More information released in CharlieCard case

13. August 2008 by admin.

Another case of inadvertent information release occurred last week.  Some MIT students did a project under the supervision of Ron Rivest, who is very well known in computer circles as an,  inventor of several key hashing and security algorithms, including RSA, which is the algorithm in those keyfobs that  companies like eTrade rely on to provide secure access to brokerage accounts.  These students analyzed the security of the magnetic fare cards and RFID cards (Boston’s Charlie Card and Charlie Ticket) used by the Massachusetts Bay Transit Authority.  These students were to present their findings at the DefCon hacker  conference in Las Vegas, but the MBTA went to Federal Court and got a temporary restraining order that prevented them from discussing their work.

Without making any judgment about the appropriateness of the MBTA’s suit or the students’ research, it is clear that suing in Federal Court mainly succeeded in making the information more widely available than if it had just been presented at the conference.

The slide presentation had already been publicly posted.  But more to the point for the present discussion, the attorneys for the MBTA themselves released additional information (provided by the students to the MBTA) in the public court documents.  The very information that the MBTA was trying to protect was released along with increased publicity for the vulnerability, the presentation, and the students.

Posted in Uncategorized | No Comments »