hack1

Hacking. A computer slang term that generally refers to the process of using programs and accessing information by unconventional means. Hacker. Who do you think fits the stereotype? Do you imagine a young white male in his teens or twenties? A loner? Is he out to spread rampant viruses and worms and “phish” into your email accounts in an attempt to gain access to your most intimate information and private passwords? At a time when kids are exposed to technology at a very young age the stereotypical hacker may no longer fit this limited profile. Take 12 year old Bilbo McGrudal for example. Bilbo allegedly hacked into my school district’s local building router and has modified some data tables on the network. The technology team has fixed the changes but where are they to go from here? What discipline should Bilbo receive, if any? Was he being supervised appropriately? How did he do it? Unfortunately these are questions that many schools are faced with every school year. How would my school district deal with an issue like this?
Because it is important to recognize the legal ramifications of these situations it is necessary that all districts have an Acceptable Use Policy (AUP). According to the National School Boards Association (NSBA), the AUP sets forth expectations and puts everyone on notice as to what is “acceptable use.” This statement protects the district against possible future legal claims. Most AUP’s have four major components: statement of purpose, (un) acceptable uses, disciplinary action, and a student/parent release section. For the purpose of this paper I am looking into the latter of the two sections. An AUP must clearly contain a well-defined list of consequences for each possible infraction. Students must be made to understand that willful misuse of network resources can lead to disciplinary action or, in some cases, criminal penalties. Once the AUP has been signed it becomes a legal contract.
According the AUP of the Amherst School District all students must sign an Internet Use Agreement before they are allowed to access the Internet. The purpose of this agreement is to ensure that use of Internet resources is consistent with the district’s mission, goals, and objectives. The smooth operation of the network relies upon the proper conduct of students and faculty who must adhere to these strict guidelines. The district is clear to say that Internet use is a privilege, not a right. Inappropriate use will result in a suspension or cancellation of Internet privileges. The system administrators will deem what is inappropriate use and their decision is final. Also, the administrators may close an account at any time. Bilbo’s infraction, network tampering, is specifically mentioned in the AUP, “Physical or electronic tampering with computer resources is not permitted. Damaging computers, computer systems, or computer networks intentionally will result in cancellation of privileges.” Although the district handed Bilbo a set of detentions I feel it is important to set a strong precedent. The administrators have the right to take away Bilbo’s privileges. Since Bilbo was not “caught red-handed” I feel that his punishment should fall closer to the suspension end of the spectrum rather then having his privileges being fully revoked. I am sure that handing out such a serious punishment will make Bilbo think twice about committing this crime again. In return for the leniency Bilbo should be made to tell the tech administrators how he breached the networks security. It is important to recognize how this situation occurred so that steps can be taken to “fix” this breakdown of network security in the future.
Unfortunately, many students that commit these Internet crimes often get off easy. Recently the “Kutztown 13,” a group of students from a public high school about 50 miles northwest of Philadelphia, received no more than a slap on the wrist for hacking into the school’s network. What originally began as a felony computer trespassing and theft charge turned into little more than a joke. The offenders were assigned to 15 hours of community service as well as a few other minor punishments. These students breached security on their district-issued iBooks and began downloading forbidden Internet programs such as iChat. They also were able to turn off the remote monitoring functioning that allowed administrators to see what students were viewing on their screens. Unfortunately, serious security and network breaches such as this are often looked at as minor. The district was even accused of punishing the kids for outsmarting the district’s tech workers.
Quite possibly one can make the argument that the most important breakdown occurred at the teacher supervision level. Who was responsible for Bilbo at the time that the network was hacked into? I feel it is important to find out what time the incident took place and figure out who was supposed to be in charge of Bilbo at this time. It is unfortunate that this event occurred in the first place but because of this security breach all district teachers should be in-serviced on technology related issues. Many teachers do not understand or believe that students are capable of committing these “crimes.” Educators need to be made aware of proper supervision techniques so that students like Bilbo are not able to hack into the system. Efforts need to be made to make sure that teachers are guarding their workstations and making sure that their passwords are secure. Districts must become proactive rather than reactive when dealing with these potentially disastrous offense