BOSTON (AP) – An attorney for three MIT students who allegedly hacked into the MBTA’s automated fare system asked a federal judge Thursday to lift a gag order that prevents the students from talking about how they got inside the system.

The Massachusetts Bay Transportation Authority doesn’t want the students to explain the hack publicly until they can fix the flaws the students claim they discovered.

Last week, a judge issued a temporary restraining order barring the students from making a presentation on the hack at Defcon, an annual computer hackers’ conference held last weekend in Las Vegas.

The students’ attorney, Jennifer Granick, argued in U.S. District Court on Thursday that her clients never intended to release key information that would show hackers how to infiltrate the system and ride the T for free.

“What this case is about is an unconstitutional gag order, a prior restraint on my clients’ ability to speak about a matter of great public interest,” Granick said.

“They always intended to withhold the details of their research at the conference,” said Granick, who is the civil liberties director for the Electronic Frontier Foundation.

Judge George O’Toole Jr. did not immediately rule on the students’ request to lift the order. The hearing is scheduled to continue on Tuesday, the day the temporary order is set to expire.

The MBTA sued the three undergraduate students and MIT late last week, alleging that the students claimed in an Internet posting that they had hacked into the MBTA’s electronic ticketing system and planned to show others how to duplicate their breaking of the security systems in demonstrations at the Defcon convention.

The students’ presentation at the convention was supposed to demonstrate hacks for the system’s primary two payment cards – CharlieCard and CharlieTicket – which work on the system’s subways and buses.

“Want free subway rides for life?” the advertisement read in part.

The students – Zack Anderson, R.J. Ryan and Alessandro Chiesa – said in the posting that they planned to “show how we reverse engineered the data on magstripe card” and “present several attacks to completely break the CharlieCard.”

Granick dismissed the posting as “puffery” designed to get people interested in their presentation.

“They never intended that they were going to give people the tools or the information to do that,” she said.

Ieuan Mahony, an attorney for the MBTA, said although the students’ lawyer has asserted that they do not plan to reveal information that could help hackers break into the fare system, the students have not submitted sworn affidavits or depositions. Mahony said the MBTA needs more information about the students’ research before it can decide whether there is a security problem, and if so, what steps it needs to take to correct it.

O’Toole ordered the students’ attorney to turn over to the MBTA the class paper that contains their research on the fare system and communications they had about their presentation with organizers of the Defcon convention. Granick said she had already filed a 30-page confidential report that outlines everything the students know about the fare system.

AP-ES-08-14-08 1642EDT


Only subscribers are eligible to post comments. Please subscribe or to participate in the conversation. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.