August 22, 2008
Grouchy Smurf Says the MBTA Sux
We in this house love Boston. It's a great place. Especially those little cream pies that they have at the Omni Parker House... mmmmm... they melt in your mouth.
Yep. We love Boston. But the MBTA... that's another story. Maybe you heard, or maybe you didn't, that the MBTA sued three MIT students and had a court issue a gag order to prevent them from publishing their research about how the MBTA system can be defrauded.
Now, a lot of folks have made this about full disclosure. I, for one, don't think it is. I understand the temptation to make the parallel, though. But in this case, we have to acknowledge that the forces at work are different. Full disclosure - at it's core - is about getting product companies to fix their bugs. It works because it embarrasses vendors into fixing their issues.
The MBTA, on the other hand, probably won't be able to fix this issue - at least not in the short term. They're not a product company, so they're going to feel the pressure in the same way that, say, Microsoft would in the event of a Windows bug. So embarrassing them - well, it really doesn't serve much of a purpose (other than intellectual curiosity) than just embarrassing them. They've already got a significant deployment going on and probably quite a bit of money invested. So it's probably not worth their while to fix the issue. Which means, at the end of the day, that their probably right in saying that publishing the details of the issue is likely to encourage people to exploit that issue.
That being said, I think they have a valid point. Even so, however, I still disagree with their decision to take these kids to court. Not because they're argument isn't accurate (which I think it is), but instead for two wildly different reasons: a) because of the precedent that it sets for future research, and b) because it's dumb (counter to their own interests).
Now the question about the chilling effect on future research has been beaten to death, so I won't beat it again here. But the stupidity argument I haven't seen yet, so I'll lay it out. What's the best surefire way to make sure that everybody in the free world hears about the MBTA fraud issue? If you wanted to shine a spotlight on this thing, what would you do? How about suing some college students and making it into a free speech issue? Oh yeah, brilliant idea... we're the government, so let's take some college kids to court over it - that'll go over well. Not. If they had just ignored it, it would have been a blip on the radar - some people out at DefCon would have heard about it, and everybody would have moved on. But putting on a Darth Vader mask and standing on the rooftops shouting that you're the evil empire? Not such good PR.
Posted by Ed at August 22, 2008 03:35 PM | TrackBack