Home opinion-and-analysis Open Sauce Kid who found PTV website flaw deserves a medal

Kid who found PTV website flaw deserves a medal

Sixteen-year-old Joshua Rogers should be given a medal and a financial reward for having found out that the website of Public Transport Victoria was poorly built, to the extent that it could reveal the personal details of users.

Instead of that, the authorities are trying to give the lad a criminal record. That will certainly encourage young, curious minds, the future of this country, to push the boundaries and find out things which can benefit the public.

What did the kid do? According to reports, he found a weakness in the website of Public Transport Victoria. Did he try to profit from it? No, he contacted as many people in PTV as he could using their email addresses which he obtained from LinkedIn and told them about it. It was only on January 6, after Rogers had spoken to a reporter and that reporter contacted PTV for their take on the matter, that someone responded to his email.

And then PTV upped the ante by reporting the matter to the police. Way to go, PTV.

By the way, this is the same PTV that has given Melbourne its half-arsed myki ticketing system at a cost of well over a billion dollars – when the technology for an off-the-shell system like London's Oyster or Brisbane's Go card could have been purchased for less than a third of that amount.

It is probably too much to expect such an organisation to react in a logical manner. It is bothered only about one thing – its public image. After all that it has done, the organisation is now little more than a joke.

Year after year, when Australians hear of kids from other countries finding out things that lead to the creation of companies that yield enormous value to the exchequer, they cry themselves hoarse and complain that initiative is never rewarded in this country. They are right to do so.

But when they hear of kids like Rogers, who are undoubtedly brainy in one direction, kids who can be top-notch security experts if they were sent to the right people for training, what do they do? They stay silent.

The bureaucratic mind can conceive of only one response in cases like this: generate enough fear so that the next time some crud company builds a website that has holes big enough to drive a truck through and a curious teen finds out, he or she will keep their mouths shut.

After all, the reputation of said company is more important that data security, isn't it?

Linus Torvalds, the creator of the Linux kernel, was a nerdy teen too. If his parents had ferreted him out so he could indulge in so-called wholesome activities, we would never had a kernel which today is probably running some device or the other in at least one house out of 10 in practically every country on the face of the earth.

Steve Wozniak planned most of the material that went into building the Apple I during his office hours at HP. Finally, when he was ready to build it in actuality, he told the company what he had been doing and asked if they would like to market it. What was HP's response? Did they try to sue Wozniak for doing his own work on company time? Did they seize all his material and call in the police?

One can call HP foolish for not deciding to take advantage of Wozniak's honesty and fund the creation of what has become the most valuable technology company on the face of the earth. But did they tie him up in legal issues because he had developed something on company time, something he was not supposed to do? Did they fire him? The answer is a big NO.

Teens, by nature, are curious. They experiment with everything and so they should. If they do not, Australia will end up becoming a nation of morons, who can only act like robots, who look for precedent to justify everything they do.

Australia is well on the way to justifying the label of being anything but the clever country. Dumb would be a better description. Only that can account for the fact that it is American journalists who have taken up cudgels on behalf of Rogers.

The next time a curious kid finds a vulnerability in the website of a big company, what should he or she do? Try to do the right thing as Rogers did? Or make a quick buck by informing one of the hundreds of thousands who make a living by selling data of this kind?

The police, politicians and bureaucrats should seriously consider what kind of message they are sending to the next generation by their actions in the Rogers case. And half-educated consultants who are spreading fear, uncertainty and doubt about Rogers would be well-advised to think before opening their big mouths.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.