Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on NYU student data leak

From: Dave Farber <dave () farber net>
Date: Sun, 11 Jan 2004 08:16:39 -0500

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Sat, 10 Jan 2004 19:23:06 -0600
From: John Kristoff <jtk () northwestern edu>
Subject: Re: [IP] NYU student data leak
To: dave () farber net

Dave,

A few thoughts on this close-to-home issue.

From this February 2002 article:

  <http://www.dailyillini.com/feb02/feb14/news/stories/campus02.shtml>

The first line in the article starts as follows:

  "Students Social Security numbers aren't going to fall into the wrong
  "hands, New York University officials said [...]"

In my experience, I've had to routinely stress to students that they
should not put their SSNs on homework or papers submitted in my classes.
Otherwise, students are unwittingly handing it over to me (as well as
anyone seeing draft copies of papers and homework in the trash bin by
the lab printer).

Many institutions are beginning to use institution-created unique ID
numbers, but they are often only an alternative to using the SSN for
many systems and forms.  Guess which one most people tend to remember
and ultimately use for interfacing with all these separately managed,
distributed, unsynchronized systems?

In many computer science classes, how many assignments are built around
the concept of constructing an employee database with a SSN as a key
field?

By the way, using the last 4 (and eek, some places have used the last 5)
digits for verification purposes isn't all that great either.  If those
get exposed, a privacy thief is that much closer to the real number,
especially since the first 3 digits may be easily discovered or brute
forced by knowing the state of issue for an individual (some lightly
populated states only use a single value).

Myself and colleagues need to do a much better job of eliminating the
use of student, staff and faculty SSNs wherever possible.
John 
-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: