Re: Security by restraining order

2008-08-15 Thread Ali, Saqib 
JOLT's coverage of the topic and some new updates:
http://jolt.law.harvard.edu/digest/district-courts/mbta-v-anderson


saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Security by restraining order

2008-08-13 Thread Matt Blaze 
The EFF yesterday filed a letter from a number of academic security  
researchers
urging the judge in the MIT Charlie Card case to reverse the  
restraining

order.  It can be found on the EFF's case page, at
   http://www.eff.org/cases/mbta-v-anderson/

As a security researcher (and one of the signers of the letter to the  
judge), I was
particularly struck by the ironic -- and very unfortunate -- message  
that the court
order sends to our community:  it's safer to irresponsibly blindside  
users and vendors
by publishing about vulnerabilities without warning them first (thus  
denying them

the opportunity to seek a pre-publication gag order).

Surely that's not what that the court or the MBTA seek to encourage  
here.


I blog a bit more about this at
  http://www.crypto.com/blog/security_through_restraining_orders/

-matt





On Aug 13, 2008, at 3:58, David Farber wrote:


clipped from Steve Bellovin blog --
The MBTA versus (Student) Security Researchers
12 August 2008

As I'm sure many of you have heard, the MBTA (Massachusetts Bay  
Transportation Authority) has a very insecure fare payment system.  
Some students at MIT, working under the supervision of Ron Rivest —  
yes, that Ron Rivest, the R in RSA — found many flaws and planned  
a presentation at DEFCON on it. The MBTA sought and received an  
injunction barring the presentation, but not only were the slides  
already distributed, the MBTA's court filing included a confidential  
report prepared by the students with more details than were in the  
talk...


The Electronic Frontier Foundation is appealing the judge's order,  
and rightly so. Not only is this sort of prior restraint blatantly  
unconstitutional, it's bad public policy: we need this sort of  
security research to help us build better systems. I and a number of  
other computer scientists have signed a letter supporting the  
appeal. You can find the complete EFF web page on the case here.


djf --- Here's the letter:

http://www.eff.org/files/filenode/MBTA_v_Anderson/letter081208.pdf

The rest of the case files are here:
http://www.eff.org/cases/mbta-v-anderson


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]