Comment by nwelna

4 years ago

As an Alumni of the University of Minnesota's program I am appalled this was even greenlit. It reflects poorly on all graduates of the program, even those uninvolved. I am planning to email the department head with my disapproval as an alumni, and I am deeply sorry for the harm this caused.

I am wondering if UMN will now get a bad name in Open Source and any contribution with their email will require extra care.

And if this escalate to MSM Media it might also damage future employment status from UMN CS students.

Edit: Looks like they made a statement. https://cse.umn.edu/cs/statement-cse-linux-kernel-research-a...

  • > Leadership in the University of Minnesota Department of Computer Science & Engineering learned today about the details of research being conducted by one of its faculty members and graduate students into the security of the Linux Kernel.

    - Signed by “Loren Terveen, Associate Department Head”, who was a co-author on numerous papers about experimenting on Wikipedia, as pointed out by: https://news.ycombinator.com/item?id=26895969

  • It should. Ethics begins at the top, and if the university has shown itself to be this untrustworthy then no trust can be had on them or any students they implicitly endorse.

    As far as I'm concerned this university and all of its alumni are radioactive.

    • That's a bit much, surely. I think the ethics committee probably didn't do a great job in understanding that this was human research.

    • Ok...then is everybody who graduated from MIT radioactive, even if they graduated 50 years ago, since Epstein has been involved?

      Your logic doesn't make ANY sense.

      2 replies →

    • Why is the university where you put the line? You could as well say every commit coming from Minnesota is radioactive or, why not, from the US.

      It is unfair to judge a whole university for the behavior of a professor or a department. Although I'm far from having all the details, it looks to me like the university is taking the right measures to solve the problem, which they acknowledge. I would understand your position if they tried to hide this or negated it, but as far as I understood that's not the case at all. Did I miss something?

      5 replies →

    • That's a ridiculously broad assertion to make about the large number of staff and students who've graduated or are currently there, that is unwarranted and unnecessarily damaging to people who've done nothing wrong.

    • By that logic, whenever data is stolen I will blame thr nearest Facebook employee or ex-employee.

      And any piss I find, i will blame on amazon

    • That's a witch hunt, and is not productive. A bad apple does not spoil the bunch, as it were. It does reflect badly on their graduate program to have retained an advisor with such poor judgement, but that isn't the fault of thousands of other excellent graduates.

      8 replies →

Based on my time in a university department you might want to cc whoever chairs the IRB or at least oversees its decisions for the CS department. Seems like multiple incentives and controls failed here, good on you for applying the leverage available to you.

  • I'm genuinely curious how this was positioned to the IRB and if they were clear that what they were actually trying to accomplish was social engineering/manipulation.

    Being a public university, I hope at some point they address this publicly as well as list the steps they are (hopefully) taking to ensure something like this doesn't happen again. I'm also not sure how they can continue to employ the prof in question and expect the open source community to ever trust them to act in good faith going forward.

  • They claim they got the IRB to say it's IRB-exempt.

    • A lot of IRBs are a joke.

      The way I've seen Harvard, Stanford, and a few other university researchers dodge IRB review is by doing research in "private" time in collaboration with a private entity.

      There is no effective oversight over IRBs, so they really range quite a bit. Some are really stringent and some allow anything.