(no title)

Until the author has used the tool on the UW server during registration, he is not violating their policies and procedures: He hasn't attempted to tamper with records. He admittedly hasn't used their registration system with this tool. Those are the two key phrases in their policy. The text goes on to specifically describe abuse as "use" of a script or robot. There isn't anything forbidding a student from authoring a script.

One problem here is that by releasing the source, it makes it easier for another student to exploit the system. In the case where another student uses this tool during registration, the other student is fully responsible.

Besides all that, it's a great project idea because everyone in his program would instantly relate to the problem.

It's easy to understand the University's overreaction---and it is an overreaction. The better solution from UW would have been to sternly inform the student(s), "The website can never go live. It dies as a proof of concept. Please use your own dummy data; no API access. A disclaimer must be added to any class demos (presentations, code, etc.) with the Tampering and Abuse policy, and that this only uses generated data. Our efforts to improve the registration system in the future will be X, Y, Z."

This student has done nothing wrong (yet) (based on what he revealed) and is getting punished for being near the border.