Every once in a while things work the way should. Not often, but sometimes. Tuesday was one of those times, when a federal judge in Boston threw out the gag order that had prevented three MIT students from talking about research they’d done on security vulnerabilities in the Boston subway system. The order, which was imposed nearly two weeks ago, was the result of a law suit by the MBTA, which feared publication of the students’ work at Defcon would result in a spike in rider fraud on the system. The agency contended that even allowing the students to talk about their presentation was a violation of the Computer Fraud and Abuse Act, but Judge George O’Toole disagreed. From a blog post by the Electronic Frontier Foundation, which is representing the students:
The Court found that the MBTA was not likely to prevail on the merits of its claim under the federal Computer Fraud and Abuse Act. MBTA had argued that the CFAA, which prohibits the transmission of a program that causes damage to a computer, also covers “verbal transmission,” such as talking to people at conferences. Judge O’Toole, however, looked closely at the statute, and held that the CFAA does not apply to security researchers like the students talking to people.
This is a nice victory for the students, but there never should have been a restraining order, let alone a law suit, to begin with, especially considering that all of the material that the students were planning to present is already online. So, the law suit is still hanging over their heads, but this move by Judge O’Toole is a step in the right direction and may be an indicator of things to come in the suit, as well.