Speaking of Bad Timing
- By Katherine Grayson
With more campus security breaches reported daily, is this the time to nationally
centralize already vulnerable data?
In the final weeks of March and the first
weeks of April, the mainstream media reports of campus security breaches finally
became too much for even the most laissez-faire technophile to bear. And yet,
compounding the bad news of breaches at UC-Berkeley, Boston
College, George Mason, Northwestern,
and Cal State-Chico, was the announcement by the Department
of Education that it intends to require every college and university in the
US to report confidential academic, demographic, and financial student data—including
social security numbers—to a national data bank that would then offer up the
data to researchers studying American college students as they move through
the higher education system. This, says D'E officials, would be a vast improvement
over the aggregated statistics the department currently gets to chew on.
Is the Department of Education completely removed from the wretched data-security
struggle of US colleges and universities, or is it just that lousy timing is
a notion wholly foreign to our government officials?
When the President of Gettysburg College, Katherine Hayley
Will, planted her objections to the D'E proposal in the Washington Post in March,
it was hard to read her words without feeling her rage. “The Education department’s
proposal to gather unprecedented amounts of personal data on individual students
is dangerous and poorly conceived,” she wrote.
Will’s objections to the plan, and the outcry across US campuses, transcend
the arguments for expectation of privacy and department or division ownership
of data. Her objection is more about insensitivity and obtuseness to the conditions
in which we live.
If the D'E wants to make its mark on higher ed in 2005, it should put its might
behind helping US colleges and universities quickly move away from SSNs and
poorly controlled, monitored, or maintained databases on campuses, and rapidly
toward tightly controlled campus IT systems (disparate or centralized), and
the use of randomly generated identifiers. Instead of withholding federal dollars
from students attending institutions not participating in a national database
program, the D'E should offer incentives to schools, to help them make the urgently
needed technology and security changes that will stem the coming tidal wave
of campus security breaches.
It’s not the D'E’s desire to better track students in our higher ed system
that is at fault; and, in general, centralization of data is more cost-effective,
efficient, and inevitable. But d'es that mean that the plan for a national database
charges forward like a locomotive out of control even as another—carrying as-yet
unthwarted hackers, viruses and worms—hurtles toward it?
In life, there are times you’ve got to hold back on what might otherwise be
a good idea, as you take stock of what’s going on around you. Only a blind man
would head out for a walk with a twister coming down the pike.
What have you seen and heard?
Send to: firstname.lastname@example.org.