Slashdot Mirror
Student Financial Aid Database Being Misused
pin_gween writes "The Washington Post reports on the probable abuse of the National Student Loan Data System. The database was created in 1993 to help determine which students are eligible for financial aid. Students' Social Security numbers, e-mail addresses, phone numbers, birth dates, and loan balances are in the database. It contains 60 million student records and is covered by federal privacy laws. Advocates worry that businesses are trolling for marketing data they can use to bombard students with mass mailings or other solicitations. The department has spent over $650,000 in the past four years protecting the data. However, some senior education officials are advocating a temporary shutdown of access to the database until tighter security measures can be put in place."
its just a matter of time...everybody's personal data will eventually get misused
O rly?
I would never have guessed that these guys had anything to do with the 2-3 student loan consolidation offers I get per day...
I'm sure my future, not just this article, is
from the six-soliciations-per-day dept.Here's a thought- rather than worry about misuse of students addresses and social security numbers, why don't we address the two real problems:
1. We need to reign in junk mail; and
2. Financial institutions need to stop treating a social security number as some sort of password.
The Washington Post reports on the probable abuse of the National Student Loan Data System.
Well color me surprised. Or not. Anyone in the financial services industry is well aware that students are prime targets for all sorts of jacked-up offers. That data needs protecting, but the whole credit system in this country needs a major overhaul.
The theory of relativity doesn't work right in Arkansas.
The number of credit card offers you get in the mail your first year at college are ridiculous. At least, they were when I went, and I rather suspect the same is true today.
The goal is simple: hook them early, let them blow a wad of bills they don't have, and then get their parents to pay for it. For a true horror story on this, take a look at this example of a student who had no business getting a credit card getting one, and what happened. (Before you say it, this sort of thing doesn't just happen in South Korea.)
Only $650k over a few years to protect that much important data? That's about what the US spends on the Iraqi War _every_six_minutes_. What's wrong with this picture?
After I was done with school, I consolidated my loans with a company that I spent some time actually researching and making sure they were reputable. However, I kept getting 10+ mailings a month from companies wanting to consolidate my loans. Then the phone calls came. I tell them all that I have already consolidated, yet they continue. It is no surprise to me that they are probably getting my info from this database.
I got nothin'
I know *all* SSN, credit card, phone numbers and dates of birth and I'll gladly sell them to anyone at only 1c each.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
This past week I (a college student, with financial aid) got a letter stating I was pre-approved for a loan of $3,500 on condition of proving I own a home.
I live in a dorm. At a school in another state.
Apparently their "prescreening" folks can't even figure things out when they have a large chunk of my personal information staring them in the face.
Never mistake "can" for "should".
ISU was rumored to have sold off our entire phonebook to marketers for like $2M at one point while I was a student.
Hi, you called <me/>, first class provider of premium customer service coaching for dodgey loan consolidation services providers. Before we begin, I'm obliged to tell you that this call is being recorded for customer service and validation reasons and that by continuing to use this coaching service, you are agreeing on behalf of your dodgey loan consolidation service provider to be bound by the terms and conditions available online at <free_host_where_I_posted_an_outrageous_contract>. Also you are reminded that if this is a second call by a respresentative of the dodgey loan consolidation service provider you represent, you are agreeing their behalf to the conditions of our $250000 per minute premium service as described in section 3.6a subsection z of the contract found at <free_host_where_I_posted_an_outrageous_contract>, do you understand?
.....
If things get any further.....
.....
Thank you, but I have already consolidated my loans and I'm really not interested.
Now I would advise, in order to provide the best possible customer service, you hang up. If this doesn't work for you, please call back for a premium consultation. Have a nice day. *click*
I don't therefore I'm not.
1) Open junk mail
2) Remove return envelope
3) Fold up the rest of the contents as they arrived and stuff them in the envelope
4) Send it back to them
I figure if enough people do this, it can begin to make a dent by doubling how much they pay for each mailing(how many people actually sign up with junkmail anyhow) or at least maybe they will take me off their list(doubtful) but in the worst case... I am giving them they exact pain the inflict on me by having to open worthless mail.
It is the mark of an educated mind to be able to entertain a thought without accepting it.
Okay, so reform is needed. But what's the solution, though? Is it legislation-based? Is it market-based? We have to make sure the solution doesn't fuck us over more than the problem it's trying to solve.
A good example of how a good idea can go wrong is Digg. It addresses one of the sore spots about Slashdot: the ability for anyone to submit news, and immediately have it viewable by others. It also opens up the comment moderation system to everyone. It's the Digg comment moderation I'd like to consider for the moment.
What we often find is that people in the know get their posts voted down, especially if they say something unpopular (even if completely factual). An example of this is noted Slashdot poster John Randolph, who goes by the handle jcr. He often speaks his mind, and that gets some people at Digg all riled up. So they moderate down his comments. This is especially true in his posts dealing with Apple, where John says it as it is. After all, John worked at Apple for a long time. He knows how things are done there. But that's not good enough for many of the morons at Digg. They bury what are perhaps the most informative, insightful and interesting comments. It's a perfect example of how a system that tries to fix Slashdot ends up being far worse in most cases.
I could see the same thing happening with proposed solutions to these data protection problems. If it's a legislation-based approach, the law will end up making database server administration far more difficult and time-consuming. A market-based approach will no doubt have even more problems.
"The use-mention distinction" is not "enforced here."
If only it were that easy. For financial aid you can only claim to be independent if you meet one of the following:
You were born before January 1, 1983.
You're married.
You're enrolled in a master's or doctorate program during the school year.
You have children or other dependents who receive more than half their support from you.
You're an orphan or ward of the court (or were a ward of the court until age 18).
You're a veteran of the U.S. Armed Forces. "Veteran" includes a student who attended a U.S. military academy who was released under a condition other than dishonorable.
Good, inexpensive web hosting
Based on the skills of some of our engineering new hires from expensive schools, I'd say the student aid itself is being misused.
It's not that simple. If the database contained only email addresses and telephone numbers, ok, noone would give too much of a shit.
Unfortunately, by the sound of it, it contains enough data for identity theft. Especially since in America a bunch of idiots decided that the SSN is usable as unique ID and/or password for everything, so anyone who knows yours already won half the battle to impersonate you. Plus the always useful (especially to a crook) information of how elligible for a loan everyone there is.
So here's a simple scenario: a crook looks through that database, finds a list of kids with upper middle class parents (you don't want to go for billionaire sons, because that might raise suspicions), also finds all the information needed to impersonate any of them to a bank, and takes a hefty "student loan" in the name of each. Just hefty enough to be worth the heist, but not quite close to the limit to raise too much suspicion and verifications. Crook buggers off with the money, and the parents are left to prove that it wasn't their offspring who took the loan. (After a round of inquisition to determine if it really was the son who blew the money on hookers, booze and dope.)
A polar bear is a cartesian bear after a coordinate transform.
Wow, a whopping $650k? What's that, two salaries plus expenses?
I think that more accurately spun "the agency has spent less than $700,000 since 2003...."
I used to work for the support line for the FAFSA.
Those restrictions are only to be declared independent on the FAFSA form automatically, you can still be declared independent by your school's financial aid office, but they are going to ask for some documentation you're paying your own lease, utilities, etc to start with. Evidence of past abuse by parents can also get you absolved of the requirements. It really is more up to the school's financial aid office more than the government if you're declared dependent and how much aid you actually get.
By the way, that list of data in the NSLDS database is a little short, it also gives certain figures as reported on the student and parents' W-2. I've taken calls from students claiming they need to be declared independent because their parents refuse to support their education, meanwhile my system is telling me their parents made over $750,000 the previous year.
i posted this lower in the thread so it will probably be buried. check out #3, item (d).
link:http://www.ed.gov/notices/pia/nslds.pdf
they sell to 'servicers' of educational institutions and i am guessing y'all signed off on it. if you are pissed about this issue a good question might be how someone is classified as a servicer.
regards.
I've been getting credit card offers since my senior year of high school. No Child Left Behind makes it legal for schools to do pretty much whatever they want with your information, and you can't stop them (at least this was my school's excuse). Furthermore, from what I've been told, the school is required to give information to any military branch that requests it.
How do I know it's the school that's been doing it? They've always spelled my name Zajary instead of Zakary on all their mailings, and that's who these are addressed to (on the plus side, I can't legally open these letters since they aren't addressed to me).
Yet another great policy from our Government.
Ah, the joys of living in a socialist nation. Free attendance at universities etc. and no need to rack up tens of thousands in loans just to get a chance at decent jobs and the government pays *you* money for studying. If that's not enough to pay for your living you can get a government guaranteed loan.
The best thing is, you really don't get junk mail from credit card companies or anything like that. If you do, just stick a note on your mail box stating "No advertisements" and the postal office will stop delivering them to you(required by law I believe). Though if they name you as a recipient they'll deliver even ads, but it seems to be quite rare. I've had the "No ads" note up for 3 years and it's a bad month if I get even one advertisement in mail.
that we have a privacy bill of rights in the US.
This would give individuals rights around information that government and third parties collect on them, the most important being informed consent. It should be a crime to divulge or acquire electronic records without informed consent of the subject, excepting national intelligence and criminal investigation. Furthermore the right of informed consent by manadatory opt-in should be inalienable. Right now the status of privacy rights in the US can be summed up, to a first approximation, as this: if you can get your hands on a piece of information about somebody without breaking a law, it's yours to do with as you please for whatever you please.
If the government collects information about you, and it is divulged in a way that is not clearly illegal, then it becomes fair game. If you sue or are sued, the records of that suit, win, lose, or settled, can be harvested and put into commercial intelligence databases on you. If you sue your employer, you may find it hard to get a job afterwards. The records are made public to ensure the fair operation of the courts, but the same process exposes you to unfair judgment in an invisible (to you) commercial database.
Civilization will not come to an end if people are participants in how their information is used and divulged. Such rights are guaranteed in Europe via the European Convention on Human Rights. Harmonizing our laws with Europe will be good in the long term for our industry. Right now we are operating under an exception that allows EU data to be processed by American companies that promise to follow EU guidelines. But information privacy is not valued at all by companies here and therefore they aren't any good at it. It's only a matter of time before some horrible mishandling of data puts this on the trade agenda again.
Bringing ourselves up to scratch with the best international standards would be better for our citizens than digging in our heels. It would hurt some individual companies, but in the long run will allow American companies to compete better in a global services economy.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Because his future salary will repay them in taxes. There's a reason that countries that introduce free education go on to become wealthier a few years later.
May the Maths Be with you!
A few days ago i requested an information packet from a local technical college via an online request form. i used my cell phone for the phone number. Today i received a call from a student loan consolidation company on my cell phone. I missed the call, but called it right back and the guy who answered the phone said he was from this loan consolidation company. I asked why they called me and he asked if i was interested in a student loan. I said I don't have any (I don't) and please take me off your list. He asked what my name was, but I made him look me up by phone number, and when he did he asked me if i was $MY_NAME and attended $THAT_SCHOOL. I denied knowing that person and had him put me down for wrong number. I called the phone number on the schools site, and told them about this, and the girl who answered the phone was just someone who answers the phone and transfers people, and said she had no idea that the personal data gets handed along. Then she asked my name and said she was going to transfer my name to a customer complaint deprtment or some such but i said "No thanks, just pass along the message." Needless to say i will not be attending that school.