Monday 21 January 2013

Ahmed Al-Khabaz - Malevolent Montrealer or Student Saviour?

You probably won't know the name to read it, but if you were a Dawson College student you'd likely have heard all about Mr. Ahmed Al-Khabaz by now.

Al-Khabaz is one of two students credited with exposing a flaw in the security coding for the system that handles the delicate personal information of students from most of Quebec's colleges. These colleges use a system created by Skytech to store this information and while attempting to design a mobile app for students seeking to access their information on-the-go, he stumbled across what he calls "a flaw which left the personal information of thousands of students... vulnerable". He immediately contacted the college about the issue saying that he felt it was his "moral obligation" to do so, and was initially thanked for his actions and told that Skytech would work immediately to resolve the issue.

So far, so good right? Right. Up to this point there was no issue held by the college or by Skytech against al-Khabaz or his colleague Ovidiu Mija. However, the story develops further and it is with these developments that the real issues come out.

Ahmed ran a program to test against the security breach some time after reporting it to the college and having the meeting to discuss the issue with college and Skytech representatives. After running this program he was contacted by Skytech at which time they notified him that what he was doing was considered a cyber attack, regardless of intentions, and they are reported to have mentioned that jail time and prosecution could result from his actions. Now it has not yet been determined in what manner these statements were made, that being whether they were issued as threats or simply as advice to a student, however the real issue is that Ahmed Al-Khabaz was expelled from college through a meeting held a short time later.

So my question to you, the reader, is this:

Should Ahmed Al-Khabaz be allowed to return to his program, and have his record wiped clean of what is being called a "serious professional conduct issue".

As you could imagine, this kind of labelling could ruin any chance that Al-Khabaz would ever have of getting into another computer sciences program, or any post-secondary program at all much less into a stable employment position. He has also incurred an amount of financial aide debt because of his expulsion, further inconveniencing him.

To me this is a case of someone going farther than they should have with the best of motives at heart. Although the road to hell is rumoured to be paved with good intentions, I can see where he could've found the justification to run the breach-checking program as he was, after all, one of the students who discovered and reported the issue in the first place. You would think, and likely HE thought, that his actions would be seen as simple due diligence, and that they should have even garnered him some level of gratitude to make sure that all the angles were covered. In essence, he was helping Skytech to cover their asses and he was crucified for it. So much for not shooting the messenger. It's a wonder we have any whistle-blowers in today's society where no matter how pure your motives are, or how much people stand to actually benefit from your actions, when you expose a flaw in a business all hell will be brought down upon you.

I hope you've enjoyed your swim, please comment with your views readers!

Joshua J. Taylor

Quotes and general info first taken from: http://news.nationalpost.com/2013/01/20/youth-expelled-from-montreal-college-after-finding-sloppy-coding-that-compromised-security-of-250000-students-personal-data/

No comments:

Post a Comment