...Just remember folks, there are TWO SIDES to every story.
...and to every equation...
But seriously, I would suggest that the issue here is the communication and publication of college security standards.
It would need to have been communicated clearly to the students - i.e., documented in college rules/regulations, and they had had it spelled out to them - that it was a "capital offence" to ping or test/retest the university's network security, but had it been so communicated?If it had
, then fine, and Ahmed Al-Khabaz had been dealt with appropriately - but only if
he had also been clearly warned after the first
breach (I read one report that said he was apparently told that this was the second
breach).If it had not
, or if he had not even been warned after the first breach, then Ahmed Al-Khabaz would seem to have been done a great wrong, and possibly even entrapped.
In any event, I am skeptical whether they really would put it to a vote as has been reported. Would that have been the policy and corresponding due process? If so, then it sounds like it's a potentially wide-open to question and dubious process to me. I mean, no-one takes a decision, just blame it on a committee? No, the Provost should/would have been all over this one like a bad rash, making decisions.
No typical college or university can be a high-security IT establishment (e.g., like a military or Defence establishment), by definition. They need to retain Open and accessible systems for the students to use. Students will not necessarily be familiar with all the prevailing rules/regulations, and would be given the benefit of the doubt - especially in such a a case as this, where the student accidentally discovers and reports a flaw.
If he was an employee of a military or Defence establishment, then, in my experience he'd have been summarily dismissed and immediately physically escorted out the door, but that is not applicable in this case.