Integrity

[yanz]

Quote:

Originally Posted by Laurelinda

My old university had a inefficient network security system that caused the internet connection on all dorm computers to run super slowly. A smart computer science student reworked the system on his own computer in order to make it run faster while maintaining the functionality (which other CS students have told me shouldn't have been hard to do). He enabled his version and disabled the official version.

He was severely disciplined, lost all his scholarships, and was nearly expelled.

My thoughts on this are that the university should have said the following:
1.) We know you're intelligent and didn't intend to compromise network security.
2.) However, we can't screen every student for competence and ethical intent before allowing them to monkey with the security system, so on principle we can't let this happen.
3.) Please do not do this again. We will need to discipline you.
4.) Set some large penalty and make it public to the university.
5.) Waive the penalty based on special circumstances, and make that also public to the university.

What do any of you think of this situation?

I tend to agree with issues like this...obviously, the guy didn't mean to hurt anyone - he was just trying to help. He probably didn't realize that the security would be [potentially] compromised. Regardless, the point is that even if we all agree that what he did was ultimately a bad thing (even if accidental), I think arguing that it was "unethical" or of questionable integrity is preposterous. I don't know what the argument actually used against this guy was, so maybe ethics had nothing to do with it (in which case, I'm not sure why the anecdote is in this thread), but again, I see this as an example of the administration trying to disguise the situation by throwing blame [due to their own weaknesses] onto someone else.

ETA - since we've hijacked the thread a bit to talk about "unfair" punishments for actions that haven't really caused much harm (and definitely weren't meant to), here's another one. Apparently, displaying a replica of the Wright brothers' plane (to celebrate the anniversary a few yrs ago) on the roof is very bad and requires fines and discipline from the same school administration that gets a lot of good publicity for such hacks.

[twig93]

I think the student changing the university's network should have known better than to do what he did. If he thought his solution was really OK, why not simply present it to the administration and offer to give it to them for free, or ask for an independent study credit in exchange for his more reliable and faster system?

Any moran should be able to figure out that it clearly cannot be considered acceptable for a random person without authorization to change an entire network. So while his punishment seems a little harsh, and perhaps some of the punishment should have been suspended in his case, he was still clearly unethical in my mind.

As for the boat-race people: I think it depends on how clearly the purpose of the race was communicated. If it was clearly communicated that the goal was to build the fastest boat, then their actions were unethical because they were trying to sabotage better teams. If there was no clearly defined goal (spoken or written) and the rules simply stated that whoever crossed the finish line first would win, then they were not unethical IMO.

Agree with the others on the Harvard thing: it depends on exactly what the "hacker" did to get in to the system, and how aware the students were of how bad the "hacker's" actions were.

SoA students getting their scores early via attempting to register for the exam they just sat for: totally ethical. (I was not involved and didn't hear about it until a week or so later.)

[twig93]

By the way, what if the student hadn't intended to compromise the network security, but in fact had created a loophole that hadn't been there in the past? Does that make a difference? (I think it doesn't)

Does it make a difference that the university did not have the opportunity to have one of their own programmers check the code before it went live? I think this makes an enormous difference to the ethics.

[Laurelinda]

Quote:

Originally Posted by twig93

By the way, what if the student hadn't intended to compromise the network security, but in fact had created a loophole that hadn't been there in the past? Does that make a difference? (I think it doesn't)

Does it make a difference that the university did not have the opportunity to have one of their own programmers check the code before it went live? I think this makes an enormous difference to the ethics.

I totally agree that this can't be allowed to happen. Whether or not he intended to compromise security or even did compromise it, others could, so you can't set a precedent.

Quote:

If he thought his solution was really OK, why not simply present it to the administration and offer to give it to them for free, or ask for an independent study credit in exchange for his more reliable and faster system?

The current system has been criticized to management many times with no effect.

Quote:

Originally Posted by yanz

I don't know what the argument actually used against this guy was...

The Patriot Act was invoked.