Security by restraining order
Matt Blaze
mab at crypto.com
Wed Aug 13 14:42:25 EDT 2008
The EFF yesterday filed a letter from a number of academic security
researchers
urging the judge in the MIT "Charlie Card" case to reverse the
restraining
order. It can be found on the EFF's case page, at
http://www.eff.org/cases/mbta-v-anderson/
As a security researcher (and one of the signers of the letter to the
judge), I was
particularly struck by the ironic -- and very unfortunate -- message
that the court
order sends to our community: it's safer to irresponsibly blindside
users and vendors
by publishing about vulnerabilities without warning them first (thus
denying them
the opportunity to seek a pre-publication gag order).
Surely that's not what that the court or the MBTA seek to encourage
here.
I blog a bit more about this at
http://www.crypto.com/blog/security_through_restraining_orders/
-matt
On Aug 13, 2008, at 3:58, David Farber wrote:
> clipped from Steve Bellovin blog --
> The MBTA versus (Student) Security Researchers
> 12 August 2008
>
> As I'm sure many of you have heard, the MBTA (Massachusetts Bay
> Transportation Authority) has a very insecure fare payment system.
> Some students at MIT, working under the supervision of Ron Rivest —
> yes, that Ron Rivest, the "R" in RSA — found many flaws and planned
> a presentation at DEFCON on it. The MBTA sought and received an
> injunction barring the presentation, but not only were the slides
> already distributed, the MBTA's court filing included a confidential
> report prepared by the students with more details than were in the
> talk...
>
> The Electronic Frontier Foundation is appealing the judge's order,
> and rightly so. Not only is this sort of prior restraint blatantly
> unconstitutional, it's bad public policy: we need this sort of
> security research to help us build better systems. I and a number of
> other computer scientists have signed a letter supporting the
> appeal. You can find the complete EFF web page on the case here.
>
> djf --- Here's the letter:
>
> http://www.eff.org/files/filenode/MBTA_v_Anderson/letter081208.pdf
>
> The rest of the case files are here:
> http://www.eff.org/cases/mbta-v-anderson
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list