When does hacking = journalism?

A Dutch journalist faces criminal charges for exposing the security flaws of local transit passes

August 15, 2011

Add as preferred on Google(opens in a new tab)

Brenno de Winter is a Dutch investigative journalist. He was skeptical of his government’s €2 billion project to implement digital payment cards for public transit. De Winter suspected that the cards were technologically insecure and easily hackable using basic computer skills. So he hacked them using basic computer skills. He found that a 30 Euro card could be repeatedly loaded up with 150 Euros of credit, and the transit system would never catch on.

He documented these hacks in print, on television and on the radio, and the story became headline news in the Netherlands. His work led to the Dutch parliament postponing the release of the cards, and widespread fraud was thus averted.

De Winter now faces a possible sentence of six years in prison.

Trans Link Systems, the company contracted to build the card, has filed criminal charges against de Winter, alleging he defrauded their system. He cannot discuss the case while it is pending, and is therefore effectively gagged from continuing to work on the story at the exact moment a replacement system is being rolled out. Other journalists have repeated his hack in Spartacus-style solidarity, but no charges have been filed against them.

As a digitally literate journalist, de Winter had to prove that the cards were insecure in order to report on their insecurity. How else could he have done his duty to inform the public? A technologically complex explanation of the vulnerabilities would hardly have been good journalism. So he did what any good reporter or white-hat hacker would do—he illustrated the problem with a practical example, from which he did not personally benefit.

The Terrifying Rise of Ransomware Gangs

A new generation of ultra-sophisticated cybercriminals are targeting governments, corporations, hospitals and libraries—and laying bare how ill-equipped Canada is to fight back

Canada Needs More Robots

In malls, restaurants and factories across the world, a robotics revolution is sweeping the world. Canada can’t be left behind.

So the question stands: when is a hacker a journalist? And should someone who exposes vulnerabilities be subject to the same punishments as those who exploit them?

Jesse Brown is the host of TVO.org’s Search Engine podcast. He is on Twitter @jessebrown.

[Slideshow image courtesy of Lisa Padilla/Flickr]

Tags: