Last Thursday, I called Gerald Rubright down in San Clemente. Rubright is the attorney for Timothy Lai, who has been charged with “one felony charge of second-degree commercial burglary and four felony counts of computer access and fraud.” (OC Register, 3/20/15)
Lai is the tutor who “is accused of breaking into a campus building [at Corona del Mar High] and placing a USB device on a teacher’s computer that was capable of recording keystrokes. Authorities think that by using information gleaned from that device, Lai was able to access the school’s network and change several students’ grades.” (OC Register 3/20/15)
I called Rubright to get an update on the status of Lai’s case as there had been little news since his arrest. Coincidentally, the next day, the story broke that Lai “will face more than a dozen additional felony charges for accessing school computers.” (OC Register 3/20/15)
Lai “is now being charged with 16 other felony counts of computer access and fraud.” (OC Register 3/20/15)
In their attempt to sweep yet another scandal under the rug, the school board bungled the investigation and the disciplinary action against the students. Though only a handful of students were held accountable for their actions, the OC Register story reported that “Some parents claimed that as many as 150 students may have been involved.”
After Lai was arrested last October, the district issued a statement that said, essentially, that because Lai was in custody it was now a criminal case and there would be no more comments. The equivalent of “We’re sweeping this under the rug.” I don’t blame them for doing this – the strategy has worked for years.
But there is one question regarding this case that the district has yet to answer, one that transcends Lai’s alleged crimes or the handling of the discipline. What taxpayers need to know now are the steps that have been taken to prevent this from happening again. And, digging deeper, Lai’s alleged crime was amateurish – no self-respecting hacker would think of breaking into a building to gain access to a computer and have to install a device on it – they would do it from their bedroom in their pajamas.
So what is the district’s cyber security policy? They’re not saying.
Taxpayers don’t need details on the cyber security policy. After all, we wouldn’t want to give away information to potential hackers. But taxpayers do deserve to know whether and how often the district’s academic performance information is protected.
Until we know that, why shouldn’t some folks be skeptical about all of the grades and test scores in all of the schools?
You won’t be hearing any general information about the district’s cyber security policy anytime soon – if ever. That would draw attention to the CdM cheating scandal and that one has already been swept under the rug.