security

Bar Examiners Offer Insults Rather Than Answers To Security Risks – Above the Law


This will quiet the rabble.

Remember when the Illinois Board of Admissions to the Bar decided to respond to a rumor they started by bad mouthing the former dean of Northwestern Law School? It turns out that this is more of a feature than a bug when it comes to bar examiners trying desperately to cling to the fiefdom as unnecessary gatekeepers that they’ve carved out for themselves.

After applicants pointed out that hacking into bar exam materials was not only easy, but already happening, we learned that applicants in multiple jurisdictions specifically flagged that for their local bar examiners. In response to these serious concerns, they got back more petty insults.

Sean Silverman posted one response that an applicant received on Twitter and it’s a doozy. Off the top, they claim that everything’s fine because there’s an 18-character password, which would be useful, though it would be a new one for ExamSoft. For the Michigan bar exam, they were using passwords like “brown89,” which might explain a bit of the concern here. Nevertheless, despite a major cybersecurity event with their vendor TWO MONTHS AGO, the examiners just get salty:

It is frustrating to me that Reddit cretins making fantastical claims qualifies as news, but with respect to this year’s bar exam, “news” means clicks, so here we are.

Far from the “fantastical” rantings of “cretins,” I actually took the time to speak with someone who is not only a computer expert, but a former ExamSoft employee who confirmed to me that this hack was absolutely possible. In fact, the source referred to it as a “stupendous risk” to have “files out in the wild for days and days before the exam.” It’s not clear if the bar examiners know how Reddit works, but the author of that post wasn’t making any money off of “clicks.” For that matter, neither is Above the Law. I generated more clicks in one hour of the debate drinking game than I did for a whole week of bar exam stories. We’re covering this topic because, while not a popular story, we feel it’s critically important to advancing the profession. Perhaps bar examiners might want to consider a similar worldview.

This theoretical “way to cheat” also assumes that examinees who have worked so hard to get through law school and have had a longer period to study than any other group to prepare for an exam containing half the usual content would nonetheless risk their careers by enlisting unknown Redditors to help them gain supposed access to exam files.

Agreed! But then… why have bathroom break rules or ban snacks… or f**king insulin. If all threats to the integrity of the exam can be brushed away by placing faith in the fact that applicants are overwhelmingly if not entirely hard-working, upstanding people, then why have any of these rules at all?

This offer would afford this same unscrupulous person on Reddit the ability to blackmail the bar applicant with this information forever, whether or not the Redditor was able to accomplish the goal of accessing the actual exam questions. The Redditor could supply exam questions from prior bar exams and pass them off as the real thing. The flimsiness of this claim is just amazing.

These are reasons why people shouldn’t try to hack the test, not reasons why the test is secure. It’s like that kind of bar exam question where someone fails to answer the actual prompt. And then throws on an empty conclusory sentence for effect.

Then the bar examiner goes after me specifically. Oh nos!

Using critical thinking skills, one can see that this article is not an unbiased piece of reporting.

What is it with the “critical thinking skills” thing? This is the same trope they lobbed at Dean Rodriguez. These people fancy themselves the sole arbiters of critical thinking — as opposed to the accredited law schools who just spent three years performing iterative testing — and therefore anyone who questions their effort must not be doing critical thinking hard enough.

For the record, my article does have a bias, but one born of months of actually taking the time to talk to experts and research while these folks push ahead with a slapdash exam to justify their own existence.

The snarky tone of this piece and the author’s expressed views regarding the bar exam let us know that he is gleefully picking up any piece of news on Twitter.

I do try to make the news as entertaining as it is informative, so thank you. In this instance, Twitter was clearly the starting point for the article because it’s a forum rich with leads. But “using reading comprehension skills,” one could see that wasn’t the end of the inquiry. Instead, the post cited a Reddit post that made a number of detailed claims, which I verified with former ExamSoft personnel, cited independently advertised hacks, and framed based on the empirical example of the Michigan exam’s password breakdown. Tone does not trump warrants.

This article doesn’t “explain” anything; it just repeats past criticism after “reporting” unfounded Reddit claims of unconfirmed hacking skills being offered for a relatively cheap price.

Is the argument that secondary sources are bad? Yes, I’m not the computer expert. But I talk to them and then pass the information along to the audience. That’s how this all works, actually. Not for nothing, the Reddit post doesn’t make claims of cheap hacks — it explains how this hacking could be done and a separate inquiry revealed that this hacking has apparently been done. I guess it’s a distinction you only see if you’re using your critical thinking skills.

But let’s assume my article actually did fail to “explain” anything. That’s an opening for the examiners to explain what’s really going on rather than shrug and say, “I’m sure that’s not true.” Claiming that the passwords are now 18-characters long is an excellent start. Even better would be admitting that this was done in response to the Michigan attack and therefore the exploits described in the post and seemingly hacked in the past will no longer work. Engaging honestly with the detailed criticism and saying that it’s been addressed generates trust in the process. Dismissing the criticism and hoping it disappears does not.

Because if this person actually read my article — or any of the articles I’ve written on this — they’d recognize that “building trust” is a recurring theme. Every one of these posts about the tech problems with the online exam boils down to pleading with examiners to focus on regaining the trust of the applicants and not going forward if they can’t do so.

Responding to “hey look, people claim to have hacked this platform that’s already proven hackable this year” with “that’s flimsy” and comically misplaced slights about “critical thinking skills” ain’t doing it.

Earlier: Illinois Bar Examiners Use Website To Show Their Utter Contempt For Applicants, Former Law School Dean
Software That Could Allow Applicants To Cheat On Bar Exam Available For About $100


HeadshotJoe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.





READ SOURCE

Leave a Reply