Don’t Enjoin the Messenger

Two weeks ago three students from MIT appeared at DEFCON in Las Vegas to present their successful hack of the Massachusetts Transit Authority’s electronic fare system–the “Charlie Card.” The MBTA went to federal court to enjoin publication of students’ presentation, claiming it would violate the Computer Fraud and Abuse Act. The court granted the injunction on August 9, only to lift it yesterday, ruling that the MBTA was not likely to succeed on its CFAA claim. Follow the story’s arc here, here, here, and here–and then read Bruce Schneier’s timely (8/7) essay from The Guardian. Schneier’s piece discusses the successful hack of the London subway’s Oyster smartcard by students from the Netherlands. The Oyster card’s maker, NXP Semiconductors, sued to prevent publication of the hack; it lost. The Oyster card uses the same chip–the “Mifare Classic”–used by Boston and other transit systems. Schneier writes “[t]he security of Mifare Classic is terrible . . . it’s kindergarten cryptography. Anyone with any security experience would be embarrassed to put his name to the design. NXP attempted to deal with this embarrassment by keeping the design secret.” In ruling against NXP the Dutch court said “[d]amage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.” (Emphasis supplied)

These two cases follow a familiar pattern: Company A does a crap job designing or delivering a good or service to Company B; someone blows the the whistle on Company A’s mis- or malfeasance; Company B blames the whistleblower for leaking news of flaw instead of blaming Company A for its lousy performance. Here the Dutch court got it right, and the U.S. court is heading in the right direction.

5 thoughts on “Don’t Enjoin the Messenger”

  1. Thank you for every other informative site. Where else may just I
    get that type of information written in such a perfect way?
    I have a mission that I’m simply now operating on, and I’ve been on the look out for such information.

  2. My spouse and I stumbled over here from a different website and thought I should check things out.
    I like what I see so now i am following you. Look forward to looking at your web page again.

  3. Greate article. Keep posting such kind of info
    on your page. Im really impressed by it.[X-N-E-W-L-I-N-S-P-I-N-X]Hey there, You’ve performed a great job.
    I will definitely digg it and in my view recommend to my friends.

    I’m sure they’ll be benefited from this site.

  4. Woah! I’m really enjoying the template/theme of this blog.
    It’s simple, yet effective. A lot of times it’s challenging to get that “perfect balance” between usability and visual appeal.
    I must say that you’ve done a very good job with this. In addition, the
    blog loads super quick for me on Chrome. Outstanding
    Blog!

Leave a Reply

Your email address will not be published. Required fields are marked *