10 March 2005

What about the "Ethical Climate" in the US?

OK . . . aware that I may be costing myself admission to grad school somewhere, should I ever apply, I must question the fracas over students checking their application status.

I may be insufficiently informed, but here's my understanding of the issue:

Using available information and a bit of common sense, some MBA applicants "hacked" (that is, "assembled that info and put it into a useful context") some business schools' admission decisions. From what I can tell, (and I'm a web app programmer by day, so I do this sort of URL adjustment every day, albeit in my own programs), this may have consisted simply of using their ID numbers plugged into a webpage's querystring value to check their own admission status.

What precisely did they do wrong? One admin bureaucrat opined that it was like "using the keys to the admissions office to enter at night and see how his or her application fared". Sure, that analogy holds up -- if every student gets a key to the admissions office with strict instructions to access the office only between 0800 and 1700 with a parent accompanying them . . .

Before I start feeling ethically degenerate, I have to say I'm waiting for more info. We need to actually know whether something definitely, identifiably wrong happened. The article doesn't say they were hacking other applicants' info (bad), or using a compromised administrative username and password (bad) -- so far, they were just trying to read their own info by accessing a non-linked URL. Not even change their grades (also bad). Especially in our life of continual order and shipping status updates and instant communication, this is really not a big deal to me.

And the other question is, why should the applicants not know of a decision as soon as it is made, if it pertains to them?

UPDATE: This blog has a lot more info, although his initial reaction is the opposite of mine; it appears that the students may have known they were countering policy. I guess I'm a bit odd, then, since it still doesn't seem harmful in the least. I mean, just because a hack is "easy" (which this one was -- incredibly so) doesn't make it right, but what's a "hack?" Any tweak, or a harmful intrusion? (Programmers call modifications to improve program functionality "hacks" all the time -- "hacking" = adapting; "cracking" = criminal hacking). And what exactly was the harm done to these schools, aside from exposing how insecure their third-party admissions agent is? I'm still waiting . . .

No comments: