_______________ Original message _______________
Subject: Re: [IP] more on Rejected Harvard applicants say school 's
Author: Joseph Lorenzo Hall <joehall@xxxxxxxxx>
Date: 10th March 2005 10:59:5 AM
Ed Felten has a good post on this "hacking" issue (below). What
strikes me is how constructing a URL that is available to students without any further authentication or protection is considered "hacking". That's inevitably diluting any geek cred. held by any of us who are even crappy hackers! http://www.freedom-to-tinker.com/archives/000780.html
### Harvard Business School Boots 119 Applicants for "Hacking" Into
Admissions Site Harvard Business School (HBS) has rejected 119 applicants who
allegedly "hacked" in to a third-party site to learn whether HBS had admitted them. An AP [story][1], by Jay Lindsay, has the details.
HBS interacts with applicants via a third-party site called
ApplyYourself. Harvard had planned to notify applicants whether they had been admitted, on March 30. Somebody discovered last week that some applicants' admit/reject letters were already available on the ApplyYourself website. There were no hyperlinks to the letters, but a student who was logged in to the site could access his/her letter by constructing a special URL. Instructions for doing this were posted in an online forum frequented by HBS applicants. (The instructions, which no longer work due to changes in the ApplyYourself site, are reproduced [here][2].) Students who did this saw either a rejection
letter or a blank page. (Presumably the blank page meant either that HBS would admit the student, or that the admissions decision hadn't been made yet.) 119 HBS applicants used the instructions. Harvard has now summarily rejected all of them, calling their action a
breach of ethics. I'm not so sure that the students' action merits rejection from business school. My first reaction on reading about this was surprise that HBS would
make an admissions decision (as it apparently had done in many cases) and then wait for weeks before informing the applicant. Applicants rejected from HBS would surely benefit from learning that information
as quickly as possible. Harvard had apparently gone to the trouble of telling ApplyYourself that some applicants were rejected, but they weren't going to tell the applicants themselves!? It's hard to see a legitimate reason for HBS to withhold this information from applicants who want it. As far as I can tell, the only "harm" that resulted from the students'
actions is that some of them learned the information about their own status that HBS was, for no apparent reason, withholding from them. And the information was on the web already, with no password required (for students who had already logged on to their own accounts
on the site). I might feel differently if I knew that the applicants were aware that
they were breaking the rules. But I'm not sure that an applicant, on being told that his letter was already on the web and could be accessed by constructing a particular URL, would necessarily conclude that accessing it was against the rules. And it's hard to justify punishing somebody who caused no real harm and didn't know that he was breaking the rules. As the AP article suggests, this is an easy opportunity for HBS (and
MIT and CMU, who did the same thing) to grandstand about business
ethics, at low cost (since most of the applicants in question would have been rejected anyway). Stanford, on the other hand, is reacting by asking the applicants who viewed their Stanford letters to come forward and explain themselves. Now that's a real ethics test. [1]: http://www.washingtonpost.com/wp-dyn/articles/A18798-2005Mar8.html
[2]: http://poweryogi.blogspot.com/2005/03/hbsapplyyourself-admit-status-snafu.html --
Joseph Lorenzo Hall UC Berkeley, SIMS PhD Student http://pobox.com/~joehall/
blog: http://pobox.com/~joehall/nqb2/ You are subscribed as roessler@xxxxxxxxxxxxxxxxxx To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ |