Posted Aug 19, 2008 08:31 pm CDT
A federal anti-hacking law wasn’t intended to prohibit the disclosure of public information about computer security flaws and hence doesn’t prohibit three MIT students from discussing with fellow academics how they learned to circumvent the Boston transit fare system, as part of a class project.
That’s what a federal judge in Boston held today, in a closely watched case, reports the Wall Street Journal (sub. req.).
The Massachusetts Bay Transportation Authority had won an initial round, obtaining a 10-day gag order that prohibited the Massachusetts Institute of Technology students from presenting their findings at a conference in Las Vegas. However, another jurist, District Judge George O’Toole refused today to extend it for another five months, finding that the MBTA was unlikely to prevail on the merits of the case under the Computer Fraud and Abuse Act, according to the newspaper and PC Magazine.
“Although the gag order was lifted, the MBTA’s litigation against the students still continues. The students have already voluntarily provided a 30-page security analysis to the MBTA and have offered to meet with the MBTA and walk the transit agency through the security vulnerability and the students’ suggestions for improvement,” explains the Electronic Frontier Foundation, whose lawyers are representing the MIT students, in a press release.
Leuan Mahony, an MBTA attorney, says the agency was just seeking to keep the students from publicly revealing details about security flaws before they could be fixed, reports the Associated Press. He estimates that will take about five months.