August 2, 2002

Keep admissions data secure

With the increased use of on-line applications for college admissions, one must worry about who will see it when personal information is submitted over the Internet. One would hope that given the prophesied commitment to keep all student data and records confidential, colleges would uphold their claims about student privacy. I was therefore unpleasantly shocked upon hearing that Princeton broke into Yale's on-line admissions decisions.

Last Wednesday, Yale released information that Princeton University employees had gained unauthorized access to the admissions database and were able to look up admissions decision information for several students. Princeton's associate dean and director of admissions, Stephen LeMenager, said that they did so innocently and were only checking to see if Yale's site was secure. This seems rather suspicious given that several records were repeatedly accessed. Indeed, LeMenager himself stated that he did not know why the records were viewed more than once.

I cannot help but think how peculiar this "incident" is. It certainly raises questions about the entire application process. In order to save money on printing and ensure "efficiency" in obtaining student information in a more timely manner, more and more colleges are turning to on-line applications, which have the same application fees as the paper ones. This efficiency, however, can be quite insecure. For example, who is to stop hackers from obtaining personal financial information from the financial aid forms or even the credit card numbers used to pay the application fee?

More and more students are becoming but mere numbers and commodities¬ólike cattle at the market that anyone can acquire with the right proposition. It seems to me that unless this situation is addressed, if one applies to a variety of schools, any one of those schools can learn the student's fate at his or her other college choices. Indeed, almost all applications demand that their applicants list all of the schools that they are applying to. That said, since the social security number and birth-date were all that were required by Princeton to log on to a student's area of Yale's admissions website, anyone with that information could do the same. Scary prospect, no?

I am minimally consoled by the fact that Princeton officials could face criminal charges for their actions. It is true that the admissions officials who accessed the students' information are responsible for their own activities and will inevitably be punished. However, I believe that they represent Princeton. Admissions officers work to "sell" the school by portraying it in the fairest and most appealing light to prospective students. That said, Princeton cannot simply pass the blame from itself as an institution onto its workers. Workers make up the university in the same sense that the students do.

All students, including those here at Chicago, have the right under the Family Educational Rights Privacy Act, also known as the Buckley Amendment, to have their personal information safeguarded by the institution(s) they entrust it to. Princeton's breach of this law indeed seems to me to be a legal infraction.

Putting aside all of the legal repercussions, I firmly believe that accessing the private information of anyone speaks to a breach of moral and ethical conduct. If one is to believe LeMenager, then anyone, students, family, counselors, namely all who have access to social security numbers and birth-dates, can learn of one's collegiate fate.

Chicago's on-line application process seems to be somewhat different in that we utilize a university-created username and password to first login. After doing so, students can choose their own login information to protect their security. To be sure, this system seems to be more efficient and safe than that of Yale or any other mere birth-date and social security number login information sites.

Perhaps the applicants to Chicago can sleep somewhat soundly knowing that Princeton will not gain their personal information.