Judge Still Keeps MIT Students Gagged Over Subway Hacking Presentation

from the keep-quiet dept

The EFF tried to get the gag order lifted off the three MIT students who had planned a presentation on how Boston's subway system was vulnerable to some hacks. However, a judge has left the gag order in place, saying that it will be discussed at a hearing next Tuesday. He also ordered the students to hand over more information.

There's been a long debate in the security community about what is proper "disclosure." There are some who believe that you should wait until a vulnerability is fixed before disclosing it, while others believe that only by disclosing it are people really motivated to fix the vulnerability. However, most of those debates haven't taken place in court -- so this particular case should be quite interesting for those who are involved in security research, no matter which side of the "disclosure" debate you fall on.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    inc, 15 Aug 2008 @ 5:25am

    Security through obscurity does not work. Even if these students never told anyone and went straight to those who control the Boston subway system they still would have been prosecuted. It's the same problem with the voting machines and the very reason Linux is more secure then Windows. If everyone knows your flaws you are more inclined to take them seriously. I'm also not sure what good a gag order will do, the PDF was already leaked on Digg. Warcarting rulez!

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories

Close

Email This

This feature is only available to registered users. Register or sign in to use it.