“It’s a relic from the migration we did back in 2020,” Dr. Patel explained. “When we moved to the cloud‑based solution, we kept a few old keys as fallback in case the new system failed. The ‘ghost’ you found is one of those fallback keys, bound to the MAC address of the old server. It was never meant for public distribution, and the self‑destruct clause you saw is a safeguard we built to prevent exactly this kind of leakage.”

Dr. Patel replied within an hour, inviting her to meet in his office. The room was filled with screens displaying network traffic, a live map of campus Wi‑Fi, and a small plaque that read, “Security is a shared responsibility.” He listened intently as Maya recounted her midnight adventure.

She realized that the decision wasn’t simply about personal gain; it was about responsibility, ethics, and the unseen ripple effects of a single action. After a night of contemplation, she made a plan.

Maya felt a surge of relief. She had done the right thing, and the university could now decide how to handle the license responsibly—perhaps by re‑issuing it for a limited set of campus machines that truly needed it.

Armed with a notebook, a flashlight, and a student ID badge, Maya made her way to the basement of the Computer Science building at midnight. The hallway smelled faintly of old coffee and ozone. The door to the Legacy Security Hub was secured with a mechanical lock, but the building’s old master key—kept in a locked metal box near the main entrance—was within reach for a student who knew where to look.

She sat down at her dorm’s small desk, opened a fresh document, and began to list the pros and cons, treating the decision like a programming problem.

The next morning, Maya emailed the university’s IT director, Dr. Patel, attaching a scanned copy of the handwritten note (with the key blurred for security) and a concise description of where she’d found it. She also requested a meeting to discuss the implications.