Sorry to be a little cynical here, but I have a couple of questions.
1) Was bunnie's hack of the Xbox keys a MIT-endorsed project? Was it part of his degree work or something he did on his own time?
2) If the work was independent, what's MIT's obligation to shield bunnie in a legal sense? If it wasn't, did MIT step in and say "hey, this might piss off Microsoft if you do this" or was the work just put out there with unknown some degree of oversight?
3) bunnie was an MIT student, Arron was not. The statement "MIT gave up on me too" kind of implies the situations were similar. Were they?
Don't misunderstand me, I have immense respect for bunnie and hackers of his breed, but these things are just bugging me.
I see your legalistic approach to MIT's responsibilities, but this fascination with "endorsement" is missing the point. Universities are not government labs, where you'd expect every participant to clear every activity with their superiors. Research doesn't work that way. And if universities do not stick up for exploration, who will?
Was MIT obligated to defend this fellow? No. Should it have defended him? Most definitely.
In my view, endorsement is key. Let's pretend we're listening in on that first phone call from Microsoft to MIT:
MS: "Hey, um, so we've learned that one of your students just published a way to jeopardize our entire project, one that we've spent multiple millions of dollars developing. He seems to have done it in your labs with your tools. What's your take?"
So MIT's response can go one of two ways:
1) "Yeah, how about that? Cool, huh? We didn't know about it but we fully back him and let's see what the internet does with this."
2) "Um, we had no idea he was doing this and didn't ask him to publish. He did this alone."
What's wrong with "This is the first we've heard of this. We'll go talk to him and get back to you once we understand what's going on better; we have no further comment at this time"?
It's unreasonable for MIT's lawyers to be aware of every single research project, but they know that. They should be willing to tell other people "we're not aware yet, but we'll make ourselves aware".
Consider the case where the grad student, acting alone and not as part of an officially sanctioned project, invented something awesome using some resources from MIT like an internet connection and lab space. How eager do you think MIT would be to say "well, we didn't endorse anything you did, so you own the entire IP rights to everything; we want no piece of your new startup" ? Or the student discovers a flaw that gets a lot of press attention; how eager is MIT to feature the work saying they supported it, as opposed to saying "it was all unendorsed." Hint: both of these have happened many times, you can look up the relevant MIT policies, and you can ask people about how it went. MIT benefits immensely from "unendorsed" (i.e. implicitly endorsed after the fact) activities conducted on its campus.
Do you now see why it's ethically questionable for MIT to try to wash its hands off when the same researcher's exploration incurs some legal costs?
M.I.T. OWNED
(a) Patents, copyrights on software, maskworks, and tangible research property and trademarks developed by faculty, students, staff and others, including visitors participating in M.I.T. programs or using M.I.T. funds or facilities, are owned by M.I.T. when either of the following applies:
(1) The intellectual property was developed in the course of or pursuant to a sponsored research agreement with M.I.T.; or
(2) The intellectual property was developed with significant use of funds or facilities administered by M.I.T., as defined in Section 2.1.2.
(b) All copyrights, including copyrighted software, will be owned by M.I.T. when it is created as a "work for hire" as defined by copyright law, (see Section 2.1.3) or created pursuant to a written agreement with M.I.T. providing for transfer of copyright or ownership to M.I.T.
INVENTOR/AUTHOR OWNED
Inventors/Authors will own patents/copyrights/materials when none of the situations defined above for M.I.T.-Ownership of intellectual property applies.
[...]
M.I.T. does not construe the use of office, library, machine shop or Project Athena personal desktop work stations and communication and storage servers as constituting significant use of M.I.T. space or facilities, nor construe the payment of salary from unrestricted accounts as constituting significant use of M.I.T. funds, except in those situations where the funds were paid specifically to support the development of certain materials.
There is a divide in academia between admin and faculty. His supervisors supported the work, but admin and their lawyers did not. Admin typically has no idea about research until it turns into something they actively have to admin. Admin's primary interest is protecting the corporation, whereas the faculty's is protecting their students.
Contributory liability should be used in far fewer cases than those in which it is attempted. You can't sue me over your auto-accident because my tax dollars built the road.
Hey, remember that one time recently when an MIT student did something cool that MIT didn't know about, where the thing was obviously going to make large amounts of money, and MIT said "sure, we had no idea, and we didn't endorse it, so of course you can own it!"
No?
Neither do I.
It's ethically suspect to pick and choose, and say "well, when you do cool stuff we didn't know about, that we own, but the stuff that may get you in trouble, you get to deal with all that unless we specifically endorsed it".
When I first arrived at MIT, I was handed a book on "How to Get Around MIT." I was impressed with the section on hacking, which included the following story about the Harvard-Yale hack:
"DKE has tried to hack the game before, most memorably in the late 1940s when they buried explosive cord in a pattern that would spell out "MIT''. Unfortunately, Harvard discovered the hack and set up a trap. They arrested several students wearing coats lined with batteries. A dean, who had been informed about the hack after the arrest, went down to bail the students out. He pointed out to the detective that the battery-lined coats were only circumstantial evidence. At this point the dean opened his own battery-lined coat and declared "all Tech men carry batteries.''"
My point is that MIT presents itself as a place that defends hacking, and it has at least been lenient in the past.
Was bunnie's hack of the Xbox keys a MIT-endorsed project?
Since the AI lab published the research as an official memo, it seems like they at least endorsed it. The memo (linked to in the article) is worth reading since it makes clear why the hacking of the keys was done: to test how secure the Xbox's security really was.
1) Was bunnie's hack of the Xbox keys a MIT-endorsed project? Was it part of his degree work or something he did on his own time?
2) If the work was independent, what's MIT's obligation to shield bunnie in a legal sense? If it wasn't, did MIT step in and say "hey, this might piss off Microsoft if you do this" or was the work just put out there with unknown some degree of oversight?
3) bunnie was an MIT student, Arron was not. The statement "MIT gave up on me too" kind of implies the situations were similar. Were they?
Don't misunderstand me, I have immense respect for bunnie and hackers of his breed, but these things are just bugging me.