Bookmarked Situating Student Hacking by Doug Levin (

When a student does cross the line, schools should consider long and hard whether the most appropriate response is to expel the student and criminalize that behavior versus viewing it as a unique teaching moment and a chance to shore up internal security practices. (Many organizations, in fact, pay good money for penetration testing services and/or offer bug bounties as part of their security compliance programs). Given the emphasis on STEM careers and the importance of computer science for the broader economy, it would seem that we’d want to embrace and channel the energies of those who show an interest and facility in computer operations…even when it may be in unanticipated ways.

Doug Levin reflects upon the state of hacking schools today. He provides a case study of a student from Michigan who through his own curiousity found various holes in his school’s structure, which he used to circumvent security and prank other classes. Although the easy option can be to make an example of such students, Levin argues that more proactive measures most be taken by districts in protecting data and security. For in the end digital security is a leadership issue.

Penalties and disciplinary actions for students who violate acceptable use policies are established, but what of the consequences to school districts. At what point could district leadership be considered negligent? What obligation do schools have to be forthright with their communities about their digital security shortcomings? How might schools react differently to these incidents, in ways that are more proactive and even humane? These are hard questions, no doubt, but given the frequency of ‘students hacking their schools’ incidents, I believe it is time we more forthrightly address this complicated issue.

It is interesting to consider this alongside Mal Lee and Roger Broadie’s work on digital trust.