Useful Links

Recent Posts

Archive

The MBTA versus (Student) Security Researchers

12 August 2008

As I'm sure many of you have heard, the MBTA (Massachusetts Bay Transportation Authority) has a very insecure fare payment system. Some students at MIT, working under the supervision of Ron Rivest — yes, that Ron Rivest, the "R" in RSA — found many flaws and planned a presentation at DEFCON on it. The MBTA sought and received an injunction barring the presentation, but not only were the slides already distributed, the MBTA's court filing included a confidential report prepared by the students with more details than were in the talk...

The Electronic Frontier Foundation is appealing the judge's order, and rightly so. Not only is this sort of prior restraint blatantly unconstitutional, it's bad public policy: we need this sort of security research to help us build better systems. I and a number of other computer scientists have signed a letter supporting the appeal. You can find the complete EFF web page on the case here.


Update: a judge has lifted the gag order against the students. Note, though, that the MBTA's lawsuit continues.

Update on Laptop Border Searches

10 August 2008

The government has now published its policy on laptop searches here. It raises more questions than it answers. For one thing, they don't just claim the right to search — and seize — your laptop when you enter the country; they can search it when you leave the country, too. They also claim the right to do this at the "functional equivalent of the border, or extended border". Declan McCullagh explained these and related issues. He also points out that CBP is enforcing trademark and copyright laws, which (at least in theory) gives them the right to look for illegally-copied songs on your iPod.

Peter Swire, a respected law professor and former Clinton administration official, has written on the subject as well. In his Congressional testimony, he, too, points out the similarity of laptop searches to cryptographic key escrow.