Hack the Planet!

Damn I hope someone out there got the movie reference in the title.  Otherwise, I’m going to feel sad.  Sad and old.  Or, sadder & older than usual.

Anyway, over the past ten days there has been a fairly fascinating debate about Intellectual Property Laws, Computer Fraud, and plain old bored college geniuses.  (Or is it Genii?  Genies?  Can they grant wishes?  I need to figure this out.)

Last week, a group of MIT students (a rare species known both for their ridiculous ability to calculate Pi to 37 digits in their head, and their ability to throw surprisingly good frat parties on Bay State Road in Boston) announced that they had successfully hacked the Massachusetts Bay Transit Authority’s (MBTA’s) CharlieCard system, used for all public trains and busses in and around Boston. 

The MBTA, after hearing the students’ presentation, reacted rationally by filing a court injunction (PDF Format) to have the presentation gagged from all public dissemination.  Makes sense – not exactly good for business if everyone can ride for free.

This week, as the 10-day injunction was set to expire on Tuesday, a Boston Federal Judge threw out the lawsuit against the students, saying that they had not violated the Computer Fraud laws of the United States.  The judge declined to rule as to whether or not their “school project” (for which they got an “A”, by the way) of hacking the MBTA system constituted something protected by the First Amendment of the Constitution, but that’s to be expected.  Wouldn’t want a Federal Judge to actually set precedent or anything.

The news is fairly monumental in the Tech World, opening the door to newer and better hacks of major corporations.  This is not to say that the deadbeats who spend all day trying to get your credit card information from TJMaxx’s database are going to go unpunished.  But it does mean that kids messing around and not actually causing any harm to a corporation (in this case, actually showing the corporation the flaws in their system before ever releasing the information to the public) will not be punished for their efforts.

Many major corporations have wised up and started employing hackers like these kids to help clean up computer security within their firms.  Rather than trusting the old guard to sit around all day and try to find security vulnerabilities, companies are starting to simply pay the people who find the loopholes first to come in and close off the access.

The MBTA has announced they will be cleaning up their security flaws within the next three months, so for those of us in the Boston area – better fill up that CharlieCard fast!

Last note – in what is either an ironic twist of fate, or just one really really stupid lawyer, it appears that the MBTA has inadvertently released exactly the information they went to court to have gagged.  Sometimes corporate incompetence is staggering.

(One more last note: I’ve found my answer.  I can’t believe there are 585,000 Google hits for this question, but I guess the answer lies out there somewhere.  We have too much time on our hands in this society…)