Gag Order Squelches Students' Speech, But Research Lives Online

Saturday morning, the Massachusetts Bay Transportation Authority obtained an emergency injunction banning three MIT students from presenting research about weaknesses in the transit system's payment cards.

The students had planned to tell the audience at Defcon in Las Vegas how they defeated the encryption/magnetic stripe on Boston's CharlieCards and CharlieTickets. Among other discoveries, the students' research showed it was possible to write software that would add up to $655.36 to a CharlieTicket.

At one time, it's possible that a court's gag order might have kept the students' research from public view, more or less.

But no longer. By Sunday, a portion of the students' research -- a five-page vulnerability assessment report -- was available online. It turns out that the transit system's lawyers filed a copy with the court, where it was available for public download. Wired got a hold of it and posted a link to it on its site over the weekend.

On top of that, conference attendees got slides of the planned presentation on Thursday -- two days before the injunction was issued. Those slides are available online -- where, chances are, they're now being seen by far more people than would have been interested had the original talk gone off as planned.

The Electronic Frontier Foundation, which is representing the students, has criticized the injunction as an unlawful prior restraint on their First Amendment rights. It probably is. Massachusetts is pinning its arguments on the Computer Fraud and Abuse Act, which bans hacking, not the discussion of hacking, as the EFF rightly points out. "The court has adopted an interpretation of the statute that is blatantly unconstitutional, equating discussion in a public forum with computer intrusion," Jennifer Granick, EFF civil liberties director, said in a statement.

But the MBTA's problems here go far beyond any dubious legal claims about what constitutes computer fraud. Much like what happened when the bank Julius Baer unsuccessfully sought to shut down Wikileaks, the transit system's attempt to squelch information has only generated interest in it. This February, Julius Baer convinced a judge to order the domain registrar Dynadot to disable the Wikileaks domain and return blank pages to anyone who tried to access the site, all in an effort to get specific documents taken offline. The documents nonetheless remained available to anyone with a Web connection and, eventually, the judge vacated the meaningless injunction.

Here, as well, the reports about the MBTA are online for the viewing -- and are going to stay that way. Even if the MBTA lawyers try to take down every copy of them currently online, they've been downloaded and are only going to continually resurface.

The transit system should work on fixing the flaws in its payment cards, not trying to stop people from discussing them.

Recommend (1) Print RSS