So, on the one hand, the UK court spurns the help of good-guy hackers. On the other hand, we are talking about luxury cars, bought and owned by very rich people. Fuck them. Their insurance will take care of it anyway.
Because stopping someone speaking in public in one particular instance stops any information on the topic ever being disseminated.
Of the few people I do know in the legal profession, the trend is that they think quite highly of their intellects and rightly so.
The maturation process wherein it ages into total and absolute capitulation to obscene power must happen later in life.
So instead of some obscure technical talk at a security conference, the subject will be discussed in the mainstream press as a censorship issue. Good planning, VW.
Welcome to the new millennium where security consists of sticking your fingers in your ears and going ānah nah I canāt hear you!!!ā
Yay Internets and series of tubes! Info continues to slip through the greasy fingers of evil people. 
āWonāt somebody think ofā¦ blaming it on terrorists!ā
Iām not clear on two things: would the presentation make it significantly easier for a criminal to break into a car, and did Garcia give Volkswagen time to do the right thing beforehand? Thoseāll make a big difference.
In the world of utterly-crap proprietary crypto systems that get baked into hardware(see also many of the MIFARE variants from NXP), the trouble is that ātime to do the right thingā might be measured in years, probably several of them.
This isnāt the (awful; but at least reasonably agile) world of software bugs and patches, where 6 months is a long time. This is something that gets burned into a zillion ASICs that get stamped into a bunch of keyless entry systems that will remain with cars until either their retirement or a truly epic recall, in favor of an alternative that probably hasnāt been developed yet.
Which is why VW should be held to high standard, before thousands of defective cars become millions.
They should give it to an American. Or maybe just leave it lying around where a sneaky Frenchman or German can stumble upon it.
Oh, please donāt get me wrong: Iām not taking VWās side on this one, just arguing that the āenough time for the vendor to do somethingā is really a concept born of, and applicable to, the world of software running on general purpose computers.
Itās still impolite to hide defects from vendors of such baked-into-hardware systems as this; but where āresponsible disclosureā in even its most supine, vendor-friendly, form means maybe 6-8months on the PC side, it would mean probably 10 years on the hardware-embedded side.
My contention would be that, under those circumstances, it isnāt a very useful standard. Also, in the specific context of cars, the owners of the cars really ought to know as soon as possible, lest Team Insurance try the old āNope, that system is unhackable, if your car was stolen you must have been negligent!ā line. (see also āChip and Pinā bank liability controversy)
I am curious as to whether the courtās injunction only applies to Prof. Garcia and the University of Birmingham, or rather if his colleagues in Nijmegen would be free to go through Dutch channels and release the paper as a translation from the original Dutch.
It sounds like researchers need to stop giving notice about what they are going to speak about before they speak about it. Imagine if Newspapers said āIn a week weāre going to tell you about how the NSA is spying on youā. If they did that Iām sure some government officials would try to find a way to bar the newspaper from disclosing the info.
You donāt need to imagine: just think back to when the NYT decided to sit, for at least a year (and an election) on their little illegal warrantless wiretapping story. Been there, done that, bought the dystopian surveillance state.
So, yeah, if you plan to displease the powerful, donāt spoil the element of surprise.
What? When did the mainstream press ever ever discuss censorship issues? Ever?
I would almost suspect an ulterior motive, if only there was a multi-billion pound breaking-into-cars industry. But then Garcia would have had an unfortunate accident, instead of a court order.
Iām surprised it was Judge Birss who did this. Thought he was one of the more technically literate and sensible of the UK judiciary after slapping down THAT law firm for speculative invoicing.
āIt emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.ā
Well, the software has been available to the public for three years now. I assume someone at VW knew it was out there, and if they wanted to know, that this could lead to its failure. Three years is usually enough time to do a recall campaign.
Thereās a very simple way to hold VW to a high standard. Donāt buy their product.
Very simple? Very simplistic.
