follow me on Twitter

    Thursday, September 4, 2008

    Last Day of Defcon 16

    Brenno did it! He presented “Ticket to Trouble” in the place of the 3 MIT undergraduate students who, under a last-minute Massachusetts court injunction, were not able to present. Before his talk, nervous he might get arrested, the legal contingent at the conference told him not to worry. The scope of the injunction was properly narrow: it only referenced the “MIT undergrads'” and their research pertaining to the crack for the Mass. transit cards. However, Brenno gave his presentation exclusively about an extremely similar crack in the Netherlands's mass transit cards last year. The parallels to the US' Mifare card was clear, but he made no reference to the MIT guys' research.

    He began his presentation by presenting a quote from the Dutch Constitution which included a statement about freedom of speech. He was able to freely present on the topic of the Dutch system because of these rights; his government cannot prevent him from presenting academic research and, in fact, specifically said it would not. Then he followed up with the words from the U.S. Constitution thus showing why, if he wanted to, U.S. citizens SHOULD have the same freedoms under U.S. laws. Unfortunately, the US courts didn't have the same opinion as the Dutch courts.

    Brenno (wisely) made no particular reference to the MIT students, but their presentation was close to what Brenno presented but without any technical specifications, code, or photos of people breaking into places. Those three elements were included in the MIT guys' presentation, but a former Fed Agent told me on Friday that the FBI had asked the MIT guys that they cut some slides from their presentation. I suspect that those were the ones in contention, but what I find interesting is that, from what I understood from the former Feds' comment, the FBI wasn't going to preclude the MIT guys from presenting but only asked their presentation be edited due to an ongoing investigation. However, the Massachusetts District and Federal court went as far as to chill their speech completely. It's incredible to me because, not only is the stuff (minus the executable code) already distributed to the public on the Defcon CD that all conference attendees received at registration as early as Thursday, but these guys were talking about exploits that were already out there and well known.

    I think that Brenno's valiant presentation, albeit about the Dutch and British systems, may have weakened the case against the MIT guys. The MA judges who made the decisions will be hearing about this. It was even on Twitter coming up on Brenno's laptop's screen during his talk. Thank you, Brenno. It took you, from the Netherlands, to get up in front of a standing-room-only crowd of over 700 cheering people, present academic security research and uphold our U.S. 1st Amendment Constitutional rights. You will have effected precedent in US courts regarding this case and (hopefully) improve security for an insecure technology. And, as a member of academia, a special THANK YOU in the spirit of academic freedom.

    And then, during Brenno's Q&A, I made a mad dash to the Vegas airport and barely made my flight, but seeing Brenno's presentation was worth the risk. This time I breezed through TSA security—no dumb questions regarding whether my unpeeled orange on a domestic flight could have been injected with bomb-making poisons (I'm not joking—this has actually happened).

    No comments: