Two student journalists are facing fines and suspension from Oxford University after hacking into the institution's computer system to expose security flaws.
Patrick Foster and Roger Waite, journalists on The Oxford Student , were referred to the university's internal "police" - the proctors - last month, after they wrote a news article detailing how they easily gained email passwords for staff and students, hacked into CCTV cameras and eavesdropped on electronic conversations.
The pair have escaped criminal prosecution - Thames Valley Police were called in under the Computer Misuse Act, but agreed with the university that the proctors should investigate instead. They are likely to face a hearing at the university's internal Court of Summary Jurisdiction in the coming weeks.
"Basically, they're trying to have us suspended for a year and fined Pounds 500," said Mr Foster, who has been elected the paper's editor for next year.
"All this despite the fact that we weren't caught, informed the university about what we were up to and handed over all the data we accessed," he said.
He said the university was embarrassed because his paper had obtained an admission that the computer system may have been underfunded.
A spokeswoman revealed that the need to provide wide access to computer facilities as cheaply as possible meant "deciding to go for a cheaper set-up, with potentially lower security".
Mr Foster said: "It's a sorry state of affairs when they fail to recognise we are doing them a favour and instead try to kick us out. So much for a free press and academic freedom."
The offending article, published in late May, appeared on the front page of The Oxford Student , headlined: "University IT network wide open to hackers." It detailed how the journalists used software that is freely available on the internet to compromise the university's information technology security systems.
Mr Waite, the paper's news editor next year, said: "The action by the university is particularly heavy handed, given the only evidence they have against us is what we openly supplied to them ourselves."
A spokeswoman for Oxford said the university could not comment on individual cases.
But a university statement says: "The university constantly reviews security measures on its computer network in order to minimise the risk of security breaches.
"Anyone found to have breached university regulations on computer use would be referred to the proctors and would be subject to investigation.
"Anyone committing a criminal offence would be referred to Thames Valley Police."