt by these cards not being secure, the passengers, don’t sue as well.
The companies can claim they are being hurt, but their hurt is often just reflected in higher costs (or lessened services) directly passed onto the consumers.
Their first action was to sue, not to find out what the insecurity was. Either they know about the flaw, or don’t give a damn. There are many cases of the details of flaws being delayed to allow them time to fix them. Maybe it is time to have a look into the companies records to see how long they were aware of the flaw.

Cody Jackson (profile) says:

Wikileaks FTW!

It’s this type of censoring that Wikileaks et al. are highly prized. If someone can’t report the truth, or material that others are scared about, then at least post it anonymously.

On a related note, if someone is scared about repurcussions and writes a book under a psuedonym, can that person be charged? Is an anonymous book considered plausible deniability?

Jamie (profile) says:

When will companies realise that “security through obscurity” just doesn’t work. As soon as anyone finds a hole, that security is gone. Even if the finder is gagged, the fact that there is a hole will lead others to find it.

Instead of bringing lawsuits, the transporation companies should be spending that money to find a real fix for the problem. One that will stand up to public scrutiny.

Marcel de Jong (profile) says:

De Winter has been a thorn in the side of our government as well. As he’s been using the dutch FOIA-like laws to get information out in the open: http://www.bigwobber.nl
To the point that the dutch government is looking into limiting our freedom of information. (Yes, the Dutch government prefers secrecy. Sadly, we’re no Iceland.)

And he has been going after local government IT-contracts, it’s by law that the government has to open IT-bids to also open source companies and software products.
It even resulted in weird statements where a governmental body (basically a group that was formed to protect the interests of municipalities) declared that they weren’t part of the government thus didn’t fall under the jurisdiction of our FOIA. (again, secrets are apparently better than open information, even though our tax-euros have paid for these reports, and pay these *bleep*s)

When details became clear of TransLinkSystems case against Brenno, a donation drive was set up, to help Brenno pay his legal fees. They reached their goal within hours.

He’s a well respected freelance Investigative Journalist (with a capital I and J, as he really does investigate the stuff that he writes about)

The funny thing about our public transit card was that BEFORE they even rolled the system out all manner of leaks and other issues were known and were talked about among security experts and even questions were asked to the minister of public transport at the time. But since it was a prestige project for this minister, it had to continue, and now we have a very flawed system:
– No 2-way tickets possible,
– Trips are actually more expensive,
– anonymous cards that aren’t very anonymous,
– record-keeping that’s borderline illegal,
– and here’s the kicker, we can still travel without paying, which was the biggest reason for rolling out this card.

hmm (profile) says:

any time someone is trying to show a security flaw and gets sued they should INSTANTLY (anonymously) release the hack data to the public.

Company with security flaw suddenly has a major breach on its hands + monetary losses.

If this happens just a few times for a few hundred million a shot, companies wouldn’t DARE to sue someone trying to help them as the consequences would be nightmareish

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...