Irresponsible disclosure

The arguments continue about the recent court order by the Massachusetts Bay Transportation Authority to prevent MIT researchers from revealing flaws in the security of its e-ticketing system. It makes me wonder about the motivations behind contemporary research.

The real debate should not be about freedom of speech. It should be about why university research is wasted on attempts to find flaws in other people’s operational systems, rather than developing useful security solutions. We all know that no system is foolproof. They all rely to some extent on security by obscurity. And you can’t fix deep-seated flaws overnight. It’s bad enough having a community of criminals looking to exploit ways to circumvent them. We could do without universities helping them.