- Find a bug that could reveal the personal information of 250,000 students
- Report it to the proper authorities at his school, Dawson College in Montreal, Canada
- Get threatened with jail, and get expelled from college
Twenty-year-old Ahmed Al-Khabaz found a flaw in the college-management Omnivox software that most colleges in Quebec use, according to Canada’s National Post. He reported it to the college’s director of IT, who congratulated him and thanked him.
But two days later, when Al-Khabaz decided to double-check whether a fix was in place, he was surprised by a phone call from Edouard Taza, the president of Skytech, the company that makes Omnivox. Al-Khabaz say that Taza accused him of implementing a “cyber-attack,” threatened him with jail, and forced him to sign a nondisclosure agreement.
But despite his cooperation with what some might say was an unreasonable and bullying approach, Al-Khabaz was expelled from college.
Calls to Donna Varrica and Carey-Ann Pawsey at the Dawson’s communications office go straight to voicemail, but the college has posted a statement on its website, standing by its decision and saying that Al-Khabaz had been warned on at least one occasion to “cease and desist.”
Dawson College stands by its policies regarding academic integrity and professional code of conduct. The provisions of these policies are clearly stated in the Institutional Student Evaluation Policy and the Code of Conduct on the website (listed below).
Under the terms of Quebec privacy laws, it is illegal to discuss the details of student files with individuals or with the media. Dawson College practices due process and due diligence in every case brought before the review committee. If a student does not agree with a decision, he or she has the right to appeal, as spelled out in the policies
In the recent case of Ahmed Al-Khabaz, which he himself brought to the media, the College stands by its decision. The reasons cited in the National Post article for which the student was expelled are inaccurate. The process which leads to expulsion includes a step in which a student is issued an advisory to cease and desist the activities for which he or she is being sanctioned, particularly in the area of professional code of conduct. Conditions for remaining in the College on good terms are clearly explained in person to the student.
When this directive is contravened by the student by engaging in additional activities of the same sort, the College has no recourse but to take appropriate measures to sanction the student.
I have not been able to speak to Al-Khabaz yet, but based on the publicly available facts, Dawson College and Skytech — sounds suspiciously like Skynet, no? — should be thanking him and perhaps rewarding him.
VentureBeat has reached out to Edouard Taza, Skytech’s president, and will update if he responds.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.