Does Hacking Grades Warrant 20 Years in Jail?

While there have been many students who decided they would rather change their grades than come by them the usual way, the punishments for the most part have been pretty reasonable. However, the latest chapter in this type of behavior finds two culprits facing a $250,000 fine and 20 years in jail based on the number of charges leveled against them. "The guys have been charged with "unauthorized computer access, identity theft, conspiracy, and wire fraud." Obviously, these guys did a bad thing, but it's hard to see how the possible sentence matches with the crime. Of course, it seems unlikely that any judge would give them the maximum sentence, but even hearing that it's possible just for changing your grades seems ridiculous."

Confusing The Issue

[gbulmash]

TFA and the post author confuse the issue by saying that these guys are getting punished for the end result (changing their grades), rather than the method (hacking an admin account, using that access to hack other accounts, stealing privileged information, AND taking cash to change someone's grades).

Imagine some jerkwad walked into a 7-11, got a Slurpee, tried to walk out without paying for it, then shot the clerk when the clerk confronted him. Then imagine the Slashdot article saying "this guy could get the death penalty just for stealing a Slurpee."

That's an extreme example, but it gets my message across. They're being prosecuted not only for what they did, but how they did it.

Also, if you read the original press release [usdoj.gov] from the DOJ, it states: "The charged counts carry a maximum punishment of 20 years in prison and/or a $250,000 fine. However, the actual sentence will be determined at the discretion of the court after consideration of the Federal Sentencing Guidelines, which take into account a number of variables, and any applicable statutory sentencing factors."

So even the Feds, while stating the maximum possible sentence (probably for the deterrence value), are admitting that the actual sentence depends on a lot of factors and probably won't be the maximum. Although giving these guys double-dimes in the pen would send a message.

Times have changed.

[iknownuttin]

Remember when hacking into the school's computer system to change grades was considered to be a prank that resulted in maybe at most a suspension. Now, it's literally a Federal Crime. What, in a few years, you'll get the death penalty for hacking grades?

Re:Confusing The Issue

[dsanfte]

That's an extreme example, but it gets my message across.

The correct term for that is 'hyperbole'.

A better analogy would be stealing the key to the secretary's office, and then loaning it out for a fee. In that case it they would be charged with a misdemeanor and be treated quite differently than someone who had held up a bank.

Re:Confusing The Issue

[Anonymous Coward]

For a better analogy, picture, "Hey John, I'll give you $5 if you steal Mrs. Smith's gradebook, change my grade in it, and put it back." This sounds identical to the list of crimes you made, only committed with a pencil rather than a computer. The problem here is that old lawmakers are more afraid of computers (because they don't know how they work), and thus are making equivalent crimes more severe if they involve a computer instead of a pencil.

Now ask yourself if getting paid $5 to steal Mrs. Smith's gradebook and change a grade is worth 20 years in jail. Does it become worth a longer sentence if you have to be smarter to accomplish the same task?

Old laws and new crimes

[ArchieBunker]

The old laws simply need updated to reflect todays technology. Unfortunately the govt is too busy worrying about how many ounces of breast milk you can carry on plane to investigate this matter. At this point the accused party might as well have beat up some cops and then raped their wives to get 20 years.

The Rub is the Sentencing Guidelines...

[tjstork]

Sentencing guidelines are a mistake, and that's the whole problem. What sentencing guidelines do is move the judiciary power into the federal power, and as a result, you have a race to ever more ridiculous sentences for political reasons. What we really need is to have judges doing the sentencing based on the facts of the case and the real severity of the crime, not a congress in a race to imprison people to seem tough on crime.

Sure, one can say that there was identity theft involved, but, what -really- happened? If the students used a password cracker to try and break in, then technically, yes, there was an identity theft because they logged in as someone else. However, this sort of an attack doesn't really constitute an identity theft in the sense we would reasonably define it - which is, using someone's personal information to destroy their life. Like, they weren't breaking into accounts to steal visa numbers and go on a spending spree. Yet, they are going to be charged with the crime, and the government is using a technicality to smear them in the public.

Such actions by the government will only undermine people's faith in it. As Princess Leia once said, "the more you tighten your grip, the more star systems will slip through your fingers."

Screwed up.

[Anonymous Coward]

If you think that 20 years is a harsh sentence for illegally changing grades, just think of the kid who had sex with his girlfriend and got 10 years.

In the mean time, some asshole who shoots a kid to death because the kid knocked on the wrong door walks around free, and is even considered an unsung hero by some.

Like it says, the maximum penalty is unlikely

[Anonymous Coward]

Complaining about the maximum sentence shows lack of experience with matters of law. There are many, many laws in various countries that carry a substantial maximum penalty for a crime because the crime _can_ be severe but it can also be ridiculously petty.

For example, most countries carry the crime "theft" on the books and if that country only has one statute for any sort of theft, the maximum penalty will look harsh if it would be applied to someone stealing a candy bar. However, one has to consider that the same statute also covers stealing millions from a bank in which case a sentence closer to the maximum could be justified.

That's why we have HUMAN judges, with all their faults, instead of just a computer that checks if all the conditions for the crime is met and just prints a "default" sentence, because not every case is the same even if they are punishable under the same law.

Standard MO

[Steve Baker]

It's the standard MO of DA's these days. Pile on charge after charge until someone is looking down the barrel of 50 years for jay-walking, until they're very willing to take the plea-bargan slap on the wrist. Essentially torturing someone until they admit guilt. This way the DA doesn't have to actually work to convict someone while padding their resume with lots of convictions. Who wants to risk going before a capricious and tough on crime public, or worse, a tough on crime judge, to plead their innocence when they're looking at that much time? After all, if you were innocent you wouldn't have been arrested, right?

It seems...

[koan]

It seems that the punishment for computer crimes has become more harsh, almost as though hiring competent admins and securing the network is more work than changing a law...a law being passed by people that refer to the Inet as "tubes" that get clogged, and haven't the slightest idea of what the internet is all about.

Troubling.

Re:Times have changed.

[habig]

Yes, times have changed - people used to use their SSN's in public all over the place. Now, we know that this is like handing out keys to your bank accounts. Privacy about personal information is suddenly a (rightfully) important topic.

If TFA had been about someone at the school who let his laptop get stolen with all that sensitive information on it, slashdot would be full of people calling for his head. These guys break in, sell their access, and are suddenly martyrs because they got caught quickly, limiting the damage to changed grades? Bogus.

Also, beware the hyperbole. The court's job is to make sure that the sentence fits the crime, the listed penalties are maximums.

What the real punishment for that would be

[Z00L00K]

is to clean sewers and public toilets for a year. And then tell them that it's about the only kind of job they should expect if they can't get their fingers out of places where they don't belong, and there are jobs that are worse than that...

It's bad enough to take a peek, but many are curious so that's not unusual, but whenever data is modified without permission it's a really bad crime. Even as tempting it may be some things are best untouched. If information is incorrect there are better ways than to modify it yourself.

Re:The Rub is the Sentencing Guidelines...

[The Only Druid]

This is nothing but shibboleth.

Sentencing guidelines - which, by the way, are not mandatory - do nothing to erode the power of the judiciary. Defining the possible range of sentences for an offense is not distinct from defining the offense itself. The notion of a "crime" includes both the proscribed act and the related punishment. It is philosophically unsound to pretend that the idea of a judiciary includes sole control over sentencing, unless you're willing to embrace judges choosing to impose incredible sentences (e.g. death, for theft) when they believe it fair.

All legislation is the Legislature imposing its will upon the Judiciary; without Congress telling the American Judiciary what is legal or illegal, the Judiciary would have nothing to do.

Re:Confusing The Issue

[vux984]

Sounds justifiable to me, simply on the basis of what they did. Surreptitiously altering records affects everyone, doing it knowingly for personal gain is an affront to everyone alive and everyone who will ever live. You can't trust someone who has demonstrated that they are of so corrupt and self serving a nature to walk among decent people.

And what if they had done it by erasing the braniacs name of his test sheet and writing your own in its place?

"Surreptitiously altering records"? check.
"knowingly"? check.
"for personal gain"? check.

$250,000 fine and 20 years in the can?
An affront to everyone alive and everyone who will ever live?

Bearing in mind that beating somebody robbing you at gun point would net a far smaller sentence?

Hmmmm. No I don't see it.

A petty scam, and intellectual dishonesty. Maybe a small fine and suspension/expulsion from the school, and restoring the grades of course.

Re:The Rub is the Sentencing Guidelines...

[Phil_At_NHS]

Are you mixing up Guidelines with Mandatory sentencing? I like the idea that a similar crime will get a similar time. This does not rule out vastly different punishment for crimes which are quite different, such as this case. Mandatory sentencing is objectionable, as it leaves judges with little leeway. In this case, these kids should be hit hard. 20 years, 250K is a little too hard, but some real punishment is due.

Re:Confusing The Issue

[Akaihiryuu]

I actually thought most of that movie was ridiculous when I saw it (especially graphics over a modem that would've been at max 50bps). However, the "grade hacking" is one of the most realistic "hacks" I have ever seen in a movie. For that part anyway, whoever made the movie did a little research. He didn't "hack" anything to change the grades, he used social engineering (getting sent to the principal's office, then creating a distraction so he could look at the password that was hidden in the office). At that point, he had the password, all he had to do is log in and change grades. That was ingenious, and it's sad that most "hacking" these days in movies is portrayed with fancy 3D graphics rather than how it's really done. There was the use of nmap in Matrix Reloaded, but social engineering will usually get people further than any hacking tools, even real ones like nmap.

Re:thank god...

[Anonymous Coward]

I'm going to go off on a tangential rant here... Sorry to hijack your thread and all, but I've had an annoying day and this is the final straw. Sorry.

...it was the pre 9/11 days...

I really don't understand what this means. Terrorism existed all around the world before 9/11. The US itself had suffered terrorist attacks previous to 9/11. The oceans did not protect us before 9/11. There were people out there who wanted to hurt us before 9/11. There were school shootings, criminals, terrorists, enemies of the state...plenty of reasons for the government to want to wiretap and snoop before 9/11.

9/11 was a horrible tragedy, but the world did not change - only America did.

I get so tired of hearing "post 9/11" as an explanation to every kind of stupidity.

Kid suspended for weeks because he drew a picture of a gun? Post 9/11 world.
Guy fired for talking about going to the shooting range after work? Post 9/11 world.
Police freaking out about magnetic light-brites? Post 9/11 world.
Warrantless wiretapping? Post 9/11 world.
Bottled water on a plane? Post 9/11 world.
Guy arrested for paying with $2 bills? Post 9/11 world.

Re:Confusing The Issue

[i7dude]

Now ask yourself if getting paid $5 to steal Mrs. Smith's gradebook and change a grade is worth 20 years in jail. Does it become worth a longer sentence if you have to be smarter to accomplish the same task?

As others have stated before me, its really not the act of changing the grades thats so bad. Its the methods employed in doing so.

Manually changing a grade in a gradebook with a pencil is not a criminal offense, but what if that gradebook was located in the teachers car, or home, or even in the school? The students could possibly have to break into any one of those locations. If they were caught, they would not be in court for changing grades, it would be for breaking and entering and possibly theft of personal property. Few people would be hard pressed to disagree with those offenses.

I'm not here to argue what should be deemed a reasonable sentence for computer crimes, but the information/data they were acessing really is secondary when considering the actions required to obtain it.

dude.

Re:what should happen

[mu51c10rd]

next step: we arrest anyone that likes shop class or chemistry ... they could be supporting the terrorists in the future.

Already a step [slashdot.org] ahead of you...

Re:Confusing The Issue

[FLEB]

It's not so much fear as computers as covering all the bases, at least in the matter of having the law on the books. Okay, these folks were only using the computer cracking to change grades, but computer cracking can also be used for much more damaging ends. Given that intents and damages of those intents can span a wide range and be uncodifiably fuzzy, it make sense to have a law as given, that maxes out at a punishment fit for the more serious instances of that crime, but allows judicial discretion to allow for lesser offenses. Having a hundred degrees of "Computer cracking with intent to..." laws would just cause confusion, possible loopholes, and would likely still leave just as much judicial/prosecutorial discretion as far as which specific charge to select.

There might be something to be said later, if the judge slaps down the max, but that's an issue to take up once facts are in. At the moment, the article is really nothing but FUD and fumes.

Adding the charges is unreasonable...

[gweihir]

Quite frankly, it is enough to punish the most severe charge and not adding the others. Or to let people serve the penalties in paralell. 20 years for this is not reasonable at all. There is no relation to the damage done. For some reason the US system still does this "damned forever" punishmenst, and increasingly for for non-violent crimes dtat did not cause a lot of damage. From Europe is looks a bit like the prison industry is behind this, as they need as many long-term convicts as they can get. All in all my impression is that the US is the "free' country with the longest prison terms and the least effect of the penalties on the crime rate. Don't you people want to rehabilitate your criminals and change them into non-criminals? Does not look that way to me.

Re:Simple Solution

[Rakishi]

Well we better get rid of that whole supreme court "striking down of unconstitutional laws" thing, now shouldn't we?

After all, since all laws are proper and right and they never can be struck down or challenged in court (which usually requires someone to break them first) why bother even having that system?

Re:The Rub is the Sentencing Guidelines...

[Pendersempai]

"Sentencing guidelines - which, by the way, are not mandatory"

Yes they are. They prescribe a range within which the court/jury has discretion (channeled through a list of legislatively-sanctioned factors), but they a mandatory range.

"It is philosophically unsound to pretend that the idea of a judiciary includes sole control over sentencing, unless you're willing to embrace judges choosing to impose incredible sentences (e.g. death, for theft) when they believe it fair."

Except that the judge is checked by a hierarchy of courts above him. The typical crime is tried in a low-level state court. From there, there are typically at least two levels of state appellate courts and the ability to appeal to three levels of federal courts on constitutional grounds (in this case, cruel and unusual punishment). Even if that fails and the judgment is finally affirmed, the prisoner can file for habeas relief, which starts a new examination of the relevant claim (cruel and unusual punishment) in federal court, with its three levels of court (district, appellate, supreme) review. There are enough checks on the ability of a judge to impose death for theft -- even without sentencing guidelines -- that it seems just as improbable for it to withstand the system as it does for a legislature to impose a disproportionate punishment.

"without Congress telling the American Judiciary what is legal or illegal, the Judiciary would have nothing to do."

Except, of course, for common law claims, which existed in the criminal domain until the legislature preempted them, and which still exist in tort.

Re:The Rub is the Sentencing Guidelines...

[jedidiah]

> Sentencing guidelines are a mistake, and that's the whole problem.
>
> Right because if a judge wants to give you 10 years for jaywalking
> you should have to go through the appeals process.

The problem with this, of course, is the fact that you can't point to
as much as a single instance of this particular problem. Sentencing
guidelines are typically established because someone whines that
"criminals are getting off too easy". Their usual intent is to PREVENT
judges from meting out reasonable and just sentences.

You can't point to an example of your claim. OTOH, it's quite easy to
point to examples of the current mandatory sentencing guidelines being
unjust or simply contrary to public policy.

I don't want to have to PERMANENTLY pay for some stupid schmucks room
and board at a considerable premium just because he might run afoul of
the law every ten years or so.

Nevermind this petty crap.

"...where you will be incarcerated at taxpayers expense. zzzz"

Pinhead Larry should pay his own rent.

Re:Confusing The Issue

[ajs]

Now ask yourself if getting paid $5 to steal Mrs. Smith's gradebook and change a grade is worth 20 years in jail. Does it become worth a longer sentence if you have to be smarter to accomplish the same task?

As others have stated before me, its really not the act of changing the grades thats so bad. Its the methods employed in doing so.

Yes, and the methods employed involved breaking into the school's computer. It's no different from picking the lock on the school teacher's desk drawer, and I can't see anyone getting out the pitchforks and torches over that either. Sure, it's a crime. Sure, you make an example of the kids because they tried to make money off of this. No, you do not trash their lives over the mistake.

Crime + computer != worse crime

Re:Confusing The Issue

[morgan_greywolf]

You're right. The grandparent might be wondering what happened to his brilliant legal career, but I'm not.

Bottom line -- it doesn't matter why he did it, it only matters what he did. We don't go easier on defendants who murder someone because they were only trying to keep everyone from finding out about their secret extramarital love affair.

OTOH, we do go easier on defendants who steal a $100,000 car to go joyriding. Technically, they could be charged with grand theft auto, but because joyriders generally return the car from whence it came, we call it a misdemeanor and give them a little community service instead of 15 years in prison.

There are complex legal issues that need to be sorted out and dealt with when it comes to computer criminal statues, especially becuause they are so new. On one hand, kids who break into a system just to prove they can should get an easier sentence, just like the joyriders, IMHO. OTOH, changing grades, while juvenile, is breaking into a system for purposes of committing fraud. It's technically no different than the guy who breaks into a computer system to produce a fake id or to alter financial records.

Public policy on criminal penalties usually boils down to legislatures and jurists deciding severity based on the amount of damage to society.

The real question is -- is the kid who changed grades damaging society as much as the guy who breaks in to the bank computer to transfer $1 million into his personal account, a few cents at a time over the next 10 years?

lawyers don't do math

[Tom]

That's what you get when you let people write the laws whose understanding of math ends at adding and substracting.

Obviously, a much better formula would be more appropriate, something as simple as a geometric series, but the lawyers wouldn't understand it (and, let's face it, neither would the general public).

Jail populations and the symptoms of a society

[Midnight Thunder]

The US justice and social system needs some serious work. If you have 1 in 142 [about.com] US residents in jail you have a problem. This equates to just under 2 million inmates and this is only based on 2002 figures, so I'd hate to see the current status.

This inmate population is enough to populate any of the 13 least populated states [census.gov] in the USA.

I am not saying what these people did isn't wrong, but the crime sounds more like revenge that punishment. This kids will be in debt and slaves to the system by the time the get out. Any time they would have had to think about what they did will be marred by the excessiveness of the punishment. Maybe the American society is just looking to continue slavery, but using other means to do it?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Stupid link to another blog

[sm62704]

It will probably be a fine and some community service, along with the stain on their records for being convicted of a crime, which would doubtfully make a positive impression upon prospective employers, unless Enron and Arthur Anderson were still in business.

Enron and Arthur Anderson are the rule these days, not the exception. Money is no longer a tool, it's now our national religion. Anything is forgivable if done for money, nothing is forgivable if done for any reason besides money.

-mcgrew

Re:Confusing The Issue

[NiceGeek]

"Bottom line -- it doesn't matter why he did it, it only matters what he did. We don't go easier on defendants who murder someone because they were only trying to keep everyone from finding out about their secret extramarital love affair."

Incorrect. Motive and mental state are often used to determine punishment. Manslaughter, 1st degree murder, 2nd degree murder, etc.

Re:Confusing The Issue

[moronoxyd]

Being smart isn't so much of an evolutionary advantage now, is it?

If they had been smart, they wouldn't haven been caught.
If they had been smarter, they wouldn't have done something that stupid.
If they had been really smart, they wouldn't have had the need to change grades...

It's not only what you are able to do, but being able to choose wisly when to use your talents.

Ironically...

[DaedalusHKX]

It is a PUBLIC USE COMPUTER... the entire faculty and staff has access to it via one format or another. This leaves lots of avenues of access so ALL DATA ON SUCH A SYSTEM IS SUSPECT!

Especially in an educational facility, I've been on both ends of this argument the hacker and the hacked, so trust me on this or don't, but data on government and facility wide access machines, is NOT secure and is ALWAYS suspect.

Of course, as far as I'm concerned, this is yet another reason NOT to worry about school, IMHO.

I did most of my learning as an "extra curricular" activity. It paid off dividends, while schoolwork and college work have yet to pay me a penny. In fact, most of my non "vocational" education has cost me dozens of thousands of dollars and haven't paid me back even a fraction of the cost involved. So IMHO, hacking grades is pointless, because neither straight A's nor straight F's will get you a job, or get you well paid, or anything. At best, you can slave away for straight A's so you can end up a boring, lifeless, possibly low paid, and certainly easy to fire cubicle monkey for the jock who learned how to run a business, or the geek who never showed up for class on time and barely passed gym or shop when he was in school.

Look around, history's brightest people, inventors, discoverers, all were either failures in school or not particularly shining examples of "classwork drones". Why? Simple, their attention was diverted to this thing called "life". And while you were trying to get ready to live your life one week of vacation per year of work at a time, they were living theirs... (and if they didn't get stupid with their investments, they probably continued to do so well past the time where you had a kid or three, a mortgage and car payment, none of which you couldn't afford... which in the end is the reason so many of us "geek" types end up broke... poor investments, of both time and money.)

Re:Confusing The Issue

[GooberToo]

And let's not forget there is a lot to win here. The right grades from the right school make the difference between a five digit and a six digit starting salary. Since they took money, seems like serious punishments should be considered. This obviously was not just a curious, dumb, teenager.

Having said that, 20 years is by far too much for something like this. Some murders don't do this. People often forget just how harsh prisons are. Even a year in prison, plus a criminal record as a lifetime punishment, really is a significant penalty to pay. A criminal conviction can easily place an upper limit on their yearly legal income. Let's not forgot that simply being convicted, for a white collar criminal, means punishment for the rest of their life, by means of where they can likely be hired.

Re:Confusing The Issue

[Metzli]

A 28-year-old and a 29-year-old snag some passwords and access the PeopleSoft system. These aren't kids, they're grown adults with unauthorized access into the school's system. Why, exactly, shouldn't they be punished?

Re:Adding the charges is unreasonable...

[bkr1_2k]

Do you have any data to back up your claim or are you just saying that because it's what you think? I know several "rehabilitated" criminals, both violent and non-violent.

There are an awful lot of "criminals" who are just people who make mistakes because they're young and stupid, or just in the wrong place at the wrong time (but still guilty of the crimes) or just feel like they don't have any other options. Saying that "generally speaking, criminals can not be rehabilitated" doesn't mean anything. Let's see some documentation of your proof.

Re:Confusing The Issue

[darkfire5252]

You're right. The grandparent might be wondering what happened to his brilliant legal career, but I'm not. Bottom line -- it doesn't matter why he did it, it only matters what he did. We don't go easier on defendants who murder someone because they were only trying to keep everyone from finding out about their secret extramarital love affair.

Nor do I wonder about your legal career. Not to be too much of an ass, but since we're apparently judging poster's legal knowledge in this particular thread... Intent is a very real consideration at trial. It's always present in the sentencing, and often present in the deciding of guilt... There's a reason manslaughter and murder are different charges. In the joyriding example, you don't distinguish taking the guilty party's intent into account at sentencing from taking intent into account as part of the legal burden of proving guilt.

Re:Confusing The Issue

[Anonymous Coward]

The accused are 29 and 28 years old; they should not be referred to as "kids". Having worked at a different CSU Help Desk, I can tell you that this kind of crime would be simple enough for an IT employee to commit. However, there is some level of trust both implicit and explicit when you sign an employment agreement. This guy did something stupid that he should have known was wrong, and he deserves a lot more than a slap on the wrist.

No it doesn't

[nunyadambinness]

"The problem with the law in question is that it gives a 20 year sentence regardless of the harm done."

No, it does not. It gives a range which the Judge is urged (not required) to consider as the appropriate guidelines for punishment. The Judge is free to depart from these guidelines. If a departure is given, it may require justification.

In short, the "problem" as you state it does not exist.

It is entirely possible, even likely these kids will get off with a very light sentence, or none at all (unlikely, but if they go to trial and win...).

Regardless, the law does not "give a 20 year sentence regardless of the harm done", it places that as the maximum suggested penalty available.

I think many people here have the same misconception as you do regarding the sentencing guidelines.

Re:Confusing The Issue

[GreyPoopon]

And today, it will get you 20 years in jail????? Lord, the terrorists have won when we now have zero tolerance for things.

This has absolutely _nothing_ to do with terrorism or our response to it, and you know it. As has already been stated, the twenty years quoted is the _maximum_ cumulative penalty for all of the charges. The actual sentencing will almost certainly be significantly less than twenty years. If not, _then_ you can go screaming about us bowing to the terrorists.

Truly this is fixing a swiss watch with a sledge hammer, wrong tool for the job at hand.

Not it's not. This is the way that the law has worked for years. The prosecution comes up with a long list of charges, and between the jury and the judge (with help from the defense attorneys), many of the charges are dropped from the list. Then the jury and judge take what's left and decide on an appropriate sentence. After that, the case may be appealed to a higher court, whereby additional charges may be dropped and/or sentencing may be reduced. It has been like this for many years; there have been no significant changes to this part of the process recently.

Re:Confusing The Issue

[definate]

Exactly. And furthermore all of these people who stumble across exploits in computer systems and then alert someone about it, should also have to pay the cost of a full audit. (Sarcasm)

Don't be like the RIAA/MPAA and confuse virtual crimes with real crimes.

I think it has been exclaimed many times before, security is their job, not the governments. The most they could and should do is expel the students and take greater precautions.