This paper was presented at the Association for Education in Journalism and
Mass Communication in San Antonio, Texas August 2005.
         If you have questions about this paper, please contact the author
directly. If you have questions about the archives, email
rakyat [ at ] eparker.org. For an explanation of the subject line, 
send email to
[log in to unmask] with just the four words, "get help info aejmc," in the
body (drop the "").

(Jan 2006)
Thank you.
Elliott Parker
====================================================================

Hacking Authority:
Teens Negotiating Acceptable Use in School Computing
Abstract
In the context of growing global reliance on networked computers, the 
negative impact of malicious computer
hacking, or cracking, is increasing in speed and magnitude. While 
corporations can allocate significant resources to
network security, government agencies, schools, and not-for-profit 
organizations struggle to protect sensitive
information from malicious attacks. Noting that preventive 
ethics-based education of young computer-users is
largely absent from the discourse of network security strategy, the 
author argues that the dearth of ethics-based
computing curriculum, policies, and procedures causes schools to 
inadvertently function as training grounds for
young crackers. Tight public education budgets and inadequate 
technical training for school staff members lead
educators to implement policies, procedures, and pedagogical methods 
that teach computer-proficient students the
value and practice of ethical computing. The article describes 
results of an ethnographic study of the ways in which
staff at a public high school attempted, using various strategies, to 
invest students in protecting network security on
campus.
Growing global reliance on networked computers has increased the 
impact of malicious network hacking, or
cracking. While government agencies and corporations have focused 
substantial organizational resources and
rhetoric on legalization and implementation of heightened 
surveillance of networks, pursuit and prosecution of
criminals, and recovery of data, the dearth of preventative policy 
and program development indicates an overlooked
but crucial component of a national strategy to prevent and reduce 
cracking. In this article I develop the argument
that policy makers must address the need for ethical computing 
strategies and policies at the K-12 level designed to
acculturate young computer hackers away from cracking and toward 
ethical computing. Using the case of New
Technology High School, a U.S. Department of Education Demonstration 
Site public school in Napa, California,
this article describes a three-year long participant observer 
ethnographic study of the successes and failures
associated with the school's attempt to socialize its hacker students 
to act as ethical and invested citizens in a
networked environment.
The Cost of Network Attacks
Crimes committed using computers include those that are unique to 
computers and those that criminals have
adapted for perpetration over international computer networks. A 
large portion of computer crime can be understood
as new iterations of crimes that predate personal computers and the 
Internet. Fraud, piracy, identity theft, credit card
theft, insider trading, and child pornography distribution are 
examples of pre-PC era crimes that are now frequently
perpetrated via computer networks. Certain features of the Internet, 
including instant communication, relative
anonymity, and international scope, have enabled criminals to commit 
crimes more easily and with greater gain.
Acquiring money and goods with little effort is the primary goal of 
such crimes (Goslar, 2000).
The second category of computer crime includes crimes unique to 
networked computer environments. These
crimes include denial-of-service attacks, data destruction, Trojan 
attacks, password theft, slave platforming, graffiti,
email-borne viruses, firewall attacks, and syn-flood attacks. Rather 
than financial gain, what typically motivates the
individuals who commit such crimes is thrill-seeking; learning new 
tricks; seeking the opportunity to show off
skills; becoming part of an exclusive community; taunting authority; 
and enacting David vs. Goliath scenarios
(Goslar, 2000). Because these intrusions are often little more than 
pranks, they exist in contrast to the blatantly
criminal "hard-core" computer crimes mentioned earlier.
In some cases the pranks are labeled "hacktivism," such as 
politically-motivated graffiti on corporate web
sites that challenges the ideology of the company. For example, in 
September 2000 a hacktivist defaced the OPEC
web with commentary including the statement, "I think I speak for 
everyone out there … when I say you guys need
to get your collective asses in gear with the price of crude" (as 
quoted in Knight, 2000). In another case, a selfdescribed
tagger nicknamed "Nemesystm" tagged sites such as the U.S. Navy 
Patrol Squadron's with his lyrical
poetry (Lemos, 2000b). Scholar and cyber-liberties activist Doug 
Rushkoff reports experiencing guilty pleasure
when they hear of hacktivist attacks, reveling in the subversive, 
anti-hegemonic flavor of the pranks, viewing them
as fleeting reminders of the fact that the Internet was originally 
developed with public funds and therefore rightfully
belongs to all citizens (Rushkoff, 2000).
The tolerance of ideological hacking is expected to wane as more 
citizens go on-line more frequently and are
consequently affected by network slow-downs and site unavailability 
caused by hacktivists and others. Civil
libertarians and privacy advocates, who cherish the remaining open, 
free-wheeling "new frontier" remnants of the
Internet, have argued that increased publicity of attacks will result 
in tighter government regulation and increased
surveillance of citizens' Internet activities in the name of national 
security (United Press International, 2000). In
fact, in September, 2000 European and U.S. officials were finalizing 
the world's first international cybercrime
treaty, which would require countries to allow police and government 
agencies significant leeway in search and
seizure of computers and networks, despite strenuous objections from 
privacy advocates (Gruenwald, 2000).
Hackers fear that unless the hacker/hacktivist community moves 
aggressively toward self-regulation,
including the reining-in of "script kiddies" (young, unskilled 
crackers) and those who write tools for them, corporate
and public pressure to crack down on hackers will result in a 
witch-hunt. Old-guard hackers and network security
administrators who work toward responsible network use, so-called 
"white hat" hackers, have admonished those
"black hat" hackers who disclose security holes to the public and 
even create and distribute tools to allow script
kiddies to exploit the holes (Lemos, 2000c). Until self-regulation is 
visibly effective in deterring network attacks,
businesses and government agencies will continue to advocate 
increased restrictions.
E-commerce businesses and government agencies have reacted to 
destructive computer network attacks by
calling for and attempting to implement tighter security measures and 
more serious punishments for criminal attacks
against computer networks. Business leaders fear the lower profits 
that could result because of loss of consumer
confidence in e-commerce and computer network security in general 
(Robinson, 2000). This fear appears to be wellfounded,
according to a recent poll commissioned by the Information Technology 
Association of America which
found that four out of five respondents doubted the U.S. government's 
ability to keep computers secure (Reuters,
2000a). According to the head of the National Security Agency Lt. 
Gen. Michael Hayden, even non-malicious
hacker break-ins cause great damage to public confidence, forcing the 
NSA to redouble efforts to protect ecommerce
as well as military networks (Reuters, 2000b). The threat to 
e-commerce is well-publicized in part
because businesses and commercial networks are the most common 
targets of both hacktivists and crackers
(Rushkoff, 2000). In addition, companies are increasingly willing to 
attach large dollar figures to their prevention
and recovery efforts, knowing that such publicity will bolster the 
argument for legalizing more surveillance and
tighter restrictions on Internet use. Loss of productivity caused by 
cracking has thus far resulted in billions of
dollars' worth of damage worldwide (Biagi, 2000), with a predicted 
cost of $1.6 trillion for the year 2000 (Goslar,
2000).
The private sector and government agencies have focused 
organizational resources on improved network
surveillance, better recovery of data, vigorous prosecution, and 
harsher punishment. Corporations are able to
allocate significant resources to network security. American 
companies spent $4.2 billion in 1999 for security
software alone, with a predicted increase to $7.4 billion by 2002 
(Koerner & Glasser, 2000). Despite the large
monetary investment in security software, such software catches only 
attacks by unskilled crackers. The recent highprofile
attacks wrought by script kiddies who used unsophisticated, 
off-the-shelf attack programs are examples of
the type of attack that security software is designed to detect 
(Taylor, 2000a). Highly-skilled security administrators
are necessary to detect and trace more sophisticated attacks, and 
even so most high-level attacks go unsolved (Koch,
2000).
Workers with network security skills are in critically short supply, 
typically leaving the military and other
federal agencies, where they received training, for more lucrative 
private sector positions (Bajaj, 2000). Even though
network security workers' average annual salary increased 11.47% from 
the previous year (Fujii, 2000), the
disparity between federal and private salary scales for security 
administrators is striking: entry level workers with
the government earn at most $30,000 per year, compared to the $90,000 
to $120,000 earned in the private sector
(United Press International, 2000). The increasing demand in the 
private sector for skilled security experts forces
government agencies, schools, and other not-for-profit organizations 
to compete in vain with the escalating salaries
and stock option packages that private sector companies offer to 
skilled security administrators (Bajaj, 2000).
The inability of the government to compete for workers is 
unfortunate, since arguably the national defenserelated
networks are the United States' resource most in need of protection. 
Government agencies are concerned
about network attacks due to the possibility of unauthorized access 
to and manipulation of secret government
information systems, including military systems. The current 
rethinking of the very parameters of national security
is in part due to the threat of computer sabotage (Matthews, 2000). 
However, the inability to compete with
corporations for workers has lead to serious gaps in the government's 
network security. A recent congressional
investigation of federal agencies' readiness to repel network 
infiltration netted an overall grade of D-, indicating the
high level of vulnerability throughout government networks (House 
Subcommittee on Government Management,
Information, and Technology, 2000). Growing concern about network 
vulnerability lead President Clinton to
propose a plan to spend $2 billion to protect national 
infrastructure-related computer networks (United Press
International, 2000).
Among the efforts to combat malicious attacks are an increasing 
number of "counterhacking" education
courses available. While higher education has been slow to catch on 
to the need for high-level network security
training (Bajaj, 2000), private companies such as EDS, Foundstone, 
and Ernst & Young have begun to offer courses
with names like "Extreme Hacking" which train corporate employees to 
hack into their own networks in order to
better protect them. However, hackers such as Emmanuel Goldstein, 
editor of the hacker publication 2600, assert,
"corporations can't teach hacking" (Taylor, 2000b). According to 
Goldstein, "[hacking] has to be in you" (Taylor,
2000b), implying that even when corporations attempt to teach 
technical skills, employees will still lack the innate
sensibility necessary to think like a hacker. This observation 
suggests that if white hat hackers, civil libertarians,
business leaders, and government agencies believe in the importance 
of acculturating computer-proficient
individuals toward responsible computing, such acculturation must 
begin early. K-12 educational institutions
provide an opportunity for such acculturation to occur.
Schools as Hacker Training Grounds
Since Jeffersonian times, the public school has functioned as the 
primary means of educating U.S. citizens to
live and work in participatory democracy (Botstein, 1997). While the 
overt curriculum (defined as the easily
observable portions of the curriculum such as course offerings, 
syllabi, and assignments) plays a major role in
students' academic education, the covert curriculum (school policies 
and procedures, social activities, etc.) is crucial
in acculturating students to understand and learn to function within 
the social and economic hierarchies outside
school walls (McAllister & McAllister, 1998). As networked, 
Internet-connected personal computers become
common in public schools, computer-related covert curriculum becomes 
an important yet understudied factor in the
educational programs of U.S. youth.
Hackers, crackers, hacktivists, and script kiddies typically first 
learn and hone their computer skills at school,
where they usually have access to multiple networked computers with 
little security software blocking their
experimentation. School is also often where they first encounter a 
community of like-minded peers. Whether
students' curiosity and passion is directed toward white hat ethical 
computing or toward black hat cracking depends
upon the school environment, including computer-related curriculum, 
policies, and procedures. Understanding the
impact of pedagogical models employed by schools on the ethics 
education and acculturation of young hackers is
vital to maintaining a balance between network security and the 
protection of citizens' Internet civil liberties.
The constructivist theory of pedagogy, developed and championed by 
scholars including Dewey (1897),
Bruner (1966), Piaget (1972), and Papert and Harel (1993), is a 
theory in which students are conceptualized as active
creators of their own ideas and meaning, rather than as empty vessels 
to be filled with knowledge by the professor.
Learning can only take place when students relate new information to 
cognitive structures that exist in their minds.
An emphasis on integrating theory with practice via learning by doing 
replaces rote memorization of facts because it
is through actively working with material, with peers or alone, that 
students solidify their understanding on a deep
cognitive level.
Constructivists who advocate educational technology believe in freely 
using flexible productivity tools such
as programming, word processing, spreadsheet, database, art, and 
animation software to enable teachers and students
to tailor their computer use to their particular needs. The goal for 
today's constructivists is to move away from
lecture-based instruction and multiple-choice testing, and instead 
engage students in "project-based learning" where
students are more closely connected to "real world" concerns as they 
work independently and in teams to define
problems, figure out what tools and resources they need to find and 
analyze pertinent information (beyond the
textbook and the teacher), and come up with feasible solutions. The 
skills of these "free range students" (Conte,
1995) closely match what corporations say they desire in employees 
(team work, problem-solving, etc.). Among the
skills the students are learning is how to use computer technology 
responsibly with minimal or no supervision.
Because schools have stepped up use of Internet-connected computers, 
the issue of protecting network
security as well as preventing student access to inappropriate 
on-line material has been an increasingly pressing
concern for school staff. Most schools, lacking trained network 
security staff, opt for Internet content management
(ICM) measures, such as off-the-shelf filtering software and proxy 
servers, as a stopgap measure. A May 1999
report by Quality Education Data estimated that usage of ICM software 
in K-12 schools would increase to 71.5% in
the 1999-2000 school year over the 52.5% of U.S. school districts 
that used ICM in the 1998-1999 school year
(Burt, 2000). As noted earlier, such software catches only the 
simplest of network intrusions and abuses while
failing to detect or deter more sophisticated attacks.
Often school staff members lack even the most basic understanding of 
types of hacks, leaving them unable to
discriminate between harmless, potentially harmful, and malicious 
computing. One high school student was
reprimanded by school officials for malicious hacking when he 
reported a security hole he found in the school's
password system. Another teenager, who thought his classroom 
computer's Netscape settings were configured
incorrectly, was reported for hacking by a student aide when he was 
simply looking at the browser settings (Lemos,
2000a). Incidents like these can lead student hackers to feel a sense 
of disillusionment and distrust of school officials
when their efforts to help are unheeded or even punished.
ICM use teaches hacker and non-hacker students, in a covert way, that 
they cannot be trusted to use
computers responsibly. Furthermore, it teaches students that school 
staff member do not deem students capable of
learning to use computers responsibly. Not only does the use of ICMs 
contradict the goals of constructivist
pedagogy, but such measures also represent an irresistible challenge 
for hacker students who view network
restrictions imposed by school officials as an opportunity to 
demonstrate their hacking prowess to their peer group
while simultaneously subverting institutional authority. Public 
schools that are unprepared to handle network
security have few workable options for addressing the need to control 
the actions of hacker students. The following
section of the article describes a school at which school staff 
members gave up trying to control hacker students,
instead opting to harness and channel their passion and talent toward 
helping the school as white hat hackers.
The Study Site
New Technology High School (NTHS) in Napa, California, opened its 
doors to 220 juniors and seniors in the
fall of 1996. It was a public magnet school that featured 
project-based, integrated curriculum; constant access to
networked, Internet-connected computers; and a school culture and 
physical environment modeled upon that of a
high tech start-up business. I conducted participant observation data 
from 1996 – 1999 while serving as the
Multimedia Instructor at the school. Sites of investigation included 
school databases, email exchanges, classroom
observations, student-staff meeting observations, staff meeting 
observations, and personal interviews with students
and staff (Van Buren, 1999).
NTHS students were required to meet Napa Valley Unified School 
District (NVUSD) graduation
requirements, including reading District-approved novels and 
textbooks, in addition to NTHS-specific requirements
in subjects that NTHS staff members deemed beneficial for college and 
career success in the Information Age, such
as computer applications and new media design. Proficiency in word 
processing, spreadsheet, database, and
presentation software served as a foundation for other courses at the 
school; similarly, interactive multimedia design
skill was crucial during students' careers at NTHS because many 
teachers required students to create interactive
multimedia presentations. Students could either take all their 
classes at NTHS or spend part of their day at the other
high schools or the local college taking courses not offered at NTHS 
such as marching band, chorus, and sports.
Students were required to complete at least four college classes and 
complete work experience/internship hours in
order to graduate. Curriculum is academically rigorous; students 
reported they work much harder at NTHS than they
did at their previous high schools (New Technology High School, 1997).
To attend NTHS students needed a 2.0 GPA or higher and must have 
passed Algebra I. The moderate GPA
requirement indicated the desire of NTHS staff to attract a broad 
range of students, from Advanced Placement
students to those who had failed to thrive in traditional schools. 
Qualified students were required to attend an
informational meeting about the school with their parents or 
guardians. Students who did not meet the entrance
requirements may enter an appeals process and gain admission after 
writing an essay and participating in a 30-
minute panel interview with a committee of adults. In 1997-98, the 
NTHS student body was more ethnically diverse
than at Napa's comprehensive high schools, with NTHS reporting 40% 
students of color vs. 36% and 24% at the
other schools (California Department of Education, 1997). Sixty-three 
percent of NTHS students were male, a
percentage disproportionate to the population at large.
The cultural environment of NTHS was that of a super-democratic 
institution where students were
encouraged and empowered to speak, rabble-rouse, and cooperatively 
shape decisions including disciplinary
policies. School planners hoped that a tremendously open environment, 
including the interior architecture of the
building and the structure of the information network, would 
encourage students to feel enfranchised within the
school's structure. The atmosphere at NTHS was one of openness, 
vigorous discussion, freedom of mobility,
responsibility to others, and high visibility at all times. Students 
at NTHS were actively socialized to make wellreasoned
demands of the school staff and other students, with the expectation 
that institutional changes would occur
based on their demands.
Students and staff were recruited based on overt use of the high-tech 
business metaphor. Because the school
sought "to prepare students to excel in an information-based, 
technologically advanced society" (New Technology
High School, 1996) the school used high-tech business models whenever 
appropriate to form policy and make
decisions. Rather than implement a multitude of restrictive policies, 
staff members kept rules to a minimum while
emphasizing education about appropriate technology use and 
responsibility to the organization. Students were
systematically invited to participate in policy discussions and 
decision-making and were expected to behave as
responsible adults. The school did not use bells to prompt students 
to go to class; instead students were expected to
be responsible for their own timeliness. Students did not have to 
raise their hands to ask permission to get a drink of
water or go to the bathroom—they could come and go as they needed 
unless they abused the privilege.
Computer use at NTHS fit precisely within the constructivist model of 
technology implementation. The
school's open and unrestricted model of computer use was a major 
feature of the attempt to implement a "high tech
business model" at the school. Planners distinguished the NTHS high 
tech business model as one in which workers
were trusted to get their work done and act responsibly on-line. In 
such open, trusting high-tech start up
environments, use of Internet filters and other computer restrictions 
would destroy the corporate culture of openness,
camaraderie, creativity, and innovation. Pedagogy focused on teaching 
students that they were in control of their
computers and could manipulate the hardware and software in order to 
achieve academic goals. Computer hardware
and software products were high-quality, ample, and kept up-to-date 
by the school's sponsors. Students and staff had
access to about 250 networked Pentium-chip PCs which meant that 
students always had access to a computer when
required. The software used was business-grade software since a 
primary goal at the school was to prepare students
for the workplace. Students had unfiltered access to email and the 
World Wide Web (WWW) and used their
computers for research, database discussion, document retrieval, and 
creation of school-related essays, journals,
research papers, and multimedia projects. Not all use of NTHS 
computers is academic, however. Some students
formed a Games Club and met outside of instructional time to play 
staff-approved computer games. During breaks
and after class students could use the computers for email and WWW 
browsing as long as their use complied with
the District's Appropriate Use agreement.
Teachers used computers to post course information and assignments in 
databases and on the WWW, email
students their grades and comments on school work, record and 
calculate grades in grading software, perform
research for curriculum development, and develop and deliver class 
presentations and lectures. Students and staff
used the computer network to arrange meetings and check schedules, 
share important school-wide announcements,
and collaborate on projects by circulating files. According to 
constructivist ideals for technology use, NTHS
exemplified a best practices model in the way that students learn to 
responsibly control and access computer
technology.
The Computer Network Structure
As long as the trend of incorporating computer technology into school 
curricula continues, the U.S. public
education system will increasingly be forced to grapple with the 
following issues faced at NTHS during the study.
The description and analysis of the impact of computer use on the 
covert curriculum revealed that, first, substantial
staff and student time was diverted from academic curriculum and 
instruction because of student misuse and abuse
of the computers and computer network. Second, the disciplinary 
system held different lessons for less-computer
proficient students than it did for highly-computer proficient 
students, creating separate classes of students within
the high-tech school environment. Third, although technology abuse as 
a type of school crime is laughable to most
officials from traditional schools, at NTHS it constituted a constant 
struggle against high-tech abuse that, as noted
earlier, American law enforcement officials believe constitutes a 
threat to the stability of the U.S. economy and
security.
Maintaining the stability and functionality of the NTHS computer 
network for instructional use demanded
that control of network functions was restricted, albeit minimally. 
Accidental or purposeful changes in the network
could have resulted in network crashes, disrupted and lost 
instructional time, and extra hours of work for teachers
and the network manager. Even with software-based restrictions, 
teachers and other staff members had to visually
monitor student use of computer technology and educate students about 
appropriate use, adding to the already-full
workloads of staff. NTHS staff members dealt with diversions from 
academics common to all schools due to typical
school activities (assemblies, rallies) and traditional disciplinary 
activities (referrals for smoking, 'defiance'), and
other miscellaneous problems such as forgotten textbooks or school 
supplies. These traditional school diversions
combined with the unique technology-related diversions at NTHS 
resulted in an increase in personnel time required
to run the school and loss of instructional time for students. 
Contrary to the myth that computers are labor-saving
devices that save educational dollars, at NTHS the computers added to 
personnel costs. The minimal software-based
control of the network and individual computers that the school chose 
to implement, as described below, helped only
a small extent to lessen staff workload.
Student access to the school network was restricted by individual 
passwords, administered by the school's
network manager. No passwords, student or staff, were secret from 
her. Students had two passwords: one for
logging on to the network, and another for accessing their Lotus 
Notes accounts. They could log on to any computer
in the building and access their individual "My Documents" folders 
housed on a school server and their Lotus Notes
files housed on a different server, giving them a high degree of 
freedom and flexibility in moving about the building
throughout the day. Thanks to the World Wide Web, students and staff 
could also access their Lotus Notes email
from outside the school by entering their usernames and passwords at 
the school's web site.
Using the C-drives of individual workstations for saving files was 
discouraged (but not prohibited) since the
C-drives were accessible to other students, making files vulnerable 
to alteration or erasure. In addition to their own
password-protected folders on the school servers, students had read 
and write access to other partitioned sections of
school servers, such as the Students on Server3 section (where 
teachers and some administrative staff maintained
folders) and the WebServer on Server3 (where students posted their 
web page folders for the school web site).
Students could use those publicly-accessible servers to view, post, 
and copy files for staff and each other, but
students could not alter or delete files once they were posted in 
these public areas of the network.
When the school first opened, staff members were very naďve about the 
possible mischief and damage
students could cause when they had unrestricted access to the 
computers and network. Computer-related discipline
problems were simply outside the consciousness of staff members. Our 
initial expectation was that we would face
traditional disciplinary issues that public schools faced; we never 
considered the possibility that students would
abuse the privilege of their access to high technology. Exacerbating 
the problem of unpreparedness was that staff
lacked training in network security. For example, when the school 
opened students had DOS access, but the network
manager soon encountered problems maintaining the functionality of 
the network and individual computers because
of students who tampered with system settings.
NTHS staff members acknowledged that due to limited time, resources, 
and expertise we could not hope to
completely control the school's computer network, especially since 
some NTHS students possessed far superior
computer skills than all NTHS staff put together. As a result the 
staff tried to enfranchise all students in the process
of building effective computer technology policy. Working from the 
desire to build a "culture of trust" with
students, staff members began by trusting students to use the network 
responsibly and educating them about how to
use the network responsibly.
Eventually the staff realized that despite the effort to build a 
culture of trust, the school would have been
negligent if staff members did not monitor student computer use at 
all. Staff members attempted to minimize the
need for monitoring by preventive education. All students and their 
parents or guardians read and signed the
school's "Appropriate Use Policy" which detailed the school's 
computer policies and procedures. Staff members
repeatedly reminded students that the whole world was watching the 
school's progress, and students should conduct
themselves as if the world was looking over their shoulders. Students 
had been invited twice in the first three years
of the school's operation (1996-1999) to help develop the school 
technology policy. Known and potential hacker
students were repeatedly invited to serve as network consultants and 
troubleshooters, performing such white hattype
tasks as helping to plug network security holes and assist in the 
formulation of network policy and procedures.
Teachers and staff members actively socialized students to view the 
technology resources as privileges they enjoyed
rather than resources to which they were entitled. We frequently 
reminded students that the computers and networks
were owned by the school district, and that school facilities were 
for educational use only.
The monitoring at NTHS was minimal. Teachers looked at students' 
computer monitors in the course of
walking around to help students, watching for signs of inappropriate 
activities. The network manager installed a
program on each computer that tracked installation of applications by 
comparing what was installed on the machine
at last start-up to what was installed on the machine at the current 
start-up. When new applications were noted the
manager was able, as her busy schedule allowed, to look at the log-on 
records and see who was last logged on to that
particular computer, indicating who installed the software without 
permission. Students were aware that staff could
read their email and track web site visitation, as well as read 
postings on the various discussion databases that the
school offered.
Even the minimal network restrictions in place at NTHS have incensed 
the school's more computer-proficient
students. Accustomed to having complete control over their home 
computers (and in some cases, home computer
networks), such students arrive at NTHS expecting to have similar 
control over school computers. This caused
computer-proficient students to complain bitterly, eventually driving 
them underground to constantly and
surreptitiously test the network for holes in security. However, 
students were also aware that the staff was so busy
with curriculum development, teaching, research, staff development 
and training, student tutoring, discipline,
parent-student conferences, staff meetings, grading, preparing for 
conference presentations, and other duties that we
rarely had time to monitor student use of the network. The times that 
I caught students misusing or abusing the
computer network were entirely by accident and in person (for 
example, I happened to walk by a student's
workstation and see the "download file" window open on the monitor, 
or see an email with obscene language),
rather than because of systematic electronic monitoring.
Non-Proficient Students
The less-computer proficient students appeared for the most part to 
follow the appropriate use guidelines
established through the "culture of trust" campaign. Although they 
occasionally misused email, the Web, and
databases by engaging in social/recreational use during class time, 
and were punished accordingly, they did not
attempt to penetrate or bypass network security blocks or damage the 
system. Low-level abuse of the network was
easily discovered and traced by school staff, leading non-proficient 
students to fear being caught. As a result, nonproficient
students learned to fear monitoring and punishment.
The definition of appropriate use of email, discussion databases, and 
software of various kinds involved
refraining from activities that will damage the school's culture, 
reputation, or network. Students were not allowed to
create sexist, racist, homophobic, obscene, or otherwise harassing 
messages using words, images, or sounds.
Students were not to send large files over email in order to avoid 
overloading and crashing the email system.
Students were not to use the network recreationally during 
instructional time, i.e. sending social email or social
database postings during class time, unless they have finished their 
assignments. These limitations were in keeping
with the "business model," since similar limitations were in place in 
various businesses to avoid lost productivity
and harassment lawsuits. Knowing that students more readily accepted 
limitations if the limitations are framed in
terms of "business standards," teachers periodically discussed recent 
cases in which a worker was fired for viewing
pornography at work, or for sending harassing email from an 
employer's computer network. That the limitations on
computer use also kept NTHS within the California Educational Code 
guidelines pertaining to the maintenance of an
appropriate educational environment was rarely discussed with students.
Controlling appropriate use of student email proved difficult. The 
existence of email groups in the school
email address database allowed standard messages to reach large 
groups of people quickly and easily. These groups
include "Staff," "Junior Students," "Senior Students," and 
"Students." Teachers were able to make email address
groups for their classes. For example, I could send email to my 
students, period by period, regarding assignments
and multimedia contests. Students quickly realized the power of being 
able to send a message to a large group of
people. On the second day the school was open in 1996, which was the 
first day that students' email accounts were
functional, a student sent an all-student email containing a picture 
of a skull-and-crossbones with the message
"Death to all students." Because no staff members were on the 
"Student" email group, we did not know of the
message until recipients complained to us about the message as a 
death threat. The sender of the email, who claimed
that the message was a joke, was immediately called into the school 
director's office and sent back to his previous
high school. After this incident staff members were included in all 
official student group email address lists, and
students were required to secure and note staff member permission 
when sending all-student email (Figure 1).
Figure 1: Example of Permissible All-Student Email, 1999
FROM: Amanda (5/27/99)
TO: Students
SUBJECT: Raffle
Attention Students! Friday Night Live will hold a drawing for 2 
passes to Six Flags Marine World.
You may purchase a drawing ticket for $2. Buy as many as you like. 
Tickets will be on sale in the
front hall during break tomorrow. Drawing will be held on Monday, 
June 7 and one lucky winner
will walk away with the two passes.
Ms. Matzke gave me permission
Figure 2: Anonymous External All-Student Emails, 1999
FROM: SuperFreak <[log in to unmask]>
(4/21/2002)
TO: Students
SUBJECT: hi everybody
hello boys and girls.
FROM: [log in to unmask] (11/20/98)
TO: Students
SUBJECT: hello
i love you all.
FROM: [log in to unmask] (5/14/99)
TO: Students
SUBJECT: dear josh
thanks for giving me your email address.
I think that you are dumb.
Have a nice day.
FROM: [log in to unmask] (5/18/99)
TO: Students
SUBJECT: asdfjkl;;lkjfdsaasdfkl;jj
Asjidfljkas;fljakknsvdo,w/qngv/wnSDhgo:qi/awv/lzcoiIQWE'24 92878:0AD
9ur08 2y /HLADJjL?KDSGDgPU30RhnAV?as:flakknsvdo:w:/qngv/wnSDhgo:qi/awv/lzcoiI
[repeated 81 more times]
Figure 2: Anonymous External All-Student Emails, cont'd
FROM: [log in to unmask] (5/18/99)
TO: Students
SUBJECT: m-eye eye-denti-ty
I yam da terror dat lurks in da nyte…. I yam de un forseen 
cir-cum-stance behind all that is
just… u will never discover my identity….you will never discover me… 
for I am and always
will be the phantom menace that will forever be unseen…. u all will 
nevah know…and u can
never track me down…. bwa ha ha ha ha….
FUCK U ALL FUCK U ALL FUCK U ALL FUCK U ALL FUCK
[last line repeated 41 more times]
FROM: Hombre con los huevos a <coma el [log in to unmask]> (5/26/99)
TO: Students
SUBJECT: por favor
Dear Javier,
How are you? I am ok. Ever since you fled to America I have been 
lonely. It's been tough without
you, but because of the all the loving that the men in the village 
are giving me, I am not always
depressed. Come home soon.
Your Hot Latin Lover,
Fidel
This policy did not address what was possible due to the 
proliferation of web sites that offered anonymous
email accounts. Sites such as hushmail.com, china.com, and 
latinmail.com allowed anyone to establish an email
account under a name of their choice. For students and others who 
wished to send anonymous email to people
within the school, such sites offered the power to communicate 
without responsibility for the message. In May, 1999
the school suffered a rash of anonymous all-student emails (Figure 
2), mostly innocuous in nature with one that was
both threatening and vulgar. Two of the messages contained large 
quantities of text that when sent to every student
in the school could clog the email server to the extent that the 
server might crash. One email was sent by someone
who managed to create a fake school email account 
("[log in to unmask]"). This and one other email
contain bogus dates, indicating that the sender deliberately changed 
the date and time on the sending computer to
make the prank more elaborate. The existence of numerous web sites 
that offered anonymous email meant that even
if NTHS moved to block mail from a specific email account or even a 
specific provider, a student bent on sending
anonymous emails could simply switch account providers over and over again.
Despite the relatively benign nature of these anonymous messages, 
they nonetheless sent a sobering message
to the school, particularly to school staff. The senders wished to 
remind us of the school's vulnerability. The emails
announced the power these people possess to subvert school rules with 
impunity, as well the potential damage these
people could cause if they so desired. It was tempting to view these 
email pranks as mere high school foolishness,
but there were unmistakable parallels between the NTHS incidents and 
other incidents of hacker tampering at the
corporate and governmental levels.
In response to the anonymous emails an NTHS teacher who also served 
as the school web site manager sent
out an all-student email hoping to send the strong message that the 
offender(s) were jeopardizing the openness of the
school's information system:
The recent flood of outside e-mail is a good example of the problems 
of having an open
network. Although some students use outside e-mail accounts 
appropriately (to send
themselves assignments from home, etc.) a few students who misuse our 
web access could
force us to tighten the network. It would take very little effort to 
put our access of the web
through a proxy server which would limit access to sites the staff 
pre-selects, or to remove the
e-mail option for Lotus, or to use only the electronic library and 
remove all WWW access.
The rest of the nation is watching us to see if an open network can 
work at a public school. As
in any government structure or institution, unless each of us acts 
responsibly and encourages
others to do the same, it will be much easier to remove liberties.
This summer, the staff will be making those decisions as we update 
our system for next year.!
The behavior of you and your peers during these last few weeks will 
be fresh in our minds.! If
you agree with the staff that an open network is what we want, then 
please use our network in
a professional manor [sic].
If you have any thoughts on the matter, please e-mail them to the 
Tech Management Team (P.
Curtis, personal communication, May 28, 1999).
One attempt at systematic electronic monitoring was quickly 
abandoned. In Fall 1998 a highly computerproficient
student approached school staff with an idea for an electronic method 
of monitoring web site use on
campus. He proposed installing what is called a "Unix box," which 
would allow the constant and complete
recording of every web site visited by everyone in the building. The 
school director and network manager agreed to
let him install the Unix box, and within the first 30 minutes of 
tracking, people in the building visited dozens of
obviously inappropriate sex-related web sites. By noting the 
computers from which the sites were accessed and the
time of access, the network manager could then determine who was 
logged on to the computers at the time of
access. Quickly the record of inappropriate site visitation became so 
staggering that the school director removed the
Unix box because he did not have time to discipline all the 
transgressors. The director also noted that the Unix box,
like filtering software, contradicted his desire to build a "culture 
of trust" with students at the school. In this instance
the school chose to ignore the problem rather than reallocate time 
and resources to deal with the problem.
Hackers
In contrast to the activities and lessons learned by non-computer 
proficient students, hacker students, who
clearly knew how to use computer technology much better than staff, 
scoffed at the school's policies and procedures
and knew that they could move in and out of the school network and 
engage in other inappropriate computer activity
without being detected.
A group of three such students, all boys, agreed to be interviewed 
for the study regarding what they knew was
possible in the way of infiltrating the school's computer network and 
individual computers. These boys expressed
their views about hacking. For these boys the goal was to determine 
what security holes existed and what damage
they could do, but did not do, to the network. An additional thrill 
in the case of hacking the school system was the
secret knowledge of their technological superiority to the adult 
staff members at NTHS. I approached them as
informants, carefully characterizing what I wanted to know as 
activities they knew were possible, not necessarily
activities in which they themselves had engaged. Some of these 
students had already helped the school director plug
security holes in the school's network. Nevertheless, because the 
conversation could lead to disciplinary action by
school staff I protected their identities in order to understand the 
extent and nature of actual and potential computer
system abuse at NTHS. What follows is a description of actual and 
potential transgressive computer activity at the
school gleaned from a personal interview with students.
When asked to describe activities that students could engage in at 
school that could potentially damage the
school computer system, the students' responses filled three 
hand-written pages of notes. Activities could be placed
into two categories: nuisance-producing activities and 
maliciously-damaging activities. The activities could create
physical damage to computer hardware; software-based damage to 
individual computers; and software-based
damage to the computer network as a whole. The cost of overcoming 
such damage ranged from the expenditure of
small amounts of staff and instructional time and money to 
expenditure of large amounts of staff and instructional
time and money. In the case of data loss the risk involved 
irreparable loss of student and staff privacy if confidential
grade, personnel, and address information is accessed.
Theft of software and hardware was the first activity the students 
mentioned. Students can steal software
applications by taking the actual disk or CD on which the licensed 
software was delivered. They could also copy
software from school computers or download illegal copies of software 
posted at "warez" sites on the Internet.
Downloading from the Internet at NTHS was appealing because the 
school's high-speed Internet connection allowed
students to gather more software in a shorter amount of time than 
they would be able to gather at home on slower
Internet connections. If students installed the software on NTHS 
machines the school is liable for software license
violation. Students can also copy the software to Zip disks or 
CD-ROMs at school to take home and install on other
computers or distribute freely to others. The school made no attempt 
to track the extent of software theft but did try
to minimize unauthorized installation of software on school machines 
through education, the executable application
detection program described earlier, and walk-around monitoring by teachers.
Minor nuisance-causing network activities were the equivalent of 
mischievous student pranks. Students could
change the network log-on screen information in subtle ways (for 
example instead of the required domain name
NAPA_NTHS, a prankster typed NTHS_NAPA or some other variation). When 
the next student attempted to log on
to the network he or she got an error message and usually could not 
figure out what the problem was, requiring
teacher assistance which in turn delayed instruction for the entire 
class. Pranksters also typed vulgar words into logon
windows for the next student to read before logging on, the 
equivalent of on-screen graffiti.
Pranksters wrote and installed tiny computer programs that created a 
nuisance but did not damage anything.
Rather these programs waste instructional time as students and staff 
work to figure out the problem. For example,
one student-created program automatically logged students off the 
network as soon as they logged on, in effect
shutting them out of the network until the program was disabled. 
Students wrote programs in Lotus Notes which
were executed by clicking on an on-screen button. They sent the 
buttons in email to other students with the simple
message "click me." When recipients clicked the button, hundreds of 
email messages were automatically sent out,
sometimes with offensive messages that appeared to be sent by the 
hapless button-clickers. The dilemma for the
button-clickers then became whether to take the blame for the email 
spam they inadvertently sent out or to turn in
the senders of the "click me" buttons.
Other abuses of the NTHS network were more sinister. Occasionally the 
school was "nuked," causing the
computers to get "bluescreened." This meant that someone ran a 
program called Win Nuke on the school computers,
causing the machines to lose their network connectivity, lose any 
unsaved data, and require restarting. Win Nuke did
not cause permanent damage, but it did delay instruction, cause 
students and staff to lose data, and serve as a
reminder of the school's vulnerability to technological terrorism.
A more malicious program called Back Orifice (a name parodying the 
Microsoft Back Office software)
plagued the school in Fall 1998. Back Orifice was surreptitiously 
installed on several NTHS machines, enabling
remote control of the infected computers. The implications of Back 
Orifice installation were quite grave. For
example, the program allowed the installer to remotely control the 
computer desktop, restart the computer, display
pop-up messages to the user, read files including temporary files 
containing password information, record
keystrokes, send email from the user's account, and capture screen 
shots of the user's monitor. If a video camera
was installed on the user's computer, Back Orifice allowed the remote 
installer to control the camera and take video
shots of the user surreptitiously. The ability of Back Orifice 
installers to access and maliciously use confidential
information in a school setting was very serious cause for concern.
The students I interviewed revealed that the entire school network 
had been open to hackers. Everything –
including the school web server, student and staff servers, 
individual student and staff network accounts, email
accounts, and individual hard drives – was accessible to motivated 
hackers from both on- and off-campus. The
implications of this unauthorized access on the privacy of students 
and staff were profound. Because the network
manager had saved a text document in her files containing all NTHS 
passwords, finding the school passwords was
as easy as opening a text document. Student records, staff 
discussions on the database, staff email regarding student
grades and behavior, and student grade databases were accessible. 
Reading these files, editing them, and sending
email in another person's name was possible. This had been the case 
from Fall 1996 – Fall 1998, until the school
moved its Internet connection from a commercial service provider to 
the NVUSD wide area network. The students I
interviewed maintained that despite the move to the NVUSD network 
they could still, with a great deal of work,
gain access to the entire NTHS network because of security holes.
I questioned my interviewees about how to solve the problem of 
network security in poorly-funded public
institutions, and they could not come up with any suggestions. They 
believed that there would always be security
holes in computer systems that leave information vulnerable to 
attack. However, they maintained that overall NTHS
hackers were non-malicious, and offered the fact that nothing serious 
had happened to the school networks as
evidence of their peer groups' beneficent nature.
Consequences
When misuse and abuse of the network occurred, offenders who were 
caught were punished by having their
network privileges removed for a period of time, in essence an 
in-house suspension from the system. Students who
are "off the system" receive their assignments via printout and turn 
their work in by writing by hand or using
computers at the city/county library, Napa Valley College, or at 
home. In some classes, such as in the multimedia
class which required the use of expensive computer animation software 
generally not available anywhere else,
project deadlines are extended until the student is back on the 
system. After the initial expulsion from NTHS (the
email death threat situation discussed earlier), the political 
difficulty of sending NTHS students back to the other
Napa high schools prevented even those students who repeatedly abused 
the network from being sent back to their
previous high schools. On only three occasions did the school 
director successfully convinced repeat network
abusers and their parents that returning to the previous school 
offered the best solution for timely and trouble-free
completion of high school requirements. In these cases, the return to 
the previous school was entirely voluntary, thus
avoiding giving the other school principals grounds for complaints 
about "dumping" of problem students.
Over the course the study, I noted that it was typically a small 
portion of the less computer-proficient students
who made mistakes when misusing the computer system and are 
consequently caught and punished. The school's
Appropriate Use Policy and attendant disciplinary system functioned 
as a strong deterrent against malicious
behavior on the part of less computer-proficient students, 
socializing them to accept limitations on the uses of
computer technology in public settings. Highly 
technologically-skilled students, on the other hand, remained
unconvinced of the school's ability or desire to follow through with 
technology-related discipline. The hacker
students I interviewed found the school's disciplinary policy on 
system abuse laughable, saying it served no
deterrent function whatsoever. Because word of the Unix box incident 
quickly spread among them, in which school
administration chose to ignore the conduct, hackers learned that the 
school staff would not or could not work
seriously to enforce appropriate network use. These students felt 
quite secure in their ability to hack into the school
system without being traced or punished. Because these hacker 
students possessed technology skills far superior to
staff skills, in reality the hackers truly were beyond policing by 
staff. The striking resemblance between NTHS
computer crime and computer crime in the larger society indicates 
that NTHS hackers were using their time and
access to high-speed technology at school to further develop their 
hacking skills. For these students the covert
curriculum was one in which their sense of superiority over the 
adult, non-technological world was reinforced.
The problem of network security holes is not specific to NTHS or any 
other school. Rather, security breaches
are a hazard faced by all public and private institutions that use 
Internet-connected computer technology. Ensuring
network security requires the expensive time and expertise of 
highly-skilled computer professionals, a luxury which
schools and other public institutions can rarely afford. In the case 
of public institutions, which are supposed to
inspire trust in the citizenry and represent stability in the face of 
societal changes, the vulnerability of confidential
and sensitive information becomes a public safety issue. In a K-12 
setting the particular vulnerability of minors
escalated the need to protect their confidential information from 
unauthorized access.
The contributions of this analysis are significant to the degree that 
computer technology is blended into
American high school classrooms. Tremendous staff and student time is 
channeled from academic curriculum and
instruction because of student misuse and abuse of the computers and 
computer network, requiring more, not less,
personnel time. This finding refutes the myth that computers are 
labor saving devices that will replace teachers and
other school staff. The computer technology policies and procedures 
at NTHS, in the context of the overall strategy
of constructivist pedagogy, contributed a great deal to the covert 
curriculum and the development of the educational
culture of the school. The strategies employed by staff members to 
enfranchise hacker students can be seen as
partially successful in that some students apparently hacked the 
network, but did so largely without malicious intent
and without serious harm. Some hacker students were successfully 
recruited as white hat hackers who helped to
troubleshoot and secure the integrity of the network.
Conclusion
Societal unease about computer network security has the potential to 
threaten cyber-liberties currently
enjoyed by Internet users around the globe. Corporations and 
governments may see no alternative to restrictive laws
unless Internet users, cyber-liberties activists, and hacktivists 
work together to create a culture in which responsible
hacking is rewarded and destructive hacking is discouraged. Groups 
concerned about developing an overall
computing culture which maintains a balance between cyber-liberties 
and cyber-responsibility should work with
educators to develop and implement ethics-based computing curriculum 
for K-12 schools. Further study of
pedagogical models that foster student self-responsibility and 
ethical computing habits is necessary to develop a
range of best-practices models from which educators can work.
Bibliography
Bajaj, V. (2000, Mar. 12). Web security posts hard to fill with 
skilled workers. The Dallas Morning News, 22L.
Berinato, S., & Ferguson, R. (2000, Sep. 15). Hack alert: Where's the 
outrage? EWeek [On-line]. Available:
http://www.zdnet.com/eweek/stories/general/0,11011,2628787,00.html
Biagi, S. (2000, Oct. 2). A personal touch. Telephony [On-line]. Available:
http://www.internettelephony.com/asp/ItemDisplay.asp?ItemID=11222&AreaID=8.
Botstein, L. (1997). Jefferson's Children: Education and the Promise 
of American Culture. New York: Doubleday.
Bruner, J. (1966). Toward a theory of instruction. Cambridge, MA: 
Harvard University Press.
Burt, D. (2000, July 20). Written Testimony of David Burt, Child 
Online Protection Act Commission [On-line].
Available: http://www.copacommission.org/meetings/hearing2/burt.test.pdf
California Department of Education (1997, October). CBEDS Profile 
(CBEDS-EE9), Napa County, Napa Valley
Unified School District.
Carnevale, A., & Porro, J. (1994). Quality Education: School Reform 
for the New American Economy. Washington,
D.C.: U.S. Department of Education, Office of Educational Research 
and Improvement.
Conte, C. (1995, October 20). Networking the classroom. CQ Researcher 
pp. 923-943.
Dewey, J. (1897). My pedagogic creed. Reprinted in J. Boydston (Ed.) 
(1967-1991). The collected works of John
Dewey. Carbondale: Southern Illinois University Press.
House Subcommittee on Government Management, Information, and 
Technology (2000, Sept. 11). Report card on
computer security in the federal government. Committee on Government 
Reform [On-line]. Available:
http://www.house.gov/reform/gmit/hearings/2000hearings/000911computersecurity/000911.htm. 

Fujii, R. (2000, Apr. 3). Companies employ multiple defenses against 
computer hackers. The Record [On-line].
Available: Electric Library http://www.elibrary.com.
Goslar, M. (2000, Sep. 6). Cracker attacks for a different reason. 
Enterprise [On-line]. Available:
http://www.zdnet.com/zdnn/stories/news/0,4586,2624613,00.html?chkpt=zdnnmoreon
Gruenwald, J. (2000, Sep. 25). Nations struggling to fight 
cybercrime. Inter@ctive Week [On-line]. Available:
http://www.zdnet.com/zdnn/stories/news/0,4586,2631389,00.html
Knight, W. (2000, Sep. 15). OPEC web site defaced. Enterprise 
[On-line]. Available:
http://www.zdnet.com.au/enterprise/security/stories/au0005622.html
Koch, L. (2000, Jul. 6). Open sources: Preventing cybercrime. 
Inter@ctive Week [On-line]. Available:
http://www.zdnet.com/intweek/stories/news/0,4164,2601565,00.html
Koerner, B., & Glasser, J. (2000, Feb. 28). Who can stop 
cybervandals? U.S. News and World Report [On-line].
Available: Electric Library http://www.elibrary.com.
Lemos, R. (2000a, Jul. 14). Hard times at hacker high. ZDNet News 
[On-line]. Available:
http://www.zdnet.com/zdnn/stories/news/0,4586,2604043,00.html
Lemos, R. (2000b, Jul. 12). Script kiddies: The net's cybergangs. 
ZDNet News [On-line]. Available:
http://www.zdnet.com/zdnn/stories/news/0,4586,2602573,00.html?chkpt=zdnnmoreon
Lemos, R. (2000c, Jul. 26). Silence the best security policy. ZDNet 
News [On-line]. Available:
http://www.zdnet.com/zdnn/stories/news/0,4586,2608077,00.html
Matthew, R. (2000). The environment as a national security issue. 
Journal of Policy History 12(1), 101-122.
McAllister, P. & McAllister, K. (1998). Critical Resources in 
Teaching with Technology: Introduction to Techno-
Critical Pedagogy [On-line]. Available: http://www.engl.uic.edu/~stp/intro.htm
New Technology High School (1997). Focus Group Comments. 
Self-published document.
New Technology High School (1996). Napa's New Technology High School: 
A U.S. Department of Education
Demonstration site. Self-published brochure.
Papert, S., & Harel, I. (Eds.). (1993). Constructionism. Norwood, NJ: Ablex.
Reuters (2000a, Oct. 16). Americans question cyber-security. TechTV 
[On-line]. Available:
http://www.techtv.com/cybercrime/hackingandsecurity/story/0,9955,3005501,00.html 

Reuters (2000b, Oct. 16). NSA chief: We protect cyberspace. Wired 
News [On-line]. Available:
http://www.wired.com/news/print/0,1294,39476,00.html.
Rushkoff, D. (2000, Feb. 10). Recent Internet attacks are a reaction 
to the commercialism of the Internet. All Things
Considered, National Public Radio. [Online]. Available: Electric 
Library http://www.elibrary.com.
Robinson, C. (2000). Electronic commerce commands canny insight into 
hacker moves. Signal 54(9):53-56.
Taylor, C. (2000a, Feb. 21). Behind the hack attack. Time, 44-47.
Taylor, C. (2000b, Mar. 22). Business: Cracking the code. Time, 60.
United Press International (2000, Jan. 7). Clinton announces security 
plan [On-line]. Available: Electric Library
http://www.elibrary.com.
Van Buren, C. (1999). High technology learning at "The School That 
Business Built": Perceptions of education at
New Technology High School (University of Texas at Austin, 
unpublished dissertation).