Forgot your password?
typodupeerror
Censorship Security Transportation United States

Massachusetts Sues to Halt Defcon Subway Hacking Talk 270

Posted by timothy
from the this-has-not-been-cleared-with-upstairs dept.
According to CNET, "The state of Massachusetts has asked a federal judge for a temporary restraining order preventing three MIT students from giving a presentation on Sunday about hacking smartcards used in the Boston subway system." It'll be interesting to see whether Dutch-style openness or Soviet-style secrecy prevails in Las Vegas. Update: 08/09 20:57 GMT by T : "Too late," says reader Bluey: "Injunction was already granted."
This discussion has been archived. No new comments can be posted.

Massachusetts Sues to Halt Defcon Subway Hacking Talk

Comments Filter:
  • Eh (Score:1, Interesting)

    by Anonymous Coward on Saturday August 09, 2008 @03:05PM (#24538839)

    constitutes a threat to public health or safety

    How? Are people going to try and mug you with a CharlieTicket now that they might potentially be useless?

  • Ron Rivest (Score:4, Interesting)

    by surmak (1238244) on Saturday August 09, 2008 @03:12PM (#24538893)

    The article mentions that the authorities met with the students and Ron Rivest (e.g. the "R" in the RSA crypto system).

    It would be interesting to see what his involvement with this project is.

  • by Anonymous Coward on Saturday August 09, 2008 @03:13PM (#24538903)

    http://www.tc.umn.edu/~hause011/article/Bus_ride8.html

    Expensive, does not work, only needs your work info, bank info, home info, photo and tracks your travels when it does work. Just chip the riders like dogs
    and tattoo a bar code across their foreheads.

  • by CastrTroy (595695) on Saturday August 09, 2008 @03:16PM (#24538919) Homepage
    What I want to know is how a system like this is even possible. Why should the value available on a smart card actually be something that can be changed by the person holding the card. Shouldn't the card just have an ID, and that ID is tied to an account, which is tied to a person. Maybe put the amount on the card, so the bus doesn't have to call home every time someone steps on a bus, but at least keep all transactions in a database so they can check for fraud after the fact. It seems like the way they have it set up, would be the equivalent of having your bank account balance completely controllable by modifying the information on your bank card. Even retail stores have this figured out so that their gift cards only hold a number, and the actual value on the card is stored in some computer database.
  • Re:Just a point (Score:4, Interesting)

    by whoever57 (658626) on Saturday August 09, 2008 @03:26PM (#24538973) Journal

    And as TFA has already pointed out, the power point presentation is already out in the open

    Which is exactly why an injunction should never have been granted.

  • Re:Just a point (Score:4, Interesting)

    by mpe (36238) on Saturday August 09, 2008 @03:49PM (#24539135)
    All that proves is that the people suing are even stupider than they seem because they're trying to stop something that's already on the internet, and we all know how that goes.

    It's actually even worst than that. By the action of suing they have drawn attention to the issue. As well as "confirming" the research.
    Probably also ensuring that the relevent information will wind up being published in places it wasn't likely to end up before before. Note that the article mentions that thousands of people (not covered by the injunction) already have copies of the "paper". Some of those copies may be already out of the court's jurisdiction too.
  • by Jah-Wren Ryel (80510) on Saturday August 09, 2008 @03:55PM (#24539181)

    Why should the value available on a smart card actually be something that can be changed by the person holding the card. Shouldn't the card just have an ID, and that ID is tied to an account, which is tied to a person.

    With a correct implementation - that uses good cryptography - it is quite possible to have secure stored value cards. One upside to stored value cards, especially to slashdot readers, is that they help to protect our right to travel because they can be just as anonymous as cash.

  • by strabes (1075839) on Saturday August 09, 2008 @04:09PM (#24539287)
    What I want to know is why Massachusetts is complaining about and interfering with a conference happening in my hometown, Las Vegas.
  • Re:Frist Amendment (Score:5, Interesting)

    by sabre86 (730704) on Saturday August 09, 2008 @04:18PM (#24539379)

    What does free speech have to do with releasing software that will help people steal from the transit system?. It sound criminal to me, assisting people to steal.

    Everything. Perhaps because software, and more relevantly, the presentation, is expression and thus protected under the First Amendment? In a free society where participants are expected to take responsibility for both their own actions and the governance of that society, denying an individual information limits his freedom --knowledge really is power and thus important to freedom -- and destroys his ability to make good governing decisions. For any of us to actually be free, society has to make the fundamental assumption that the average individual will not use the powers given to them to commit criminal acts. You seem to be assuming the opposite. Even if you consider it from a "need to know" point of view (and you shouldn't): both the people who buy into this transportation system and the shareholders of the system, who I understand to be the public, have a right to know the strengths and weaknesses of this system. So they -- we -- the public, have a need to know this information to make the best decisions they can about this system. In fact, we the public have a need to know all things that occur in government, in government contracts and in the public life.

    Also, I think you're a bit confused on what "assisting" means. There has to be stealing going on for anybody to assisting in it, and I've seen no evidence that there is. By what I infer your definition of assisting to be: "providing any tool or information used to complete a task" then other things that should sound criminal to you include (but aren't limited to): providing a drunk driver with an alcohol (before he was driving), selling a gun, knife, baseball bat, pencil or anything else to someone who then uses it in a violent crime, teaching anyone any sort of OS or computer security theory (if the students are criminal for providing the information to criminally hack the system, is the professor not criminal for assisting the "criminal" students by providing them with information needed to discover the hack?), etc, etc, etc.

  • Re:Frist Amendment (Score:3, Interesting)

    by keithjr (1091829) on Saturday August 09, 2008 @05:03PM (#24539723)
    I'm against this gag order, but the case about First Amendment rights seems to be weak. Under your argument, it would be fine if I posted your Social Security and credit card numbers on the internet, as long as I'm not the one stealing anything from your accounts.

    What I want to know is why these students didn't give a presentation to the MBTA itself or the MA state government. Seems like they're willing to pay attention.
  • by mrbill1234 (715607) on Saturday August 09, 2008 @05:17PM (#24539813)

    I want to know what genius decided to have this conference in the USA.

If you think nobody cares if you're alive, try missing a couple of car payments. -- Earl Wilson

Working...