Legal Actions of School Against a Proxy's Host? 200
WakefieldHS-students asks: "I attend a public school, Wakefield High School in Raleigh, North Carolina. A friend of mine recently created a site that hosted a web proxy browser. It ran for a few months, and others at our school found out about it. The original domain was blocked by the censorship software the school uses, and it was changed a few times to get around this. Recently, he was forced to take down the proxy, with the threat of not graduating and the taking of legal action by the school. What legal rights, if any, can the school use to ban someone from hosting a website? Furthermore, what rights does the U.S. Government have to censor such websites?"
Private versus Public (Score:4, Interesting)
But, you said it's a public school. I don't see why a public school can do that. And I'd be willing to wager a large amount of cash he didn't have to sign a "I will not host a web proxy server" document when he started to attend the school.
So what does he do?
Sue
That's all that works these days. If the school administration is going to be like that (note: I'm assuming he just set it up for personal use or something and isn't encouraging other students to use it to break school policy) then they obviously aren't willing to deal with him on this. In such situations (especially with a government institution like a school) a strongly worded nasty-gram from a lawyer will make a world of difference. Indicate you are willing to reach a compromise or something (that you're not just a "Free speech at all costs sue the school for $100,000,000" nut-job and are willing to be reasonable) and I'm sure something will get worked out quickly.
When faced with a lawsuit, most of the time in the US the person being threatened with the suit will just cave or try to work it out fast, even if they are right (which, in this case, is easily debatable).
Re:Ok, now tell us the rest of it (Score:3, Interesting)
Unless the proxy was specifically directed to be used by the network, the school in all honesty could not take action against him with regard to the proxy server. They could go after him for connecting to it, but simply changing the name, location, address, etc. of his system, without modifying the school's system, would render him as immune as any of the other proxy services out there.
Frankly, most attempts to bypass proxies I've seen, having working in both academic and corporate setting, is the attempt to use chat services that are otherwise blocked.
Providing access to disrupting material on the Internet that requires the students to log on and go find it is no more punishable that if the bookstore down the street sells a copy of the Anarchist's Cookbook.
Yes, at 18 you have adult punishment. But you also have to meet the criteria of the law in order to use them.
Lastly, for the hypothetical girl being raped because of MySpace contact... Criminally, neither party would be liable (only the rapist). As far as a civil tort goes, yes, they could possibly pursue a case, but since the access to the Internet was provided by the school, they would be majority responsible. It is not in the school's power or jursidiction, however, to determine the liability that the student wants to open himself to.
Re:Ok, now tell us the rest of it (Score:5, Interesting)
Anyway, long story short, they don't really notice until I start checking things on my homepage as well; nothing bad or anything, and not even personal stuff, just the Linux-related parts of it that I'd need for the project. So they block it. So I e-mail them, politely asking to unblock it – and just to be sure, I check their censorware program's homepage, and since they've also got it blocked, I e-mail them.
Couple days later, no response from my own school district – but the censorware people were more than happy to unblock my site.
Few months later, the district people call a bunch of parent-teacher conferences about the whole thing, saying that I was bypassing their proxy server and "compromising system security" – the ironic part was, I was actually safer doing an SSH tunnel, because it was one-way only and the only machine that would be affected by the fatal typo of doom or whatever would be my own at home. But either way, they don't get their way, so a few days later they actually send their people down to personally yell at me. (Talk about wasting taxpayer dollars – these people apparently have enough free time that they can just drop everything else to come yell at a single student in a school of over 1500. And this is a fairly big school district, so there's other schools, too – but no, they have more of a threat coming from some kid using an SSH tunnel than from all the other would-be hackers visiting porn sites, installing spyware, and posting to MySpace.com. I still don't understand their logic...)
But, either way, those school district people, even if their intentions are good – you just have to watch out for those guys. They're kind of like the BOFH, really, only they use expulsion and no graduation rather than killing people – they consider it their job to keep the network running smoothly, and if it means kicking people off and expelling them / denying graduation / etc., they'll do it – because they only need to worry about the network, not the people.
Just a tip from someone who'd know...
Re:Private versus Public (Score:3, Interesting)
So what if he is? The school system still doesn't have the right to punish him for it, because it's still the other students who are breaking the rules by accessing it, not him! He has the Right to Free Speech regardless of the power the school system fascists think they've given themselves, and has done nothing wrong!
Re:Ok, now tell us the rest of it (Score:3, Interesting)
I tend to be a pretty forgetful person, and I do all my work on computer, often so I don't lose anything. I had to email all my home work from home to school and then vice versa each day. However, on a few occasions, I forgot work even though I'd done it, which was rather frustrating. Rather than keep the teacher waiting who wanted to collect all the work in and get the marking done over the weekend, at lunch time I connected to my computer (which was running remote access software, RemotelyAnywhere) through HTTPS and used the screenshot-based remote control (eg. it shows a screenshot of the desktop, and using javascript allows you to interact with it) to email it to my school account, which the teacher was greatful for. I then logged out. I did this on a number of occasions when I'd forgotten important work and sent it to school. My teachers were also aware that I was doing this, and to me, it seemed like a logical thing for a person with a bad memory like me to do, and I didn't think any harm would come of it, because it didn't strike me as breaking any rules.
The school provides internet for work purposes, and as far as I was concerned, this was just what I was doing. However, near the end of term, I was taken out of my lessons and called to talk to the network administrator, who had apparently found a visual basic screensaver of mine which I had made years ago (as part of a programming club at lunchtime, no less) because they were doing a check for screensavers, and me having it raised their suspicion. Wen they looked into my file, their security software logs web accesses and takes screenshots of activity and they found out I had been emailling work to school from home.
They then proceeded to tell me off for hacking and that I was breaking the law. To me, I couldn't believe it. Apparently because I was accessing something outside the school (which to me, was no different than any other website) and was knowledgable about computers (they asked if I knew how to use the commandline, when I said they did, they told me off for this, saying I could use it to find out peoples IP addreses???). I was therefore a security threat.
They were considering expelling me or banning me from the computers because of this, and I couldn't believe it. They then proceeded to tell me about the computer misuse act (This was in the UK) and how I was a hacker? I tried to explain to them, but they would not listen. Apparently the words "remote access" and the fact I knew how to use it was enough to say I was a hacker and thus was breaking school rules. I wasn't even exactly sure of what they were saying I had done wrong. Eventually my head of year stuck up for me, and I went unpunished, but the experience was rather depressing and almost unbelievable. I was also told never to access another computer again.
The fact that the majority of the students bring in games, spend lessons playing various games, surf illegal websites, steal teachers passwords and use them, bring in spyware and viruses and attempt to "hack" the network with various tools, are allowed to do so, and teachers turn a blind eye to it. Even the person that stole the administrator password to the entire school, gave it out to the majority of students and used it to access classified files was given less of a warning than I. I was no threat to them, I wasn't do anything to harm the network, or anything against the school rules themselves, and that was what I received. Yet others which consistently do so are allowed to.
As the poster above said, I don't understand their logic either. They said they were in a grounds to charge me under the law under the computer misuse act, but as far as I was aware, I wasn't accessing anything that was unauthorised. At one point, they used the details from their keylogger to attempt to log into my system (which was recorded on my computer, and still saved) - Surely they were the ones gaining unauthorised ac