Judge Still Keeps MIT Students Gagged Over Subway Hacking Presentation

from the keep-quiet dept

The EFF tried to get the gag order lifted off the three MIT students who had planned a presentation on how Boston's subway system was vulnerable to some hacks. However, a judge has left the gag order in place, saying that it will be discussed at a hearing next Tuesday. He also ordered the students to hand over more information.

There's been a long debate in the security community about what is proper "disclosure." There are some who believe that you should wait until a vulnerability is fixed before disclosing it, while others believe that only by disclosing it are people really motivated to fix the vulnerability. However, most of those debates haven't taken place in court -- so this particular case should be quite interesting for those who are involved in security research, no matter which side of the "disclosure" debate you fall on.

Filed Under: boston, disclosure, gag rule, hacking, mit, subway

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    nonuser, 14 Aug 2008 @ 7:18pm


    I don't think these guys, or their advisor Prof. Rivest, should be getting a lot of credit here. When someone publishes an exploit for Windows, Oracle, or DNS, they can (and generally do) claim that bad guys could've figured out the same hack independently, and done untold damage without anyone realizing it. Of course, it's quite debatable whether public exposure of the flaw is justifiable, but at least there are two sides to the argument.

    With these subway cards, sure someone criminal mind could've figured out how to hack them, but how could they have monetized it on a scale to make it worthwhile? They would've had to set up a black market - at about $5 a shot - and hoped that none of their customers or prospects would snitch.

    That's perhaps why the MBTA didn't worry too much about making the system absolutely secure. They must've figured that a few people might quietly crack it and take advantage, but they could write that off as cost of doing business.

    Now it's different. Now, college kids and others might suspect that paying to ride the T is for chumps, like paying to buy recorded music. And the MBTA can't afford to give out free rides - their trains are packed these days.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.