At VW's request, English court censors Usenix Security presentation on keyless entry systems for luxury cars


Flavio Garcia, a security researcher from the University of Birmingham has been ordered not to deliver an important paper at the Usenix Security conference by an English court. Garcia, along with colleagues from a Dutch university, had authored a paper showing the security failings of the keyless entry systems used by a variety of luxury cars. Volkswagon asked an English court for an injunction censoring his work -- which demonstrated their incompetence and the risk they'd exposed their customers to -- and Mr Justice Birss agreed.

Garcia and his colleagues from the Stichting Katholieke Universiteit, Baris Ege and Roel Verdult, said they were "responsible, legitimate academics doing responsible, legitimate academic work" and their aim was to improve security for everyone, not to give criminals a helping hand at hacking into high-end cars that can cost their owners £250,000.

They argued that "the public have a right to see weaknesses in security on which they rely exposed". Otherwise, the "industry and criminals know security is weak but the public do not".

It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.

The scientists said it had probably used a technique called "chip slicing" which involves analysing a chip under a microscope and taking it to pieces and inferring the algorithm from the arrangement of the microscopic transistors on the chip itself – a process that costs around £50,000. The judgment was handed down three weeks ago without attracting any publicity, but has now become part of a wider discussion about car manufacturers' responsibilities relating to car security.

Scientist banned from revealing codes used to start luxury cars [Lisa O'Carroll/The Guardian]

(Image: The Fragile, a Creative Commons Attribution Share-Alike (2.0) image from meetthewretched's photostream)

Notable Replies

  1. miasm says:

    Because stopping someone speaking in public in one particular instance stops any information on the topic ever being disseminated.

    Of the few people I do know in the legal profession, the trend is that they think quite highly of their intellects and rightly so.
    The maturation process wherein it ages into total and absolute capitulation to obscene power must happen later in life.

  2. So instead of some obscure technical talk at a security conference, the subject will be discussed in the mainstream press as a censorship issue. Good planning, VW.

  3. It sounds like researchers need to stop giving notice about what they are going to speak about before they speak about it. Imagine if Newspapers said "In a week we're going to tell you about how the NSA is spying on you". If they did that I'm sure some government officials would try to find a way to bar the newspaper from disclosing the info.

  4. You don't need to imagine: just think back to when the NYT decided to sit, for at least a year (and an election) on their little illegal warrantless wiretapping story. Been there, done that, bought the dystopian surveillance state.

    So, yeah, if you plan to displease the powerful, don't spoil the element of surprise.

  5. I'm surprised it was Judge Birss who did this. Thought he was one of the more technically literate and sensible of the UK judiciary after slapping down THAT law firm for speculative invoicing.

Continue the discussion bbs.boingboing.net

25 more replies

Participants