Most of us are in a position of having to trust others with our private data.
If we send our kids to college, we expect the institution to protect their private data like SIN numbers and other identifiers, to keep them safe from identity theft. Most of us don’t have the technical expertise to know if this private information is being kept safe. If this information is not maintained securely, and the institution does not fix the problem, we need to know about it.
This is why the Globe and Mail editorial When did it become wrong to punish hackers? is so disturbing.
First, there is misinformation about the Aaron Swartz case, which the editorial writer seems somehow to be using to bolster its position. It doesn’t fit with the article content, but it was certainly sensational.
Fact: Aaron Swartz did not steal anything. He was legally entitled to access, download and copy the documents. It wasn’t even copyright infringement. His only actual legal transgressions were his breach of JSTOR’s terms of service (the agreements we all click “I agree” to without reading) by downloading in bulk and using an unlocked MIT closet. This excesssive prosecutorial overkill is why people like Creative Commons founder Lawrence Lessig characterized the charges and prosecution of Aaron as prosecutorial bullying.
Funny, they could have used Canada’s own Byronn Sonne case, which was also famously misunderstood. Not so long ago Canadian Byron Sonne lost a couple of years of his life to a similar combination of prosecutorial overkill and technical ignorance. He was truly fortunate to have his trial before a judge capable of learning enough about the technology to understand the issues. I would have hoped that the Globe might have learned a little something from that.
More information (actual facts, even) can be found about the incident in the earlier GEEKOsystem article about the expulsion of student Ahmed Al-Khabaz Canadian College Student Points Out Major Security Flaw, Obviously Gets Expelled for Doing So
What it boils down to in this instance, is that, when the students pointed out the security hole to Dawson College, it was the school’s job to fix it. Telling students not to do that anymore might stop them, but does not fix the problem.
Years ago a friend of mine noticed an inadvertently open vault door after the mall’s bank branch was closed for the night. She was a little concerned (her money was in that branch) so she notified the bank the next day. Should she have been charged for pointing out the problem? The bank thanked her and fixed the problem. The Dawson College response outlined here would be the equivalent of telling my friend to pretend she didn’t see the open vault rather than fixing the problem.
I’m totally lost as to where copyright comes into this at all. And the only privacy issue appears to be the Dawson College failure to fix the security hole pointed out by the students. This is an institutional failure to secure the private data on its system ~ entrusted to Dawson College ~ and thus a failure to protect the privacy of the students.
The Globe would do well to ensure its editorial writers understand the issues they write about.