An inexcusable breach of student trust
August 28, 2007
Yesterday’s revelation that an Excel spreadsheet containing exceptionally detailed information about more than 5,000 students in the College of Engineering was sent as an attachment on a mass e-mail this weekend represents one of the more serious security breaches in this University’s history.
While the computer file contains some information that is publicly available through the campus directory like names, majors and local addresses, it also contains a column listing ethnicity, an ambiguously labeled ‘racecode’ column and students’ grade point averages both cumulative and from the Spring 2007 semester.
Unlike a 2006 incident that briefly saw Social Security numbers and University identification numbers from Computer Science students posted on a campus Web site, the initial release of this computer file to roughly 700 people by Director of Special Programs Dr. Susan A. Linnemeyer proves that the problem of information security is campuswide.
Apparently, there is a policy in the College of Engineering against sending attachments on massmails. But this massive human error shows how useful that was.
At this University, which spawned YouTube, the Netscape browser and PayPal, it is frankly astounding that software isn’t in place to prevent mistakes like this.
Get The Daily Illini in your inbox!
While a University spokesperson has announced a new crackdown on the kind of confidential information revealed in the e-mail, it begs the question of why these data weren’t guarded more carefully to begin with.
Why most University officials would ever need a file with this much information is hard to decipher. Massmail is a useful tool, but if the purpose of this file was to harvest e-mail addresses, why wasn’t there a separate and appropriately organized list in the first place?
This problem shouldn’t be solved by simply appointing yet another salaried administrator (a chief information officer) and routing e-mail through one more bureaucratic office just for the sake of “doing something.” The real solution lies with rethinking why such a computer file is so easily available.
This violation of student privacy is a result of a complacent administration that, by the way, has yet to decide how it wants to let more than 5,000 people know that their confidential information is not safe.
While it is likely (and monumentally ironic) that students will get an administration massmail about the situation, it is impossible to unring the bell of incompetence.
Students, now more than ever, have reason to be wary.