Monday, August 11, 2008

MIT Students Blocked From Presenting MBTA Hack

Three MIT students were blocked by court ourder yesterday from presenting a presentation demonstrating how to “hack” the MBTA transit to generate fare cards and ride for free. (The demonstration did not include how to change routes or disturb the rails, which is what I think of when I hear “subway hack.”) The demo was slated for Las Vegas’ Defcon conference but was stopped federal courts yesterday because MTBA said the 87-slide presentation would “inflict significant damage.” The students, representing the Electronics Frontier Foundation, plan to fight the order:

The Massachusetts Bay Transportation Authority said in a complaint filed Friday that the students offered to show others how to use the hacks before giving the transit system a chance to fix the flaws. MIT is also named in the suit.

But Granick told The Associated Press on Sunday that the students were simply trying to share their research and planned to omit key information that would make things easier for anyone who actually wanted to hack the payment system.

Lawyers for the transit system did not immediately return phone calls seeking comment on Sunday.

Electronic copies of the 87-slide presentation circulating the Internet disparaged the transit system's physical security and showed photographs of unlocked doors, turnstile control boxes and exposed computer monitors at subway stations.
One slide explains that the presentation would teach attendees how to generate fare cards, reverse engineer magnetic stripes on cards and hack radio frequency identification (RFID) cards.

The next slide says: "And this is very illegal! So the following material is for educational use only."
I know this is wrong, but I want to see the presentation. I’m curious. From the vantage point of a student—and a generally curious person—the scheme is kind of genius. Monthly passes, one-trip fares, and fees are expensive on a student’s budget and the students argue that the investigation points out serious flaws MTBA needs to fix. At the very least, hacking for free rides is far more productive than cheating Vegas, even if it doesn’t pay tuition. Of course, public transit is usually under funded and relies on fares to stay afloat. I’m not supporting that, of course.

The instructions are out there somewhere: the discs were distributed Thursday before the convention began. MTBA fears that the information will cause damage despite the court order. They're right, it probably will. Could anyone with the instruction resist the urge? As a person who is perpetually made an example of and as someone who turned in a brand new digital camera I found on the CTA (and had my wallet sent to me by mail after someone found it in a cab, thanks!), I don’t think I could actually cheat the system, but if people will pull over on the freeway to scoop cash—even as the unfortunate soul desperately clings to the remaining fortune, I think someone could. (Seriously, how hard is that? And how guilty would you feel knowing the person who lost the money watched you take his money?)

No comments: