LAS VEGAS, Nevada (AFP) — A US judge on Saturday gagged hackers from telling peers at a notorious DefCon conference how to get free rides by cracking commonly used subway "smart cards."
The decision was immediately condemned by Internet rights attorneys that decried it as an attack on free speech that endangers the existence of computer security gatherings such as DefCon and Black Hat.
"It is a very dangerous precedent," said Electronic Frontier Foundation (EFF) attorney Marcia Hoffman.
"The court is suggesting that giving a presentation involving security to other security researchers is a violation of federal law. This has a tremendous chilling effect on research. We intend to fight it with everything we've got."
The EFF defended the trio of Massachusetts Institute of Technology students at a hearing that ended with US district court judge Douglass Woodlock barring them from giving a slated "Anatomy of a Subway Hacking" presentation at DefCon.
The students had promised to detail how they outwitted magnetic strip and radio frequency chip-based fare cards used in the Boston subway so completely that one could hack their way to "free subway rides for life."
The same smart card technology is used by public transit systems around the world, according to the team.
Woodlock forbade the students for discussing any of their research, aspects of which were provided along with other presentations on computer disks given to thousands of DefCon attendees when the event began Friday.
"We disagree with the ruling but we are not going to disobey it," said MIT student Zack Anderson.
"We wanted to share our academic work with the security community. If you want to fix a system you need to know what is wrong with it."
Boston transit officials filed a suit against the students on Friday, demanding they keep any flaw secret until it is fixed.
"If the discoverer discloses the vulnerability to a broader audience, hackers and other malicious users may be able to exploit the vulnerability," the transit system argued in a court documents.
"It is strongly in the public interest to protect this system."
The suit says another culprit in the case is the students' MIT professor Ronald Rivest, a professor who is also the well-known founder of RSA Data Security firm.
Transit system lawyers convinced Woodlock to issue a restraining order barring the students from giving a lecture at DefCon or saying anything about their findings until the issue is addressed at a future hearing.
They demand a civil trial and want the students to be ordered to pay financial damages.
EFF senior attorney Kurt Opsahl called Woodlock's order an abuse of US "computer intrusion" law.
"(The order) does not appear to contemplate it is talking about a person who is giving a talk to humans," Opsahl said.
"If you are truthfully telling the world about a dangerous situation this should, of course, be free speech."
Efforts to use the courts to silence hackers in the Netherlands that revealed a similar hack to transit system smart cards there failed, according to Opsahl.
Copyright © 2009 AFP. All rights reserved. More »
