Student Financial Aid Database Being Misused
pin_gween writes "The Washington Post reports on the probable abuse of the National Student Loan Data System. The database was created in 1993 to help determine which students are eligible for financial aid. Students' Social Security numbers, e-mail addresses, phone numbers, birth dates, and loan balances are in the database. It contains 60 million student records and is covered by federal privacy laws. Advocates worry that businesses are trolling for marketing data they can use to bombard students with mass mailings or other solicitations. The department has spent over $650,000 in the past four years protecting the data. However, some senior education officials are advocating a temporary shutdown of access to the database until tighter security measures can be put in place."
its just a matter of time...everybody's personal data will eventually get misused
ISU was rumored to have sold off our entire phonebook to marketers for like $2M at one point while I was a student.
1) Open junk mail
2) Remove return envelope
3) Fold up the rest of the contents as they arrived and stuff them in the envelope
4) Send it back to them
I figure if enough people do this, it can begin to make a dent by doubling how much they pay for each mailing(how many people actually sign up with junkmail anyhow) or at least maybe they will take me off their list(doubtful) but in the worst case... I am giving them they exact pain the inflict on me by having to open worthless mail.
It is the mark of an educated mind to be able to entertain a thought without accepting it.
Okay, so reform is needed. But what's the solution, though? Is it legislation-based? Is it market-based? We have to make sure the solution doesn't fuck us over more than the problem it's trying to solve.
A good example of how a good idea can go wrong is Digg. It addresses one of the sore spots about Slashdot: the ability for anyone to submit news, and immediately have it viewable by others. It also opens up the comment moderation system to everyone. It's the Digg comment moderation I'd like to consider for the moment.
What we often find is that people in the know get their posts voted down, especially if they say something unpopular (even if completely factual). An example of this is noted Slashdot poster John Randolph, who goes by the handle jcr. He often speaks his mind, and that gets some people at Digg all riled up. So they moderate down his comments. This is especially true in his posts dealing with Apple, where John says it as it is. After all, John worked at Apple for a long time. He knows how things are done there. But that's not good enough for many of the morons at Digg. They bury what are perhaps the most informative, insightful and interesting comments. It's a perfect example of how a system that tries to fix Slashdot ends up being far worse in most cases.
I could see the same thing happening with proposed solutions to these data protection problems. If it's a legislation-based approach, the law will end up making database server administration far more difficult and time-consuming. A market-based approach will no doubt have even more problems.
"The use-mention distinction" is not "enforced here."
I got my undergrad at Portland State and have recently started taking graduate classes "for fun"... it's been more than 5 years since I attended.
The particularly obnoxious thing is not getting credit card offers... no... your student i.d. IS a credit card! It's a mastercard. You have to go online to activate it and when you do, you have the option (if you check the box every time it pops up) to NOT have a credit account attached to it.
In my mind this is even more insidious than the 5 credit card booths between the registrar's office and financial aid, and the pile of credit card apps in your bookstore bag.
There's no way to avoid getting the card and you have to work to not make it a credit card.
It's not that simple. If the database contained only email addresses and telephone numbers, ok, noone would give too much of a shit.
Unfortunately, by the sound of it, it contains enough data for identity theft. Especially since in America a bunch of idiots decided that the SSN is usable as unique ID and/or password for everything, so anyone who knows yours already won half the battle to impersonate you. Plus the always useful (especially to a crook) information of how elligible for a loan everyone there is.
So here's a simple scenario: a crook looks through that database, finds a list of kids with upper middle class parents (you don't want to go for billionaire sons, because that might raise suspicions), also finds all the information needed to impersonate any of them to a bank, and takes a hefty "student loan" in the name of each. Just hefty enough to be worth the heist, but not quite close to the limit to raise too much suspicion and verifications. Crook buggers off with the money, and the parents are left to prove that it wasn't their offspring who took the loan. (After a round of inquisition to determine if it really was the son who blew the money on hookers, booze and dope.)
A polar bear is a cartesian bear after a coordinate transform.