A clash of cultures
Readers of this blog are probably aware that lawyers for the MBTA recently obtained an injunction to prevent two MIT students presenting a security analysis of the MBTA 'Charlie Card' payment scheme at Black Hat.
The security community will do what it usually does in this situation: we rally to protect our own when they are under attack. That's why we are called a community: One for all and all for one.
But the case really illustrates a clash of civilizations and different views on how to achieve security. The term 'hacker' comes from MIT and the MIT hacker culture has more than a century of tradition behind it. When I first arrived at MIT as a research scientist there was a police car parked on the top of the MIT dome by student hackers. I don't think the MBTA does that sort of thing on a regular basis.
But there is a big difference between the MIT hacker culture and the subsequent hacker-vandal culture that misappropriated the name. According to the reports, the students did the responsible thing and explained the flaws they had discovered to the MBTA. If the thanks responsible researchers receive is a lawsuit, advance warning is going to quickly become extinct.
But lawyers are not trained to consider such issues, their training is to only consider the narrow interests of the client and frequently only in the case at hand.
Whatever the legal merits, bringing a lawsuit against MIT to suppress research performed by MIT students is poor public relations.
Update: Submitting the information you are attempting to suppress to the court without asking it to be sealed is likely to be counterproductive.
