Administrators Draft Guidelines For Responsible, Safe Hacking

In preparation for the release of a set of hacking guidelines, Chancellor Phillip L. Clay PhD ’75 sent an e-mail out to all MIT students last week that said students must take full responsibility for their actions even while celebrating and protecting traditions such as hacking. The e-mail also addressed integrity, warning students against academic dishonesty and illegal downloading.

In his e-mail, Clay describes the “true hacking tradition,” cites parts of the Hacker’s Code of Ethics — a code MIT hackers are supposed to abide by — and advises students to be responsible in order to protect the hacking tradition. For the full text of Clay’s e-mail, sent to students on Monday, Oct. 1, see page 21.

“Hacking is the design and execution of harmless pranks, tricks, explorations, and creative inventions that demonstrate ingenuity and cleverness,” Clay said in the e-mail. True hackers, Clay said, identify themselves when they encounter the police and do not try to evade them. They also do not create public hazards.

“Those who violate the tradition, by endangering themselves or others, by breaking the law or other departures from the ‘hacking code of conduct’ cannot seek protection from responsibility, and they will be held accountable for their actions,” Clay said.

Clay said that the e-mail was prompted in part by “numerous events over the past couple years that have revealed a need to re-emphasize safety, responsibility, and integrity.” Though he did not name specific events in his e-mail, Clay was referring to a January 2006 incident in which an undergraduate fell through a skylight on the roof of Building 5 and an October 2006 incident in which three students were found in the Faculty Club and were charged with felonies in Cambridge District Court. The charges were later dropped.

“We cannot deny the fact that what was tolerated in the past, and may even have been celebrated, is now viewed different,” Clay said in his e-mail to students, referring to changes in perception since Sept. 11, 2001. “Dangerous or illegal behavior labeled as hacks is a risk for us all and threatens our ability to be as open as we have been in the past.”

In his e-mail, Clay used showering, a form of hazing, as an example of an activity that MIT students must take responsibility for and stop. Clay told The Tech that he did not want to use specific examples of hacking incidents that have been problematic because the students involved were named.

Hacking guidelines will be added to the student handbook, Clay said in his e-mail. The language for the guidelines has been developed over the past few months with input from a committee of students, faculty, and administrators. Discussions about guidelines began after the Faculty Club incident became widely known in February.

The committee responsible for the guidelines includes MIT Police Chief John DiFava, representatives from the Committee on Discipline and MIT’s general counsel, administrators such as Clay and Dean for Student Life Larry G. Benedict, and student representatives, including Undergraduate Association President Martin F. Holmes ’08, UA Vice President Ali S. Wyne ’08, UA Senator Steven M. Kelch ’08, and Graduate Student Council President Leeland B. Ekstrom G.

“The guidelines are coming about because there has always been ambiguity as to how MIT would handle its position on hacking,” Kelch said.

In the spring, administrators met with a group of four or five MIT “hacking insiders” from around campus for input as well, Holmes said.

One major change is that all future hacking cases dealing with unauthorized access will be brought to the faculty-student Committee on Discipline. Holmes said that the administration was very insistent on this point.

In the past, hacking cases were handled by many different groups, including the MIT Police, deans, and the CoD, Kelch said. The committee has recognized that they “can’t have multiple tracks,” Kelch said. “It’s too hard to be accountable.”

Part of the plan is to include a module on campus culture and hacking in the training the CoD receives each year, Kelch said.

The language and guidelines going into the student handbook will include three parts, Holmes said. The first is an MIT statement supporting the preservation of the hacking tradition; the second is the restatement of the hacker’s code of ethics; and the third is the policy on unauthorized access. The hacking guidelines have not yet been finalized.

The statement on hacking is the big change, Kelch said. “MIT is finally taking a stance on hacking,” he said, and is recognizing that hacking is a tradition that should be preserved.

However, it is a delicate balance for MIT, which could face legal liability if it were seen to condone illegal activity. “Most administrators do understand hacking,” Kelch said. “They are willing to try to preserve that, but they can’t condone dangerous activity.”

Kelch pointed out that unauthorized access — of rooftops and other areas of campus — is not necessarily illegal. The unauthorized access policy is general enough to go beyond hacking, Kelch said. If hacking or unauthorized access involves illegal activity, it may be processed outside of MIT.

“I feel like the policy is going to be misunderstood,” Kelch said. “A lot of students won’t understand just how delicate a balance it is.”

Wyne said that the committee is working to achieve a balance between two extremes — giving too explicit a policy, one which delineates all possible hacks and penalties, and being too vague. “A rubric that’s overly explicit leaves its enforcers with little interpretive freedom,” Wyne said in an e-mail. “There will always be situations that the rubric doesn’t cover.”

“On the other hand, Martin [Holmes] and I believe that the hacking guidelines as they stand now are so vague that the locations that’d be considered off-limits; the actions that’d be considered deserving of punishment; and the punishments that’d be applied … are all unclear,” Wyne continued.

An unauthorized access policy that will not be used, Kelch said, is the one proposed by former UA Vice President Jessie H. Lowell ’07 in 2005. The proposed policy, listing very specific penalties for a first offense and repeat offenses, replaced the previous rooftop fines with community service. This service policy never went into effect, Kelch said.

Kelch said that the CoD values independence, “the ability to take each case, case by case.” With a very explicit set of guidelines, “you reduce the human nature of the CoD,” Kelch said. He added that the CoD will likely judge each case using precedent — whether community service or fines — and scale up for repeat offenses.