Dutch Journalist In Legal Trouble For Showing How New Transit Card Is Easy To Defraud

from the imprison-the-messenger dept

Three years ago, the Boston Subway system (MBTA) got plenty of attention for getting a judge to block some MIT students from presenting a paper at DEFCON that showed how the MBTA's magnetic strip cards were vulnerable to hacking. Of course, all that really did was provide that much more attention for the weaknesses in the MBTA system. It seems we may be in for a repeat performance, of sorts, of this kind of "blame the messenger" approach from a public transporation group -- and this time it's by the very journalist who stepped in and did a presentation to replace the MIT kids who could not.... DEFCON regular, Dutch journalist Brenno de Winter won't be attending DEFCON this year because the Dutch transporation companies are taking legal action against him for daring to do his job as a reporter and highlight security problems with the Dutch transit system's "OV transit chip card." De Winter, quite reasonably, points out that both European and Dutch courts have supported journalists for reporting on security weaknesses -- and yet he still faces a legal fight that could net him six years in prison. Even worse, it appears that even the threat of such things now has de Winter self-censoring:
"They are effectively banning me from doing my job because if I write about this card, I have to think about the consequences," said 39-year-old de Winter, of Ede, The Netherlands. "I'm writing a book and I have to leave whole chapters out."
This is no way at all to thank someone who finds a flaw for you to fix, but the Dutch transportation conglomerate appears hellbent on making life difficult for those who point out technical problems, rather than just fixing the problems.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    hmm (profile), 3 Aug 2011 @ 4:42am

    any time someone is trying to show a security flaw and gets sued they should INSTANTLY (anonymously) release the hack data to the public.

    Company with security flaw suddenly has a major breach on its hands + monetary losses.

    If this happens just a few times for a few hundred million a shot, companies wouldn't DARE to sue someone trying to help them as the consequences would be nightmareish

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.