http://www-tech.mit.edu/V127/N66/hacking.html By Angeline Wang The Tech February 4, 2008 After students were found exploring the MIT Faculty Club by the Campus Police late on a Saturday night and found themselves facing felony charges, MIT found itself struggling to define exactly how it valued the hacking community. The result of MITs soul-searching, a statement and a set of guidelines to be included in the student handbook, was drafted throughout 2007 with input from students. In a recent draft of the revised guidelines, MIT endorses hacking as a tradition to be preserved and outlines rules that hackers should follow rules based on the well-known Hackers Code of Ethics [1]. Additionally, all future cases involving unauthorized access will be brought to the faculty-student Committee on Discipline. The statement and guidelines await one further round of review before they will be made public. The Faculty Club incident In October 2006, three MIT students set off a burglar alarm in the E52 Faculty Club in the middle of the night and were found by the MIT Police. The case was taken to the Middlesex County Cambridge District Court. The students Kristina K. Brown 09, David Nawi, and Matthew W. Petersen 09 were charged with breaking and entering in the nighttime with intent to commit a felony and trespassing. Additionally, Petersen was charged with possession of burglarious tools for carrying a slide, an L-shaped piece of metal that can be used to open some doors. According to a joint statement from their attorneys, the students had absolutely no intent to do any harm. They were engaged in a longstanding tradition among MIT students of after-hours exploration of the university campus, the statement continues. Motions to dismiss were filed for all three students on the grounds that there was no evidence the students broke into the building and that there was no evidence the students intended to commit a felony. Then-MIT Police Chief John DiFava said in February that he believed all elements of an apparent felony breaking and entering were present that evening and that his officers were justified in issuing a summons to court. I support the officers decision at the time, DiFava said. How do we know a hacker from a thief? DiFava said. This whole issue of hacking or not hacking, thats not a police matter. Thefts of items in the Faculty Club had been reported prior to the October incident, which may have influenced the officers decisions that night. The narrative filed with the police report states that MIT Police Officers Sean C. Munnelly and Duane R. Keegan responded to a burglar alarm in the Faculty Club at approximately 1:50 a.m. on Oct. 22, 2006 and found Brown, Petersen, and Nawi in the kitchen. The students were found near an open panel in the wall that leads to a crawl space. The narrative, written by Munnelly, states that the elevator used to reach the sixth floor Faculty Club would only take the officers to the fifth floor. The elevators are supposed to be locked so that they will not travel to the sixth floor when the Faculty Club is closed. The narrative also states that there was a visible no trespassing sign on the door that opened onto the sixth floor from the stairwell. Nawis motion moved to dismiss conflicts with the polices story, stating that the elevator functioned without restriction that night, taking the three students to the sixth floor, and that there were no signs indicating that access to the sixth floor was not permitted after-hours. Mr. Nawi and his friends did not access the 6th floor by a stairwell, the motion states. After the arrest became widely known in February 2007, some students and community members became concerned that this case was indicative of a change in internal policy regarding how students caught hacking would be treated in the future. In most cases, students caught hacking in unauthorized areas would be brought before MITs Committee on Discipline, where they would be given fines or community service. I have never heard of students being given a felony without something else involved, either a violent activity or a theft, said Joseph T. Foley 98, who is friends with the students involved. This sets a really bad precedent at MIT. These people were not doing anything strange. They were just in the wrong place at the wrong time. Then-Undergraduate Association President Andrew T. Lukmann 07 (currently a Tech photographer) said in February that there was a strong consensus among MIT administrators that what happened in this case is an isolated incident and is not indicative of a change in policy. The MIT administration also faced pressure from concerned faculty and alumni. At the Feb. 21 faculty meeting, Professor Harold Abelson PhD 73 raised the issue to determine what MIT is planning to do now. ?I think that there was a lapse in MIT procedures that resulted in this case getting so far along without the top administration knowing about it, Abelson said in an e-mail in February. At the meeting, Chancellor Phillip L. Clay PhD 75 told the faculty that administrators were working with the district attorneys office to move the felony trials out of the Cambridge court system to an internal Committee on Discipline process. The charges against the students were dropped on Feb. 28, when the prosecution filed nolle prosequi orders for the three students, indicating that they would not move forward on the charges. Nawis order states that the prosecution spoke with R. Greg Morgan, general counsel for MIT, and that Mr. Morgan on behalf of MIT has requested the case be dismissed, so MIT may handle this matter internally and administratively, as they have done in the past in similar situations. The Commonwealth also spoke with Chief DiFava of the MIT Police who indicated that the MIT Police would be in agreement with a dismissal. Students and alumni involved in the hacking community helped to pay the legal bills of the three students. Over $10,000 had been raised by the beginning of March. Hacking guidelines drafted Discussions between administrators, student leaders, and four or five members of the hacking community began in the spring and have resulted in a hacking statement and guidelines that are pending one more round of approval, according to UA Senator Steven M. Kelch 08. The guidelines are coming about because there has always been ambiguity as to how MIT would handle its position on hacking, Kelch said in October. The guidelines, which will be added to the student handbook, will include three parts, UA President Martin F. Holmes 08 said in October. The first is an MIT statement supporting the preservation of the hacking tradition; the second is the restatement of the hackers code of ethics; and the third is a policy on unauthorized access. The statement on hacking is the big change, Kelch said. MIT is finally taking a stance on hacking, he said, and is recognizing that hacking is a tradition that should be preserved. However, it is a delicate balance for MIT, which could face legal liability if it were seen to condone illegal activity. Most administrators do understand hacking, Kelch said. They are willing to try to preserve that, but they cant condone dangerous activity. One major change is that all future hacking cases dealing with unauthorized access will be brought to the faculty-student Committee on Discipline. Holmes said that the administration was very insistent on this point. In the past, hacking cases were handled by many different groups, including the MIT Police, deans, and the CoD, Kelch said. The committee has recognized that they cant have multiple tracks, Kelch said. Its too hard to be accountable. Kelch said that the unauthorized access policy included in the guidelines would be general enough to go beyond hacking. UA Vice President Ali S. Wyne 08 said that the committee is working to achieve a balance between two extremes giving too explicit a policy, one which delineates all possible hacks and penalties, and being too vague. The unauthorized access policy proposed by former UA Vice President Jessie H. Lowell 07 in 2005 will not be used, according to Kelch. The proposed policy, listing very specific penalties for a first offense and repeat offenses, replaced the previous rooftop fines with community service. This service policy never went into effect, Kelch said, though some students have been given community service when found in unauthorized areas such as rooftops. Additionally, a module on campus culture and hacking will be included in the training the CoD receives each year. In preparation for the release of these guidelines, Chancellor Clay sent an e-mail out to all MIT students in October that said students must take full responsibility for their actions even while celebrating and protecting traditions such as hacking. Clay said in October that the e-mail was prompted in part by numerous events over the past couple years that have revealed a need to re-emphasize safety, responsibility, and integrity. Though he did not name specific events in his e-mail, Clay was referring to the Faculty Club incident as well a January 2006 incident in which an undergraduate fell through a skylight on the roof of Building 5. We cannot deny the fact that what was tolerated in the past, and may even have been celebrated, is now viewed different, Clay said in his e-mail to students, referring to changes in perception since Sept. 11, 2001. Dangerous or illegal behavior labeled as hacks is a risk for us all and threatens our ability to be as open as we have been in the past, Clay said. The October e-mail was also sent shortly after volunteers on the Charles River Cleanup Boat were injured by a piece of sodium that may have originated from an MIT sodium drop. [1] http://www-tech.mit.edu/V127/N66/graphics/hackingethics.html Copyright 1881-2008 The Tech ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Wed Feb 06 2008 - 00:25:18 PST