Slashdot Mirror
Harvard Business School: You Peek, You Lose
mosel-saar-ruwer writes "Seems Harvard Business school was using the ApplyYourself web service to process applications. Sometime in the last few days, an anonymous hacker, known as 'brookbond', was able to crack the system, and discovered that Harvard had already posted acceptance letters to the website fully a month before they were to be mailed to their recipients. He posted instructions on how applicants could view their letters at the BusinessWeek forums, and approximately 119 applicants followed his advice. Today, the dean of the Harvard Business School, one Kim Clark, announced that none of the 119 would be admitted: 'This behavior is unethical at best -- a serious breach of trust that cannot be countered by rationalization... Any applicant found to have done so will not be admitted to this school.'"
Wow. So even though only one person actually did the hard work of figuring out how to hack into the site, 119 other individuals figured they too should follow the directions to hack in and learn the results. Harvard (rightly so) decided to not admit any of the 119 even though some of them possibly were initially accepted. Is this a response to some of the unethical and deceptive practices that have been rampant in the business world (i.e. Worldcom, Enron, pick your fav.) of late? Perhaps, but this is especially important in that much of business school (especially in ivy league schools) is about establishing relationships and connections. Do we want a bunch of ethically challenged folks getting to know one another in Harvard business school? I think not. In light of many of the current scandals in the business world, I would like to believe that schools do pay attention to these issues and perform some filtering at the front end rather than filtering or correcting during the educational process. After all, there are some things that cannot be taught. By the time one applies to business school, patterns of behavior are fairly well entrenched and behavioral correction of things we were supposed to learn in kindergarten is not the business schools responsibility.
It would be interesting to find out what their stories are. Why did they do it and what were they possibly thinking? Do they believe they should be blacklisted?
It should also be noted that Harvard was not the only school affected by this hack. Other business schools (MIT, Stanford, Carnegie Mellon and Duke) were also compromised and I would encourage those schools to adopt the same actions as Harvard in this case.
Visit Jonesblog and say hello.
So if I got instructions on how to read another persons acceptance letter, I could get them refused entry into Harvard?
Right on, I've always wanted to stick it to one of those yuppy bastards.
Feed the need: Digitaladdiction.net
It's take charge, independent thinkers that the school needs in it's student body. they better not revoke my admission or i'll send a teenage grrl enforcer over to smack 'em upside their heads!
A feeling of having made the same mistake before: Deja Foobar
Re-arranging paths in a URL is not hacking but they all got what they deserved. The other schools will probably follow suit.
Does anyone know how complicated the instructions were? Is there any way the people could have thought they were just accessing the site, putting in a URL with their name or whatever at the end of it, and not 'hacking' it to get information they were not allowed to have?
How they want to prove that the person that looked at the "papers" was the "accepted one"... (if they didn't posted it all over blogs ;-))
I'm not sure that the remaining acceptees are really so holy and ethical. If all of the applicants had noticed this, maybe everyone would have peaked. The 119 caught were probably the only 119 out of the applicant pool who actually caught the story...curiousity got the better of them, and I'm sure that it probably would've the rest of the acceptees if they had only known...
That'd be interesting, too...if there suddenly was only a few people in the class of '09...but they'd probably fill the spots up with waitlisters...
The real culprit is the cracker who found the way in.
I think Harvard's reaction against the 119 who followed the indicated route is pitifully excessive.
But the 119 now have an early lesson in how certain business managers cynically deflect blame in order to save face.
It appears to be beyond Harvard's ability to track down the cracker, so they hit out at whoever is within reach.
-wb-
Come on, they were just curious. This is too much. And Harvard should have been more careful.
Hardly...they'll be accepted at Columbia, or UPenn or any of the top tier bussiness schools, and all will be well...
If ethics was so important, how come it wasn't tested for in the actual application process?
'This behavior is unethical at best -- a serious breach of trust that cannot be countered by rationalization... Any applicant found to have done so will not be admitted to this school.'"
What I'm sure was meant was that the so-called breach of trust was indefensible, but the first time I read this, it sounded to me like what they were saying was, "We don't know how to defend our reasoning for calling this a breach of trust."
Really odd. Harvard uses an insecure method of posting ahead of time news of who gets in and who doesn't. Anybody in the world can go view those documents, and they don't get in trouble. Meanwhile, the actual applicants go and view them, and they're locked out of Harvard. And it's not even like they can go fake letters of acceptance or anything through the process.
Looks like Harvard's adapting "Security by Legislation", that growing corporate policy of punishing whoever they can because they've been made out to look like idiots, through nobody else's fault but their own.
If they can't wait a month to find out if they got in or not, how well do you think they'll stand up to the ethical quandry involved in an opportunity for insider trading?
Even if it was a simple hack, it was presented as a hack (a means of circumventing the system), therefore they weren't just lemmings - they were black sheep.
What prevents me from going in there and viewing a handful of people's applicants? Will they get kicked out? I wonder how many of those 119 weren't the real person -- or do they require some sort of user-auth?
...to spite their face. Harvard just regected 119 of the most qualified bussiness school bound students in the country. They will go to other, arguably equal, bussiness schools, while Harvard will take on 119 lesser qualified applicants to fill its vacancies. What schmucks...
Begorrah ! The ones who knew enough to find the "swag" on a relevant website are the ones who should be first in the queue to be admiited. After all they're the ones with the acumen.
:)
Ho hum... Just goes to show that if you play by the rules you'll get by by the rules (and if you play them well enough you'll "shine") But you'll never discover anything truly new
Mind you having said that... if you do discover something truly new, once you try to tell somebody, the rest of society will think you're mad and burn you at the stake. "This heretic says the Earth revolves around the sun... burn the witch..."
Sky subscribers are morons. They pay to be advertised at !
What about the ethics of storing personal information in such an insecure system that 119 people were able to break into it? Nobody is responsible for that?
you little son of a bitch, Santa is coming TONIGHT and hes gonna take ALL your presents back, and hes not gonna give YOU anything except a cup of DIRT! but your BROTHER -- who didnt peek -- he'll get ALL his presents while you sit there with NOTHING!
and YOU'LL LIKE IT!
Seems like the school bears some responsibility for outsourcing the acceptance letters to an easy-to-hack site. The cynic in me tells me that half the reason they are coming down so hard on the students is to divert attention from their own security failure.
Someone hacked into our server and posted the details of how to replicate it to the rest of the world. We're now embarassed, who can we lash out against?
Ah! the people who we can actually hurt without going to court or having to get law enforcement involved, the 119 18 years olds who were on tenterhooks to know if they'd been accepted and really couldn't contain themselves to wait another entire month when we'd already made the decisions.
Infact, if I understand from my rather hazy sources US law enforcement won't get involved unless the crime has cost $5000 (I could be way off here though, I didn't get this from an authoratitize site), so, since they're out the only other option to lash out and save face would be to sure, which is expensiv when you can just ruin 119 kids futures. Of course, doubtless it will end them up in court...
The ethics point isn't particularly strong, these are 18 year olds who want to know if their chosen college has accepted them and they find out that the decisions have been made and the letters written a month before they'll get them otherwise. The fact that they followed some instructions posted online to find some 'hidden' files reflects little on their ethics in the future - I spent hours in school trying to get into every nook & cranny of the systems (which the admin had tried to lock down) using as many non-invasive/agressive methods as I could find. Does that make me unethical? no. I did it entirely as an academic exercise to see how well locked down the systems were, would it have been unethical to find out information about me that the school held but didn't want to tell me? no, not in my opinion.
This seems to be the university lashing out against someone to save face. That 'someone' being the people who have least blood on their hands (out of the people actually involved) and who the university feels that it can get away with stomping on the easiest.
FGD 135
As a current Harvard MBA student and long-time /. reader, it's worth pointing out that these applicants didn't "hack" anything. They got instructions (now deleted from the BW forums) that if you took your login hash, appended it to a URL at the ApplyYourself, you could see the decision letter on your file, if it had already been posted. My guess is that someone asked a first round applicant (who had already heard) for the URL to the decision and tried it as an in-process second round applicant.
This isn't hacking. Nobody logged in as the Admissions Director or socially engineered their way into info by calling admissions and pretending to be a staffer out on the road. The only people at fault here are the coders at ApplyYourself (the 3rd party application site). Having used it last year, I can tell you that it is technically inferior to most products that other schools build themselves.
There's already some ideas above that with the Enron and Worldcom scandals, business schools need to have ethics at the highest standards, but this misses the point. The 119 people that just got rejected weren't the 119 least ethical applicants. They were the 119 of the (probably) 130 applicants who saw the instructions before they were deleted. The top tier b-school application process is very stressful and the idea of seeing your results early is hardly scandalous.
Furthermore, our new post-scandal "Leadership and Corporate Accountability" course spends a great deal of time discussing the ethical trade-offs inherent in business, such as weighing employee concerns vs. shareholder concerns vs. customer concerns. These decisions are rarely black and white and we spend a lot of time discussing relative merits of each stakeholder. The notion that we would portray ourselves as knowing an absolute ethical standard goes against much of what we teach and learn here.
Despite the small number of true criminals to have walked these halls, Harvard Business School is a great institution and most /.'ers would be surprised to meet all the ethical people here that will be future leaders (if past performance is predictive of future performance).
Deciding who is at fault and who deserves what is a favorite online pastime, but we don't even know what it took to "hack" into the site to view the letters. Did the applicants do anything that would actually be illegal if they did it in the business world (where "ethical" seems to be synonymous with "legal" )? Or did they merely do something unexpected and embarassing?
If the business school is run by the same types who seem to run every other part of the school system, their automatic, totally predictable reaction would be to slam down hard on somebody and focus attention away from any possible mistake or oversight they themselves may have made. I'm not saying that's what happened here either, but we really don't know who the bad guys are.
If you don't want your information to be hacked, don't put in on an internet connected machine. It's as simple as that. We think we have a decade of web and internet wisdom to guide us but the fact is that all of this technology is still in its infancy. Was the hack ethical? No, but ethics aside, only an idiot would subject their important and confidential information to exposure on the web and then complain when it was hacked. Sorry, flamebait me if you must but the reports of vulnerabilities come fast and furious, regardless of platform, and nobody seems to care.
Don't want your data exposed? Don't put in on the web.
A form submit hack to an open document is not illegal nor in my opinion, unethical. You are simply choosing a different way than intended to view open information. Kind of like reading the last chapter of a book first. Suppose that someone posted links containing the get statements to a web page and called it something along the lines of "Get your Harvard Info Here." This page could appear to be totally legit while totally screwing the people clicking the links. I think that this is a total over reaction on the part of Harvard.
I for one applaud Harvard's decision to stand up and demand a certain moral fiber from the applicant's to it's instituions. Better that these people learn what is acceptable behavior now (although they should already have some concept that what they did was wrong) then when the SEC is investigating them for plundering the savings of untold thousands in a few years.
As you mentioned these students probably have admissions at other schools. I can only hope that Harvard publicly publish their names so that they can be blacklisted throughout the nation.
Seriously, I think this is overboard. If I was applying and just happen to run across a link that let me look at the standing of my application, I would have done it. And I consider myself to be an ethical person. If I see someone drop a $5 bill out of their pocket walking down the street, I'll pick it up and give it back to them. If a guy left his iPod in a classroom, I would pick it up and find him to return it. If a business deal came by where I could make $10 million by duping an old lady out of her $100k house, I wouldn't take it. Hell, I even help old ladies across the street on occasion.
The fact is, these people were probably just curious about their application status. And the reason only those 119 probably checked theirs out was because they were the only ones that knew about it. I don't know what their application numbers are, but if 5000 applied and all of them knew about the hack, probably at least 4000 of them would have checked out their applications. As well, the hack was only open for what ? 9 hours total? Does everyone who applies to Harvard check every 8 hours to see if a hack is available that will let them view their application status? Gimme a break. Maybe they could use this as a final decision maker, but to totally nix these hapless few is ridiculous. I bet more crooked business majors have come out of the Harvard Business School.
totally classic behaviour you'd expect from an unethical corporation who wants to cover their ass and deflect blame of a major fuckup that's their own fault.
if you ever wondered about the ethical standards of harvard, here's a perfect example. instead of accepting responsibility for their fuckup, they take it out on others, in order to cover up their embarassment.
You know, sometimes it makes sense to hold a priviledged class responsible for its actions.
Many of these kids were probably under enormous pressure to get in.
Interesting (to me at least) riff from a recent Economist article...
One factor contributing to the stratification of US society is precisely that enormous pressure. There is extreme pressure in competition for entrance to top schools (and then to get good jobs at top employers and then to advance up the ranks at said employers). But, this competition is primarily localized to members of the upper and upper-middle classes.
Meanwhile, American society is measurably breaking into the haves and the have-nots with a shrinking middle-class. A similar bifurcation occurred in the early 1900s, but was checked by the very people at the top who recognized that American society needs to be dynamic in order to be robust. Thus came the creation of measures of merit like the SATs.
The difference between now and then is that in the early 1900s, the upper classes easily perceived the stratification making it relatively easy to motivate people to address the problem. With the extremes of the current merit system, all the upper-classes perceive is extreme competition - but only among themselves. From their perpsective it is still a merit based system. But when it takes a $90K prep-school and a $10K SAT-prep course plus a "legacy" contribution to gain entrance to a top-school, we are very close to where we were at the start of the 20th century -- excluding huge swathes of society from the opportunity to advance themselves.
So... Hacking a bank machine and checking to see if you're admitted to a school are the same thing huh?
What a great world Americans live in...
Maybe spitting on the sidewalk will have the same legal penalties as murder next?
I seriously doubt they can confirm that every person who followed the instructions was infact the same as the application they checked.
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
Personally, I'd have capitalised "unethical" rather than "illegal" as I consider it to be the more serious issue.
I recently wrote an IRC bot. That is currently illegal in the USA (read up on the ActiveBuddy patent) and will, as a result, probably be illegal in short order in the EU (where I live). However, I'm not bothered.
If I'd done something that I considered immoral, I would be worried. But my opinion is that allowing governments to define your morality is lazy at best and idiotic at worst. This applies particularly strongly in this situation where, as far as I can tell, people are being kicked out for receiving their letters before they were due to be sent.
I can't see any good reason why this should be a major offence, certainly not why people's lives should be messed up on this basis. Especially if they are able to produce a detailed argument as to why they considered their behaviour ethical.
Please, please get your priorities straight.
For the love of God, please learn to spell "ridiculous"!!!
How can you compare robbing a bank to what occured here. I'm not saying the prospective students should not be punished, but robbing a bank is clearly against the law, while its possible that these students did not think or know that accessing this "hidden" url was against the rules. (or maybe they did but its not explicitly clear).
-kaplanfx
Visualize Whirled Peas
If I were an applicant, my impression is that I would constrye the information as saying that "the university for some reason doesn't send you the URL right away, but if you have an admissions letter it may already be at $BASE_URL + "?" + "foo". I would have logged in and typed the URL without hesitation.
Based on your strong statements, I begin to see that the admissions committees would consider this cheating. I still have seen no explanation as to why this is the case, still less why the applicants would necessarily think this.
Unless any instruction to the contrary was very prominently stated in the login screen or terms of use, I see no reason for the applicant to have any presumption that typing in such a URL would be construed as even slightly inappropriate, much less rising to the level of obviously unethical.
For what it's worth I consider myself a highly ethical person. I am a person who has on several occasions acted significantly against my own interests on ethical grounds. Nevertheless, based on the information I've seen so far, I don't believe I would have even hesitated to type in the purportedly secret URL variable. I would not have had a moment's concern about being "caught" because I would have no expectation that what I was doing was even remotely inappropriate. I would also have been perfectly aware that my action would be unambiguously recorded in the server log.
I think it's very different to accuse someone of behaving contrary to *your own* ethics than to accuse them of behaving contrary to *generally accepted* ethics. It's simply not at all clear that the applicant would even have considered the matter to be ethically problematic, as is evidenced by the fact that they were logged into the system at the time!
Even if "ignorance of the law is no excuse" this seems like a prohibition promulgated retroactively.
Unless you can explain to me why the applicant should have known that the behavior was a violation of either an explicit agreement or an implicit trust, I conclude that it is the behavior of the university that is unethical. It is unconscionably unfair and arbitrary.
mt
Why do you people always come up with these pointless analogies? Excuse me my stupidity, but I cannot see what stealing money from a bank has to do with this. The two acts are of completely different magnitude. Yes, it was wrong. Yes, it was stupid. No, they didn't kill anyone, and as fas as I can understand they didn't even cause anyone too much inconvenience. Blacklisting people from an academic career because of this incident would be a bit harsh, now wouldn't it? I believe young people have been forgiven worse things than this.
What are we going to do tomorrow night? The same thing we do every night, Pinky. Try to take over the world!
I couldn't have said it better myself. I've been applying to grad schools and am currently waiting for some decisions still. If I had been told I coul d find out my decision by changing the URL to page=decision or whatever it was, I would have absolutely done it.
While I laughed at your comment, I found: There are some levels of satisfaction that money can't buy, like watching 100+ snot-nosed future pointy hairs take it up the pooper from Harvard. and other similar comments on this post a bit insulting and actually stupid.
Stereotyping Ivy league students as being rich, snotty, heartless people is stupid and really not nice, especially since you probably don't know that many of them. Some of my friends attend an Ivy league school and they're some of the nicest and most intelligent people I've met. Yes, many rich people tend to be snotty and since they can afford these schools there are more of them there than at another typical school - but it's not nice just bashing these 100+ students because of a stereotype.
Out of these 100+, some might be rich and snotty, however I'm sure many are very intelligent and probably just acted on their curiosity.
Weather you consider their actions unethical or not, I'm sure that most of us have made mistakes, and therefore I think it's improper for us to laugh at them - especially those that originally got accepted - who now suffer a pretty big loss.
I don't know that it's a question of not differentiating between ethics and rules. In this particular case, it seems that there's an ethical violation, although I'd consider it fairly small. The physical analogue for me is: one person jimmies a window at the admissions office, sneaks in, and grabs a look at his file. Along the way, he shows a few hundred people how to jimmy the window. Then a lot of them do, either out of curiosity to see if they got in, or curiosity to see if the window will open that easily, or any other reason. Is it unethical? Yeah. Is it unethical on a scale that means you should no longer be accepted to the school? Probably not. A stern talking to, maybe a fine.
That being said, colleges, as a general rule, don't teach ethics. There's a lot of dissemination of political views in the classrooms, for good and evil. Oh, they generally punish you if you plagiarize and they catch you, either by suspending or expelling you. But ethics? Personal values? For the most part, these are things you have before you go, or you'll never pick them up at school. And for the degree that they're refined, that's mostly something that's done as a function of your peer group, rather than your institution.
Reminds me of when I was at school. Something got stolen. The cops were called and everyone was taken out of class. They said: "We know who stole the [whatever]. We're giving you a chance to own up and be a man about it." Of course they didn't know, nobody owned up and nobody got bust....
Engineering is the art of compromise.
I'm a professor, former Director of Graduate Studies, and former Chairman of a major department. Just because a letter is in print -- but not in the hands of the student -- doesn't really mean that the applicant is accepted by the school -- sometimes there are questions about the funding for the student (and maybe the student might have received funding a bit later, but for the peek), sometimes it's about the "fit" with the department (lots of departments "conditionally admit" students, depending on an interview with the faculty), sometimes it's because the Dean of Graduate Studies needs to review all the provisional acceptances. Probably some other things I haven't thought of, too. And wouldn't looking at the admit list affect other choices by the schools? (Guess what: it really is the school that chooses, not the student, too. Sorry, geek readers.)
I'm sorry for the students who were too anxious. Every single year we have a list of students that our department has considered for admission. And every single year we're really supposed to keep our mouths shut, as much as we would like to tell our friends and future colleagues. I suppose it should not have been their burden, but if the putz who put the access codes and instructions out there made a cent from this, Dante has a new anteroom in Hell just for him. HBS over-reacted, but it is fully understandable as purely conventional policy.
You know, I have mixed feelings about this. I think that it is good that they are being taught a lesson, but I think the punishment may be too severe to fit the crime here. Your analogy to the bank robbery is totally absurd, since you would be taking money from the bank, whereas here you're just seeing if you'll be admitted earlier. (It's like the argument that is used sometimes with respect to file sharing, except here Harvard isn't even losing potential revenue.)
Publishing their names and getting them banned from other colleges would definitely be over the line into pure vindictiveness though. Screwing someone significantly, possibly for life if they truely are compeletly blacklisted, for one very small mistake is ludicrous.
Question is, as someone pointed out, did they know they shouldn't have?
If the "hack" was typing in an URL when logged in as mentioned, my guess is that many would type it in without even giving it any thought. Most of these 119 individuals probably wouldn't have gone through with this if it involved some serious hacking. People are curiuos by nature.
The problem here isn't curious youngsters, it is a world class business school practicing security by obscurity.
Ceterum censeo Microsoftem esse delendam
Lets see you read something on a bullitin board to see your acceptance status, that you were going to see anyway, and because you saw it before harvard thought you should see it, this is unethical? Perhaps harvard should have kept the results offline until they were ready for publication.
If these students are going to be accepted, then the IT staff should also be fired for gross incompetence.
As a middle-class, public-school attendee who was never "prepped" or tutored but is nonetheless attending an Ivy-league institution, I beg to differ. Sure, there are students at the top schools with rich parents, private-schooling, and a bevy of people to help them when necessary, but most of us got here the old-fashioned way: hard work, intelligence, good parenting, and a bit of luck.
You've got to be kidding!
First of all: You're equating "hacking" with rape. That's just disgusting.
Second: Apparently, said "hacking" was typing in an URL into the location bar. Hardly hacking.
Third: The fact that the applicants were able to see their acceptance letters is obviously a security failure and a fault of ApplyYourself. If they are not supposed to see them, make sure they can't. It's really that simple.
Free Manning, jail Obama.
Your comment brings some good insight. I fail to see a few things that some of the Harvard supporters seem to assume.
1: Harvard has a legitimate reason to withhold information considering admission from their students?
2: Accessing a site with information pertaining to yourself is of course unethical considering you had help from a 1337 d00d.
What possible explanation does Harvard have for storing the status of their students on the same database as they serve their website on? What reason does Harvard have to with-hold this information from perspective students? Applications require planning ahead on the part of students, these students dont have a chance to apply to more schools after they've been turned down by one, etc.
Second, This information was about the perspective student who accessed it. There is no rule of ethics that says you can't discover something about yourself.
Finally, what did Harvard have to loose? This was not a teachers gradebook situation where you could assume someone was snooping in hopes of "fixing" a grade. The information is purely read-only, and it's not information that would not be disclosed, it's information that would be disclosed later. Why?
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Other countries have much more intensive university processes than the United States. Do you think that this is some new phenomenon that only Americans face? Take a look at Japan and their process. Yet they don't have to stratification that you talk about.
Most modern schools of ethics are based on the harm principle. In this case, no individual person would be harmed as a result of you looking into records early; there isn't even a physical crime taking place. The results had been predetermined, your viewing the data would not change the result (Heisenberg notwithstanding).
This is another example of Harvard trying to take the morale high ground and protect its reputation after the fact. Maybe the president would like to filter out the female applicants since business classes are so mathematically heavy? Or maybe he'd like to ensure only the best future CEOs of Worldcom, Enron, Nortel, and Haliburton are produced by his business school.
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
A certain moral fiber? This required a username and password. To access your personal information. Information they were going to send you in a few days anyway. This would be like finding out the ATM at the corner where the bank was moving into was already working, and going and making a withdrawl from your account.
Harvard got caught with a truly poorly secured computing environment, and is taking it out on their applicants. F*&k Harvard. Go with a vendor who knows that a "go live date" doesn't mean you post your site a month in advance and hope nobody finds it.
The longer I live here, the more I respect MIT and the less I respect Harvard.
The ______ Agenda
I see no unethical action by students here. Who was injured by this action? So someone found out that they were not accepted or were accepted a few weeks early. Big deal! The school was not injured. Other applicants were not injured.(other spots are still available and unknown, unless this hack was really a list of all accepted individuals which according to officials was not the case) The applicants however are being injured, by the school. The company was embarassed, but rightly so. Actually they should be ashamed of doing their job poorly. It is their job to make sure "hacks" do not happen. But what do they care. As long as the 200 dollar application fees are paid by 5000 applicants, they are all set. I bet there were no screw ups in the billing aspect of the site. The school is acting unethically in this situation, not the applicants. There was no injury to the school, yet they injure applicants who for some reason wish to better themselves in the presence of Harvard. Why harvard? who knows?
Yeah, this is a total crock of shit. It was a publicly accessible URL -- no "hacking" involved, just pressing backspace. I can't believe the ill will being directed at these poor applicants.
I think it's much more like accidentally putting up a bulletin board with everyone's admit status (actually, people could only view their own data), or my acceptance/rejection envelope arriving a few days early. They're the ones who screwed up. Okay, I realize that these analogies aren't perfect. But they're much closer than most of the ridiculous comparisons and discussions and hate-mongering going on here. It's not like any admin accounts were compromised or people were altering their admit/deny status.
It's sad that Harvard crucifies its applicants instead of sacking up to the fact that they (or ApplyYourself) didn't manage their data properly.
-fren
"Where are we going, and why am I in this handbasket?"
(a) Harvard can't secure its systems properly, so it's partly their fault.
(b) No decisions were changed as a result of the access and no-one altered any data.
(c) Harvard has lost some bright students who passed their (presumably rigorous) selection process.
So is this a stupid decision, or what?
When I am king, you will be first against the wall.
It has everything to do with the subject at hand.
HBS graduates ~900 people per year from the MBA program. The fact that many end up in positions of power is only partly related to the HBS experience. Given that there are more graduates from this school than any other top business school (as it's older than the others, too), it's not surprising that you find some bad eggs. The fact that you have a list representing 0.01% of the graduates as evil (and I don't even concede all your names as true criminals/wrongdoers) shouldn't be enough to indict all HBS grads.
Perhaps you've traveled overseas and felt the injustice of being scorned as an American for actions you took no part in, or perhaps even opposed.
I don't get it. I thought in the USA every citizen was entitled to see any files kept on them simply by making a request (Freedom of Information Act). Typing in a URL in your web browser to view information about yourself doesn't seem illegal or unethical. It would seem to me that typing in a URL should be considered making a request and viewing the resulting information about yourself is well within your legal right. All I can figure is that there must have been some terms of service associated with the login process that I am unaware of, but even that seems illegal. I'm not a lawyer but maybe someone who understands this stuff could explain it for us normal folk so we don't get into trouble reading things about ourselves we aren't entitled to.
I'm going to turn lemons into lemonade, though.
Good for you, but it is too bad that you can't actually see the ethical problem with taking a peek.
Fundamentally, business runs on trust--trust between collegues and peers, trust between companies, trust between companies and the public. You earn or lose trust based on your actions.
That you took a peek isn't particularly damning, it may be chalked upto a bad decision. That you can't see that it was a bad (unethical) decision, is damning, however.
Regardless of the outcome, you did something wrong and don't seem to see that as a problem.
Actually, business runs on taking the upper hand, but whatever ...
You've got to be kidding me. How on earth is this some ethical conundrum? Information was available, unsecured, from the public Internet, to him, regarding his personal status. I could see ethics coming into the issue if the post detailed a method to view other applicants' data, but this was about him and didn't involve breaching any security. While I'm not familiar with the system (my college application, um, pre-dates this system by a bit), the delay in being notified that the data is posted could just as easily be ascribed to technical delays.
The broader issue that you seem to be missing is that faux-ethical dilemma feelgood moments like this distract from genuine ethics problems. It's a shame Harvard can't train its awesome ethical standards (like admitting C-average future presidents) on more challenging targets.
And how long have you been in the business world? Business works by beating the competition. If you think there is some honor code that everyone follows then bend over buddy, you are about to take a good reeming. Most companies I've been involved with will do anything to get the upper hand if they believe they can get away with it. I don't like it or agree with it, but that's the nature of our current business environment.
"trust between collegues and peers, trust between companies, trust between companies and the public"
Nonsense, it's "what you don't know wont hurt you"
It's one thing when you understand that the behavior is actually "peeking" and frowned upon by the schools. It's another thing entirely if you acted before knowing the schools were upset.
Many schools have a history of underutilizing its technology infrastructure. This could very easily be interpreted as an "undocumented feature" rather than a "hack" by the prospective students.
Just as easily as thinking "oooh, this is naughty, but I want to know sooner," the students could have thought to themselves "wow, this is neat -- I wonder why the schools don't tell more people about this feature."
With how long it takes to implement changes, the prospective students could just have thought the school was taking their time rolling it out.
When people enter new realms, like the online service described by this story, who exactly can say what is right and wrong when there is *NO* set boundaries of acceptable behavior?
Again, for those students who looked before being notified about this being bad behavior, how can the students be punished when nobody has ever said what they are doing is wrong?
About 20 years in various industries. Thanks for asking.
If you think there is some honor code that everyone follows then bend over buddy, you are about to take a good reeming.
So your arguement boils down to "because everyone does it, that makes it OK?"
- Because a some (maybe a majority) athletes take anabolic steriods, everyone should. Hey, it's competition.
- Because brokerages trade stocks and employ analysts of those stocks, then it's OK for those analysts to hype the very stocks they are invested in?
- Because some manufacturing plants pollute and US laws are getting stricter in pollution, it is OK to move manufacturing to another country and pollute it?
Those are realistic and actual outcomes of your position.I don't like it or agree with it, but that's the nature of our current business environment.
How sad for you, and rest of us, to buy into and accept that position.
Oh, sure, by your logic, if you go in for a medical test to see if you have cancer, and the hospital says they'll notify you in August, but they start broadcasting your results via the web (lets say, by an unlinked web page, but one that is posted on discussion forums), you argue it would be unethical for you to go find out early if you have cancer.
No serious ethicist will take your position as anything but a farce, I suspect.
If you know someone in admissions and ask them if they've heard about your status, is that equally unethical? (And before you go all black-and-white again and provide some remarkably obvious platitude from a first-year philosophy course -- yes, the individual in admissions would most likely be bound ethically not to divulge this information. And if you attempted to induce them to divulge the information after learning that they were so bound, yes, that would be unethical.)
This just isn't as neatly wrapped a package as you're saying. If the primary basis for your conclusion is a breach of trust, then it follows that the substance of that trust must be clearly communicated and agreed upon in advance. HBS saying "we'll get ahold of you on XX/XX" does not meet that standard in my opinion. Neither does a click-through EULA. A simple, plainly written agreement is closer to the mark. I don't really know enough about this service and the terms established to make a judgment here, but taking a peek is not a de facto ethical violation.
That's just my opinion. I'm willing to accept the fact that you may disagree.
Those are the "real rules" only if enough people have decided that abrogate their personal responsibility to their world and their future.
"Everyone does it" doesn't excuse the sociopathic level of behavior that results from that mind-set.
Just because you work for a corporation doesn't make the corporation's "wants" more important than the needs of humanity.
The most extreme example I know if are the Army officers who ordered their troops to massacre Vietnamese villagers because it would make their stats look better, and possibly help their careers. Or you could look to the chemical disaster in Bhopal, India. Thousands dead and the corporate types responsible, were "merely" cutting corners to serve the corporation's interest.
As humans, we need to stop letting unethical behavior be acceptable. Thus higher ethical standards are an important thing to support.
Maybe "you lose" in the business environment by not letting children get enslaved to make your shoes. I think you're more a winner by fighting that kind of decision with everything you've got.
There is no ethical problem - the information is rightfully his. It's not as if he was seeing someone else's decision.