Kutztown Students get Felony Charges 825
gone6713 writes "The 13 students from Pennsylvania who were accused of hacking the iBooks provided to them by the school (Slashdot had a previous story on them back in June) have offically been charged. It seems that the admin passwords were taped to the back of the iBooks!"
What happened to the Administrators? (Score:5, Interesting)
Funny, isn't this the American Way (Score:5, Interesting)
Especially in highschools. Or maybe just PA (I live 20 minutes from Kutztown). I remember a girl getting treated like a drug dealer because she a)bought aspirin to the school and didn't hand it over to the school nurse (so that she could subsequently go back to the school nurse when it's time to take them - talk about being treated like a 5 year old) and b)giving one to her friends that had a headache.
IIRC, she was kicked out of the district.
Variations of this heavy-handedness happens so often everywhere that I'm surprised it makes the news anymore. I think Columbine made it worse because now the administrators are going apeshit over every little thing - turning the schools into a sort of police state.
What would be news would be the punishment fitting the crime. But then the school administrators would have to admit that they are mostly at fault in this case (really: taping the passwords to the back of the computers?!)
This is my Hometown...let me tell you something... (Score:5, Interesting)
L8tr all.
Regardless... (Score:2, Interesting)
Regardless
The law is not about hacking, it is about Unauthorized Entry. You don't have to pick the lock to be somewhere you shouldn't, and you don't have to cut through any fences to be prosecuted.
Re:What happened to the Administrators? (Score:5, Interesting)
Re:Human error (Score:5, Interesting)
Re:Moan ... (Score:5, Interesting)
I sympathize to some extent actually. Read the district press release:
"Unfortunately, after repeated warnings and disciplinary actions, a few students continued to misuse the school-issued laptops to varying degrees. The disciplinary actions included detentions, in-school suspensions, loss of Internet access, and loss of computer privileges. After each disciplinary action, parents received either written notification or telephone calls. Some parents felt that the disciplinary actions were ridiculous and even expressed the feeling that their son/daughter should be able to do non-school activities and use the laptop without restrictions. Some students acknowledged that they used their school-issued laptop inappropriately at home rather than their home computer for fear their parent would catch them."
There is a simple way to fix this problem. If you don't want them to use the laptop at home, don't let them take it home.
My concern about the trend towards computerization in our schools is that students will not have the oportunity to opt-out of restrictions (say, by providing their own laptops). This is not that different from a world where everybody would be unable to opt-out of a trusted computing world, or even a Microsoft Windows world.
A second thought (IANAL) is that such heavy-handed punishment as a felony charge in this case might very well seem like cruel and unusual punishment and it might be possible to challenge the constitutionality of the law as applied to this case. Charging minors with felonies for using passwords taped to the back of the computers they were issued seems both cruel and unusual to me. However, where exactly one draws this line in this case might be fairly difficult to answer.
Finally, students have some privacy rights even regarding school lockers. It seems to me that constant monitoring might infringe upon those legitimate rights. IANAL, again though....
Re:Funny, isn't this the American Way (Score:3, Interesting)
A bit over ten years ago when I was in high school yet, I was kicked out for a short time (it was later reversed because of how stupid it was) because I brought in a pair of heavy scissors and had them in my bag. OH, these scissors were required for a class I was taking, and we weren't allowed to leave them in the class. But I was charged with bringing a dangerous weapon into the school. It all happened because an x-gf was mad at me and told someone in the administration I had a weapon, when in reality all I had was the scissors, books, and some pens/pencils and paper. (I don't believe she knew I even had the scissors, she just thought me getting hassled by the school cop would be funny. I hadn't talked to her in months at this point, I have no idea why she decided to do this out of no where, besides the fact we were stupid high schoolers.) Talk about sane policies, though. Can't let kids have the proper supplies for class! I'm surprised I didn't get 5-10 for every pen or pencil, I mean, I could stab someone with them, right?
Re:Yes and no (Score:1, Interesting)
However, your insurance company won't pay out.
Re:Taped? (Score:4, Interesting)
Re:retardville (Score:3, Interesting)
No, but if you leave the keys to your car in the ignition and it gets stolen. Its no longer Grand Theft Auto. Its just Theft. Amazingly the legal system is smart enough to realise that you are partly at fault for your car being stolen since you left the keys in it. What a conecpt. Accountability.
This is the same thing as writing the admin password on the bottom of the laptop.
The school officials should be charged for not properly securing public property.
Could you imagine if some highschool principal put the key to every door in a highschool under the door matt in front of each door. Once the school got robbed the general public would go ballistic when they learned the keys were everywhere. The principal would probably be brought up on charges for loosing thousands of dollars worth of school equipment.
But yet the same incident happens on a computer and nothing happens. Bizarre.
Re:What happened to the Administrators? (Score:3, Interesting)
Indeed. From here, it's hard to distinguish between what happened and outright entrapment. The only defense to it would seem to be, "I didn't know the tape-dispenser was loaded..."
Re:Human error (Score:5, Interesting)
http://www.cutusabreak.org/Pages/policeletter.htm
Hmmmm can just see the police switchboard getting slashdotted now!
Re:Yes and no (Score:1, Interesting)
Re:More to this story (Score:3, Interesting)
Re:Human error (Score:5, Interesting)
Something nearly the same happened when I was contracting for high schools. The DOS machines they used (this was a few years ago) could have been configured to start students into a menu system that was uninterruptable (i.e. turn machine on, get menu of available applications, no alternatives, no way to break out of the menu structure).
Instead, they wanted me to use the AUTOEXEC.BAT batch file to launch the menu system rather than a menuing application started directly on bootup. Why? So that they could watch and see who hit CTRL-C at boot to exit the batch file. Those students were then expelled for "hacking" (even though these machines weren't on a network at all, this was ca. 1992) and they lost their computer priveleges at the high school for the rest of their high school career.
Why? That's a question that was never satisfactorily answered to me. I can tell you that the answer was something along the lines of what I mentioned in my previous post: such students were basically believed to be "too big for their own britches" and it was thus basically one more way to find a few more kids with "no respect for authority" and push them out of the system.
While I was still contracting there, I saw two kids expelled for hitting CTRL-C to dump to DOS and explore the C: drive. Both ended up enrolling at a local private high school, to my knowledge.
Re:Taped? (Score:5, Interesting)
Do the student's bear some of the responsability. Yes. It would assinine to say that they didn't. However, the school system should have taken the computer's security more seriously, and should have used stronger passwords, and should not have put them on the computers. When the problem was discovered, the school should have taken steps to provide new passwords, which are stronger and not publicly known. For students that had been disciplined for misbehaving on the computers, a more proactive steps should have been taken to make sure that future violations would be adverted.
The other question that I have, is what education about the use of computers was implemented? Was there an AUP? And did the students understand what the implications of using the computers in that manner would mean. Second question, did the student's parents know that they were being interrogated under the threat of prosecution? If the parents of the children were not present or given the opportunity to be present and if the children were not given their rights, then any evidence collected would be inadmissable in court. The third question, is what point would prosecuting these children accomplish?
Whats wrong with kids today? (Score:4, Interesting)
Kids, by their very nature are curious and, a bit rebelious. That hasn't changed in generations, kids have always been tempted by things that they know they should not do and kids have always been known to defy authority. I know I did, and I'll bet you did too!
I was very fortunate to have had several teachers who were actually able to harness my curiosity and my desire to "push the boundaries." To this day, I think they were the best teachers I had.
I also had the other kind of teacher; I remember specifically one English teacher who told us to read a specfic chapter. I got in trouble for reading beyond the chapter! I loved reading and simply got caught up in the story. Why he got upset is still beyond me.
Many teachers no longer teach kids, they teach cirruclium. They expect kids to march in lock-step to their plans. Kids going though this feel like they are prisoners and that their teachers are little more than glorified babysitters! They get bored, they don't understand why they are being limited and, they naturally fight this by defying the silly rules established by the people in authority. In short, the kids will be kids (just like they always have been).
Yeah, the kids hacked the computers and used them for things that maybe they shouldn't have. I have to say that the administrators of the school should have expected this.
It seems to me there were probably a number of other things that could have been done - including a policy of "if you hack this, we will take it away from you and you will fail the class". The way that it has happend smells like the administration has chosen, intentionally, to make examples out of these kids. I suspect that this was done to send a message to future students "Don't mess with us" - but this kind of thing against kids seldom works and can easily backfire (especially if nothing comes of the charges).
I feel for the kids, I really do. Not because they hacked the computers but because the administration and staff of the school have obviously made some poor choices along the way. This problem is a symptom of something wrong much deeper in the system. The teachers should realize they are teaching kids who are naturally curious, naturally push the limits, and naturally defy authority. If these kids were challenged, rather than restricted, they would learn a hell of a lot more.
Teachers, please go back to teaching kids, not cirriculum!
Re:Funny, isn't this the American Way (Score:5, Interesting)
It's horrible because the kids that come from shitty neighborhoods do this to the kids that come from the good neighborhoods all the time because the shitty neighborhood kids get a week long break from school (their parents don't care, they have other things to worry about) and the good neighborhood kids get screwed by their parents.
A friend of mine was recently expelled for a conversation that went something like this:
Friend 1: "oh you won't believe what john did at lunch - he told everyone about your crush on cindy!!"
Friend 2: "ugh he did? *in a joking playful tone* i could just kill him sometimes!"
Teacher heard this whole conversation, told the dean, next day kid gets pulled out of class and is never seen again. And I was there for all of this - there is NO WAY that anyone could mistake him for being serious when he said that.
Also recently at my school I witnessed a gross exercise of power by the principal. Food and Drink are not allowed in any buildings (except cafeteria) including water (yeah, i know, its florida. they do this to "reduce bathroom breaks." i'm not kidding either.) So, a kid runs 7 miles in the morning (cross country team) and buys a gatorade from one of the machines on campus. He's heading towards his locker and the principal is outside the building his locker is in. The principal tells him that he can't go inside with the drink. He tells the principal in a calm non-condescending tone "I don't agree with this rule, but I respect you enough to obey it and not bring this drink inside." and calmly waits outside periodically drinking his gatorade and talking to friends (keep in mind that this was like 20 mins before school starts, so he wasn't going to be late to class or anything.) With the principal still there, a teacher comes over and tells my friend to move out of the way because he is blocking traffic. Now, he is standing about 5 feet to the left of the door, and is clearley not blocking traffic, but he does as he is told and moves about 5 steps off the wall. About 10 seconds later, the principal begins yelling at him for moving from the spot. My friend tries to explain himself calmly and without attitude, but the principal will not have it. He then tells him to go to guidance and wait there. My friend went to guidance, waited an hour and no one showed up so he went to class.
You would be suprised what goes on in public schools. Yesterday my history teacher who was giving a lesson on religions around the world did not know if Budda was fat in real life and when I asked about it I was told that it was of no significance anyway. I told him that in fact it could be rather important, as he had just taught us that Buddhism promotes freeing yourself from useless indulgences and possesions and that if Budda was actually fat then it would be contradictory to what he taught (as fat people are usually observed to be grossly indulgent.)
I was then yelled at for "interuppting class" despite the fact that I had raised my hand and been called on as per procedure specified by him. Basically he tried to blame me instead of just saying something like "Actually, I'm not sure. If we have time at the end of class we can look it up on the internet."
Anyway those are just some of my observations spending 12 years in the public school system.
Re:Taped? (Score:5, Interesting)
attractive nuisance doctrine
There is normally no particular care required of property owners to safeguard trespassers from harm, but an attractive nuisance is an exception. An attractive nuisance is any inherently hazardous object or condition of property that can be expected to attract children to investigate or play (for example, construction sites and discarded large appliances). The doctrine imposes upon the property owner either the duty to take precautions that are reasonable in light of the normal behavior of young children--a much higher degree of care than required toward adults--or the same care as that owed to "invitees"--a higher standard than required toward uninvited, casual visitors (licensees).
http://insurance.cch.com/rupps/attractive-nuisanc
By taping the passwords to the backs of the machines, the school system had created an attractive nuisance, especially considering the "behaviour of normal children". This was like installing a pool, placing a sign saying "Don't Swim", REFUSING to put up a fence, and then disclaiming all responsibility when someone drowns (violates policy).
The school administration in this case is a fucking waste of oxygen.
--
BMO
Re:Password security (Score:5, Interesting)
Our IT department just implemented this 30 day policy on all of the IT services. Unfortunately they don't have a shared password system so each of the 10 applications I need to do my job have different passwords. And of course these passwords all expire at different times.
I never used to have to write down my passwords. I had one that worked for all my work-related services. But now I'm writing them all down. If someone happens to find it, it's not my problem.
Foist this stupid scheme on people and of course they're going to write them down. Better that than forgetting a password and have yourself locked out of the system you need to do your job. Next you waste 20 minutes of the day waiting for the arrogant IT guy to reset it all the while listening to him complain about all the password resets they've done that day.
So frustrating. What's the point when a little social engineering can get a password without too much trouble?
Re:Human error (Score:4, Interesting)
Things like that make it just as hard for someone to crack, but easier (for me at least) to remember
This is why you don't get into power struggles (Score:4, Interesting)
You will lose. Any sane parent knows this. The educators, with their specialized training totally should know this. As a father I know this.
The policy should reflect the reality of computing today; namely, that any access control methods can and will be circumvented by those willing to do so. Period, end of story. There is very little the school could do to prevent this kind of thing, so why bother?
Either the kids play ball, or they don't get their own computer. Have a lab room setup for those not willing to agree to the terms of use and those that think they are willing, but end up on the wrong side of the rules.
Charging these kids with a felony crime is just wrong. It's going to affect their future far more than it helps the school keep control. I've a feeling this school is one of these zero tolerance, power tripping schools that does more actual harm than good.
So, they could have just taken the computers, booted the kids, put them on an alternative learning track, etc.... But, continuing to escalate the issue the way they did invited trouble, was counter productive, and could easily be considered rather draconian. --> "Lets make examples of a few of them to keep the others in line". Yeah, like I want my teen going to a school like that.
In the schools defense, the law has taken away a lot of their power these days. The school staff is sharply limited in what they can actually do without going to the courts. (Which makes a keen understanding of the whole power struggle thing all the more important!) When I went to HS, in the 80's, principles could still actually make kids *do* things. Breaking up fights, for example, often meant the principle stepping in there, grabbing some kids, and sorting things out. He was never in the office, walked around the school and kept order.
Things are far different today where even touching kids can get educators in trouble.
There is a fine line being crossed with the whole kids rights thing. In terms of things like expression, we should be yielding to the kids. However, in terms of behavior, we should let the schools do a bit more than they currently are, if we are to avoid the courts for teen struggles.
Also, where the fuck are the parents in this whole thing? If this were my kid, I would quite honestly start working that school and legal system over until the problem was corrected. I'm all for kids towing the line, but it's a two way street. If the school creates an environment for failure, (which they clearly have), the punishment for that failure needs to serve some greater end. (Which it clearly doesn't.)
This whole mess is a crock. Anyone, who has parented teens, who possesses just a bit of common sense would have been able to defuse this issue and move on. My gut says this whole small town is fucked up.
Re:Additionally (Score:3, Interesting)
Re:Additionally (Score:3, Interesting)
I can see both sides of this issue.
The reason Windows doesn't allow superusers to su to other accounts without their password is for accountability. It's a lot harder to notice a rogue admin reading and modifying files of execs when he/she can do it without knowing their password.
There are ways around the restriction in terms of necessary administration. If someone is fired or leaves the company, an administrator can transfer ownership of their files to another user, giving them access. If an admin really needs to log in as someone else without their consent (maybe for legal investigative reasons?) they can change the password on the user's account.
Now, where this breaks down is something like Exchange. My admin account at work is a member of the Exchange administrators' group, meaning I can read anyone's email in the company without knowing their password. That's frequently the information that should be the *hardest* to get to.
OTOH, logically I believe that *ix has it right when it lets the superuser do *anything*. Dear Microsoft: I'm not really an administrator if there are processes I can't kill, and files I can't delete.
The ownership stuff I mention above is an illusion anyway, since as an administrator I could install a keylogger on someone's workstation to get their password.
Anyway, that was kind of a ramble, but my point is that it's a philosophical difference. Windows is designed in most ways to be Nerfed so that you don't shoot your eye out, and most of your admins don't know how to access restricted information without leaving a trail.
"testing" for troublemakers.... (Score:3, Interesting)
If there really is a "hidden agenda" of fishing for "troublemakers", that's a very poor way to accomplish anything. I mean, hey, why not issue knives to every incoming student too and just sit back and wait to see who starts stabbing people?
And anyway, historically speaking, the tinkerers/experimenters of the world are the ones who accomplished and contributed the most to society as a whole. "Respect for authority" be dammed.... Computers are all about exploring and experimentation. If you can't even create a "virtual sandbox" of sorts out of the system configuration you're issuing your students, so they have "boundaries" to what they can do on said machines, that just illustrates that the students are smarter than the faculty. The tools *are* and *have been* available to restrict usage of computers to only specific applications. If you opt not to use them, then I think you're making a de-facto vote for allowing students to do as they will with the laptops.
You know which ones are most likely to go off and install programs like iChat AV or take full advantage of "remote control" software they figure out how to use? That's right -- the smartest ones and the ones who actually *enjoy* using a computer! But no, we have to punish them and encourage the mediocrity instead. Teach students that computers are ONLY there for specific tasks we set up for them in advance. Don't "have fun" with it or you're a "hacker". Drum all the curiousity out of them. It's EVIL!
Re:Human error (Score:2, Interesting)
Re:Human error (Score:5, Interesting)
Because no one ever suggested otherwise!
Seriously, the biggest part of "having a sane password police" is to TEACH THE USERS BEST PRACTICES.
Everywhere I've worked, and I've worked at a lot of places since I've been contracting since the early days of the internet bubble, there has been zero user education about passwords.
Typically the IT department comes up with some rules and they think their responsibility stops there. Since they never bother to teach their users the best way to follow the password rules, it is no surprise that the users come up with all kinds of cockamamie schemes.
These people aren't computer security experts, they are just regular schmoes who want to get their work done wit h the last amount of hassle. They've never had to think deeply about password security, so of course most of them never will on their own. They will take the path of least resistance to getting their work done and writing their password down in an easy to find place is very low resistance.
Teaching them smart and effective password techniques is one of the surest ways to improve security that there is.
My high school was stupid too (Score:2, Interesting)
Re:Human error (Score:3, Interesting)
Computers are much better at remembering stuff like passwords than most of us. Let the computer remember all your passwords in an encrypted password file. Then all you have to remember the ONE very good password that unlocks that file. Macs come with a nifty thing called keychain, where all password are stored. Many Internet sites and other servers get the password from the keychain automatically if it is already unlocked. The default is to unlock your keychain with the same password when you log in to the Mac. However, that may be changed by the user. A separate password can be used for the keychain. I am sure there must be similar schemes available for Windows. Of course, this doesn't help anyone who must log in from many different computers in various places. Here is an opportunity for someone to come up with a cheap, calculator type gadget that stores passwords securely. It can then display the login data on a screen or feed it directly to a computer via a USB plug or bluetooth wireless. Such a function could easily be added to a cell phone.