A representative of the Defcon convention, who asked that her name not be used, said that the students submitted their Powerpoint presentation at least a month ago. The presentation says - not-so-presciently - "what this talk is not: evidence in court (hopefully)." It also says: "THIS IS VERY ILLEGAL! So the following material is for educational use only."

In addition, what looked like a black and white faxed copy of the entire presentation was entered as evidence in publicly available court records available on the web on Saturday, meaning any attempt to limit its distribution further will encounter an additional hurdle.

Also released as part of the public record was a document marked "confidential" and written by the researchers that explains exactly how the Charlie cards could be cloned and forged. "Our research shows that one can write software that will generate cards of any value up to US$655.36," the document says.

The document also discusses the lack of physical security at the MBTA. "Doors were left unlocked allowing free entry in many subways," the document says. "The turnstile control boxes were unlocked at most stations. Most shocking, however, were the FVM control rooms that were occasionally left open."

One portion of the MBTA's legal complaint that drew jeers from the Defcon crowd came in its odd claim that "A CharlieTicket standing alone constitutes a 'computer'" under federal anti-hacking law.

This isn't the first time speakers at security conferences have been hauled into court by companies seeking to muzzle them.

In 2005, Cisco Systems filed a lawsuit against security researcher Michael Lynn hours after he gave a talk at Defcon on how attackers could take over Cisco routers. The case was ultimately settled. Four years earlier, the FBI took Russian crypto expert Dmitri Sklyarov into custody at his Las Vegas hotel one day after he gave a presentation at Defcon on insecurities in e-book security software.

Princeton University computer science professor Ed Felten and his co-authors received legal threats from the recording industry involving a planned talk at a Pittsburgh security conference - but pulled the paper from the event, even though no lawsuit materialised.

Research into flaws in the encryption that the Mifare Classic cards, used by the MBTA, landed Dutch researchers in court recently. NXP sued to block a Dutch University from publishing information about vulnerabilities in the encryption used in the RFID cards around the world. Last month, a court ruled that the university could publish the information.

Karsten Nohl, a University of Virginia graduate student who worked with others to break the Mifare Classic crypto algorithm last year, said MBTA should not have sued researchers who voluntarily discussed their findings with them.

"It has been known for years that magnetic stripe cards can easily be tampered with and MBTA should not have relied on the obscurity of their data-format as a security measure," Nohl said. "MBTA made it clear that they are not interested in cooperating with researchers on identifying and fixing vulnerabilities, but their lawsuit will motivate more research into the security of Boston's public transport system."

MIT's student newspaper has posted a copy of the presentation that was distributed on Defcon CDs and the subject of the court order.

CNET News.com's Elinor Mills contributed to this report.