When you hear the story of Canadian computer science student Ahmed Al-Khabaz and how he was expelled from Montreal’s Dawson College, you’ll feel outraged.
Al-Khabaz was working on a mobile app for the school as part of the software development club. The app was to allow students easier access to their college account. He and a colleague discovered a flaw in the Omnivox software used by Dawson (and most Quebec general and vocational colleges). The flaw, which he describes as “sloppy coding”, would allow anyone with a little computer knowledge to gain access to all of the college’s students – including social insurance numbers, home addresses, and more.
Feeling morally compelled to do something, Al-Khabaz reported the flaw to the Director of Information Services and Technology at the school, Francois Paradis. This was in late October of 2012. Al-Khabaz and his co-worker were congratulated for finding the problem and pointing it out before it could become a serious issue and for suggesting possible fixes. The Director then took the information to Skytech, which makes Omnivox.
Two days later, Al-Khabaz ran a software program called Acunetix on the system to test for vulnerabilities to see if the fix had been implemented. He had done nothing to hide his identity or location when he did so and was promptly called by the president of Skytech, Edouard Taza who, Al-Khabaz says, threatened the student with financial and legal penalties if he did not sign a non-disclosure agreement protecting the company’s information.
Taza claims that he made no threats, but did inform Al-Khabaz of the legal ramifications for his use of the “cyber attack” software and that he feels the student made a mistake, but it was not malicious nor did he or his company treat it as such once they’d met with Al-Khabaz after the phone call.
Administrators at Dawson College, however, seem to have a different point of view, launching immediate procedures to expel Al-Khabaz for what they describe as a “serious professional conduct issue.”
According to Al-Khabaz’s account of the meeting with the dean and others at the school, however, most of the questions asked of him were regarding who he had or had not told and whether he understood the non-disclosure he’d been made to sign. Al-Khabaz says he felt they were more interested in covering up the problem and tying off loose ends than they were in whether or not he’d done anything wrong.
Fourteen of fifteen computer science professors at the school voted to expel Al-Khabaz, all without ever hearing his side of the story. His appeals were denied.
For his troubles, this young computer science student has been expelled from school, had all of his grades dropped to a zero, and had the expulsion put onto his permanent academic record. This means he has to repay his financial aid, cannot get into another Canadian school because of that record, and cannot get into another school out of country because of his low academics from the zeroes.
For finding a serious problem that, in the wrong hands, could have meant disaster, 20-year-old student Ahmed Al-Khabaz was expelled.
PS. As a sidebar, I happened across a similar issue back in my days at college studying Computer Science. So this story really resonated with me. I hope this situation eventually unfolds for the better … for all concerned.