My original intention was to gather a bunch of results from my poll, but I got impatient... Anyway, as the "part II" suggests, this makes sense only if you've read part I.
So, let's review what I did. I found a slight security hole, messed around for a bit, caused no harm, and told the principal everything (including even how to finish fixing it) when I was asked. I spent an hour trying to point out that the above does not merit my a) being banned from their computers for the rest of the semester, and b) subsequently having to change, halfway through the semester, out of both of my electives. They disagreed.
As an aside: It seems the authority in question knows less about the system than I do. You may think I'm just saying that out of spite, but I can actually back that up with proof.
The principal wrote, in a letter to my mom:
"He used a 'hacker's code' to gain access to the system, and admits to it. This is not my opinion, but that of several experts in the field."
Here's what actually happened: Jokingly/stupidly, I wrote the word "h4xx0r1n9" on my task list, and explained to them about 1337, hackers' slang. No one who knows a thing about computers would believe that you hack into servers by misspelling words. Especially not "experts".
Another example: The letter also said that I "violated the Internet policy by signing onto a bunch of accounts without authorization". Incorrect. I said several times during that meeting, and at least once on the previous post, that I used my own account (which, by the way, no malicious hacker would ever do) to get where there was no security.
I conclude from this that a) the principal has a highly inaccurate idea of what I did, and b) either she didn't communicate at all well with her experts, or these are some astonishingly stupid "experts". I'm not sure which one it is...
Their reasoning seems to be:
1. I broke school rules.
2. Therefore, I must be punished.
3. We have to follow the rules here. (We who make the rules. Even when it's counterproductive to do so.)
4. Of COURSE it's serious, otherwise we wouldn't have called you in. (Of COURSE we called you in, otherwise it wouldn't be serious. Of COURSE we're good at circular logic.)
5. Therefore, I must be punished in an extremely serious manner.
My rebuttal:
1. Arguably, I did not in fact break any rules. They outlaw the following, according to the "binder reminder" thingy:
- Maliciously doing stuff. (At first I had good intentions, then I had neutral intentions. Never malicious.)
- Using unauthorized accounts. (As I've said, the only account I used was my own. I'm pretty sure that's legal.)
- Altering the system. (I technically used the system, not altered it. Hey, if they follow the letter of the law and not the spirit to punish me, then I can do the same to avoid punishment.)
- Disrupting the network. (The only disruption was them blocking me.)
From the other source of rules (a "computer contract" thingy):
- "Students may not break into computer systems or [stuff like that]..." (Again, I used my own account, and I don't know how to hack into systems.)
- "...nor may they attempt to bypass any security settings." (As before, if they use technicalities, then I can too. What I did depended on the fact that there WAS no security to bypass.)
2. No, you don't have to punish me. Think: Why do we lock up murderers? Two reasons.
One, they can't commit crimes while in jail. This doesn't apply for so many reasons it's not even unfunny: a) I could use my computer at home like I am right now, so that doesn't prevent me from doing anything. b) Now that I know they don't want help with their security system, I won't try to mess around in the first place. c) They blocked me, and I told them how to fix the remaining holes, so I physically couldn't do anything.
The other reason to punish people is to teach would-be criminals not to do it. Now that you've heard what I did and the punishment, what is that really going to do? If they punish people for helping them, what lessons are you actually going to learn (other than the obvious "The school is being bureaucratically evil and dumbassed")? I think it's less along the lines of "Don't commit computer crimes" (we already know that), more like "Don't help people unless they ask for it. Don't show boldness or confidence in your own decisions or any type of individuality. Just keep your head down and avoid rocking the boat." Since this whole effing COUNTRY was founded on the principle of disobeying unjust authority, and the school has an entire week devoted to "Random Acts of Kindness", I'd say this other reason also does not apply.
I fail to see why it's right for me to be punished in this way.
3. Firstly, that's a great example to set for your students. Obey the rules even when they don't make sense. Just do what you're told. That's the kind of reasoning that leads to "Sorry, Jews, but Mr. Hitler orders me to kill you." Secondly, since the principal is the highest authority in disciplinary matters, she does not, in fact, have to follow any orders. Thirdly, the rules don't actually specify this punishment.
Let's assume we do have to follow the rules to the letter, let's take a look at what they actually say.
"Punishment may range from revocation of internet privileges and/or computer privileges to really bad stuff like suspension."
It says nothing about how long the privileges may be revoked. So no, you are not required in any way to make it that bad.
4. Explain to me how something can be serious if it has no real-world effects, other than my getting bragging rights ("Look, my course page is weird!") and a temporary fright for the people who made the system (who then verified that I didn't and couldn't do anything serious). Especially if it takes twenty seconds, maximum, to add a line of code that says "Check whether he's actually logged in."
5. So, let's see what's left of their argument:
"I might have broken school rules. It would cause much harm and no good whatsoever to punish me. The punishment or lack thereof is completely up to the principal. And the infraction, by all intelligent standards, was not serious. Therefore, the principal should and must give me a very severe punishment."
I think that argument's absurdity speaks for itself.
To summarize: There is no reason - moral or legal - for me to be punished in this way. An error of this magnitude must be corrected. If students in general learn that nothing has been done about such injustice, then the school is likely to lose their trust, to some degree at least. That may sound like a threat, but it's more like a fact of life. The principal should be held responsible for her decisions, especially when one of the school's major buzzwords is "Responsibility", and the people under her jurisdiction have a right to know what's really happening. Such is one of the fundamental principles of democracy, and that's why I'm writing about it.
Just in case, I'm taking the precaution of using no names whatsoever, so they can't demand that I delete my blog. (sticks tongue out at them) If you want to aid my little campaign against injustice, I recommend telling people to read this and posting your poll comment. Can't hurt to be able to tell the principal "Either you're wrong, or [a bunch of people, including all the "experts"] are wrong. Which do you think is more likely?"
Poll question: Do you think their decision was correct? (Or, more accurately, "How incorrect would you say they are?")
UPDATE: You know what's so friggen ironic? A year later, they added a course catalog that does exactly what I was doing, minus the part that added me as a guest.
Subscribe to:
Post Comments (Atom)
13 comments:
The security had a hole in it. And you weren't supposed to get through that hole; so you broke the contract. Technically, that's bypassing security. Since it wasn't supposed to have a hole in it.
Yo, read what I said. There WAS no security to bypass there. Bypassing security is stuff like using someone else's password to get in, or something. And the contract doesn't say anything about not being supposed to get through security holes.
It's debatable in the sense that lawyers would argue about it, costing a lot of money from everyone. However, I think you'd agree that, morally, I haven't done anything bad, and laws are supposed to be expressions of morals.
1 12 1337
now I've hacked your blog! Ahahaha! Feel my wrath!
What we could do is go to school on staff dev day and storm the principal's office...
sayyy... thats a nice idea
plus another point: THEIR COMPUTER EXPERT IS AN ART TEACHER. THEY THINK 1337 IS "HACKER CODE". THEY BUY iMacs, AND DON'T LET US USE THE INTERNET (When i was a Jordan, anyhow). THEY THINK YOU ACCESSED 151 ACCOUNTS, WHEN YOU USED YOUR OWN TO SCREW YOUR OWN PAGE UP. LEMME SAY THIS AGAIN. OWN. PAGE. YOU "SCREWED UP" YOUR OWN PAGE. YOU NEED TO BE WHIPPED BECAUSE YOU "SCREWED UP" YOUR OWN PAGE. Think about it. Realize HOW FRIGGIN DUMB their "ARTY COMPUTER EXPERT" is, and repeat after me: "Jordan = 70741 (0m^p`/ ^/0013."
Bypassing security is going ANYWHERE where they don't want you to be. That includes another class.
Although the computer experts are really, REALLY stupid, you still shouldn't be doing that. And they're giving a too-harsh punishment, but you STILL shouldn't have been doing that. They're stupid, but you still did something wrong. Not very wrong at all, but still wrong.
All the problem is is that you're accessing classes that you shouldn't be. No big deal.
Pardon the nitpicking, but if it's no big deal, then the major emphasis on "but you STILL did something wrong" seems rather misplaced. I recommend clarifying that, because it sorta sounds as though you think a semi-major punishment (like, one month perhaps) would be in order, but sorta not...
I shall post my postponed comment now, which has, for over a week or so.
I feel sorry for you. You were trying to show them, that they'd get "hacked" for good if they're too ignorant. Although I agree you warned them the dangers of being illiterate of web 2.0 and such, and that you caused no damage whatsoever, the school only cares whether you got "unauthorized access" or not. It's a sad thing, but the rules are only the bottom line and can't cover up problems like this too :(
Well, all I can say now, is to stay quiet. The school's a really messy thing to mess with, they basically contradict with themselves on the constitution and the bill of rights, i mean, they don't give you the freedom of speech too. I don't know, but when it comes into Education, many legal contradictions and cheesecheese can happen, and I used to be very pissed off at it.
Well, I actually still am right now too, after hearing this incident.
And, this is just really ridiculous. Alter WHAT system? Oh, and it never even altered the "server system" either. If they call that altering the system, or server system, then user generated content websites like Digg.com, would mean that they're being hacked every second.
I've tried your method [okay everyone, hide my identity, and john, delete my comment when they find this blog!], and it almost worked. Well, it said access denied, so I think they either fixed the problem, or something I don't know has happened.
Using the "h4xx0r1n9" language, hey, we can just say that, and we never do it. I say "oh, i will h4x you because you ate my bagel", sometimes, and I don't even know how to do it.
Strangely, the course alterations and additions had a vague connection to hacking in the school's mind, for some reason. And by in fact you might have not even meant, that the 151 courses were results of so called "hacking" as the school says it.
And, the IC [as I will call the service] is completely separate from the school. I would stil get it if you messed witht part of the school's server for their website, but this is something public. So probably, I don't think that the school rules will apply, but most likely federal law, but they once again, did misunderstand federal law, and it's very different. So they are really stupid. Ok.
And as I know some specifications of your method, many people have tried that on MySpace, the very retarded social networking site which I hate very much. Yes, I am partly a spy of who uses this very retarded no-bagel social networking site. Firstly, in order to view someone's personal media such as photographs and videos, there was a very stupid security hole for that. Just type in vids.myspace.com/... or pics.myspace.com/... or something, and it showed up. Well, ok. I did not personally find this, I read it somehwere, as an addition for me to tell people how stupid this service is; anyways, that also is not hacking.
It's just an internet-savvy-person way of receiving rightful information, for which, in your case, had no malicious reason whatsoever.
But, I think I know why they wanted to punish you, even if in the back of their minds did doubt on punishing you.
By the fact there' 151 courses. it really does not matter how many courses are actually on, the main point is that you just got access t o the courses, and that's it. But by the fact there's 151 courses, they probably would have thought this matter was "play-time", or "mess-time" ground for you, and just thought that you were joking around like a mad man. That might be one reason that could have gotten you in this specific situation of punishment.
One more thing: They really have to clarify their Computer/Internet usage contract.
They should make it more legible for the teenage eyes, make it very clear for anything that they don't want, make clearer and more federal law notations, and also make specific examples with it also, of course, anonymously.
Just...don't do that. I support the minimum punishment possible as long as it teaches you the above sentence, before this one.
dear cheesemaster,
I sympathize with you, but as i have recently joined a journalism class, i have been trained to be unbiased and stupidly neutral. Imagine for a moment that you are a visiting school district official. You do not know anything about the alleged hacker, other than that it is a teenager who slipped into the system as a result of flawed security. A student uncovering the cracks in the system? Why soon he'll be changing the scheduals and crashing commputers! What ever shall we do with a student capable of all this? Expell him? Suspend him? Have we not all seen the movie War Games? We had best seperate the hacker and his tool, or soon he shall be teaching his friends. And from your side again, yet another argument, punishment will only provoke me! I have been civil thus so far! Do you wish to invoke my powerful 1337 wrath? They dont know you. Morally correct your intentions may be, but you're dealing with bureaucrats here, not psychics.
P.s. You write well! :D
oh. grr. the bill of rights doesn't count in public schools by law.
I am receiving this message currently: "550 /index.html: Access is denied. /index.html" -- did you get the same, and what was the fix? (I am trying to return to earlier Publishing Settings, which Blogger.com messed up in November as it began migrating people to Blogger.com Beta.) Would love to hear back from you (email through Blogger profile page, please).
oh hell with it. you told them how to fix the holes right? they should be thanking you. jackasses.
Post a Comment