Dawson College student who exposed security flaw still expelled, but highly employable

Matthew Coutts
National Affairs Reporter
Daily Brew
Hamed Al-Khabaz, a Dawson College student who was expelled after discovering a security breach in a computer system, talks to CBC News

It can be hard to say you are sorry. To admit that mistakes were made, that an issue was handled poorly or that there was an overreaction.

It can be harder yet when you are an institution, such as Dawson College in Montreal, and expected to appear infallible to those paying tuition in exchange for your guidance.

This could be the circumstances in the case of Ahmed Al-Khabaz, the 20-year-old computer science student who was expelled after finding a gaping hole in the school’s data security system.

According to the National Post, Al-Khabaz was removed from his courses after uncovering the breach while doing a class project — creating a mobile app that allows students to access their college account.

Skytech Communications, the company behind the software, said in a statement that it originally believed Al-Khabaz was conducting a cyber attack. The company says it changed its position after meeting with him, and receiving an apology and an explanation.

[ Related: Company offers scholarship to student who exposed security flaws ]

The story could have a feel-good ending, it seems. Skytech says it will offer Al-Khabaz a job in data security. While he told CTV News on Tuesday that he had not received an offer (although he has received several others), he appreciates how Skytech has handled the situation.

If you read Skytech's statement, it is not quite an apology — they say they dismissed the incident as a “bump in the road.”

He’d take the same from Dawson College at this point. But the college says it will not reinstate Al-Khabaz because he broke student conduct policies.

Dawson College says it cannot release details of the incident due to Quebec privacy laws, but said in a statement that the public depiction of accounts has been "inaccurate."

Part of Dawson College’s statement reads:

The process which leads to expulsion includes a step in which a student is issued an advisory to cease and desist the activities for which he or she is being sanctioned, particularly in the area of professional code of conduct.

Reading that helpful note, it would seem possible that Al-Khabaz did a little more than find a hole a report it.

But even if he found a hole and exposed it, again and again, maybe with a little attitude, is that enough to have him expelled?

Kim Yuen, the co-founder of social network ComLinker, one company that has offered Al-Khabaz a job, summarizes the issue succinctly for the National Post:

I think it’s disgraceful that a very skilled student, without any malicious intent, would be expelled and punished for the rest of his life for trying to help protect his fellow students. It doesn’t make sense to me.

By all accounts, Al-Khabaz is a talented computer programmer and already highly capable in his field. He was paying Dawson College to make him an expert. Yet he managed to expose a security flaw that had sat unnoticed by the current experts.

[ More Brew: B.C. police forgot explosive device on plane after training exercise ]

Is it possible Dawson College is more comfortable giving lessons than receiving them?