Slashdot Mirror
Student Financial Aid Database Being Misused
pin_gween writes "The Washington Post reports on the probable abuse of the National Student Loan Data System. The database was created in 1993 to help determine which students are eligible for financial aid. Students' Social Security numbers, e-mail addresses, phone numbers, birth dates, and loan balances are in the database. It contains 60 million student records and is covered by federal privacy laws. Advocates worry that businesses are trolling for marketing data they can use to bombard students with mass mailings or other solicitations. The department has spent over $650,000 in the past four years protecting the data. However, some senior education officials are advocating a temporary shutdown of access to the database until tighter security measures can be put in place."
its just a matter of time...everybody's personal data will eventually get misused
O rly?
I would never have guessed that these guys had anything to do with the 2-3 student loan consolidation offers I get per day...
I'm sure my future, not just this article, is
from the six-soliciations-per-day dept.Here's a thought- rather than worry about misuse of students addresses and social security numbers, why don't we address the two real problems:
1. We need to reign in junk mail; and
2. Financial institutions need to stop treating a social security number as some sort of password.
The Washington Post reports on the probable abuse of the National Student Loan Data System.
Well color me surprised. Or not. Anyone in the financial services industry is well aware that students are prime targets for all sorts of jacked-up offers. That data needs protecting, but the whole credit system in this country needs a major overhaul.
The theory of relativity doesn't work right in Arkansas.
The number of credit card offers you get in the mail your first year at college are ridiculous. At least, they were when I went, and I rather suspect the same is true today.
The goal is simple: hook them early, let them blow a wad of bills they don't have, and then get their parents to pay for it. For a true horror story on this, take a look at this example of a student who had no business getting a credit card getting one, and what happened. (Before you say it, this sort of thing doesn't just happen in South Korea.)
Only $650k over a few years to protect that much important data? That's about what the US spends on the Iraqi War _every_six_minutes_. What's wrong with this picture?
After I was done with school, I consolidated my loans with a company that I spent some time actually researching and making sure they were reputable. However, I kept getting 10+ mailings a month from companies wanting to consolidate my loans. Then the phone calls came. I tell them all that I have already consolidated, yet they continue. It is no surprise to me that they are probably getting my info from this database.
I got nothin'
uhh right.. damn kids..
Misused is basically the head dogs of this database selling information under the table and taking a huge cut. It has nothing to do with getting hacked. If you had'nt noticed, misuse is rampant in American society.
So how do you request a look at what data is your own in the Database?
If these consolidation companies would quite wasting so much money on marketing, and you know, actually offer better rates, they might actually get some business. Who am I kidding, this is America, a well marketed piece of crap gets ten times the volume of a quality product that slips under the radar.
As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable Slashdot 2.0.
I know *all* SSN, credit card, phone numbers and dates of birth and I'll gladly sell them to anyone at only 1c each.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
This past week I (a college student, with financial aid) got a letter stating I was pre-approved for a loan of $3,500 on condition of proving I own a home.
I live in a dorm. At a school in another state.
Apparently their "prescreening" folks can't even figure things out when they have a large chunk of my personal information staring them in the face.
Never mistake "can" for "should".
I work my butt off to pay for school, because my parents won't give me a dime. And yet, the "expected family contribution" as decided by my parents' tax documents still shows up, every year. The "expected student contribution" is generally a few hundred bucks, and the EFC is a little over half of my tuition...close to $5k.
.gov instead of wasting money fighting a war nobody wants.
This all fails to address the very simple fact that my parents give me nothing, and the government seems to think they should be giving me $5k/yr. Misuse my data, who cares. Just pay for my education like a good
ISU was rumored to have sold off our entire phonebook to marketers for like $2M at one point while I was a student.
Hi, you called <me/>, first class provider of premium customer service coaching for dodgey loan consolidation services providers. Before we begin, I'm obliged to tell you that this call is being recorded for customer service and validation reasons and that by continuing to use this coaching service, you are agreeing on behalf of your dodgey loan consolidation service provider to be bound by the terms and conditions available online at <free_host_where_I_posted_an_outrageous_contract>. Also you are reminded that if this is a second call by a respresentative of the dodgey loan consolidation service provider you represent, you are agreeing their behalf to the conditions of our $250000 per minute premium service as described in section 3.6a subsection z of the contract found at <free_host_where_I_posted_an_outrageous_contract>, do you understand?
.....
If things get any further.....
.....
Thank you, but I have already consolidated my loans and I'm really not interested.
Now I would advise, in order to provide the best possible customer service, you hang up. If this doesn't work for you, please call back for a premium consultation. Have a nice day. *click*
I don't therefore I'm not.
1) Open junk mail
2) Remove return envelope
3) Fold up the rest of the contents as they arrived and stuff them in the envelope
4) Send it back to them
I figure if enough people do this, it can begin to make a dent by doubling how much they pay for each mailing(how many people actually sign up with junkmail anyhow) or at least maybe they will take me off their list(doubtful) but in the worst case... I am giving them they exact pain the inflict on me by having to open worthless mail.
It is the mark of an educated mind to be able to entertain a thought without accepting it.
No shit sherlock. If most universities are moving off SSN's as PK's for students, why is the federales guv'ment still allowed to do so?
No wonder I get 2-3 loan consolidation requests a day... and 1 a week is from the same company where my loans are consolidated! Left hand, meet right hand...
"Thank you. Please spellcheck your genitalia references though.
2 credit card offers (fuck you visa, fuck you capital one), 1 "pre-approved" loan consolidation, and 2 loan offers. (get 200,000 NOW! You are pre-approved!) loans/grants used to be a way to HELP students go to college. Now they are absolutely fucking necessary to get your degree in a timely fashion. Luckily, got 15K grant, + 6K scholarship. That takes care of 1/3~ of my school costs(not including the large sum i've paid out of pocket already), hopefully I can get some more scholarships and grants to help further. I have a number of loans already, but I really don't want anymore. And yes, I also have a job + full-time school. Living costs a lot of money.
I can handle the junk mail and advertisements but what I can't handle is the complete incompetence of the financial aid department at my school. Without this database it will be a god damned nightmare getting my aid award. It's hard enough WITH the bloody database but without it god help us all.
It's pretty much a fact of life for college students... Some of the lucky ones avoid the money woes, but the endless deluge of spam and other solicitation is pretty much inevitable. I just try to live with it.
One of these days, I'm going to cut you into little pieces.
Okay, so reform is needed. But what's the solution, though? Is it legislation-based? Is it market-based? We have to make sure the solution doesn't fuck us over more than the problem it's trying to solve.
A good example of how a good idea can go wrong is Digg. It addresses one of the sore spots about Slashdot: the ability for anyone to submit news, and immediately have it viewable by others. It also opens up the comment moderation system to everyone. It's the Digg comment moderation I'd like to consider for the moment.
What we often find is that people in the know get their posts voted down, especially if they say something unpopular (even if completely factual). An example of this is noted Slashdot poster John Randolph, who goes by the handle jcr. He often speaks his mind, and that gets some people at Digg all riled up. So they moderate down his comments. This is especially true in his posts dealing with Apple, where John says it as it is. After all, John worked at Apple for a long time. He knows how things are done there. But that's not good enough for many of the morons at Digg. They bury what are perhaps the most informative, insightful and interesting comments. It's a perfect example of how a system that tries to fix Slashdot ends up being far worse in most cases.
I could see the same thing happening with proposed solutions to these data protection problems. If it's a legislation-based approach, the law will end up making database server administration far more difficult and time-consuming. A market-based approach will no doubt have even more problems.
Seriously, read the link.
i could sure put some misuse in her database..
Aaron Miller
Aaron Miller Computers
is Predatory Lending.
Good, inexpensive web hosting
that Cheney & Co. trolls the DB for more Iraq/n cannon fodder.
Based on the skills of some of our engineering new hires from expensive schools, I'd say the student aid itself is being misused.
It sounds like you like the quality of graduate from our elite universities.
If you've posted this same format of post in different threads before without actually contributing to conversation, GTFO!
It's not that simple. If the database contained only email addresses and telephone numbers, ok, noone would give too much of a shit.
Unfortunately, by the sound of it, it contains enough data for identity theft. Especially since in America a bunch of idiots decided that the SSN is usable as unique ID and/or password for everything, so anyone who knows yours already won half the battle to impersonate you. Plus the always useful (especially to a crook) information of how elligible for a loan everyone there is.
So here's a simple scenario: a crook looks through that database, finds a list of kids with upper middle class parents (you don't want to go for billionaire sons, because that might raise suspicions), also finds all the information needed to impersonate any of them to a bank, and takes a hefty "student loan" in the name of each. Just hefty enough to be worth the heist, but not quite close to the limit to raise too much suspicion and verifications. Crook buggers off with the money, and the parents are left to prove that it wasn't their offspring who took the loan. (After a round of inquisition to determine if it really was the son who blew the money on hookers, booze and dope.)
A polar bear is a cartesian bear after a coordinate transform.
Wow, a whopping $650k? What's that, two salaries plus expenses?
I think that more accurately spun "the agency has spent less than $700,000 since 2003...."
section 3, item (d)...
"To provide financial aid history information, the Department may disclose records to educational institutions and servicers."
it is supposed to make money by integrating with the 'servicers.'
my guess is it is not too hard to be considered a servicer of an educational institution.
link:http://www.ed.gov/notices/pia/nslds.pdf
i don't post quotes all that often. someone let me know if i just broke a law.
i posted this lower in the thread so it will probably be buried. check out #3, item (d).
link:http://www.ed.gov/notices/pia/nslds.pdf
they sell to 'servicers' of educational institutions and i am guessing y'all signed off on it. if you are pissed about this issue a good question might be how someone is classified as a servicer.
regards.
I've been getting credit card offers since my senior year of high school. No Child Left Behind makes it legal for schools to do pretty much whatever they want with your information, and you can't stop them (at least this was my school's excuse). Furthermore, from what I've been told, the school is required to give information to any military branch that requests it.
How do I know it's the school that's been doing it? They've always spelled my name Zajary instead of Zakary on all their mailings, and that's who these are addressed to (on the plus side, I can't legally open these letters since they aren't addressed to me).
Yet another great policy from our Government.
There are massive databases that track people and a subsets of those that track students and alumni. I wouldn't say that the NSLC is the only source of data. Almost every large school and community college has a bank with a branch on campus promoted through the school and they will sell your information and data. When you graduate and leave school you usually get on an alumni list that in turn feeds other sources, and so on, and so on. State and federal agencies also get data feeds from colleges (other than NSLC). If your college uses a service to clean up names and addresses, well guess who now has a name, address and part of a social security number in some cases? Yup, that organization and the database they use/feed, and the database its uses/feeds, all the way up to the big database. Guess who also uses the big database; mass marketers.
The point is, once your name gets in a list then the spam will come and mass marketing will come. And that list never gets updated with info like you graduated, or dropped out, etc.; you're just a name and they will continue to spam you even if you've moved, got a jobs, paid your loans or even died in a car crash.
I'm not advocating any of this but it is simple a fact. Once you are a student there are a number of ways you can end up on a list and many of them are uncontrolled and some the college in question is legally required to use/feed.
Oh and the only way to get rid of a social security number as a means of identification is to provide a better universal ID. Seriously.
-Phil
Shoot questions, first ask later...
You know, the "Your account is in trouble, please call now," which are really ads to get you switching to their service. If there is one thing in my life I could change, it would have been the decision to get a Master's degree. Not only has it never helped me, I'll probably be paying the damn student loans until I retire. Unfortunately college is so expensive now that students practically have to take out loans and work two jobs to get by.
But all of this reminds of another thing; once upon a time the information you gave to the government was kept there. Selling your DMV records, property information, or anything else, would have been unthinkable. Today it's all for sale to the highest bidder, and they wonder why privacy issues come up. Excuse me, I just got something else in the mail, the VIN of my car is plastered on the front and it's a notice my auto warranty is expired unless I buy their extended warranty. Of course, the car is ten years old......
that we have a privacy bill of rights in the US.
This would give individuals rights around information that government and third parties collect on them, the most important being informed consent. It should be a crime to divulge or acquire electronic records without informed consent of the subject, excepting national intelligence and criminal investigation. Furthermore the right of informed consent by manadatory opt-in should be inalienable. Right now the status of privacy rights in the US can be summed up, to a first approximation, as this: if you can get your hands on a piece of information about somebody without breaking a law, it's yours to do with as you please for whatever you please.
If the government collects information about you, and it is divulged in a way that is not clearly illegal, then it becomes fair game. If you sue or are sued, the records of that suit, win, lose, or settled, can be harvested and put into commercial intelligence databases on you. If you sue your employer, you may find it hard to get a job afterwards. The records are made public to ensure the fair operation of the courts, but the same process exposes you to unfair judgment in an invisible (to you) commercial database.
Civilization will not come to an end if people are participants in how their information is used and divulged. Such rights are guaranteed in Europe via the European Convention on Human Rights. Harmonizing our laws with Europe will be good in the long term for our industry. Right now we are operating under an exception that allows EU data to be processed by American companies that promise to follow EU guidelines. But information privacy is not valued at all by companies here and therefore they aren't any good at it. It's only a matter of time before some horrible mishandling of data puts this on the trade agenda again.
Bringing ourselves up to scratch with the best international standards would be better for our citizens than digging in our heels. It would hurt some individual companies, but in the long run will allow American companies to compete better in a global services economy.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Just last week the University of Texas Financial Aid Administrator was placed on leave pending an investigation of stock offers he accepted from a prominent student loan company. I wonder if he was passing along information like this or something of that kind? The case details given so far have been particularly light.
I've been out of school since last Fall, and the past couple months I've been getting 2-3 letters a week from "Joe Bob Student Loan Debt Consolidation" Don't wait, consolidate now for 3-8%. While I do want to get a debt consolidation loan, it's downright scary when you have a couple hundred options and no idea what is legit. What worries me the most! How does Joe Bob know I have exactly x dollars on my Federal student loans? Shouldn't that be private?
Your answers are delightfully cynical, but you should really read the article first.
They just now noticed, did they?
http://twitter.com/OLDTELEGRAM
because there are cliques here and they do the same thing you claim that happens on Digg. People of certain beliefs will without reason mod down anything they don't like regardless of the truth of the statements. (Its probably the best reason to never EVER look at the political section of /.)
Legislation to change the laws to make all lenders EQUAL is what is needed. Also, get the government out of the loan business and just into guaranteeing it. Let the market assign the risks. If the government thinks the market is charging to much then it can investigate.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
A few days ago i requested an information packet from a local technical college via an online request form. i used my cell phone for the phone number. Today i received a call from a student loan consolidation company on my cell phone. I missed the call, but called it right back and the guy who answered the phone said he was from this loan consolidation company. I asked why they called me and he asked if i was interested in a student loan. I said I don't have any (I don't) and please take me off your list. He asked what my name was, but I made him look me up by phone number, and when he did he asked me if i was $MY_NAME and attended $THAT_SCHOOL. I denied knowing that person and had him put me down for wrong number. I called the phone number on the schools site, and told them about this, and the girl who answered the phone was just someone who answers the phone and transfers people, and said she had no idea that the personal data gets handed along. Then she asked my name and said she was going to transfer my name to a customer complaint deprtment or some such but i said "No thanks, just pass along the message." Needless to say i will not be attending that school.
Where the hell to you think the million consolidation ads I get a year come from? They always look like bills, but are applications to consolidate.
Also where the hell do you think all the credit card applications come from?
Explain that one.
_buzlink_
- I don't send enough to make bulk mailing worth my while (presorting, bulk license fees, etc.), and
- I get a better response rate when I use a first class stamp--probably because more people open the letter
I know some folks in my business who even go so far as to pay senior citizens in nursing homes to hand address their direct mail for them. Just trying to eek out that last % or two in response, I suppose.They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Federal laws being violated? Arrest and convict the person in the highest level of authority who knew or should have known this was happening. Strip that person of all assets and make him spend decades in prison.
We have laws, and a penal system that exists as a deterrent for violating those laws. Bank executives don't have immunity. Do it, completely destroy a few of these people who think they are above the law because of their positions of authority and their billions of dollars, and the rest will think twice before making the same mistake.
-fb Everything not expressly forbidden is now mandatory.
>If "they" have access to my data then why cant they see that I no longer need/want any help?
They can see that you are paying someone else regularly. If they could convince you that you could have an even better deal, they win. Do you have a home mortgage? It's even worse with that.
-fb Everything not expressly forbidden is now mandatory.
This database doesn't give your mailing address or telephone number. If it did and they were using it for that purpose, they would see that you have already consolidated and not waste their time and money contacting you. The database is used to verify your loan information to make sure that when you consolidate they consolidate everything and that you are eligible to consolidate. Ie. You are not in default status.
Unfortunately the media and departments are not giving you all of the information here. The mailings and phone calls you are getting are from the credit bureaus (equifax, espherion, etc) selling lead lists to companies.
You have to jump through hoops to get NSLDS access. They don't just give it to anyone. If you are ever caught "data mining" they will take away you access and you will not be able to do business. It is vital to consolidation. But hey, who needs to consolidate right? They have now shut down the database making it virtually impossible to consolidate. Data minig actually means that the consolidators are looking up people on their lead lists to find out who is eligible to consolidate before contacting them. They don't want to contact you if you have already consolidated either.
Guess what that means. The big guys holding your loans can continue to charge higher interest rates on all your different loans and you can't do anything about it. Every semester means a diferent loan. Thanks senator Kennedy. You have officially taken away the students ability to consolidate and at the same time you are bankrupting all the companies that provide this service. My company sent all of its 273 employees home without pay because they can't operate without NSLDS access. What a great knee jerk reaction to cause a significant economic impact. Again, the tax payer and the student suffer as everyone heads to the unemployment line and Sallie mae and the like go back to the glory days of collecting higher rates and not having their portfolio decreased due to competition. Without competition we have monopoly.