Imagine this. You run a large post-secondary institution, a centre of higher education catering to thousands of students. Like any other school, youíre going to have a lot of those studentsís private information on file. With that kind of responsibility sitting on your shoulders, perhaps the worst thing that could happen is that your schoolís online security is flawed and that information is made public.
Now letís say that before something like that could happen, one of your students, a computer science major, discovers said flaw before it can be exploited and lets you know. What do you do to reward that individual? A scholarship? Throw them a pizza party?
How about expelling them? Because thatís exactly what Montrealís Dawson College did following student Ahmed Al-Khabazís discovery of such a flaw last fall.
Now Iím sorry if you came here to hear about the latest and greatest in gadgetry and the like, but this case is so clearly ridiculous that it deserves more exposure.
Last fall, Al-Khabaz was working on a mobile college profile application when he found that the system used by the institution allowed him to access any other studentís personal information. Following the discovery, Al-Khabaz notified the school, at which point he was praised and told it would be fixed. Two days later Al-Khabaz ran a program to check if the fix had been applied and when the schoolís system operator noticed the attempted access, called Al-Khabaz saying that he was committing a cyber attack.
As a result, Al-Khabaz was expelled from the school, and Dawson College is left looking like they kicked out a student for pointing out a potential threat, because they did.
No doubt sensing the terrible PR itís incurring, Skytech, the company responsible for overseeing Dawsonís online security is now offering Al-Khabaz a scholarship to finish his education in the private sector. This came after Al-Khabaz claimed the company had actually threatened him with jail time following his attempt to check if the flaw had been fixed.
Now youíve got a bunch of people calling on Dawson College to reinstate Al-Khabaz while the school continues to maintain that itís following policy, blah, blah, blah. On the other side, security industry types are siding with Al-Khabaz not only for his obvious skill, but his moral decision to try and do the right thing.
I mean, what does this really teach people? That highlighting a potential threat will only net you punishment? Would Dawson College have preferred Al-Khabaz keep the security flaw to himself, leaving it open for anyone else to discover?
The Internet is a scary place and the fact is that those who have grown up with it from the very beginning are just going to be more versed in how it works. So when you have people like Al-Khabaz pointing out the errors, instead of taking advantage of them, maybe count your lucky stars instead.
At the writing of this, Al-Khabaz was still expelled, though he had received several job offers by Internet security firms.
So what can be learned from this? That rather than stifling todayís youth, we should be encouraging them to do good. Sounds simple, right? Youíd think that an institution dedicated to higher learning would be a prime example of such, but then thereís Dawson College.