hacking into harvard

In a 1-2 page paragraph, discuss Read Case 2.1: Hacking into Harvard, located on page 71 in your textbook. As applicants began to defend themselves against the penalties handed out by the business schools, they appealed to both consequentialist and nonconsequentialist criteria to support their actions. Some responded by pointing out that their intentions were never malicious, while others argued they did not think checking their application statuses would cause any real harm. Review the case study and analyze the actions of the students from a Kantian perspective. Consider whether the actions taken by the hackers were permissible according the standard of universal acceptability.

Hacking Into Harvard-EVERYONE WHO HAS EVER APPLIED FOR ADMISSION to a selective college or who has been interviewed for a highly desired job knows the feeling of waiting impatiently to learn the result of oneâs application. So itâs not hard to identify with those applicants to some of the nationâs most prestigious MBA programs who thought they had a chance to get an early glimpse at whether their ambition was to be fulfilled. While visiting a Businessweek Online message board, they found instructions, posted by an anonymous hacker, explaining how to find out what admission decision the business schools had made in their case. Doing so wasnât hard. The universities in questionâHarvard, Dartmouth, Duke, Carnegie Mellon, MIT, and Stanfordâused the same application software from Apply Yourself, Inc. Essentially, all one had to do was change the very end of the applicant-specific URL to get to the supposedly restricted page containing the verdict on oneâs application. In the nine hours it took Apply Yourself programmers to patch the security flaw after it was posted, curiosity got the better of about two hundred applicants, who couldnât resist the temptation to discover whether they had been admitted.19

Some of them got only blank screens. But others learned that they had been tentatively accepted or tentatively rejected. What they didnât count on, however, were two things: first, that it wouldnât take the business schools long to learn what had happened and who had done it and, second, that the schools in question were going to be very unhappy about it. Harvard was perhaps the most outspoken. Kim B. Clark, dean of the business school, said, âThis behavior is unethical at bestâa serious breach of trust that cannot be countered by rationalization.â In a similar vein, Steve Nelson, the executive director of Harvardâs MBA program, stated, âHacking into a system in this manner is unethical and also contrary to the behavior we expect of leaders we aspire to develop.â

It didnât take Harvard long to make up its mind what to do about it. It rejected all 119 applicants who had attempted to access the information. In an official statement, Dean Clark wrote that the mission of the Harvard Business School âis to educate principled leaders who make a difference in the world. To achieve that, a person must have many skills and qualities, including the highest standards of integrity, sound judgment and a strong moral compassâan intuitive sense of what is right and wrong. Those who have hacked into this web site have failed to pass that test.â Carnegie Mellon and MIT quickly followed suit. By rejecting the ethically challenged, said Richard L. Schmalensee, dean of MITâs Sloan School of Management, the schools are trying to âsend a message to society as a whole that we are attempting to produce people that when they go out into the world, they will behave ethically.â

Duke and Dartmouth, where only a handful of students gained access to their files, said they would take a case-by-case approach and didnât publicly announce their individualized determinations. But, given the competition for places in their MBA programs, itâs a safe bet that few, if any, offending applicants were sitting in classrooms the following semester. Forty-two applicants attempted to learn their results early at Stanford, which took a different tack. It invited the accused hackers to explain themselves in writing. âIn the best case, what has been demonstrated here is a lack of judgment; in the worst case, a lack of integrity,â said Derrick Bolton, Stanfordâs director of MBA admissions. âOne of the things we try to teach at business schools is making good decisions and taking responsibility for your actions.â Six weeks later, however, the dean of Stanford Business School, Robert Joss, reported, âNone of those who gained unauthorized access was able to explain his or her actions to our satisfaction.â He added that he hoped the applicants âmight learn from their experience.â

Given the publicâs concern over the wave of corporate scandals in recent years and its growing interest in corporate social responsibility, business writers and other media commentators warmly welcomed Harvardâs decisive response. But soon there was some sniping at the decision by those claiming that Harvard and the other business schools had overreacted. Although 70 percent of Harvardâs MBA students approved the decision, the undergraduate student newspaper, The Crimson, was skeptical. âHBS [Harvard Business School] has scored a media victory with its hard-line stance,â it said in an editorial. âAmericans have been looking for a sign from the business community, particularly its leading educational institutions, that business ethics are a priority. HBSâs false bravado has given them one, leaving 119 victims in angry hands.â

As some critics pointed out, Harvardâs stance overlooked the possibility that the hacker might have been a spouse or a parent who had access to the applicantâs password and personal identification number. In fact, one applicant said that this had happened to him. His wife found the instructions at Businessweek Online and tried to check on the success of his application. âIâm really distraught over this,â he said. âMy wife is tearing her hair out.â To this, Harvardâs Dean Clark responds, âWe expect applicants to be personally responsible for the access to the website, and for the identification and passwords they receive.â

Critics also reject the idea that the offending applicants were âhackers.â After all, they used their own personal identification and passwords to log on legitimately; all they did was to modify the URL to go to a different page. They couldnât change anything in their files or view anyone elseâs information. In fact, some critics blamed the business schools and Apply Yourself more than they did the applicants. If those pages were supposed to be restricted, then it shouldnât have been so easy to find oneâs way to them.

In an interview, one of the Harvard applicants said that although he now sees that what he did was wrong, he wasnât thinking about that at the timeâhe just followed the hackerâs posted instructions out of curiosity. He didnât consider what he did to be âhacking,â because any novice could have done the same thing. âIâm not an IT person by any stretch of the imagination,â he said. âIâm not even a great typist.â He wrote the university a letter of apology. âI admitted that I got curious and had a lapse in judgment,â he said. âI pointed out that I wasnât trying to harm anyone and wasnât trying to get an advantage over anyone.â Another applicant said that he knew he had made a poor judgment but he was offended by having his ethics called into question. âI had no idea that they would have considered this a big deal.â And some of those posting messages at Businessweek Online and other MBA-related sites believe the offending applicants should be applauded. âExploiting weaknesses is what good business is all about. Why would they ding you?â wrote one anonymous poster.

Dean Schmalensee of MIT, however, defends Harvard and MITâs automatically rejecting everyone who peeked âbecause it wasnât an impulsive mistake.â âThe instructions are reasonably elaborate,â he said. âYou didnât need a degree in computer science, but this clearly involved effort. You couldnât do this casually without knowing that you were doing something wrong. We âve always taken eth ics seriously, and this is a serious matter.â To those applicants who say that they didnât do any harm, Schmalensee replies, âIs there nothing wrong with going through files just because you can?â

To him and others, seeking unauthorized access to restricted pages is as wrong as snooping through your bossâs desk to see whether youâve been recommended for a raise. Some commentators, however, suggest there may be a generation gap here. Students who grew up with the Internet, they say, tend to see it as wide-open territory and donât view this level of web snooping as indicating a character flaw.