14 DAY TRIAL // Although the Massachusetts Bay Transportation Authority did everything in its power to prevent information leaks, both the summary of the presentation at the hacker conference DefCon and a report marked with the "confidential" label have been published on the Internet.
The latter document shows how easily the Charlie ticket system can be tricked, as it consists in a rechargeable electronic card. The two options for doing so are forgery attacks and cloning, which are easy tasks for criminals. This is possible because the recharged value is not stored in a database, but directly on the card, which, moreover, can be easily read or written with the proper equipment. Also, the public transportation authority doesn't verify the magnetic cards, lacking a centralized verifying system, and no cryptographic signature algorithm is used to secure data.
While the documentation is already on the Internet, the three MIT students who wanted to present the study about the vulnerabilities of the Boston public transportation were given yet another thumbs-down from justice. The Massachusetts Bay Transportation Authority has already filed a lawsuit against the undergraduates, claiming they are real hackers, because of their exhaustive study and graphic examples that show how people can get free fare. However, they have not lost all hope yet, and are still asking to be allowed to present the flaws in the security system.
U.S. District Judge George O'Toole Jr. has decided that the restriction still stands, as it was imposed after the public transportation company claimed that the information to be revealed by the three should remain private. Another hearing, scheduled for next Tuesday, will possibly bring a final decision in the case.
"The First Amendment does not allow people to be silenced because their speech exposes flaws, even if those flaws might someday be illegally misused by others. To protect our clients' rights, we had no choice but to ask the court to reconsider the gag order." said Electronic Frontier Foundation Civil Liberties Director Jennifer Granick. The organization, which fights for human rights, endangered as they are by the technological era, could not convince the judge of the above-mentioned claims, all the more as none of the three defendants was not present in the courtroom during the hearing.