It looks like the trio of MIT researchers that had been barred from talking about flaws in the Boston subway/ Massachusetts Bay Transportation Authority (MBTA) system fare system can now talk.

The Electronic Frontier Foundation (EFF) which had been vocal on behalf of the three students reported that:

The Court found that the MBTA was not likely to prevail on the merits of its claim under the federal Computer Fraud and Abuse Act. MBTA had argued that the CFAA, which prohibits the transmission of a program that causes damage to a computer, also covers "verbal transmission," such as talking to people at conferences. Judge O'Toole, however, looked closely at the statute, and held that the CFAA does not apply to security researchers like the students talking to people.

This is an important development.

Security researchers need to be allowed to properly disclose and discuss vulnerabilities. That's how others (including the vulnerable) learn how to protect themselves. Security by obscurity is a myth.