Interesting People mailing list archives
more on good piece on MIT says it won't admit hackers
From: David Farber <dave () farber net>
Date: Fri, 11 Mar 2005 14:08:53 -0500
------ Forwarded Message From: Mary Shaw <mary.shaw () gmail com> Reply-To: Mary Shaw <mary.shaw () gmail com> Date: Fri, 11 Mar 2005 13:12:28 -0500 To: <dave () farber net> Subject: Re: [IP] MIT says it won't admit hackers Dave, Four things are being confounded here: 1. Was it hacking? 2. Was it unethical? 3. If it was unethical, what should the B-schools do about it? 4. Should the B-schools and ApplyYourself have had better security? With respect to hacking, it is conceivable that the original discovery of the loophole was a hack, but saying that someone else who followed the instructions was hacking dilutes the meaning of "hacking" beyond all reason. Incidentally, the defense "they were doing <who?> a favor by revealing the vulnerability" holds absolutely no water for the applicants who exercised the loophole and only holds a very tiny amount of water for the discoverer, who should have told ApplyYourself instead of the applicants With respect to ethics, I haven't seen enough information to say. Was there, for example, a clear statement that decisions are embargoed until some date? Was there something in the user agreement or terms of service of ApplyYourself or of each school's application that restricted applicants from messing around on the site? Following convoluted instructions to construct a URL that provides information before a clearly announced release date seems to me to be over the edge, but I don't have all the information. The analogies to offices that are only casually secured are on point. So, based on what I know at the moment, maybe. With respect to whether B-schools should consider ethical misbehavior in evaluating applications, I think the answer is clearly "yes". Do we really want students who think it's OK to try to get the national economic data in advance of its release date? who think it's OK to hunt around corporate web sites for insider information? who think it's OK to hunt around university web sites for early access to copies of exams? The argument that they gained no advantage from peeking is neither convincing (some said they were positioning themselves in their current jobs based on the information) nor compelling (is prurient interest more noble than personal advantage?). So, if innocent browsing could get you to the information, the B-schools are over-reacting. On the other hand, if the process was advertised by a known hacker, was sufficiently convoluted to be unreasonable, and clearly circumvented published policies (let alone user agreements), then the B-schools are doing the right thing. This being the Real World, the situation probably isn't quite that clear. The argument that rejecting unethical applicants will reduce the pool of smart students seems to be based on the assumption that sheer smartness or cleverness should be the only criterion for selecting students. The suggestion that B-schools should only reject unethical applicants if they revoke degrees for transgressions after graduation assumes a symmetry that simply doesn't exist: Admissions decisions are trying to select the best raw material for the program so that the program can produce the best graduates -- and the degree is a certification at a point in time, not a guarantee of future behavior (in other words, schools should try to select their inputs but the only control they have over the outputs is through what they instilled during the program). With respect to whether the B-schools and ApplyYourself should have had better security, of course they should. I haven't seen clear indications of whether this was a design error or an operational error (some bit accidentally got unset). Much of the criticism has assumed it was a design error. But B-school admissions are seeking candidates who can be expected to become responsible professionals, and it's no more reasonable to blame ApplyYourself for not being absolutely secure than it would be reasonable to post armed guards at the door to the office where the admissions paperwork is stored. Mary ------ End of Forwarded Message ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on good piece on MIT says it won't admit hackers David Farber (Mar 11)