The AP says a mother tried to help her daughter’s chances for college by hacking the school’s records.

Caroline Maria McNeal of Huntingdon is accused of using the passwords of three co-workers without their knowledge to tamper with dozens of grades and test scores between May 2006 and July 2007 at Huntingdon Area High School in central Pennsylvania, the state attorney general’s office said.

McNeal, 39, is alleged to have improved her daughter Brittany’s grades and reduced those of two classmates to enhance Brittany’s standing in the 2008 graduating class.

First of all, why was she able to get the passwords of her co-workers? Actually, there is no second question. The fact that they shared passwords says a lot all on its own.

McNeal was charged with 29 counts of unlawful use of a computer and 29 counts of tampering with public records. Each count is a third-degree felony punishable by a maximum of seven years in prison and a $15,000 fine, said Nils Frederiksen, a spokesman for Corbett’s office.

Harsh penalties for changing grades, but I do not see anything in this investigation about those who gave the passwords so she could change the grades. No charges against them? It also does not explain how she was caught. Did students notice the changes? Did the IT department see irregular behavior, such as grades changing outside of normal hours/cycles? Did a co-worker turn her in as part of a plea deal?

Note the survey results at the top of the story about Bozeman City job requirements. I’m surprised that 1% actually voted in favor of the policy. 98% have voted against:

Applying for a job with the City of Bozeman? You may be asked to provide more personal information than you expected.

That was the case for one person who applied for employment with the City. The anonymous viewer emailed the news station recently to express concern with a component of the city’s background check policy, which states that to be considered for a job applicants must provide log-in information and passwords for social network sites in which they participate.

European regulators regularly point to the US as a primitive and lax country in terms of the right to privacy. Stories like this just drive the nail in. The employer actually asked for the applicant to surrender their password? That is more than a violation of privacy, it actually begs the question of integrity and authenticity. How many people were allowed access to the passwords? Beyond that, one has to wonder how passwords were stored securely and when they allowed users to change the password. The value of this test is questionable as well since it is based on a record that the user can actively manipulate before and after, unlike a driving record. Clearly Bozeman is in serious need of some security consulting.

News broke yesterday that Nokia and Siemens had enabled Iran to do deep packet inspection. The sale of this capability has been defended as an integral part of technology required for network access. In other words, when Iran invests in core communications infrastructure it will inevitably get the ability to look inside and reshape the traffic that it now carries.

Whether or not you agree with the politics of this situation, very interesting analysis is possible as demonstrated by Arbor. They have posted a map of recent Iranian Traffic Engineering and also noted why Iran is unlikely to completely block off communication:

Iran has significant commercial and technological relationships with the rest of the world. In other words, the government cannot turn off the Internet without impacting business and perhaps generating further social unrest.

That means Iranian traffic is highly likely to be manipulated and monitored instead of blocked. This is a much higher level of sophistication in security terms, as I explained before with regard to cell phones in prisons. I would therefore expect to see counterintelligence used for things like Twitter misinformation, as I explained before with regard to protests in Egypt and the militias in Somalia.