Security by restraining order

Matt Blaze mab at crypto.com
Wed Aug 13 14:42:25 EDT 2008 

The EFF yesterday filed a letter from a number of academic security  
researchers
urging the judge in the MIT "Charlie Card" case to reverse the  
restraining
order.  It can be found on the EFF's case page, at
    http://www.eff.org/cases/mbta-v-anderson/

As a security researcher (and one of the signers of the letter to the  
judge), I was
particularly struck by the ironic -- and very unfortunate -- message  
that the court
order sends to our community:  it's safer to irresponsibly blindside  
users and vendors
by publishing about vulnerabilities without warning them first (thus  
denying them
the opportunity to seek a pre-publication gag order).

Surely that's not what that the court or the MBTA seek to encourage  
here.

I blog a bit more about this at
   http://www.crypto.com/blog/security_through_restraining_orders/

-matt





On Aug 13, 2008, at 3:58, David Farber wrote:

> clipped from Steve Bellovin blog --
> The MBTA versus (Student) Security Researchers
> 12 August 2008
>
> As I'm sure many of you have heard, the MBTA (Massachusetts Bay  
> Transportation Authority) has a very insecure fare payment system.  
> Some students at MIT, working under the supervision of Ron Rivest —  
> yes, that Ron Rivest, the "R" in RSA — found many flaws and planned  
> a presentation at DEFCON on it. The MBTA sought and received an  
> injunction barring the presentation, but not only were the slides  
> already distributed, the MBTA's court filing included a confidential  
> report prepared by the students with more details than were in the  
> talk...
>
> The Electronic Frontier Foundation is appealing the judge's order,  
> and rightly so. Not only is this sort of prior restraint blatantly  
> unconstitutional, it's bad public policy: we need this sort of  
> security research to help us build better systems. I and a number of  
> other computer scientists have signed a letter supporting the  
> appeal. You can find the complete EFF web page on the case here.
>
> djf --- Here's the letter:
>
> http://www.eff.org/files/filenode/MBTA_v_Anderson/letter081208.pdf
>
> The rest of the case files are here:
> http://www.eff.org/cases/mbta-v-anderson

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list