A federal judge in Boston agreed Thursday to extend a gag order on three MIT students from discussing how they circumvented security of electronic payment cards used by the Massachusetts subway systems.
Judge George O'Toole Jr. also ruled the three students - Zach Anderson, R.J. Ryan and Alessandro Chiesa - must submit additional information about their research, including data they turned into professor Ronald Rivest.
On Aug. 8, the Massachusetts Bay Transportation Authority obtained a temporary restraining order blocking the MIT students presenting their finding to the DefCon hacker gathering in Las Vegas last weekend. Although their talk was cancelled, copies of the presentation leaked onto the Internet and were distributed before the gag order.
This Tuesday, the parties will again meet in court, this time to determine whether the restraining order should be cancelled or tailored to address only "nonpublic" information.
Advocy group Electronic Frontier Foundation, said it would appeal Thursday's ruling on behalf of the three MIT students, saying the gag order infringes their free-speech rights.
Court tells students to disclose hacker secrets in T case:
US District Judge George A. O'Toole Jr., granting a request by the MBTA, ordered Zack Anderson, Alessandro Chiesa, and R.J. Ryan to provide him with a paper they wrote for a class at MIT and correspondence they had with the organizers of Defcon, a Las Vegas hacker convention where the students were slated to speak last Sunday on alleged security flaws in the MBTA's system.
The judge said he needed to know more to "enable me to make a sounder decision about the facts of the case." He ordered the students, who were not present, to provide the information by 4 p.m. today. He said he'll weigh all the facts, then hold another hearing Tuesday on whether to dismiss or extend the 10-day restraining order that was issued Saturday and prevented the students from giving their presentation at the convention.
The MBTA filed suit last week, alleging trespass and computer fraud by the students and negligence by the Massachusetts Institute of Technology after a vendor spotted promises of "free subway rides for life" on a website advertising the students' presentation.
After yesterday's hearing, Jennifer Granick, a San Francisco attorney who represents the students, dismissed those promises as "puffery" and said the students had used "florid language" to drum up interest in their presentation.
In court, Granick, who is civil liberties director of the Electronic Frontier Foundation in San Francisco, said the students have already provided "the entire universe of information," including material they never intended to release about security flaws, in a 30-page sealed document provided to the court earlier this week.
Granick argued that the restraining order is an unconstitutional gag order that has done "irreparable harm" to the students and the First Amendment. Granick said the students have acted responsibly and "never intended to release important information that would allow or teach a bad guy" to hack into the system.
MBTA spokesman Joe Pesaturo said the students have not provided the MBTA with enough information for officials to know whether the system's security is endangered. "We simply want them to provide the information that's been requested by the court or the MBTA," he said.
Ieuan G. Mahony, a Boston lawyer who is representing the MBTA, said after the hearing that some form of a restraining order is necessary until the agency has fixed any flaws that may exist.
The MBTA contends that the students had a responsibility to share their findings with agency officials before making them public so the agency would have time to fix the problems before they could be exploited, Mahony said.
After the hearing, Granick said the restraining order is "preventing them from talking about what they found, even though there's a public debate. If these students figured it out, other people could figure it out, too."
She said today's deadline would be difficult to meet because Anderson is not in the country and Ryan and Chiesa are not in Boston.
Friday, August 15, 2008
Engineering Windows 7--E7 for short. For the time being, the blog is going light on "the wow," with an image-less blue and white design as straight forward as the blog's name implies.
E7 is also a bit sparse on the content front at the moment too, with two posts, including a maiden message about commenting guidelines and a second which introduces the blog's mission statement.
Microsoft has told the blogosphere it will reveal more about its next operating system, Windows 7, on 27 October.
Windows lovers ahead of two “significant events” where it will dish the dirt on W7, its forthcoming OS based on the Vista kernel.
Developers are invited along to get the skinny on Microsoft’s Windows ecosystem this Autumn at the Professional Developers Conference on 27 October and the Windows Hardware Engineering Conference a week later, where MS will “provide in-depth technical information” on the operating system.
Redmond has also, once again, admitted that it needs to be more transparent with its customers.
“We, as a team, definitely learned some lessons about ‘disclosure’ and how we can all too easily get ahead of ourselves in talking about features before our understanding of them is solid,” said head of Windows and Windows Live engineering Steven Sinofsky and Windows core OS division wonk Jon DeVaan, both of whom apparently co-authored the blog post.
“Our intent with Windows 7 and the pre-release communication is to make sure that we have a reasonable degree of confidence in what we talk about when we do talk.”
The pair added that they feel that it’s their “responsibility” to not cause “strategic confusion” among Microsoft's army of partners and customers “who care deeply and have much invested in the evolution of Windows”.
Microsoft’s also claiming to be in a caring/sharing kinda mood: “Starting from the first days of developing Windows 7, we have committed as a team to ‘promise and deliver’. That’s our goal – share with you what we’re going to get done, why we’re doing it, and deliver it with high quality and on time.”
Hmm, Redmond shipping a product on time. That’s a quaint notion, don’t you think?
So, the blog – which is undoubtedly heavily edited by a team of PRs – could serve as a useful stick to beat Microsoft with if it fails to deliver the goods on time and transparently.
Microsoft has continued to insist that Windows 7 won't be available to customers until the start of 2010. But expectations are rising that it will make a crash landing in the second half of 2009.
For now, Microsoft remains tight-lipped and focused on re-marketing its unloved Vista OS. El Reg even received an invite from the software multinational this morning in which it offers your reporter the chance to “explore the new world of Windows”.