14 DAY TRIAL // A judge lifted the gag order that restricted three MIT students from going public with their findings on the flaws in the fare payment system of the Massachusetts Bay Transportation Agency (MBTA). Judge George O'Toole ruled that the students' approach was entirely scientific and that they did not intend to cause any prejudice to the public institution.
The three students subscribed to the DefCon hacker conference held in Las Vegas earlier this month to present their work, which proved that the Charlie ticket system of the subway transportation in Boston had significant flaws. Previous to the presentation, the trio had sent a detailed confidential report to both MBTA and the FBI to ask permission to present a synopsis of their work at DefCon.
Instead of allowing them to present their paper before the public, which had already earned them an A from a reputed professor at MIT, the public transportation company chose to sue. The judge in charge of the case decided to ban them from presenting their findings for a period of 10 days. Yesterday, another judge lifted the gag order, under the consideration that the students' presentation had not violated any law.
Before the final decision was reached, a letter from the association of Computer Science Professors and Computer Scientists had asked the judge that issued the restraining order to lift it, as "research on security vulnerabilities, and the sensible publication of the results of the research, [were] critical for scientific advancement, public safety and a robust market for secure technologies."
The litigation between the two parties did not come to an end though, because MBTA asked the undergraduates to postpone any public presentation of their paper by 5 months, which would allow the public institution to correct the flaws.
A lawyer, part of the Electronic Frontier Foundation, a non-governmental organization that protects human rights, assisted the students during the hearings. All the while, she underscored the importance of the freedom of speech, especially since it is believed to have positive effects in the future development of security.
"A presentation at a security conference is not some sort of computer intrusion. It's protected speech and vital to the free flow of information about computer security vulnerabilities. Silencing researchers does not improve security - the vulnerability was there before the students discovered it and would remain in place regardless of whether the students publicly discussed it or not." said EFF Staff Attorney Marcia Hofmann after hearing Judge O'Toole's decision.