Students (and Employees): Hack at Your Own Risk
A school board expelled a tenth-grade student for the remainder of the semester after he admitted helping another student hack into the school’s computer system. In M.T. for A.T. v. Central York School District, the decision was upheld by a York County judge and, on November 5, 2007, by the Commonwealth Court of Pennsylvania.
This was not the first time the student violated the school’s computer use policy. He previously was suspended for making fake student ID cards. This time, he admittedly decoded encrypted information, obtained passwords that he was not supposed to have, used an administrative password to install software that enabled access from the Internet, and had access to several teachers’ accounts. Given the escalating nature of the offense, the appellate court found that the punishment was appropriate and, indeed, needed to get the student’s attention.
To justify the expulsion, the school board relied on its Student Code, including the Computer Use Policy, which parents and students receive through a Student Planner. The student had signed a copy of the Policy. At the hearing, the student did not testify, but his mother did, and she admitted that her son probably knew he should not have done what he did. The student argued on appeal, though, that he should only have been suspended, per the policy. The courts agreed with the school board that the policy had only a suggestion of suspension as a penalty, while the appendix to the Code stated that such a penalty was merely a guide. Therefore, the school board acted within its discretion, and consistent with its policy, when it expelled the student for what it considered to be a serious breach. The principal testified that security of its computer system is more important than ever because the school had moved to a paperless system.
This case has implications for employers as well as for schools. The legal analysis of the Code was consistent with how courts analyze employee handbooks with respect to employee misconduct and ramifications. Essentially, a contract analysis was applied to interpret the Code. Also, it indicates that schools (and employers) will be given latitude to protect themselves from hackers.
