Slashdot Mirror

← Back to Stories (view on slashdot.org)

WiFi Exposes Sensitive Student Data

Posted by simoniker on from the a-great-thing-if-implemented-carefully dept.

cfarivar writes "'Like leaving a vault open, the Palo Alto Unified School District failed to place a number of highly sensitive computer files containing student information in a locked location on its network. Using a laptop with a wireless card outside the district's main office, the Palo Alto Weekly gained access to such data as grades, home phone numbers and addresses, emergency medical information complete with full-color photos of students and a psychological evaluation."

7 of 350 comments (clear)

  1. Liability by Skyshadow · · Score: 5, Insightful
    I've said it before, and it's generally gotten a negative (or even angry) response, but let me say again:

    It's time to introduce some level of legal accountibility for institutions which allow sensative data to be stolen.

    The simple truth here is that pointy-hairs and beaurocrats understand one thing: Money. If you threaten to kick them in their budget, they'll respond; otherwise, you'll just keep seeing these articles.

    I mean, this is *negligence* or the sort that could easily result in at least a major violation of privacy, or at worst a stolen identity or blackmail. These institutions with faulty IT -- and it's not as if this was some complex cracking job, this is just carelessness -- need to be taught a serious lesson.

    (shakes head) It kills me that a college can lose piles of cash for buying shoes for one of their basketball players and a business can get fined for having workers like a box that's 5 lbs. too heavy, but when they expose the private, valuable data of their students/customers, there's no sanction whatsoever....

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  2. more to learn by dema · · Score: 5, Insightful

    This just goes to show we have a lot more to learn about wirless technology. To a lot of people it may seem like simple common sense to use WEP or some other serious form of protection for sensitive records like that. But getting wiresless is becoming just as easy as getting a cable modem hooked up so more people are doing it at a faster rate and not researching the risks that come with it.

    I read an interesting (all be in short) article not too long ago about the risks that does a nice job of explaining things.

  3. Re:Excellent felony! by Skyshadow · · Score: 5, Insightful
    It's only a felony if they get convicted, and no jury in the land is going to convict a newspaper that discovered that a school was spooging out private information of minors to the world. That's why we have juries -- to provide a check on the government.

    Of course, they might just be declared enemy combatants and all this silly due-process thing could be avoided...

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  4. Was it just a wide open access point? by sgarrity · · Score: 5, Insightful

    From the article, it almost sounds as though it was a wide open access point (no WEP encryption or MAC filtering). If this is the case, there should be no demonizing WiFi - just a sloppy sysadmin.

  5. So, it's funny... by thenextpresident · · Score: 5, Insightful

    ...that they can "crack" into a school district computer and no one blinks an eye. But the moment a student would try the same thing, he would be expelled.

    --
    Jason Lotito
  6. Exactly by Anonymous Coward · · Score: 5, Insightful

    Check out what the person in charge at the school said:

    "I don't see this as such a huge news story," Superintendent Mary Frances Callan said the day after the district office abruptly shut down its wireless network and student information program. The real news, she added, was the great progress the district has made to its network plans, thanks to new software purchases, planned employee training sessions and the technology-use policy.

    She has absolutely no sense of responsibility of the damage she could have/has caused. Money is the only thing that will get them to take notice.

  7. yeah, welcome to the red tape. by c64k · · Score: 5, Insightful

    I'm a district over from Palo Alto, and it's not surprising to me that the wifi was open. That SasiXP and server shares were open is frightening. But this is what happens when parents are allowed to come in and run roughshod over the plans of the admins. Or when random parents are your admins. Palo Alto has tech people, they should get in trouble for leaving things unsecure, but the parent group that came in and blew a big hole in the existing security needs a solid slap on the knuckles too.

    The tech staff that school have are usually underpaid and overworked, or contractors who are juggling the detail of 10-15 districts. I'm still cleaning up from the last time parents got involved, getting everyone connected to the internet.

    To every tech minded parent out there: don't give us your used crap, don't come in and 'help,' just stay out of the way. We have a clue (well a lot of us do), but we spend 98% of our time cleaning up the messes left by helpful parents, clueless teachers, and malicious kids. We're trying to get the teachers up to speed, and we're working on making it hard for the kids to purposefully or accidentally fsck things up. But parents are totally deaf to the idea that the help they're offering is really hindering things.

    How do you tell someone who wants to help, no. Or better yet, what's a good project to let parents feel good about helping without damaging my network, or my systems?

    --
    CIA Industries - Running the world for fun and profit