The Observer, December 1, 2006
Volume XXXIX, Issue 12
Privacy issues surface at Case
Concern is jumping nationwide about matters involving the theft of personal information, and Case is no different.
On Nov. 17 the Undergraduate Student Government Committee on Information Technology issued a 92-page report outlining student concerns about personal information security and offering solutions. The report addresses the university's practice of using Social Security numbers as student identification numbers.
The report follows USG resolution R.16-06, passed early in the fall, "resolution calling upon the University to respect the federally protected Student Right to Privacy by expediting a transition away from Social Security-based student identification numbers."
It is meant to propel the university administration into action by demonstrating the severity of the problem and offering "a number of sound steps towards a solution."
USG recently surveyed the undergraduate student body about the problem, and 25 percent of the population responded. The survey found that 41 percent of respondents had been accidentally exposed to other students' Social Security numbers on paper documents. Another 12 percent of students said they had seen them in computer files.
Students were then asked to identify these specific instances of security breach. Some heard the numbers recited aloud, with the Financial Aid office directly identified as a place where this occurs.
Other respondents saw the numbers (in entirety or the last four digits) on exams or homework which was left in a hallway or public place for students to pick up. Students saw numbers at dining halls – when ID readers malfunction the students must write their name and Social Security number on a list in order to gain entrance.
Social security numbers could also be seen in garbage cans on unshredded documents.
One respondent received "FTP dumps (plain text) from AIS of everyone's SSN in Engr to forward (via e-mail) to Access Services."
During his student employment, Matt Crowley, the USG Director of Information Technology, was provided with a data file containing confidential information, including Social Security numbers, on 1194 Case students. The information was not required for Crowley to perform his job.
Crowley also reported discovering a security hole in my.case.edu which allowed student Social Security numbers to be accessed.
"Given that student Social Security numbers are supposed to remain confidential, these numbers are astonishingly high and indicate a severe lack of effective security measures and policies to keep Social Security numbers private," says the report.
The report asserts that Social Security numbers are used too often. Students were asked to provide instances when they were asked for their Social Security numbers or last four digits.
Responses included returning books at the bookstore, a number of classes, logging in at KSL, getting replacement keys at Housing, and Veale.
While students are currently able to change their ID numbers to something other than their Social Security number, few students are aware that they can do this. The report calls for this process to be made clear and simple for all students and that the process be well-advertised, so that all students are aware.
The report also asks that all new incoming students are assigned non-Social Security ID numbers. Current students who change their numbers should receive new CaseOne cards at no charge. It also wishes to ban frivolous use of Social Security numbers and implement consequences for those who do not comply.
If the university does not act upon the requests in this document, the committee will take action. "If the administration refuses to act, we will be going to the PD," said Crowley.
