[Air-L] ethical incident: Linux bans University of Minnesota for committing malicious code

Richard Forno rforno at infowarrior.org
Wed Apr 21 17:06:04 PDT 2021


I've always wondered when a prominent ethical incident would arise from poorly-constructed research plans in the cybersecurity field. I guess now we've got one.  IMO this presents an interesting conceptual & practical distinction between IRB approval for testing on "human subjects" vs "potentially causing human-harm".  (Frankly I'm surprised this project even got approved and am disturbed at how the researchers seem to have interpreted the IRB concept/process/approval.)

At the very least this incident can contribute to future discussions on internet ethics, especially as we go further down the path of AI/ML, automated systems, self-patching software, IoT, etc, etc. Lots of potential ramifications to ponder, imho.

-- rick


Linux bans University of Minnesota for committing malicious code

In a rare, groundbreaking decision, Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project.

The move comes after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux codebase, as a part of their research activities.

Additionally, the Linux kernel project maintainers have decided to revert any and all code commits that were ever submitted from an @umn.edu email addresses.

< - >

https://www.bleepingcomputer.com/news/security/linux-bans-university-of-minnesota-for-committing-malicious-code


..... and here's a Statement from the University of Minnesota’s CS and Engineering Department
https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021

Leadership in the University of Minnesota Department of Computer Science & Engineering learned today about the details of research being conducted by one of its faculty members and graduate students into the security of the Linux Kernel. The research method used raised serious concerns in the Linux Kernel community and, as of today, this has resulted in the University being banned from contributing to the Linux Kernel.

We take this situation extremely seriously. We have immediately suspended this line of research. We will investigate the research method and the process by which this research method was approved, determine appropriate remedial action, and safeguard against future issues, if needed. We will report our findings back to the community as soon as practical.

Sincerely,

Mats Heimdahl, Department Head
Loren Terveen, Associate Department Head


More information about the Air-L mailing list