92 comments

[ 3.4 ms ] story [ 179 ms ] thread
I hope this doesn't mean what it sounds like: "The school district spokesperson said that "our information technology department is working to get all our passwords centralized."
In all likelihood, it means exactly what it sounds like. :/
> The school district spokesperson said that "our information technology department is working to get all our passwords centralized."

I think I can see the problem here.

I'm sure everyone on HN that is young enough to have had computers while in highschool has gone through this bullshit of fighting tech-illiterate adults what constitutes using a computer. Most of them are not aware that there are productive ways to use computers outside of Microsoft Office and IE. I shit you not, I used to get logged off by the dumbass librarian for opening Idle and playing with python. White on black text means I must have been up to no good.

It's so clear to me that this kid actually is a hacker. Just in the Stallman sense of the word. I suspect he's just like any of us were at his age-- completely and utterly in love with computers. He was suspended before from using computers, and he found a way around it. You know what that says to me? He's got the knack.[1] Highschool is a waste of this guys time. We should have him in a CS program somewhere. Instead, he's got a few more years of hell.

What bothers me is the heavy handedness of this. He had been suspended for 3 days before. He's suspended now for 10 days. He's going to have to go to court. This has effects on this young mans life that we may not have a huge appreciation for. The result might culminate as a slip in his grades. It might be as much as having to transfer schools and becoming a social outcast. It might be the stress it places on his relationship with his parents, which shamefully have to show up to court.

But the point is this is a smart kid that is being punished for existing in a fucked up education system, and his future success in that system is at stake. And most unfortunately, his success in that system will dictate what college he gets into, what job he gets, and what his life will be.

That bothers me so much. I wish I could reach out, tell his parents to not punish him, and encourage him to get his GED and not let this ruin his life.

[1]: https://www.youtube.com/watch?v=60P1xG32Feo

I agree. It seems reasonable to punish within the school system - a detention, something along those lines, but legal action feels ridiculous. Pranks and things of this nature are commonplace at that age, and computers are a modern vehicle for those pranks.
I found the administrator password for my school's NT network, in 1997 or so. It was "changeme". I think the only thing I used it for was to re-enable right clicking in Windows for my user account. (It was blocked, I don't know why.)

Many months later, another boy changed the password. I think he got detention, and probably a ban from using the computers outside lessons.

I agree that the way they treated this kid is insane, but you seem to have invented a persona for him that wasn't supported by the article at all.

There's no indication that he particularly likes computers, let alone that he's "completely and utterly in love with them".

He basically just noticed that the IT department had stupid password policies and messed around on other people's accounts. He himself could be mostly tech-illiterate.

There's also no evidence that high school is a waste of this kid's time. If he's doing stupid, immature shit like this, he does need a structured environment where he has good role models. This particular high school may not be the right one for him, but he does need one.

And he wasn't suspended before for using the computers. He was suspended for getting into other people's accounts.

> "The student had previously been suspended three days from school for similarly accessing computers without permission."

To me, that says he used a computer when he was otherwise banned from it.

And that's where I'm getting this persona from. Yeah, I'm reading into it, and you're right to call me out on this. I still think he's probably close to what I'm describing, and I'm sure he's wanting to study compsci at some level.

You're reading waaay into it. We used to do stupid stuff like this all the time. Kids who never had any interest in computers (and neither do today) used to pull pranks like this. It's just what kids do. Nothing else. Never in a million years can you stop kids from pulling pranks.

Nobody in my school touched the teachers' computers though. A lot of us knew the passwords for many of their computers, but those were sacred. The "pranks" some of us pulled were way worse than what the kid in the article did though.

But it looks like everyone's been doing it.

    > But Green, interviewed at home, said students would often
    > log into the administrative account to screen-share with
    > their friends. They'd use the school computers' cameras 
    > to see each other, he said.
Maybe it's no big deal until a pic of two men kissing gets involved.
If they were concerned about unauthorized people getting into their accounts, they should've changed the password away from their lastname and not posted it publicly.
This is true. They can't charge everyone under the cfaa, if, suppose, reddit or 4chan found a public ip and a VPN server...
I agree that this is a bit heavy handed but I do not believe that we should advertise hacking into other people computers (nevermind how dumm is their protection) as being a venial activity. Most hackers who write spam bots, viruses, etc, wouldn't go in a street and beat up an old woman randomly. They are not really bad ass criminals. But somehow they think that it's OK to infect thousands of machines. Well it's not. They are committing crime and harm just because they can. And I think the sentiment that if a crime is committed electronically then it doesn't really matter is an attitude that we need to change.
He didn't harm anyone. He even had opportunity to do malicious things like change grades or steal standardized tests, and did not. It was all just for kicks.

Downvote me if you will but I truly support what this kid did. Maybe I'm still immature, or maybe I see a lot of him in me, but I honestly think it's hilarious and I don't care what lessons he is or isn't learning out of this ordeal.

Well technically, if the teacher was found with pornography on his school computer and the school believed he downloaded it, he could certainly have been fired, and that may well have been the intention of the kid. I am not saying he should go to jail or anything heavy handed like that but a punishment is certainly relevant.

But in general, we are creating sociopaths if we do not set a moral barrier in hacking into other people machines.

  > he could certainly have been fired
not only fired. In Australia, teachers must be centrally registered to enter the classroom. An accusation such as this which was actually upheld would disqualify them from gaining registration across Australia, effectively nuking their career from orbit.

I assume similar registration requirements exist in the US.

I think they've actually just conflated "two men kissing" with "pornography". This is Florida, which I equate with "geriatric and bigoted".
That's a boatload of 'ifs' and 'coulds'.
So planting an obscene/pornographic image isn't malicious by your standards. Where do you draw the line? That is why rules exist for a reason.
Let's not turn this into a discussion of something other than what it is: a harmless prank. Kids have been pranking teachers since before public education was a thing, let alone computers. I'm not saying it's a good or smart thing to do - but that's why they are kids and not adults.

Of course educators have to enforce the rules as well as their authority in the face of insubordination, - and I don't think people are arguing the kid shouldn't get in trouble.

But apologia for the felony charges is crazy, if that's sufficient grounds for a felony charge - I'd wager that a significant (double-digit) percentage of all people employed in tech would have been charged as kids.

If we were treating kids as adults from a legal point of view, all of them would have a criminal record before they are 10. Kids steal from each others, fight each other, etc. It is the role of education to precisely elevate them to the standards of our society. So I agree with you the felony charge seems overblown. Though the article says the kid is a recidivist, which may explain the legal escalation.
I'll preface this by saying that the felony aspect of this case, if accurate, is way out of proportion. I don't know how the US system works, but here in Australia it is very unlikely for the police to be called in for a matter such as this one.

   > It's so clear to me that this kid actually is a hacker. Just in the Stallman sense of the word. I suspect he's just like any of us were at his age-- completely and utterly in love with computers. He was suspended before from using computers, and he found a way around it. Highschool is a waste of this guys time. We should have him in a CS program somewhere. Instead, he's got a few more years of hell.
This is pure speculation on your part. He could be the next, up and coming, Wozniak, or more likely, he is an otherwise unremarkable trouble maker.

As a male high school teacher I am acutely aware of the potentially career ending issues that can come about in my usual day-to-day work. We as teachers:

1. Are never in a room alone with a student

2. Are very careful about what we say/do around students. No curse words even among staff in the yard.

3. No suggestive language. Limited "joking around" etc.

As a teacher I am constantly on the defensive. This is because I have a job that puts me in a trusted position of power working with other people's children. The onus is on me for my actions to be above reproach at all times.

The amount of damage that could be inflicted on a teacher by a malicious student through the use of their system account makes me shudder. A truly malicious student could utterly destroy a teacher's reputation and ability to be re-hired by accessing illegal web material, sending inappropriate emails etc.

We work very hard to maintain a spotless reputation. Just the accusation of wrongdoing could do great harm to a teacher's standing.

Your characterization of this student as some gifted hacker is also more than likely wrong. In the past 10 years of teaching I've encountered countless cases of otherwise utterly unremarkable students who were obsessed with keyloggers and "programming" which amounted to little more that script kiddy BS. The truly gifted students were far less interested in stealing passwords than the students looking for a quick way to hack the system and cause grief/harm.

  > But the point is this is a smart kid that is being punished for existing in a fucked up education system
I didn't see any indication that this was a "smart kid". Maybe he was. Shoulder surfing his teacher to steal their password doesn't indicate a high level of intelligence.

The fact that the school had a dumb password policy is tangential.

At my school we have a comprehensive computer ethics component to the curriculum where we do talk about the criminality of unauthorized computer access. Sounds like this student didn't get the message after his first suspension.

A felony is ridiculous, but part of a well rounded education must involve teaching students that this type of computer access will get you thrown in prison as an adult.

All those actions around the theme of acting appropriate around students at all times are the result of a fairly large number of teachers acting inappropriately at some time in the past.

Surely kids pulling pranks happened long before teachers became much more sensitive to making sure their actions would not be mis-interpreted and this really is just another prank.

Making such a big deal out of it seems to be a total over-reaction.

FWIW the high school that I went to had a teacher cadre of approximately 40 teachers and three of those were confirmed to be paedophiles after I left the school (2 males, 1 female). That's a 'sample of 1' so take it with a grain of salt but to me it is a shockingly large number and it's those people that are the cause of your 'walking on eggs' feeling, not the pranks the students have been pulling on their teachers since the dawn of time.

Changing a background picture is right up there with putting a poster on the backside of the blackboard, on a scale of the kind of pranks high school students tend to pull it's a complete non-event, the fact that it involves a computer makes the offence not much worse. This habitual over-reaction because something involves a computer really should stop, everything involves computers at some level nowadays. He's being punished for what he could have done, rather than for what he actually did (change a background pic and alert the teacher to get a much better password rather than destroy his reputation, in return they are now destroying his reputation).

If a forged email can get you fired you have different problems, that email could be forged quite convincingly without access to your computer at all...

   > Making such a big deal out of it seems to be a total over-reaction.
As I already mentioned. A felony charge is a gross overreaction.

Your characterization goes too far in the opposite direction. This is more than just a harmless prank.

   > three of those were confirmed to be paedophiles.
I'm sorry to hear that.

   > it's those people that are the cause of your 'walking on eggs' feeling
That's certainly half of the equation. The other half is the sadly routine issue of innocent teachers being accused of wrongdoing by malicious students. My school deals with these types of issues every year. Students often retract their accusations when they realise how quickly their angry accusation turns into a very serious investigation of said teacher. I've heard from first hand accounts this exact scenario play out a number of times. Most of these issues play out behind closed doors, so my sample of 3 or 4 over the last 10 years would mean that his type of issues is routine in a school setting. As you can imagine this type of process is extremely stressful for the teacher involved.

   >  the fact that it involves a computer makes the offence not much worse
This is flat out wrong.

   > He's being punished for what he could have done
Taking unauthorised control of a teacher's computer is a very serious issue. An unambiguous message must be sent to all other students contemplating this type of action. The potential of harm is exactly what elevates this to a far higher level.

   > change a background pic and alert the teacher to get a much better password rather than destroy his reputation
You are mischaracterizing the student portrayed in the article. From the article the student changed the background because he did not like the teacher. The fact the his actions were relatively harmless are indicative of his lack of imagination, not his good character.

   > that email could be forged quite convincingly without access to your computer at all...
Spoofed headers could be easily challenged if it came to that. The issue of a student gaining access to a teacher's account and accessing it from school equipment greatly increases the burden of defense for the teacher. Now the access was not forged or spoofed in some way, it is indistinguishable from actions that the teacher could have undertaken.
Sure, but that's all 'coulds' not 'dids'. Whether he changed the pic because he disliked the teacher or liked him is immaterial it is the access that matters here not the actual change.

But something tells me that if the student doesn't like the teacher the teacher won't like the student either and in this case the teacher went absolutely overboard in going after the student, it is a textbook case of out-of-proportion escalation.

No real harm was done and this should have been kept inside the school walls.

Taking unauthorized control of a computer to replace a background image is something else than taking unauthorized control of a teachers computer in order to destroy their reputation. And in that case a response such as this one would have been appropriate.

As for spoofed headers being 'easily challenged', this IT department isn't even capable of coming up with a proper password policy, do you think they'd be able to differentiate between forged headers and real ones?

Sounds like we agree far more than we disagree. As I've mentioned a couple of times in this thread, I find the involvement of the police a gross overreaction.

Where we disagree is in your (and others) charactirisation of this as a harmless prank.

   >  No real harm was done and this should have been kept inside the school walls.
The potential for real harm was very real.

   > Taking unauthorized control of a computer to replace a background image is something else than taking unauthorized control of a teachers computer in order to destroy their reputation.
The background image was of 2 men kissing. Let's be charitable to the student and assume that it was not pornographic. It's not unreasonable to assume that the student was hoping that the teacher would inadvertently show this image on an overhead projector to the whole class. If setting up a male teacher to show an image of homosexuals was not intended to negatively affect his reputation then what was the intent?

If on the other hand the image was pornographic in nature then I'm confident that any 14 year old would know that "Mr.Blogs will get in lots of trouble for this!!!Lolz!!1!!"

   > in this case the teacher went absolutely overboard in going after the student
This is not how schools work. A teacher does not "go after" students. They report the incident and school administrators take it from there. And i'll state it again - I am not in favor of the felony escalation of this issue!

In a previous response you equated this "prank" to posting an image on the back of a chalkboard.

Equating the two is deeply flawed. The chalkboard does not have any access control. The default response is : "hey some kid posted a stupid picture... lol!". A computer on the other hand does have access control. The default response then becomes "wow the authorised user of this computer set the background image to 2 gay men kissing". This is not a subtle difference. This is the difference between a simple prank and an innocent teacher with a smeared reputation and potentially ruined career!

> The potential for real harm was very real.

Yes, but normally we punish people for intent and actual harm not for potential.

> The background image was of 2 men kissing. Let's be charitable to the student and assume that it was not pornographic. It's not unreasonable to assume that the student was hoping that the teacher would inadvertently show this image on an overhead projector to the whole class. If setting up a male teacher to show an image of homosexuals was not intended to negatively affect his reputation then what was the intent?

If you're a high school teacher you're going to have to have a ticker skin than that to let such stuff bother you. You're dealing with 30-odd students with hormones raging and all kinds of issues they need to deal with, your 'reputation' is not going to be damaged one way or another by you putting up a picture on an overhead projector placed there by another person. But your reputation will be determined by how you respond to it.

> This is not how schools work. A teacher does not "go after" students. They report the incident and school administrators take it from there.

Exactly. So if there is a chance of an over-reaction you limit the damage, both for yourself and the school and the student.

> The chalkboard does not have any access control.

That computer came pretty close to not having access control either. Using the lastname of the teacher as a password does not count as 'access control' imo.

> The chalkboard does not have any access control. The default response is : "hey some kid posted a stupid picture... lol!".

And that's exactly where this should have ended.

> A computer on the other hand does have access control. The default response then becomes "wow the authorised user of this computer set the background image to 2 gay men kissing".

It should be fairly obvious that the teacher did not put the image there to all present, that's the whole point of a prank. After all, it was found out who did it, wasn't it?

The teachers career was not in any danger so you're still responding to what might have been, not what actually was.

   > Yes, but normally we punish people for intent and actual harm not for potential.
And this is the key to our disagreement. As a practicing teacher, for me, unauthorised access of my computer by a student is not a harmless prank. It is a serious action in its own right requiring serious consequences. It would not be characterised by any teacher that is sound of mind as a "harmless prank"

The subsequent actions are immaterial. The access itself is already a serious issue. As teachers part of what we do is to build communities of ethical participants. I should be able to momentarily leave my desk unattended without fear of a malicious student defacing my desktop with a pornographic image.

Let me make this very clear - it is the access itself that already makes this a serious issue, regardless of any potential harm that may or may not have been done in the process!

Of course as I have already stated many times:

1. Involving the police is an overreaction.

2. Treating it as a harmless prank is an underreaction

3. A reasonable middle ground should have been pursued by the school

   > If you're a high school teacher you're going to have to have a ticker skin than that to let such stuff bother you.
This has nothing do do with having a thick skin.

   >  your 'reputation' is not going to be damaged one way or another by you putting up a picture on an overhead projector placed there by another person.
You are conflating personal reputation with professional reputation. Your professional reputation absolutely can be harmed, even by completely unsubstantiated accusations. This is true of all workplaces, not just schools.

   > But your reputation will be determined by how you respond to it.
According to normal school policy this teacher acted exactly as they should by reporting this serious issue. By doing so they have preserved their professional reputation. Not reporting the issue would have been a breach of their contractual and ethical obligations.

   > That computer came pretty close to not having access control either. Using the lastname of the teacher as a password does not count as 'access control' imo
This is a tangential issue. Yes the school should have had better password policies in place. "your password was insecure" is not a valid defense in respect to unauthorised computer use. If an adult tried the same in court they would be laughed out. And yes, this was not an adult, but as teachers part of our job is to educate our students about the real world. If we treat this issue as a "harmless prank" in school and then the young adult enters the real world after leaving school they will be surprised when a judge doesn't buy their classic "Harmless Prank" defense!

   > It should be fairly obvious that the teacher did not put the image there to all present, that's the whole point of a prank. After all, it was found out who did it, wasn't it?
That's not how things work in the real world. If a teacher is found to have any inappropriate material tied to their school account an investigation would (and rightly so) be conducted. I'm speaking from experience here. Schools take this kind of thing very seriously. This is why we as teachers also take this kind of action very seriously. There is no such think as "haha just kidding buddy!! :)" in a school setting.

   > The teachers career was not in any danger so you're still responding to what might have been, not what actually was.
This is naive. The intent of the student was clearly malicious. The teacher was lucky and dodged a bullet. You have no idea how quickly bad news travels in a high school. If even one or two students happened to catch sight of the image on the teacher's screen it would be the number one ...
I think you're under-estimating the effects of the fall-out of all this on both the reputation of the teacher and of the school. Bad judgement all around. Sure the pupil was in the wrong but we're discussing this across timezones now, which means it has gone way beyond where it should have gone and you really can not blame the student for that.

That you're more sensitive to this issue because you are a teacher is obvious (fwiw my brother was a high school History teacher and from the fact that that's in the past tense you can take it as read that I understand some of the pressure), that should not get you distracted too much about what happened here.

"malicious" is a very stretchable word, I've lived in the 'real world' long enough now that I think that I can recognize an over-reaction when I see one (and your comments are also over-reacting). The fact that teachers in the past have over-stepped their conduct should not result in those measures having effects on the future lives of students in their care, that's just more fall-out.

If you're concerned about access to your computer then protect it properly and refuse to work with a school that mandates insecure setups.

Having an insecure machine isn't a valid defence against being hacked either, in that 'real world' that you go on about you have an obligation to secure your property just as much as the other party has an obligation not to attempt to breach that security.

Where this all failed is where it began: education, if educators are not able to create an atmosphere where there is room for some give-and-take and where harmless pranks can ruin lives then we've all lost.

The reason why we use separate rules for minors and adults is that they are minors! Keep in mind you're dealing with kids here and don't ruthlessly apply the standards and rulesets for adults to kids. Half the time they don't oversee the consequences of their actions.

> You have no idea how quickly bad news travels in a high school. If even one or two students happened to catch sight of the image on the teacher's screen it would be the number one talking point across the school within hours. This would lead to an official administrative investigation within less than 24 hours! If the teacher didn't immediately report the issue it would without a doubt be viewed as the teacher having something to hide. This kind of issue can very quickly escalate in a school setting.

If that's the atmosphere you're working in then you have already lost before you started.

   > and your comments are also over-reacting
In what sense? I have all along stated that involving the police is a gross overreaction. Treating unauthorized access of a teacher's computer as a "harmless prank" is a monumental underreaction. I've already clearly spelled out the multitude of ways in which a teacher's professional career can be utterly destroyed by a malicious actor. The potential for devastating consequences for the teacher are not hypothetical!

   > If you're concerned about access to your computer then protect it properly and refuse to work with a school that mandates insecure setups.
As I've said all along the actual password polices were stupid and incompetent, but they are a fundamentally tangential issue.

   > if educators are not able to create an atmosphere where there is room for some give-and-take and where harmless pranks can ruin lives then we've all lost.
Unauthorized access of a teacher's computer is NOT a harmless prank. The potential for catastrophic downside for the teacher involved is NOT hypothetical. If a malicious student were able to in some way, over an extended time imitate a teacher accessing child porn then a long term prison sentence is certainly not out of the question (this applies to anyone, however being a teacher would be a highly aggravating circumstance!). This is why the access itself is a serious issue.

Of course a better password policy is a great starting point. Treating this issue as a "harmless prank" would be grossly incompetent by the school. In the adult world there are many cases of people going to prison for exactly this! Should we treat this kind of issue as a "harmless prank" in school? What kind of distorted picture of reality would we be giving students if we did this? In my opinion there should have been a proportionate, but serious school-based consequence.

   > The reason why we use separate rules for minors and adults is that they are minors! Keep in mind you're dealing with kids here and don't ruthlessly apply the standards and rulesets for adults to kids. Half the time they don't oversee the consequences of their actions.
As I've stated many times, I disagree with the felony escalation. I also completely disagree with your "haha it's just a prank guys! why so serious???!!" response.

   > If that's the atmosphere you're working in then you have already lost before you started.
You yourself stated that the reason for such stringent oversight is a history of wrong doing by teachers. We work with minors, and therefore the conditions of our employment are far more stringent that a normal workplace.
> The potential for catastrophic downside for the teacher involved is NOT hypothetical.

There is potential catastrophic downside in almost anything, but to use that potential in order to determine your reaction is reacting to that potential not to what actually happened.

A potential is just that, a potential, and in this case that potential did not materialize so therefore treating it as if it did is an over-reaction.

Lots of actions have potential catastrophic consequences but we do not usually respond to the potential, rather we respond to what actually happened, which is in this case 'not much of anything'.

the potential downside is why we, as rational adults, treat the access itself as a serious issue and not just a "harmless prank".

I have never advocated for punishing this student for all of the potential harm he could have hypothetically inflicted.

I have merely been trying to establish that the access itself is serious and downplaying it as a "harmless prank" does nobody any good!

If the adults had treated the potential downside serious then there would have been better access control, a harmless prank is still a harmless prank.

Some people saw an image: big deal.

   > Some people saw an image: big deal.   
This is called not seeing the forest for the trees.

The image is (mostly) irrelevant. The unauthorised access is serious. A rational adult, knowing that their career and livelihood could be put in jeopardy by a malicious student (this one or another) wouldn't allow this incident to slide as just a "harmless prank". To do so would be highly reckless and could put your own family's livelihood at risk. If you were a teacher you would be acutely aware of the risks posed by being soft on this kind of infringement. It sets a precedent and opens one up to repeat "attacks". The word would quickly spread that "Don't worry, Mr.X is cool he doesn't care if you use another person's account without their knowledge". This runs contrary to the basic principles of computer ethics which is a cornerstone of what we teach, at my school at least!

   > If the adults had treated the potential downside serious then there would have been better access control  
 
This is a poor argument. If the passwords were stronger then what would stop the student from using a keylogger? If the school treats logging in as a teacher as a "harmless prank" what harm is there in using a keylogger to obtain the pw? After all, shoulder surfing wasn't punished, hahaha isn't school a laugh!

The point is that the punishment should be severe enough that other students who would contemplate using a teacher's account without their permission would think twice.

Why do you keep bringing up stuff that didn't happen?

The student did not do anything more harmful than replace a background image, he did not put someones career and livelihood at risk, did not put my family's livelihood at risk (where did that come from anyway?), the student did not use a keylogger (which would arguably require physical access first, at which point it is game over anyway) and so on.

My point is that all the stuff that you bring up did not happen and making an example out of someone just because he could have done worse sends the wrong message entirely, it says: you're going to get the book thrown at you anyway so once you cross that particular line you might as well go all in and do real harm because you will be punished as if you had anyway.

The In my opinion there should have been a proportionate, but serious school-based consequence. in a comment above does not sound like book throwing to me.

I think the argument here is more over how to state things than about what should reasonably happen to the student in these circumstances (I guess there is lots of room to disagree on 'proportionate', but I'm not sure that is what you are doing at the moment).

I thought I made my point quite easy to understand.

Unauthorized access to anyone's account is not a harmless prank! This goes double for accessing the teacher's account!!

These are the facts that I have been addressing. At no point have I introduced hypotheticals that did not occur. The student accessed the teacher's account by guessing or shoulder surfing for the PW. This is unacceptable and should in no way be treated as a "harmless prank".

Allowing this type of access does set a negative precedent which does open up a teacher to unnecessary risk!

I'm not sure if you are being deliberately obtuse in regard to this simple point.

This is a simple case of unauthorized computer access. In the adult world this is a criminal act. In the juvenile world the response should reflect the seriousness of the act. Your response seems to be "well.... kids will be kids and after all no harm was done". This is not how we educate ethical computer users.

let me again! resate what I have already said. I am not saying that the student should be punished for any potential trouble he could have caused. The act of gaining access to another person's account by nefarious (which includes simple guessing of the PW) means is itself a serious issue which warrants a serious response.

EDIT: From the article: "A student at a Tampa Bay-area middle school was charged with a felony cyber crime after gaining unauthorized access to a teacher's computer and changing the desktop photo."

from Wikipedia http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

It seems rather cut and dried that under US law this teen was committing a federal crime by gaining unauthorized access to a school computer system (state school i'm guessing).

Now agree or disagree with the law, it is what it is. I categorically do not agree that this matter should have been made a police issue. This is an unnecessary escalation of matters in my opinion.

But your response of "harmless prank" is completely unreasonable and does not address the gravity of the situation.

You're turning the whole thing upside-down. You make it as if the unauthorized access was the main theme here but in fact it was just a means-to-an-end in order to pull a harmless prank. Not unlike picking a lock to a classroom in order to make a drawing on the blackboard. Sure, picking locks is bad and in the adult world if you did it and you stole something behind the locked door you would be in real trouble.

But for a 17 year old that's just another lightly taken obstacle and for someone in education it is rather surprising that you can't make that leap. It wasn't about the access, it was all about the prank.

That the unauthorized access might be a bigger deal than the prank most likely did not enter into the mind of the kid and that's where the role of an educator would come in handy, but none seemed to have been present here.

FWIW when I was that age I 'hacked' the school time administration so I could get more computer time (which was limited at something ridiculously low). If I did that today I'd probably go to jail or something like that, whereas the opposite happened to me, the guy that administered the system figured out that I knew the machine (a 'Prime') better than he did and asked me to plug the holes in the time administration system instead.

And that was arguably a much more serious offence than what this kid did.

Anyway, since you're assuming I'm being deliberately obtuse I'll bow out of the conversation here. Thank you for the exchange.

   > Anyway, since you're assuming I'm being deliberately obtuse I'll bow out of the conversation here. Thank you for the exchange.
   
If this offended you then I apologise. Since the beginning of this thread I have been arguing for a reasonable middle ground between

   - shrugging shoulders and saying "harmless prank" and
   - felony charge. 
   
To me this is such a reasonable position to hold that it seemed that you were arguing for the sake of it :)

From your personal experience it's clear why you feel some solidarity with this student and helps me to understand your position better.

As a teacher, the possibility of having my account compromised by any student (malicious or otherwise) poses such a potentially dire threat to my livelihood that simply letting this transgression slide would not be a possibility.

As an educator, part of my duty is to prepare young people for the real world. Allowing unauthorised computer access to go unpunished is at odds with what society deems acceptable, particularly in the age of online banking etc. This kind of activity is criminal in the real world. Letting it slide in a school setting is teaching the wrong thing to our students, your own positive experience notwithstanding.

Just to clarify, punishment in a school setting is very flexible. For some students simply asking that they write a well reasoned apology is sufficient. For others, maybe repeat offenders, suspension or in extreme cases even expulsion is the correct response. Unlike adult punishment (prison), in a school setting the goal really is rehabilitation and personal growth. Contrary to many 14 year old's view we are not the enemy.

Pleasure chatting. All the best, Eli

Entering the conversation very late, but IMO the potential for catastrophic results puts the onus on the school system and teacher to secure the computer. Administration and IT is absolutely responsible for providing adequate and proportional investment into the security of the computer systems based on the level of risk involved from a compromise. The required level of protection is commensurate with the risk. This is standard operating procedure for any kind of security assessment and deployment, whether it be physical or electronic security. The school system and teacher were both grossly negligent in protecting the computer system, and for example, in the case of a data breach (if the standardized state tests that were on the machine were stolen) I believe the school system and the teacher would both be partial liable for improperly securing the device.

When an actual crime occurs, the punishment for the act should be proportional to the actual act. Not the potential for someone else with the same level of access to have done worse. E.g. Someone breaks into a house to steal a loaf of bread because they are starving. There were children sleeping in the house who could have hypothetically been kidnapped. We don't (or at least, shouldn't!) charge the bread burglar with attempted kidnapping or worse because children happened to be present but slept through the entire event.

The potential for worse is a clear signal that the school system and the teacher are not doing enough to protect these devices. The problem here isn't the child changing the background image, it's the lax security of the computer systems. Stringing up the child for changing a desktop background is what's missing the forest for the trees. Seriously, thank the child for exposing a clear operational weakness in security controls, fire the current IT department head, and get someone competent to secure the systems.

When a criminal act results in actual follow-on damages, then it is appropriate to charge the instigator. If our hypothetical bread burglar broke the lock, stole the bread, and then someone else came in through the open door and kidnapped the children, then absolutely the bread burglar will be charged as an accessory to kidnapping. But there's a clear line, you cannot stray into the hypothetical otherwise, there is literally no limit to the hypothetical damage which can be caused by any otherwise inconsequential act.

E.g. Jaywalking could hypothetically cause a 10 car pile-up with major fatalities, but we don't charge jaywalkers with attempted manslaughter or even reckless endangerment unless there are specific confounding factors -- in almost all cases jaywalking remains a misdemeanor. What this kid did was exactly the jaywalking of "exceeding authorized access".

Thanks for the response. It seems though, that you haven't really read what I wrote throughout this entire thread.

I have always agreed that the password policy was very poor/negligent and that the school should do better in this regard.

I have never argued that the student should be punished for all potential havoc he could have wreaked. I stated this multiple times throughout the thread!

Once again i'll try to make my argument as simple and clear as possible:

1. The potential for harm when a student takes surreptitious control over a teacher's computer is high

2. It therefore follows that a student actively working to take control (via keylogger or by observing the typed pw) is itself a serious issue.

The changing of the desktop background is irrelevant. The unauthorized use of a computer is the main issue from the perspective of the school.

The previous commenter with whom I was discussing implied that the actions were a "harmless prank" and reading between the lines implied that the punishment should have been a cheerful ruffling of his hair and saying with a mock voice "now that was a bit naughty wasn't it Johnny? Lets not do that again! hahaha what a silly pranker you are!"

The article stated that the student will be facing felony charges.

My position is that the actions sat somewhere in the middle of these 2 extremes! Simply accessing a teacher's computer is a serous enough action that the student should suffer some type of reasonable school-based punishment. In my previous post i outlined that these can wildly range in severity from a simple letter right through to expulsion if dealing with a recidivist.

It really is hard for me to understand the confusion here.

and once again. I'm not defending the school's use of insecure passwords. I'm saying that regardless of their poor choice, a student who is actively working to undermine a teacher's account should face a fair and reasonable punishment that is more than a slap on the wrist and less than a felony charge.

I really can't make it clearer than this I think.

I think I do understand your argument, I just follow your first statement, which I fully accept, with a different conclusion. From potential harm we should not treat an otherwise inconsequential act more seriously. From the potential harm we should plan appropriately and make commensurate investments in proper security.

I absolutely agree, that a student (or anyone) could gain unauthorized access to the computer / network is the primary concern. The fault there lies not with the student, but with the computer / network security. What the student in this case did was effectively provide free pen-testing. They exposed a serious security weakness in the system, and the school should basically thank them for it, and get to work fixing the system.

The severity of the crime should rest solely on the intent of the criminal and the extent of damage caused. Isn't that the baseline of our moral code? The flip side is deterrence. My point is we don't actually want to deter students pulling harmless pranks which expose serious security weaknesses.

This is a feature, not a bug, and the school should be quietly giving the kid detention while they get their own act together before a more serious breach occurs. Have they even changed passwords for the teachers? Nay, they are likely going to consider possibly working on that one maybe next year.

I agree with almost everything you've said :)

   > I absolutely agree, that a student (or anyone) could gain unauthorized access to the computer / network is the primary concern. The fault there lies not with the student, but with the computer / network security.
This is incorrect and your reasoning here is faulty. It is diametrically opposed to how the community at large views this issue. If we treat children in this way, and then when the clock strikes 12 and they turn 18 they are suddenly treated in the exact opposite way!! A 180 degree flip. According to your logic, within in the school setting its a harmless prank and the blame squarely lies with the school. However, turn 18 and perform the exact same actions (simple intrusion) on an corporate server. Guess where the (legal) blame will lie??

I took issue with comments that the actions were a harmless prank. As adults, and particularly as teachers our duty is to help shape the next generation of ethical citizenry. Laughing this incident off and applying a token punishment would send the wrong message.

In many jurisdictions unauthorized computer access is a crime. If a student gained access to a NSA computer, do you think law enforcement would treat it as a harmless prank? Even if no data was destroyed or tampered with. The act of intrusion is itself a serious matter.

The school has a duty to use this as an opportunity to

1. Update their network security (obviously!)

2. Educate students that they can end up in prison (even as minors!) if they break into the wrong computer network.

This doesn't mean applying an out of proportion punishment to this student in order to make an example of him. This means applying a fair and proportionate response which, and i'' say it again... sits between the 2 extremes of "harmless prank" and felony offense.

The issue I've had all along is with brushing this away as harmless. Unlawful intrusion is a crime. As teachers we would do a poor job preparing our students for the real world by treating it, within the school setting, as a "harmless prank"

A harmless prank is throwing a water balloon at someone. Breaking and entering (digital or otherwise) is not in this category.

In addition, the law does not treat the flimsiness of the lock as a mitigating circumstance. You can protect your physical property with a $2 lock and, in the eyes of the law anyone circumventing this would be guilty of break and enter, in the same way as if they broke into a far more fortified premises.

laughing away the student's actions as a "harmless prank" would be to miss a valuable learning opportunity for everyone involved!

   > What the student in this case did was effectively provide free pen-testing
This was not a noble white-hat! If the student found an exploit and then went straight to the teacher to inform them, do you think this would have ever made front page news? The student had a history of "free pen testing", and they used this particular exploit to attempt malicious access and tampering of a teacher's machine.

Imagine if you did the same at your workplace. "Hey boss I have a habit of stealing coworker passwords. Dont worry though, it's just a harmless prank! HAHA"

Your hypothetical of 'what if this happened in the workplace' is a good one. If someone changed their coworker's or manager's background image and ended up getting charged with a felony, I would be equally outraged.

Even as grounds for firing it's a stretch, although I suppose the specific content of the image could rise to sexual harassment which could make it more serious -- but that would be based on the coworker's response, and a greater pattern of behavior.

If they had to guess a coworker's password in order to do it, then the further reprimand goes to the coworker for having such an insecure password, but the original act of changing the background image is dealt with all the same, namely, a) laughing about it, b) laughing and then saying 'don't do that', or c) an internal reprimand. Under almost no circumstance could I imagine involving the police in any capacity for changing a coworker's background image.

In the workplace, again, the far-worse offense is actually the coworker losing control of their password. If an employee came to me complaining their background image was changed to two men kissing, on a machine with proprietary business documents (aka state standardize tests) on it, my first questions would be, not who did it, but where did you leave your machine unlocked and how did someone else gain access?

A felony conviction has lasting impact for decades, not to mention the act of prosecuting costs taxpayers thousands of dollars, and a waste of public resources. But even short of a felony charge, IMO it's simply not in the interest of anyone for accessing a computer to change a background image to be anything but an internal / administrative matter.

But I shouldn't have to venture into the hypothetical, and dramatically change the scenario to make the point, because in fact kids aren't treated the same as adults, and yes, when the clock strikes 12 and a child becomes an adult under the law, their responsibility and their relationship with the state is fundamentally altered. So the fact this is a child does make the charge even more outrageous.

I just fundamentally believe that the police and our criminal justice system are a form of violence to be wielded against the people only in times of absolute need and even then only in the minimum necessary and proportionate response. Changing a background image, to me, is an order of magnitude lower on the violence scale than any police intervention.

please don't take this as a critical or snarky comment (I've enjoyed our discussion), but did you read my responses in this thread?

   --- Since my very first comment in this thread I have said that the felony charge is a gross overreaction. ---
I've hilighted this so that we don't go off on a tangent again. The felony charge was wrong. However, In my view it was more than a "harmless prank". Labelling it as such is to do a disservice to the student who would gain a valuable education in the matter if dealt with in an appropriate manner.

The background image in this case is a red herring. It has nothing to do with the felony charges. The felony charges stem from unauthorized computer access.

If you'd like to read more about the particular law applicable then please visit:

http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

   >  the further reprimand goes to the coworker for having such an insecure password, but the original act of changing the background image
   
Once again you have been tricked by the click-bait nature of the original article title. The background image change is irrelevant and had nothing to do with the felony aspect of the case.

In a workplace there is an implicit social contract in place between all workers. As an employee I should be able to go about my business without fear that my fellow workers are actively trying to undermine my network access. This is computer ethics 101. Anyone keylogging, bruteforcing or even simply guessing a coworkers password and then using this to gain access to their account is breaking this important social contract. This breeds distrust and is toxic to a work environment. As a first offence it's possible that you might get off with a stern warning and probation. A repeat offender, in any competent workplace would be summarily dismissed. This is without a doubt breach of contract. If you feel differently then I'd encourage you to read your own workplace contract. Or if you have a large enough workplace why not ask a manager what their take on the matter of taking surreptitious control of a co-workers machine via ill-gotten credentials. I don't think they'd have as relaxed a view as you seem to have.

Rather than using hypotheticals. I'll use an actual example from my own work experience. The following scenario occurs at least 4-5 times a month to me personally.

As a teacher I am moving from room, to room and logging into various computers throughout the day. It is not uncommon for a colleague of mine to be busy in a lesson, and once the screen saver has turned off their screen they forget to log off their machine. I come in, move the mouse, and see that another user is logged in. I'd like to think that I have a strong moral compass. My action, every time without exception is to immediately log them off. I even go so far as to not let my eyes wander about their desktop. The files and shortcuts they have there could potentially be sensitive and I personally believe that even taking undue note of the filenames would be a minor breach of their privacy.

   > my first questions would be, not who did it, but where did you leave your machine unlocked and how did someone else gain access?
I'd be very surprised if this was truly your first and most pressing concern. It would exhibit a poor understanding of computer security and the wider workplace context.

As anyone with even a basic IT background would know. If another party has physical access to your machine (as all co-workers do as a normal side effect of their employment) then security wise all bets are off. If a worker at a company displayed such bad judgement as to actively seek out to find and then use another person's credentials then they have exhibited a gross incompetence and should be dealt with accordin...

> A computer on the other hand does have access control. The default response then becomes "wow the authorised user of this computer set the background image to 2 gay men kissing".

I wonder what is so bad about two men kissing? Would man and woman kissing spur same reaction? Or are there any anti-homosexual propaganda laws in USA similar to Russia?

"Yes, but normally we punish people for intent and actual harm not for potential."

We do a lot of punishment for DUI stops, too, very many of which have not had any intent or actual harm.

Not making a judgment either way, but there are corollaries to this.

We try to charge people with crimes they actually commit. DUI is a crime because of the actual harm caused by drunk driving. CFAA make exceeding authorized access a crime too, and I suppose there are even corollaries to DUI where "exceeding access" could cause inadvertent harm as well, but certainly not in the case of a teacher's desktop background.

The CFAA used to have a $5,000 minimum damages inflicted before the offense was actually a felony, but that was eliminated in 2008 (according to Wikipedia). It would certainly be a miscarriage of justice if this is actually proceeded as a felony charge; just like a first-time offense blowing a .04 needn't be a big deal either.

The problem here isn't actually the charge, it's the law. When you have to ignore the law in order to avoid imposing ruinous charges for inconsequential pranks, it's a clear sign the law should be changed.

States are just starting to figure this out for adolescent drug charges it's a wonder we're going in the opposite direction with computers.

I get that (in another life I'm a paramedic who responds to both numerous DUI stops, and MVAs caused by same). DUI is, however a crime, regardless of the harm caused by that instance of drunk driving.

Again, without judgment (I have little sympathy for this kid - he had repeated warnings and in-house punishments and continued to do these things, but I think a lot of computer crime is severely punished due to a failure to understand on a technical level what was going on) - is there any inclination that the prosecution believes that they're imposing "ruinous charges for inconsequential pranks" (or are they, as I said, satisfied with their approach)?

The "Access control" involved seems to be knowing the teacher's last name, and knowing the password policy.
this is irrelevant. I wonder what would happen in a court if a defendant justified their intrusion with the old "they had a crappy password" defense!
Or if the chalkboard had a sign on it saying "Do not erase".
>>Your characterization of this student as some gifted hacker is also more than likely wrong.

True, like the above comment , there is so much of profiling for a teacher's role and so much at stake for the teacher.

Think of not letting the kid (gifted/otherwise!) learn the seriousness of stepping into others private space?He/She would think its ok forever and can possibly have damaging consequences not just for himself/herself ,but for all those surrounding.

Hunger/motivation can help one focus & learn complexities of comp-sci but its more important that one learn to deal one's own thoughts and mind in a younger age.This is where i regard high-school as most important!

And honestly reading the above from a teacher in another place really makes me happy : >>job that puts me in a trusted position of power working with other people's children

In my place, most of the students study in remote villages where there are all sorts of teachers and there are few who feel the same way and every-time i meet one, i only wish to thank.

I don't think the school having a dumb password is tangential at all. Your efforts are undermined by being given a lame password you can't change (if it couldn't be changed.) This would be like having your bank make your banking account password "password123" and making it immutable, and holding you potentially liable for unauthorized access. Sure, whoever types your login and "password123" is the person actually committing a crime, but I'll be damned if it's not the bank's fault.

Alternatively, imagine an unlocked weapons locker at school. A weak password is close to being "unlocked." Let's say it was protected by a padlock with combination "1-2-3-4", then a student gets in and gets a weapon. Of course the student is at fault, and of course the school's actions were bordering on criminally negligent and something bad was bound to happen.

It's tangential because it in no way excuses the student from unauthorized access.

It doesn't mean the school didn't have poor password policies. It just means that this is a wholly other debate.

(comment deleted)
> or more likely, he is an otherwise unremarkable trouble maker.

You know what? Perhaps that's up to him to decide. And perhaps he deserves that chance.

"The school district spokesperson said that 'our information technology department is working to get all our passwords centralized.'"

Seems like a better response would be to go over password best practices. I imagine their IT is responsible for the passwords being last names in the first place. They're probably centralizing all the passwords in a safe protected with Password12345.

An even better process would be to role out circa 1995 two-factor tokens.
Some terminations are in order over that policy. But hey.. who am I kidding? It's an IT department in a public school. Incompetence isn't something punishable.

    > "Even though some might say this is just a teenage prank,
    > who knows what this teenager might have done," [Sheriff] Nocco said.
The local authorities?

    > However, local authorities say that the student didn't
    > open the FCAT files, nor did he change grades even
    > though he was capable of doing so after accessing 
    > the teacher's computer.
"Who knows what this teenager might have done" must be the most brain-dead quote I've read today.

Who knows what someone might do? Yes, exactly, who knows! I mean, not that this astounding logical null of a statement really surprises me coming from law enforcement, but what the actual fuck?

Edit: It appears the quote has been removed from the article, but still on other sites reporting the same story.

And plenty of comments here parrot exactly that same nonsense. What he might have done is totally un-important, what he did is what matters.
One time someone logged onto one of the grumpiest teacher's accounts at college and sent an email out to everyone saying "I love you x". We were in class and he had just finished a presentation and was still projecting his desktop behind him. Notifications were popping up saying "I love you too!" every second. So funny. Poor guy.
Well. One of my teachers used to configure a shared network folder for us to upload our assignments when the class was finishing.

That was back when Windows allowed you to change the background of a folder, so every day I changed the background to a black image so he would not be able to read the file names.

He then learned how the wizard I was using to do it looked like [1], so he started to look at me when the class was about to end to yell at me for doing it. Therefore I had to use a workaround: I prepared a copy of the `desktop.ini' file that would set that black background and hid it around the disk drive, then I would just copy it to the "Incoming" folder :-) And it would just look like I was copying my assignment.

[1] https://i.imgur.com/2AQscKC.png

Meanwhile, following the Sony hacks, the executive branch is pushing a "Tough on CyberCrime" bill tripling penalties for all sorts of nonsense that has become felonious "unauthorized computer use", e.g. sharing HBO passwords, posting "Let's Play" videos, or underage use of Facebook in violation of TOS. In addition, "violating norms of conduct" would become a crime. This should help bring prisons back up to capacity as the drug war scales back.

The EFF, as usual, is trying to organize against this BS: https://www.eff.org/deeplinks/2015/01/obamas-computer-securi...

As an aside, it's sad how quickly Aaron Swartz is fading from memory, including on Reddit, which he helped build. He also worked hard to build open syndication with RSS, which has been crushed by Google and Facebook building up incompatible walled gardens.

(comment deleted)
How times have changed. I used to figure out the admin password all the time. It was actually a game between me and the computer teacher. I didn't even have to see the keyboard but just his arms moving back and forth. Eventually he gave up and put me to work doing maintenance and new software installs. :)

So back then I got experience being a Novel Netware admin while today I'd be suspended and facing charges.

Windows has lots of easy windows (?!) for getting administrator privileges without any password - Or at least had (haven't used it for a few iterations except on rare occasions).

Also from my experience all of the sand-boxing software I ever saw at libraries or schools was always very poorly designed and trivially subvertible.

Felony charges are absolutely nuts though.

Yeah... I also think you are drawing your information from the Windows 95 era.
Do you think privilege escalation is unusual on Windows now, then? :)
Loaded question.
Back in middle-school; the public library nearby installed 4-5 new machines down on a lower level for word-processing (they were better than my home pc even), so pretty soon we had Unreal Tournament installed on every machine, and that would be our goto spot after school.

Once in a while someone would get banned from the library for a couple weeks (I think other kids that saw us started playing as well, so it was hard for them to identify a culprit), they would call in IT, overhaul their computers and we'd be back to laning a month later once things cooled off.

The only windows we had back then looked outside. :)

The computer labs were all IBM PS/2 model 30s running DOS. The servers were a model 70 running Netware. The school backbone was token ring.

The lab network ran on some oddball daisychain system. Telephone cable and the cards had two RJ11 jacks on them. Still trying to figure out what kind it was.

Has "felony" lost its meaning yet and just become another synonym for "poor", "underclass", or "different" or do we have another 2 or 3 weeks to go still?
It should be a felony to charge a teenager with a felony for such nonsense. Criminal mischief on behalf of the DA.
Huh, many years ago some Ad company asked me to write a "virus" that when the user opens some particular website, the desktop wallpaper should change after the user restarts the computer... Of course I refused, but I did implement it just for fun - some win32 app launching on system startup. The app itself was transported through ajax, and executed through Shell.Application object, all done in js. This worked in IE, including IE6. Needless to say, that code never left my PC.
"The teen was able to access the teacher's computer because he noticed that faculty members were each given unique, obvious passwords: Their own last name."

The level of legal response should be directly proportional to the level of stupidity of the IT department. This should have been a slap on the wrist not a felony.

When I kept breaking into computers on the school network in the early 1990's, they got me to stop causing trouble by making me an intern for the sysadmin. I had years of legitimate tech experience before I graduated high school, which helped me get a leg up over other people when I looked for summer work in other computer-related jobs during university. So instead of being labeled a juvenile delinquent or made a felon, I was accelerated toward being a productive member of society.
I suppose changing the screensaver would've gotten him life without parole.

Was he black?

Did he really break into a secured computer system? For a teenager without a sophisticated grasp on ethical and legal implications of computer usage, and a modest amount of curiosity, this "hacking" incident wasn't much more than stepping over an invisible line.
It ought to be a felony for the School District to use such weak passwords. Sadly, having worked in a school district myself as a tech, this is par for the course.

Many educators seem to love teaching, but hate learning. Not all of course, but enough to poison the culture.

I really used to admire a girl at college a lot.. We had UNIX labs where you didn't have a GUI but just a Putty to a RHEL5 server in which each of us had an account. Once I was asked to help figure out the girl with something, and after doing it I just inserted this line into her .bashrc "echo "You are awesome!"". Everytime she logged in(we had two one hour sessions a week), she used to get that message.

There was also another guy I disliked and I just inserted "exit" into his .bashrc. Even the sysadmin couldn't figure out why his terminal was quitting as soon as it was opened and they finally had to delete his user account and then re-create it.

This issue isn't about the prank, nor the picture, it is about the fact that the kid could have accessed the standardized test. I think the school is negligent. They did a poor job of securing a valuable piece of property. They allowed too many people to have access to that valuable property. And finally they involved the police in a situation that the police didn't need to be involved in, potentially ruining the life if a child they are legally in charge of.
To be fair, the child could have ruined the life of the teacher by revealing them as a secret homosexual who engaged in sexual activity on school grounds. It's part of a teacher's job description in America to be 1000 miles from anything remotely sexual. And heavens forbid there is an association to homosexuality.

At that point, saying "it wasn't me!" is foolish for the teacher. It's better to lay a trail of legal evidence pointing to someone else's clear culpability. From an outside perspective, I would always reserve the possibility that the teacher is a liar and made up a story about hacking to cover for their sexuality. But when part of the story becomes court record, then I am far more willing to trust the teacher.

I'm pretty sure that where the teen stepped over the line is in endangering a teacher with a potential reputation as a sexual danger to children. I'm surprised there isn't more discussion of that. Note that it does not matter what we, a liberal audience, might think about homosexuality. What matters is what kids and parents think, and I have found both groups to be champions of boundary-policing and conformity-enforcement.

If the young person didn't pose such a risk to the teacher's financial security, then there wouldn't have been such an issue. Now the teacher has to lay a trail of official evidence which shows that he is not secretly homosexual, and did not engage in sexual activities within a teenage context.

Both the school and the teacher need to be sure that at a later time, an issue does not arise where the teacher's secret homosexual activities on school grounds is in question.