Security by restraining order

Matt Blaze mab at
Wed Aug 13 14:42:25 EDT 2008

The EFF yesterday filed a letter from a number of academic security  
urging the judge in the MIT "Charlie Card" case to reverse the  
order.  It can be found on the EFF's case page, at

As a security researcher (and one of the signers of the letter to the  
judge), I was
particularly struck by the ironic -- and very unfortunate -- message  
that the court
order sends to our community:  it's safer to irresponsibly blindside  
users and vendors
by publishing about vulnerabilities without warning them first (thus  
denying them
the opportunity to seek a pre-publication gag order).

Surely that's not what that the court or the MBTA seek to encourage  

I blog a bit more about this at


On Aug 13, 2008, at 3:58, David Farber wrote:

> clipped from Steve Bellovin blog --
> The MBTA versus (Student) Security Researchers
> 12 August 2008
> As I'm sure many of you have heard, the MBTA (Massachusetts Bay  
> Transportation Authority) has a very insecure fare payment system.  
> Some students at MIT, working under the supervision of Ron Rivest —  
> yes, that Ron Rivest, the "R" in RSA — found many flaws and planned  
> a presentation at DEFCON on it. The MBTA sought and received an  
> injunction barring the presentation, but not only were the slides  
> already distributed, the MBTA's court filing included a confidential  
> report prepared by the students with more details than were in the  
> talk...
> The Electronic Frontier Foundation is appealing the judge's order,  
> and rightly so. Not only is this sort of prior restraint blatantly  
> unconstitutional, it's bad public policy: we need this sort of  
> security research to help us build better systems. I and a number of  
> other computer scientists have signed a letter supporting the  
> appeal. You can find the complete EFF web page on the case here.
> djf --- Here's the letter:
> The rest of the case files are here:

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list