A Tale of Two Transport Hacks

In the USA a court has ordered that three MIT students not talk at DEFCON about their security assessment of the Massachusetts Bay Transit Authority (MBTA) fare cards. Apparently the court believes that “discussing the flaws at a public conference constituted a ‘transmission’ of a computer program that could harm the fare collection system“, which is pretty sad. There are more documents at Cryptome on the case. Their presentation was to include a cryptanalysis of the Mifare “Classic” card, which takes us to our second case..

Bruce Schneier reports that a group of Dutch researchers have won in court to be able to publish their own cryptanalysis of that very same Mifare Classic card, with the court stating:

Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.

An outbreak of common sense that the MIT students could only dream of. I wonder if they could appeal and cite this case as grounds to have the judgement overturned ?

Leave a Reply

Your email address will not be published. Required fields are marked *