By Emily Sullivan
Associate Editor
When you apply to a college, you have to give whatever university you have chosen a lot of personal information.
In an application, such as the one you fill out when applying to St. Bonaventure University, you have to give them your social security number, home address and phone number.
You put your trust in that school to keep the information safe from people who don’t need to see it. If you knew there was a way people could hack into that information, you’d expect the administration to do something.
You’d want them to fix the problem, not expel the student who found it.
Hamed Al-Khabaz, a computer science student at Dawson University in Montreal was surprised when he found an error in the school’s software that would allow anyone with a basic computer knowledge to hack the computers and get information on a student or applicant, according to a Jan. 20 National Post article.
Al-Khabaz, a member of the school’s software development club, was working on a mobile app that would allow college students easier access to their student accounts. While doing the work, he and a friend discovered “sloppy coding” in the Omnivox program, the program that students use to access their accounts. This could have affected more than 250,000 Quebec students, according to the same article.
Al-Khabaz reported the glitch to the schools Director of Information Services and Technology, which was the smart thing to do. Students should be able to depend on the school to fix problems like this. The director told him that Skytech, the makers of Omnivox, would take care of the issue, according to a Jan. 22 Huffington Post article.
A few days later, Al-Khabaz wanted to see if the program had been fixed by using a program called Acunetix, but Skytech accused him of a cyber-attack. When Al-Khabaz explained what he was doing, Skytech recognized that he wasn’t doing anything malicious, according to the same article.
The college didn’t see it that way.
After his professors sat down and discussed the situation, 14 out of 15 professors voted to expel Al-Khabaz for “unprofessional conduct,” according to the Huffington Post article.
Al-Khabaz didn’t do anything wrong. As a fellow college student, I depend on Bonaventure to keep my personal information safe from people who could use it to hurt me. Al-Khabaz was looking out for his classmates and other college students when he originally reported the error.
What if Al-Khabaz hadn’t been a concerned student when he easily hacked into the system? What if he had been an actual computer hacker looking to steal an identity? It shows how easy it would be for a person to get information from the college about each student.
“In the wrong hands, this breach could have caused a disaster,” Al-Khabaz said, according to the Huffington Post article. “Students could have been stalked, had their identities stolen, their lockers opened and who knows what else. I found a serious problem, and tried to help fix it. For that I was expelled.”
The college is at fault here. They should have tried to immediately fix the problem instead of letting it wait the way that they did.
Personal information should be just that — personal.