Quick fix needed to prevent another “replyallpocalypse”
A single email advertising Phi Delta Theta’s campaign to raise funds for the Amyotrophic lateral sclerosis (ALS) Association promptly became this week’s most talked-about campus event. A brother of the fraternity created an email list of every undergraduate student, sending them information on Monday on how to donate to an Indiegogo Campaign.
It prompted nearly 60 responses with students responding to be removed from the list, memes and pleas to stop hitting reply all, spawning student rage expressed primarily through Twitter and YikYak. Even the Huffington Post weighed in on the events with an article by one of their senior editors.
According to Mike Kubit, Interim Chief Operations Officer for Information Technology Services, the office is still investigating what specifically happened.
“On behalf of the university, we want to apologize to students,” Kubit noted. “Anything that impacts the lives of students, we care about, and want to make sure it doesn’t happen in the future.”
We’re not sure what specifically led to this situation either, but a quick look at the email list management website shows at least one way you could create a “replyallpocalypse” of your own.
The listserv system does not currently protect the directories for the actually legitimate campus-wide email lists. By accessing those, one could gather every undergraduate student’s name and email address and create their own email list for whatever purpose they wished.
It may take a lot of typing, but if someone had free time, or several friends, then bam: They’d then have a campus-wide email list that they could call their own.
It’s a bit scary that this directory information, in a single comprehensive list nonetheless, is so freely available. All it takes is one hacked student account for an outside spammer to have access to all of this information. It’s not financial or academic data, sure, so it wouldn’t be the end of the world, but it’s still a concern.
While the listserv system should be totally scrapped in favor of something that does not look and function like its 20 years old (let’s be honest, it’s not user friendly), in the mean time only a quick fix is needed to prevent a similar issue. Just remove the ability for a student to see everyone on the main administrative lists which contain the entire undergraduate student body. If only the list administrators, the ones who actually control the lists, can access this information, it should further prevent the creation of future unsolicited “super lists.”
Sure, someone could still add uninterested students to a list of their own, but this would prevent something from going campus-wide.
What ITS should not do is require approval for the creation of new email lists. This would not be an effective use of their time and would limit student use of the already confusing structure. Additionally, students should not be required to have to approve their addition to any list. While unwanted subscriptions are surely annoying, any object placed in the path of students’ ability correspond with a group would surely limit involvement.
Let’s balance security with student convenience.