http://www-tech.mit.edu/V127/N66/hacking.html
By Angeline Wang
The Tech
February 4, 2008
After students were found exploring the MIT Faculty Club by the Campus
Police late on a Saturday night and found themselves facing felony
charges, MIT found itself struggling to define exactly how it valued the
hacking community. The result of MITs soul-searching, a statement and a
set of guidelines to be included in the student handbook, was drafted
throughout 2007 with input from students.
In a recent draft of the revised guidelines, MIT endorses hacking as a
tradition to be preserved and outlines rules that hackers should follow
rules based on the well-known Hackers Code of Ethics [1]. Additionally,
all future cases involving unauthorized access will be brought to the
faculty-student Committee on Discipline. The statement and guidelines
await one further round of review before they will be made public.
The Faculty Club incident
In October 2006, three MIT students set off a burglar alarm in the E52
Faculty Club in the middle of the night and were found by the MIT
Police. The case was taken to the Middlesex County Cambridge District
Court.
The students Kristina K. Brown 09, David Nawi, and Matthew W. Petersen
09 were charged with breaking and entering in the nighttime with intent
to commit a felony and trespassing. Additionally, Petersen was charged
with possession of burglarious tools for carrying a slide, an L-shaped
piece of metal that can be used to open some doors.
According to a joint statement from their attorneys, the students had
absolutely no intent to do any harm. They were engaged in a longstanding
tradition among MIT students of after-hours exploration of the
university campus, the statement continues.
Motions to dismiss were filed for all three students on the grounds that
there was no evidence the students broke into the building and that
there was no evidence the students intended to commit a felony.
Then-MIT Police Chief John DiFava said in February that he believed all
elements of an apparent felony breaking and entering were present that
evening and that his officers were justified in issuing a summons to
court. I support the officers decision at the time, DiFava said.
How do we know a hacker from a thief? DiFava said. This whole issue of
hacking or not hacking, thats not a police matter.
Thefts of items in the Faculty Club had been reported prior to the
October incident, which may have influenced the officers decisions that
night.
The narrative filed with the police report states that MIT Police
Officers Sean C. Munnelly and Duane R. Keegan responded to a burglar
alarm in the Faculty Club at approximately 1:50 a.m. on Oct. 22, 2006
and found Brown, Petersen, and Nawi in the kitchen. The students were
found near an open panel in the wall that leads to a crawl space.
The narrative, written by Munnelly, states that the elevator used to
reach the sixth floor Faculty Club would only take the officers to the
fifth floor. The elevators are supposed to be locked so that they will
not travel to the sixth floor when the Faculty Club is closed. The
narrative also states that there was a visible no trespassing sign on
the door that opened onto the sixth floor from the stairwell.
Nawis motion moved to dismiss conflicts with the polices story, stating
that the elevator functioned without restriction that night, taking the
three students to the sixth floor, and that there were no signs
indicating that access to the sixth floor was not permitted after-hours.
Mr. Nawi and his friends did not access the 6th floor by a stairwell,
the motion states.
After the arrest became widely known in February 2007, some students and
community members became concerned that this case was indicative of a
change in internal policy regarding how students caught hacking would be
treated in the future. In most cases, students caught hacking in
unauthorized areas would be brought before MITs Committee on Discipline,
where they would be given fines or community service.
I have never heard of students being given a felony without something
else involved, either a violent activity or a theft, said Joseph T.
Foley 98, who is friends with the students involved. This sets a really
bad precedent at MIT. These people were not doing anything strange. They
were just in the wrong place at the wrong time.
Then-Undergraduate Association President Andrew T. Lukmann 07 (currently
a Tech photographer) said in February that there was a strong consensus
among MIT administrators that what happened in this case is an isolated
incident and is not indicative of a change in policy.
The MIT administration also faced pressure from concerned faculty and
alumni. At the Feb. 21 faculty meeting, Professor Harold Abelson PhD 73
raised the issue to determine what MIT is planning to do now.
?I think that there was a lapse in MIT procedures that resulted in this
case getting so far along without the top administration knowing about
it, Abelson said in an e-mail in February.
At the meeting, Chancellor Phillip L. Clay PhD 75 told the faculty that
administrators were working with the district attorneys office to move
the felony trials out of the Cambridge court system to an internal
Committee on Discipline process.
The charges against the students were dropped on Feb. 28, when the
prosecution filed nolle prosequi orders for the three students,
indicating that they would not move forward on the charges.
Nawis order states that the prosecution spoke with R. Greg Morgan,
general counsel for MIT, and that Mr. Morgan on behalf of MIT has
requested the case be dismissed, so MIT may handle this matter
internally and administratively, as they have done in the past in
similar situations. The Commonwealth also spoke with Chief DiFava of the
MIT Police who indicated that the MIT Police would be in agreement with
a dismissal.
Students and alumni involved in the hacking community helped to pay the
legal bills of the three students. Over $10,000 had been raised by the
beginning of March.
Hacking guidelines drafted
Discussions between administrators, student leaders, and four or five
members of the hacking community began in the spring and have resulted
in a hacking statement and guidelines that are pending one more round of
approval, according to UA Senator Steven M. Kelch 08.
The guidelines are coming about because there has always been ambiguity
as to how MIT would handle its position on hacking, Kelch said in
October.
The guidelines, which will be added to the student handbook, will
include three parts, UA President Martin F. Holmes 08 said in October.
The first is an MIT statement supporting the preservation of the hacking
tradition; the second is the restatement of the hackers code of ethics;
and the third is a policy on unauthorized access.
The statement on hacking is the big change, Kelch said. MIT is finally
taking a stance on hacking, he said, and is recognizing that hacking is
a tradition that should be preserved.
However, it is a delicate balance for MIT, which could face legal
liability if it were seen to condone illegal activity. Most
administrators do understand hacking, Kelch said. They are willing to
try to preserve that, but they cant condone dangerous activity.
One major change is that all future hacking cases dealing with
unauthorized access will be brought to the faculty-student Committee on
Discipline. Holmes said that the administration was very insistent on
this point. In the past, hacking cases were handled by many different
groups, including the MIT Police, deans, and the CoD, Kelch said. The
committee has recognized that they cant have multiple tracks, Kelch
said. Its too hard to be accountable.
Kelch said that the unauthorized access policy included in the
guidelines would be general enough to go beyond hacking. UA Vice
President Ali S. Wyne 08 said that the committee is working to achieve a
balance between two extremes giving too explicit a policy, one which
delineates all possible hacks and penalties, and being too vague.
The unauthorized access policy proposed by former UA Vice President
Jessie H. Lowell 07 in 2005 will not be used, according to Kelch. The
proposed policy, listing very specific penalties for a first offense and
repeat offenses, replaced the previous rooftop fines with community
service. This service policy never went into effect, Kelch said, though
some students have been given community service when found in
unauthorized areas such as rooftops.
Additionally, a module on campus culture and hacking will be included in
the training the CoD receives each year.
In preparation for the release of these guidelines, Chancellor Clay sent
an e-mail out to all MIT students in October that said students must
take full responsibility for their actions even while celebrating and
protecting traditions such as hacking.
Clay said in October that the e-mail was prompted in part by numerous
events over the past couple years that have revealed a need to
re-emphasize safety, responsibility, and integrity. Though he did not
name specific events in his e-mail, Clay was referring to the Faculty
Club incident as well a January 2006 incident in which an undergraduate
fell through a skylight on the roof of Building 5.
We cannot deny the fact that what was tolerated in the past, and may
even have been celebrated, is now viewed different, Clay said in his
e-mail to students, referring to changes in perception since Sept. 11,
2001.
Dangerous or illegal behavior labeled as hacks is a risk for us all and
threatens our ability to be as open as we have been in the past, Clay
said. The October e-mail was also sent shortly after volunteers on the
Charles River Cleanup Boat were injured by a piece of sodium that may
have originated from an MIT sodium drop.
[1] http://www-tech.mit.edu/V127/N66/graphics/hackingethics.html
Copyright 1881-2008 The Tech
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
Comments