Educational CyberPlayGround - Hacking and Free Speech

Thursday, August 14, 2008

« Memo on P2P Provisions in the Higher Edu... | Main | Larry Lessig Wins »

GLOBE EDITORIAL
Hacking and free speech

August 14, 2008

THREE MIT students claim to have identified ways of hacking the MBTA's
automated fare-collection system, and they could have spared
themselves some trouble had they notified the transit agency of any
security flaws right away. The T found out about their work only after
they made plans to describe their discoveries last Sunday at DEFCON, a
conference for hackers. On Saturday, the agency persuaded US District
Judge Douglas Wood-lock to issue a temporary restraining order against
the undergrads.

But what the students should have done out of moral obligation and
what they have the right to do under the First Amendment are two
different questions. For good reason, US courts have long been highly
skeptical of prior restraints on what may be said in a public forum.
Woodlock strayed into dangerous territory by restricting what the
students could disclose at the conference. At a hearing today, Judge
George O'Toole will hear motions to modify or lift the order. He ought
to lift it.

The order had its intended effect, for the students did not give their
talk. But it would be a mistake to regard them merely as mischief-
makers bent on helping scofflaws ride for free. Finding security
breaches in electronic systems is a legitimate, even vital, line of
inquiry. The students began looking into the T's CharlieCards and
CharlieTickets in conjunction with an MIT class.

The T says it wants to enforce the principle of "responsible
disclosure" - the notion that a security researcher who finds a flaw
in an electronic system should notify the owner and give sufficient
time to fix the breach before going public.

The students and T officials met for the first time about a week
before DEFCON. The transit agency argues that the students did not
offer enough information to judge whether they would behave
responsibly at the conference. But should the T be the arbiter of what
constitutes responsible disclosure? The students' lawyer says they met
the standard, because they planned to withhold from their talk key
information necessary to cheat the fare collection system.

In any case, responsible disclosure, while a valuable ethical
standard, is not enshrined in federal statutes, and should not trump
First Amendment rights. Such rights aren't absolute; if the students
were to incite others to commit crimes, they could face civil and
criminal penalties. But if expression can lead to penalties after the
fact, that is one more reason not to block it in advance.

The MIT undergrads and others in this field surely need to learn that,
even if they have a First Amendment right to disclose their work at
their discretion, it doesn't mean they always should. But the MBTA
should recognize that security flaws are a design problem, not a legal
one.

NetHappenings Mailing List

Thursday, August 14, 2008 11:00:13 PM (Eastern Daylight Time, UTC-04:00) Disclaimer | Comments [0] | Related posts:
[ECP] NetHappenings News and Resources
Lori Drew was found guilty of three misdemeanor charges
Yiddish: A Struggle for Survival
My Uncle Stan
Youth and sexual predation online
Accidental Chrismukkah cards from President Bush

Comments are closed.

SIGN UP and GET POSTS DELIVERED TO YOUR EMAIL

Enter your email address:

You will get email if the Educational CyberPlayGround
has produced new content on that day.

Listen to this site on my phone with Jott Feeds

ON THIS PAGE....


EDUCATION: An interdisciplinary blog about Internet and Technology News, NetHappenings, K12 Newsletters, and Network Newsletters. Provides resources for the Arts, Music, Linguistics, Literacy, National Childrens Folksong Repository, K12 School Directory for K-12 teachers, teacher educators, homeschooling parents, policy wonks, journalists, and business.