Massachusetts Bay Transportation Authority v. Anderson et al
Filing
49
AFFIDAVIT in Support re 26 MOTION for Reconsideration re 12 Order on Motion for TRO -- Declaration of Corynne McSherry filed by Zack Anderson, RJ Ryan, Massachusetts Institute of Technology. (Attachments: # 1 Exhibit 1, # 2 Exhibit 2, # 3 Exhibit 3, # 4 Exhibit 4, # 5 Exhibit 5, # 6 Exhibit 6, # 7 Exhibit 7, # 8 Exhibit 8, # 9 Exhibit 9, # 10 Exhibit 10, # 11 Exhibit 11, # 12 Exhibit 12, # 13 Exhibit 13, # 14 Exhibit 14)(Brown, Thomas)
<![CDATA[
Hacking and free speech - The Boston Globe
Page 1 of 1
THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING GLOBE EDITORIAL
Hacking and free speech
August 14, 2008 THREE MIT students claim to have identified ways of hacking the MBTA's automated fare-collection system, and they could have spared themselves some trouble had they notified the transit agency of any security flaws right away. The T found out about their work only after they made plans to describe their discoveries last Sunday at DEFCON, a conference for hackers. On Saturday, the agency persuaded US District Judge Douglas Wood-lock to issue a temporary restraining order against the undergrads. But what the students should have done out of moral obligation and what they have the right to do under the First Amendment are two different questions. For good reason, US courts have long been highly skeptical of prior restraints on what may be said in a public forum. Woodlock strayed into dangerous territory by restricting what the students could disclose at the conference. At a hearing today, Judge George O'Toole will hear motions to modify or lift the order. He ought to lift it. The order had its intended effect, for the students did not give their talk. But it would be a mistake to regard them merely as mischief-makers bent on helping scofflaws ride for free. Finding security breaches in electronic systems is a legitimate, even vital, line of inquiry. The students began looking into the T's CharlieCards and CharlieTickets in conjunction with an MIT class. The T says it wants to enforce the principle of "responsible disclosure" - the notion that a security researcher who finds a flaw in an electronic system should notify the owner and give sufficient time to fix the breach before going public. The students and T officials met for the first time about a week before DEFCON. The transit agency argues that the students did not offer enough information to judge whether they would behave responsibly at the conference. But should the T be the arbiter of what constitutes responsible disclosure? The students' lawyer says they met the standard, because they planned to withhold from their talk key information necessary to cheat the fare collection system. In any case, responsible disclosure, while a valuable ethical standard, is not enshrined in federal statutes, and should not trump First Amendment rights. Such rights aren't absolute; if the students were to incite others to commit crimes, they could face civil and criminal penalties. But if expression can lead to penalties after the fact, that is one more reason not to block it in advance. The MIT undergrads and others in this field surely need to learn that, even if they have a First Amendment right to disclose their work at their discretion, it doesn't mean they always should. But the MBTA should recognize that security flaws are a design problem, not a legal one.
© Copyright 2008 The New York Times Company
http://www.boston.com/bostonglobe/editorial_opinion/editorials/articles/2008/08/14/hacki... 8/18/2008
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
