From hackers to helpers

By Kyle Smeallie & Harvey Silverglate

If you can’t beat ‘em, join ‘em – or at least have them join you.

That appears to be the newly-adopted attitude of the Massachusetts Bay Transportation Authority (MBTA), marking a logical denouement to the celebrated case this past summer in which three MIT students uncovered technological vulnerabilities in the fare collection system. Before the students were able to present their research at a hacker’s conference, the MBTA sued, claiming that “significant damage to the transit system” would result from public disclosure. Federal District Judge Douglas Woodlock, sitting as the emergency duty judge, agreed, slapping the students with a temporary restraining order. (But Judge George O’Toole, to whom the case was assigned, later reversed course and denied the MBTA’s request for a preliminary injunction.)

Aside from the blatant threat to the students’ First Amendment rights, the MBTA’s gag order left fair-minded citizens scratching their heads. Rather than address the obvious security flaws, the MBTA chose to squander its scarce resources – revenue from taxpayers and T riders – in a counterproductive legal battle. In essence, the T chose to shoot the messenger.

Harvey Silverglate, in a Boston Globe letter-to-the-editor, criticized the MBTA’s inherently flawed approach.

“The MBTA would have been better off hiring, rather than suing, the MIT trio to solve the electronic flaw,” Harvey wrote. “The students (and their professor) could doubtless do a better job of patching the security hole than the T's security officials, consultants, and vendors who designed the vulnerable system.”

Apparently (though not immediately), MBTA officials listened. The Electronic Frontier Foundation (EFF), which represented the students pro bono, announced last week that the students have agreed to work with the MBTA – pro bono, as well – to help fix security flaws.

“We’ve always shared the goal of making the subway as safe and secure as can be,” said MIT student Zack Anderson in a December 22 EFF press release. “I am glad that we can work with the MBTA to help the people of Boston, and we are proud to be a part of something that puts public interest first.”

To be sure, this wasn’t the first instance of tech-savvy individuals switching sides, so to speak – rogue mischief makers becoming saviors of the very companies they once annoyed. About the late 1970s, Harvey represented a couple of very smart (aren’t they all?) MIT students who had figured out how to do an end-run around the New England Telephone Company’s  security and billing protocols for dialing long distance calls. The students produced a so-called “black box” that imitated dialing tones while by-passing the NET’s billing system (bear in mind, these were the bygone days of touch-tone simplicity). The students managed to make quite a large number of phone calls to their friends all around the world before NET caught-on, set a trap, and busted them.

The judge, not wanting to give the students a criminal record, put them on pre-trial probation and agreed to dismiss the case if the students kept their noses clean. Not only did they keep their noses clean, but they were hired by the phone company to augment its security office. Their task: prevent future MIT geniuses from gaming the system.

The notion that “when you can’t beat ‘em, join ‘em” makes as much sense today as it did then. It makes especially good sense when the seeming enemy can make a valuable friend – and you don’t have a dime to spare.