Harvard Rejects B-School Applicants for Backspacing

Harvard Rejects Applicants It Says Hacked (Reuters-Boston Globe)

Harvard Business School said on Tuesday it is rejecting applications from 119 would-be students who it says hacked into a Web site to learn if they were accepted at the Ivy League university ahead of the official notification. “This behavior is unethical at best — a serious breach of trust that cannot be countered by rationalization,” Kim Clark, dean of Harvard Business School, said in a statement. “Any applicant found to have done so will not be admitted to this school.”

Harvard said 119 applicants had hacked into Virginia-based ApplyYourself, a company that manages Web pages used by students to apply to roughly 300 different universities. “We know that 119 applicants hacked into the system — and we know their names,” said Jim Aisner, a spokesman for Harvard Business School.

Aisner declined to comment on how many of the 119 applicants would have been accepted at the school had they not broken into the ApplyYourself Web site.

Hooray for Harvard for it’s commitment to ethics, right? Not so fast. Philip Greenspun gives a rather thorough breakdown of the nature of the “hacking” involved here:

  • The ApplyYourself code had a bug such that editing the URL in the “Address” or “Location” field of a Web browser window would result in an applicant being able to find out his admissions status several weeks before the official notification date. This would be equivalent to a 7-year-old being offered a URL of the form http://philip.greenspun.com/images/20030817-utah-air-to-air/ and editing it down to http://philip.greenspun.com/images/ to see what else of interest might be on the server.
  • Someone figured this out and posted the URL editing idea on the BusinessWeek discussion forum, where all B-school hopefuls hang out and a bunch of curious applicants tried it out.

So, essentially, the students are being denied entrance to business school for the crime of . . . backspacing?

FILED UNDER: Economics and Business, Education
James Joyner
About James Joyner
James Joyner is Professor and Department Head of Security Studies at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.


  1. Tom Royce says:

    So there are enterprising students that have been denied entry to there chosen school because of using their intelligence finding an error by the universities agents.

    Unfortunately, this is almost logical in todays academy.

  2. Michael says:

    Just because nobody told these students that this information was available for them, doesn’t mean that it wasn’t. If the information is posted on the website, and is freely available to anyone, how can in be considered hacking? They didn’t break into the website, they just found a page that wasn’t on the official “Tour Guide” for the site. As you stated above, this is a bug where ApplyYourself is telling people more than they should, and now Harvard is punishing would-be students for listening, instead of punishing ApplyYourself for the wrongful disclosure in the first place.

  3. Carlos says:

    Amazing stuff, especially since the school in question harbors so little tolerance for those who disagree vocally with the current PC nature of the social universe. For a school whose purported purpose is to expand discussion, their own sin(s) seems to far outweigh a few inquisitive minds.

  4. Kappiy says:

    Bush’s alma mater should be ashamed! This, in no way constitutes a “hack.” ApplyYourself posted the info on a public website. You can’t “hack” into a public, non password-protected site. If anything, the rejected applicants should have a potential lawsuit against ApplyYourself for breach of privacy.

  5. Also noted on Techdirt is that once people found out, they emailed fellow applicants telling them of this “Hey, if you want to find out ahead of time if you got in do this..” sort of thing.

    And these people didn’t change their grades or the results of their admission – they found out if they got in. They got information, but didn’t change anything.

    But what else would you expect from a school that bans certain groups from its campus?

  6. Bill says:

    It’s all about integrity and honesty. Are these potential students trying to become business leaders of tomorrow? Did the student’s WILLINGLY access a site that they knew they were not suppose to? Were they seeking information they knew they were NOT suppose to have at that time? The answers are an unequivocal yes. Dr. Greenspun and others don’t think it proper to hold these students accountable? It doesn’t matter if there was an “open door”; they went through it knowing they were not suppose to. It is comments like the ones above that is why the young people of our society think it’s okay to act irresponsible. They can always blame it on someone elses mistakes. It doesn’t matter if it was Harvard, MIT, or your local community college. What they did was wrong and they did it on their own accord. In my opinion all the schools should shut the door on them for at least one year. They should reapply next year after they have had some time to think about integrity. Mr. Webster defines that word as steadfast adherence to a strict moral or ethical code. Better yet, make them join the military and really learn what honor, integrity and leadership really means. They obviously need a lesson on it and so seemingly does all those who posted that it was univerities agent that should be held accountable and not the 119 students who tried to cheat the system. I’m glad my child is not learning about integrity and leadership from this Dr. Greenspun.