My real problem with this is that Princeton was using private, confidential information to access the Yale site, to access an applicant's personal account.
Princeton was bound to use this personal information (birthdate, SSN) for no other purpose than their own direct admissions process, and they violated this legally binding trust. Everyone must submit this information (along with their check) in order to be considered, so everyone must trust the system and the law.
There was no hack. There was no crack. There was no 'testing of security'. I'd bet that no one at Princeton tried to run a program or even guess at possible login info - they probably just opened a file folder, read through a piece of paper, keyed in private information, and entered the site. It would be on par with your bank using your personal information, given to them in legal confidence, to check on an account at another bank, without your permission.
Did Princeton want to test security? Did they want to check up on some borderline students that they were thinking about wait listing? Was someone just playing around to see what a fellow Ivy had just made? Who knows - hopefully, though, schools will now be more stringent about how they use personal information, and about how they protect that information.
As stated elsewhere in this thread, universities are usually quite friendly with each other. I wonder what would have happened if Princeton would have just called up Yale and said "Hey, you mind if I check out your new site?"
Looking at the actual events, no one appears to have been truly hurt; no lasting harm was done. But think of all the hype/press that this has generated, the grant money that (the article suggests) could be lost by Princeton...
Moral: protect your information as though it was your life, treat confidentiality agreements as though they were a pact with the Creator, and collaberate with your peers instead of competing with them. Oh yeah, and public schools rock;)
Slashdot Mirror
My real problem with this is that Princeton was using private, confidential information to access the Yale site, to access an applicant's personal account. Princeton was bound to use this personal information (birthdate, SSN) for no other purpose than their own direct admissions process, and they violated this legally binding trust. Everyone must submit this information (along with their check) in order to be considered, so everyone must trust the system and the law. There was no hack. There was no crack. There was no 'testing of security'. I'd bet that no one at Princeton tried to run a program or even guess at possible login info - they probably just opened a file folder, read through a piece of paper, keyed in private information, and entered the site. It would be on par with your bank using your personal information, given to them in legal confidence, to check on an account at another bank, without your permission. Did Princeton want to test security? Did they want to check up on some borderline students that they were thinking about wait listing? Was someone just playing around to see what a fellow Ivy had just made? Who knows - hopefully, though, schools will now be more stringent about how they use personal information, and about how they protect that information. As stated elsewhere in this thread, universities are usually quite friendly with each other. I wonder what would have happened if Princeton would have just called up Yale and said "Hey, you mind if I check out your new site?" Looking at the actual events, no one appears to have been truly hurt; no lasting harm was done. But think of all the hype/press that this has generated, the grant money that (the article suggests) could be lost by Princeton... Moral: protect your information as though it was your life, treat confidentiality agreements as though they were a pact with the Creator, and collaberate with your peers instead of competing with them. Oh yeah, and public schools rock ;)
Oooh, drama - an entire backstory! I'm interested.