We have put in place security systems designed to prevent unauthorized disclosure of information you provide to us and to deter and prevent hackers and others from accessing this information. For example, we have taken steps to safeguard the integrity of our telecommunications and computing infrastructure, including but not limited to authentication, monitoring, auditing, and encryption.
Well, it turns out that three MIT students, as part of a class project, used publicly available information to discover flaws in the T's "Charlie Card" and "Charlie Ticket" media. These weren't the same systems we asked about in 2005, but it was a significant vulnerability: essentially, the students found a way to make it possible to avoid ever paying a fare again.
We see this kind of thing over and over again. Assurances that technological systems used by corporations, government agencies, health care providers, and others give way to revelations that the systems have been broken into or compromised in other ways. The TJX breach here in Massachusetts is just one of the most notorious examples, and it's one of the reasons that the ACLU opposes plans like the Real ID national identity card, which would require scooping up vast amounts of personal information on nearly everyone in the country -- one-stop shopping for identity thieves.
In the case of the MIT students' discovery, the MBTA reacted in exactly the wrong way: they sued the students and got a 10 day gag order to prevent them from discussing their findings. Fortunately, a Federal judge has just thrown out the MBTA's case.
What the MBTA should have done is take advantage of the brainpower that Massachusetts cultivates and attracts, instead of fighting it. Attempts to gag freedom of speech and freedom of academic inquiry increase the chances that security flaws will be exploited in a malicious attack, rather than examined as part of benign academic inquiry. Our best security is the marketplace of ideas.
Posts
3 comments:
As a proud, card-carrying member of the ACLU, I wish you would refrain from using language that promotes the "market" as a neutral ground on which ideas can be contested and tested fairly. You write below:
"We think that the best security comes from being able to hold up in the marketplace of ideas."
I'd like to remind you that the chief purpose of the contest of competitive forces in a market is not to seek the truth; it is, rather, to achieve what is most profitable. This form of analysis does not, indeed cannot, acknowledge the value of "goods" like environmental sustainability, the public health, or civil liberties.
The "market," as such, is not at all concerned with the fruits of reasoned argumentation based on fact and evidence -- which is what I take to be the objective of the Mass Rights Blog.
Let's come up with a better metaphor to describe this important online venue for debate!
[Apart from the point of this comment, congratulations and keep up the great work!]
please do something about those ARABS AND ARAB MUSLIM LEGAL IMMIGRANTS who are still being detained in some states as a result of their failure to have registered in a 2002 NSEERS PROGRAM , a program that in fact what was called INS then failed to adequately inform and outreach those poor miserable migrants .
mhijar
I am quite concerned that the state of Ma. can eavesdrop on my telephone calls and my email without my knowledge or permission. Who in the Ma. Legislature is responsible for this, and what was the Bill Number used to make this Big Brother of our formerly Bill of Rights respecting state?
Post a Comment