Dear Dean Clark,
I was surprised to read your response to the recent episode involving unauthorized access to the ApplyYourself website. I am disappointed in your decision and hope that you will reconsider.
First, describing this unauthorized entry as “hacking” is at best a misnomer. A friend forwarded me the instructions (luckily, he didn’t have time to “hack in” himself). I’m sure you’ve seen them, but just in case I’ve attached them to the bottom of this letter. There are four steps, and the most advanced skill involved is cutting and pasting. Any computer novice could follow these. Is this “hacking”? To emphasize the ambiguity here, imagine that the incident involved only one step-say, linking to a URL that happened to be left unsecured. Would you still consider this “a serious breach of trust”?
The reality, as you likely know better than I, is that ethical standards in many situations are far from clear, especially norms still forming vis-…-vis technology. Consider the violation closely: notwithstanding the “confidential” nature of the application information, the harm that these applicants were inflicting on others by looking at their own decisions is difficult to articulate. These applicants are about as guilty as a child who, upon seeing one of her Christmas presents under the tree, can’t resist peeking inside when her parents aren’t looking. Impatient, yes, but ethically wrong? Only in a very strange sense. In viewing their decisions early the applicants broke no commitments, violated no specific prohibition, and, most importantly, believed that no one would be directly or indirectly harmed by their finding out. What, precisely, is their fault for
These are complex issues, and I suspect a survey of HBS students would reveal uncertainty about situations like this (a result that would suggest some don’t find this as “intuitive” as others). The point is-and this is crucial-HBS failed to articulate clear standards or punishments prior to these actions. In your mind it may be very clear that this is wrong; but because intuitions vary from person to person, for the sake of fairness we have to set standards before we hold people accountable to them.
Finally, I find your indictment of these applicants’ integrity unjustifiable. We all confront ethical dilemmas, and sometimes we make choices we later regret. Character is more about habits than individual actions, as Aristotle (and Stephen Covey) would no doubt agree; none of us can judge a person’s character on the basis of a single action. To claim that a relatively minor ethical misstep disqualifies someone from a Harvard education is to indict me, along with most people I know here.
I realize that HBS needs to prove its commitment to promoting ethical behavior. Punishing rather harmless behavior using arbitrary standards is not the way to do this. We should apologize for our mistake, set a clear standard for the future, and cease to blame people who act in the same way many of us would have. That would be setting an admirable ethical example to follow.
Aaron Bigbee (OF)
Instructions for unauthorized entry to ApplyYourself.com website
1. Login to HBS site.
2. Check your url, it contains something like:
AYID=3533396-CA54-403A-B6F5-3D804B35AE9. Copy it somewhere.
3. Next, click on the link called application for admission on the main page. Open the source from your browser (view->page source)
4. Next, search for packageanswerid it will be a 7 digit number. copy it, then replace the following URl with your own values of AYID and id: https://app.applyyourself.com/AyApplicantMain/ ApplicantDecision.asp?AYID=3533396-CA54-403A-B6F5 3D804B35AE9&mode=decision&id=1234567
5. Paste this link in the browser