Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

] more on Rejected Harvard applicants say schoo l 's

From: "Dave Farber" <dave () farber net>
Date: Thu, 10 Mar 2005 11:58:11 -0800


_______________ Original message _______________
Subject:        Re: [IP] more on Rejected Harvard applicants say school 's
Author: Joseph Lorenzo Hall <joehall () gmail com>
Date:           10th March 2005 10:59:5  AM

Ed Felten has a good post on this "hacking" issue (below).  What
strikes me is how constructing a URL that is available to students
without any further authentication or protection is considered
"hacking".  That's inevitably diluting any geek cred. held by any of
us who are even crappy hackers!

http://www.freedom-to-tinker.com/archives/000780.html

### Harvard Business School Boots 119 Applicants for "Hacking" Into
    Admissions Site

Harvard Business School (HBS) has rejected 119 applicants who
allegedly "hacked" in to a third-party site to learn whether HBS had
admitted them. An AP [story][1], by Jay Lindsay, has the details.

HBS interacts with applicants via a third-party site called
ApplyYourself. Harvard had planned to notify applicants whether they
had been admitted, on March 30. Somebody discovered last week that
some applicants' admit/reject letters were already available on the
ApplyYourself website. There were no hyperlinks to the letters, but a
student who was logged in to the site could access his/her letter by
constructing a special URL. Instructions for doing this were posted in
an online forum frequented by HBS applicants. (The instructions, which
no longer work due to changes in the ApplyYourself site, are
reproduced [here][2].) Students who did this saw either a rejection
letter or a blank page. (Presumably the blank page meant either that
HBS would admit the student, or that the admissions decision hadn't
been made yet.) 119 HBS applicants used the instructions.

Harvard has now summarily rejected all of them, calling their action a
breach of ethics. I'm not so sure that the students' action merits
rejection from business school.

My first reaction on reading about this was surprise that HBS would
make an admissions decision (as it apparently had done in many cases)
and then wait for weeks before informing the applicant. Applicants
rejected from HBS would surely benefit from learning that information
as quickly as possible. Harvard had apparently gone to the trouble of
telling ApplyYourself that some applicants were rejected, but they
weren't going to tell the applicants themselves!? It's hard to see a
legitimate reason for HBS to withhold this information from applicants
who want it.

As far as I can tell, the only "harm" that resulted from the students'
actions is that some of them learned the information about their own
status that HBS was, for no apparent reason, withholding from
them. And the information was on the web already, with no password
required (for students who had already logged on to their own accounts
on the site).

I might feel differently if I knew that the applicants were aware that
they were breaking the rules. But I'm not sure that an applicant, on
being told that his letter was already on the web and could be
accessed by constructing a particular URL, would necessarily conclude
that accessing it was against the rules. And it's hard to justify
punishing somebody who caused no real harm and didn't know that he was
breaking the rules.

As the AP article suggests, this is an easy opportunity for HBS (and
MIT and CMU, who did the same thing) to grandstand about business
ethics, at low cost (since most of the applicants in question would
have been rejected anyway). Stanford, on the other hand, is reacting
by asking the applicants who viewed their Stanford letters to come
forward and explain themselves. Now that's a real ethics test.

[1]: http://www.washingtonpost.com/wp-dyn/articles/A18798-2005Mar8.html
[2]: http://poweryogi.blogspot.com/2005/03/hbsapplyyourself-admit-status-snafu.html

-- 
Joseph Lorenzo Hall
UC Berkeley, SIMS PhD Student
http://pobox.com/~joehall/
blog: http://pobox.com/~joehall/nqb2/

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: