Is big brother watching?

<p>From the Cavalier Daily: something else for parents to worry about:</p>

<p>"You use your ID card to swipe into the dining hall or gym, and to unlock your dorm or office. You sign on to University computers and log into Webmail, ISIS or Toolkit. You use your Social Security number to check out library books and obtain financial aid. With the sheer volume of data a student produces in a single day, it begs the question: Can the University track your every move?</p>

<p>Data, Data Everywhere…</p>

<p>Like any large institution, the University is home to vast information databases. Everyday life at the University requires that large quantities of student information be stored on University computers and servers.</p>

<p>According to Shirley Payne, the Office of Information Technology and Communication's director for security coordination and policy, one of the most important of these databases is the academic record, maintained by ISIS...</p>

<p>Government Surveillance</p>

<p>Although the University works hard to keep its data private, University databases can also be the target of government investigation.</p>

<p>"In general it's something that you and I and everyone else needs to be aware of is that when the University receives a search warrant, then we do have to comply," Payne said.</p>

<p>Payne added that the University will only hand over private data in the case of a court order.</p>

<p>"There are conditions where the University might reluctantly need to turn over information but it's not done lightly by any means," Payne said.</p>

<p>Since Sept. 11, the U.S. government has become increasingly vigilant in its anti-terrorist surveillance programs. The Patriot Act allows the federal government to access library records.</p>

<p>Madelyn Wessel, special advisor and liaison to the General Counsel of the University, said all libraries fall within the scope of the Patriot Act...</p>

<p>Constant Vigilance</p>

<p>Although University data is secured on many levels, officials still urge students to be vigilant about their own and others' personal information.</p>

<p>"I think it's really good to raise everyone's awareness about it," Payne said.</p>

<p>In addition to administrative safeguards students can also monitor their own information and its unauthorized release. </p>

<p>"Computers and the web have given us a way to create data very easily," Wessel said. "The fact that you can do it doesn't mean you should."</p>

<p>Wessel agreed that privacy is both an administrative and a personal responsibility.</p>

<p>"You have to steward your own privacy, too," she said. "</p>

<p><a href="http://www.cavalierdaily.com/CVArticle.asp?ID=28507&pid=1510%5B/url%5D"&gt;http://www.cavalierdaily.com/CVArticle.asp?ID=28507&pid=1510&lt;/a&gt;&lt;/p>

<p>Regarding where one uses their card to swipe in on while on campus, IMO this is a non-issue. Who really cares? I doubt that the college is actually tracking it anyway, they're likely to be using it strictly for access control and ease of accounting on purchases. Many colleges can barely handle doing a decent job of billing and maintaining their website as it is.</p>

<p>
[quote]
You use your Social Security number to check out library books...

[/quote]

This one concerns me since I think a social security number should be kept more private to avoid identity theft. The ss would usually be needed when applying for financial aid because credit checks are done but it's ridiculous that it be required for something as trivial as checking out a library book. I'd try to get this one changed. California passed a law relatively recently limiting who could require the ss info. </p>

<p>I agree that private records (grades, financial info, medical info, etc.) should be kept private and this is an area where most businesses, institutions, and governments need to improve a lot. We're hearing too much about lost/stolen laptops with thousands of private records on them and for every one we hear about, you can be certain there are many more that go unreported. The sad point on this is that it's so simple to avoid. In the first place, this detail shouldn't be placed on the laptop to begin with - it should be accessed at a central server. Secondly, the user of the laptop should configure the file system to encrypt the contents making it virtually impossible for someone to obtain the data if they don't know the user/password. Windows has this capability buit in to XP but it's not enabled by default. People need to realize that without encrypting the data on the disk, the logon user/password provides no protection. Despite the ease of protection, even many hi-tech companies and government departments fail in this regard.</p>

<p>What is interesting about data collection is what is NOT being collected. For instance, three years ago, I asked my local public library if they could tell me if I had checked out a particular book a few months earlier. I was told they kept NO individual patron circulation data, for reasons you can guess. Video stores and a few others have similar policies, for the same reasons. Curiously, Netflicks does not.</p>

<p>Where we DO lose, is in our consumer behaviour. All those loyalty cards at your grocery store, pharmacy and such? Strictly to tie your purchase behaviour with your full personal profile, for market research and marketing purposes. Imagine that some marketing manager can get a profile by income, education etc. of the purchasers of twinkies....</p>

<p>If the library kept track of all the books checked out by patrons, they would require huge amounts of storage space on their computer systems.</p>

<p>I suspect that the costs are prohibitive; also searches of such data would bog down the system.</p>

<p>(Although I must add that my local library system DOES give patrons the option to keep a checked out book history.)</p>

<p>But of course in a small town the human eye (aided by gossip) has the same effect of knowing everywhere you go.</p>

<p>Our UPS deliveryman keeps a sharp eye on our not so small neighborhood and knows just about everyone on sight and by name... </p>

<p>Identity theft and breach of privacy are growing concerns on many college campuses these days:</p>

<p>"Universities and businesses are some of the groups most susceptible to breach. Jane Rosenthal, privacy coordinator and custodian of records at the KU Privacy Office, said that of those entities, 30 percent of breaches were institutions of higher education.</p>

<p>Identity theft is the fastest growing crime in the U.S. for the sixth year in a row, said Todd Davis, CEO of LifeLock, an Arizona company that helps its customers avoid becoming the victims of identity theft. LifeLock is the biggest company of its kind.</p>

<p>Davis said there were 115 cases of data breach at 85 universities in the past 18 months. Davis added that two of those cases had occurred at the University of Kansas.</p>

<p>Rosenthal said one of those instances could have been when an unsecured page on a Department of Student Housing Web site was breached last December, but she couldn’t say for sure. Housing officials said at the time that none of the compromised information was accessed.</p>

<p>“You’re 25 times more likely to have your identity stolen than your car stolen,” Davis said. “We lock our cars, insure our cars; we need to do the same with our identities.” "</p>

<p><a href="http://www.kansan.com/stories/2006/oct/16/identity/?news%5B/url%5D"&gt;http://www.kansan.com/stories/2006/oct/16/identity/?news&lt;/a&gt;&lt;/p>

<p>Many university websites give students fair warning:</p>

<p>"All users of the University's computing and network resources must be aware that privacy of electronic communication and/or stored data files may be routinely compromised by systems that unintentionally preserve portions of information within the University networks AND by individuals who intentionally try to gain access to vulnerable machines.</p>

<p>It is the policy of Northwestern to treat all transmissions over the Northwestern network as private; however, the use of Northwestern network is strictly by permission of the University and confidentiality is not guaranteed." </p>

<p><a href="http://www.it.northwestern.edu/security/privacy/index.html%5B/url%5D"&gt;http://www.it.northwestern.edu/security/privacy/index.html&lt;/a&gt;&lt;/p>

<p>fendrock, </p>

<p>Storage space is so cheap these days that the cost of keeping track of everything checked out from your local library is trivial. And that's why it is so important to understand who is doing what with data regarding your life.</p>

<p>Think about it. You go to the store to make a return. You forgot the receipt. No problem. They enter your personal info, probably just your charge number, and your entire purchase history comes up. What else could be done with that data?</p>

<p>I didn't realize students were using their SSNs to check out library books here. I've seen the keypads at the check out kiosks, but have always just handed my faculty ID to the desk worker. I imagine the libraries will be forced to use ID numbers and not SSNs when they move over to our new computer system.</p>

<p>Thank goodness people see the presence of a system reliant on ID cards as a non-issue. I don't really sympathize with the student who seemed to object to the card system. These days, students want easy access to various resources (from libraries to dining halls to laundry machines) with little trouble. The card readers permit this. </p>

<p>Data security really is the issue that deserves the spotlight. Two years ago on St. Patrick’s Day, I got a letter from my graduate school (and first employer) saying my SSN may have been accessed. That led to fraud alerts and huge headaches that still llinger. The school later said no personal data was compromised after all, but I heard two stories about unauthorized credit cards opened (in New Zealand, of all places) from colleagues who were also alumni. As a result of that incident, I’ve gotten much better about requesting my free yearly credit report. Maybe this is a routine practice we should get our students in the habit of doing since they have much more data “out there” than we did when we were 18-22.</p>

<p>It's only been in the last few years that some colleges have switched from requiring the student's SSN as the defacto student ID number over to a separate student ID number. I think colleges are recognizing the issue and making adjustments. I think it also helps for states to pass laws prohibiting businesses/institutions from requiring/requesting the SSN for anything other than financial approvals.</p>

<p>Dean J, Our ID numbers are our SSNs. Whether you log onto ISIS or check out books the number is your SSN.</p>

<p>I'm assuming this thread was inspired by recent well-publicized news that Canadian universities are switching their data storage/retrieval records to the University of Toronto to avoid Homeland Security's long reach. </p>

<p>Here's a clip from the Crimson, though I first saw this in my hometown paper, the Globe and Mail:</p>

<p>"A number of Canada’s largest universities have lately questioned the security of their U.S.-based online research tools because of the government’s power to comb individuals’ citation records for hints of collusion with any of America’s numerous enemies. One service in particular, RefWorks, has been the subject of scrutiny; Canadian academics are taking their personal accounts out of the California-based firm’s hands in spades, opting instead for a server at the University of Toronto, according to The Globe and Mail."</p>

<p>In any case, there are at least two distinct privacy concerns here: one is primarily economic, with identity theft and its related credit problems; the other is, as suggested in the Crimson quote, fear of unwarranted (catch the pun) data surveillance by the U.S. government.</p>

<p>The nightmare continues.</p>

<p>AP article reports that the Pentagon, under pressure from civil liberties groups,is altering its policy on gathering information - "The Department of Defense has agreed to change the database it uses for military recruitment efforts to better protect the privacy of millions of high school students nationwide, a civil liberties group said Tuesday...</p>

<p>In settling a lawsuit brought last year by the New York Civil Liberties Union, the government agreed it will no longer disseminate student information to law enforcement, intelligence and other agencies and will stop collecting student Social Security numbers, the group said in a statement.</p>

<p>It said it will also limit to three years the time it retains student information and will clarify procedures by which students can block the military from entering information about them in its database...</p>

<p>Military officials have said about 30 million names were in the database. The Pentagon has said the list includes high school students age 16 to 18 and college students, and includes such information as the students' Social Security numbers, gender and race."</p>

<p><a href="http://timesunion.com/AspStories/story.asp?storyID=552262&category=STATE&newsdate=1/10/2007%5B/url%5D"&gt;http://timesunion.com/AspStories/story.asp?storyID=552262&category=STATE&newsdate=1/10/2007&lt;/a&gt;&lt;/p>

<p>And I have a bridge to sell....</p>

<p>They have to fill the ranks with 92,000 more bodies. I don't believe for a second that the government is ditching records of all these students. We have "opted out" of military recruitment, but I am waiting for the first call, which will surely come anyway. I hope I am home to answer the phone. :p</p>

<p>I'm somewhere on the fence on this issue. For one, the libertarian in me loathes the idea of easy access to my data by the government (data mining of the US population by SAIC and others comes to mind...) On the other hand, I realize that in order to actually provide the kinds of services that people demand today, this sort of identification of patrons is a necessary evil.</p>

<p>But oh how I wish there was more privacy. This becomes more apparent to me as I deal with employment with the same bunch of guys...</p>

<p>Librarians protect the records of their patrons on principle. Lack of record keeping certainly isn't due to storage issues.</p>

<p>Wanna hear an ironic story? S#2, born shortly after end end of the Vietnam war, was "hidden" throughout childhood and adolescence. We never claimed him as a dependent to avoid SSN registration; sent him to private schools that didn't cooperate with the federal government's curiosity; found a college that gave FA without federal FA apps; taught him to question authority. Well, sons 1 and 3 are peacenik activists and S#2 joined the Marines. Sigh.</p>