The MBTA acknowledged in court yesterday that its CharlieTicket system is vulnerable to fraud, validating a key finding of three MIT students who drew attention to the security problems as part of a class project.
The admission came during a hearing at which a federal judge lifted a 10-day order barring the students from talking about their findings and denied the MBTA’s request to keep them silent about the most sensitive parts of their research for five months.
[…] “I hope it gives people comfort that they can do security research . . . without fear that they’re going to be dragged into federal court and gagged,” said Cindy Cohn, legal director for the Electronic Frontier Foundation, which is representing the students.
Companies like IMS Health Inc., based in Norwalk, Conn., have built an industry around gathering prescription data and selling the information to pharmaceutical companies for millions of dollars each year. Pfizer Inc., Merck & Co. Inc., and nearly every other drug maker uses the data to identify which doctors are prescribing their drugs and which are prescribing the competition. When freebie-wielding salespeople show up at their offices, most doctors don’t know they’re being targeted based on their own prescribing habits.
But the political tide may be turning against IMS Health and competitors like Verispan, a unit of Surveillance Data Inc. After years of steady growth, they are fighting against laws in three New England states to keep prescribing information out of their hands.
Judges in Maine and New Hampshire have handed the companies early victories, declaring laws aimed at stopping the commercial use of prescription data unconstitutional. But an impending decision by the federal appeals court in Boston could overturn those actions and open the door to more restrictions nationwide.
Related headache for those who want to lean into the punch: California Licenses 2 Companies to Offer Gene Services