Judge backs hackers in Boston subway dispute
BOSTON (Reuters) - Three students from the elite Massachusetts Institute of Technology who found a way to hack into Boston's transit system to get free rides can talk publicly about the security flaw, a court ruled on Tuesday in a decision hailed as a victory for academic freedom.
The students from the university, regarded as one of the world's top science and engineering schools, raised the ire of the Massachusetts Bay Transportation Authority with a paper demonstrating how someone could work around flaws in Boston's "Charlie Card" automated fare system.
They had planned to present the paper, which showed how anyone could take thousands of free rides on subways and buses, at a hackers conference in Las Vegas this month.
The MBTA sued to block that presentation, contending that it would violate U.S. laws on computer fraud. MBTA officials said they wanted to stop the students from publicly exposing the security flaws before the transit authority had a chance to review them.
U.S. District Court Judge George O'Toole in Boston federal court found that presenting an academic paper would not violate computer fraud laws.
"We need academic freedom and an ability to talk about these things, without fearing legal consequences," said Carol Rose, executive director of the American Civil Liberties Union of Massachusetts, which helped to defend the students.
"The marketplace of ideas does not work when we have gag orders imposed on our scientists," she added.
The three undergraduates -- Zack Anderson, R.J. Ryan and Alessandro Chiesa -- received top marks for their paper exposing the security flaw.
The hack worked by reprogramming the system's fare cards so they appeared to have more value, so a hacker could take a card that had just enough credits for a few rides and multiply that to work for hundreds of rides.
The students said they had planned to withhold key details in the Las Vegas presentation to prevent anyone in the audience from taking advantage of the security weakness.
MBTA General Manager Daniel Grabauskas said in a statement that the students had said the lawsuit was an obstacle to talks with the agency. "Now that the court proceedings are behind us, I renew my invitation to the students to sit down with us and discuss their findings," he said.
Located across the Charles River from Boston, MIT's students are known for their love of pranks -- "hacks" in the school's vernacular -- that show off their engineering skills.
Among the most famous was a 2006 incident in which students placed a 25-foot (7.6-meter)-long fire truck atop the dome of a campus library building.
(Editing by Jason Szep and Cynthia Osterman)
