Friday, July 26, 2002

The news media are making a big story about Princeton admissions breaking into a Yale computer. I think Yale deserves the blame. It ran an insecure server that failed to use a PIN or anything similar to protect confidential student admissions results. Princeton was in the process of trying to set up a similar system. It noted that Yale's system was insecure, and told Yale about it. Instead of fixing the problem, Yale called the FBI and the press. Both Yale and Princeton have a history of occasionally sharing admissions information. They both shouldn't be doing that. But this latest incident seems trivial.

John reports that Ellen Campbell says that the incident would not violate FERPA, the federal law protecting the confidentiality of student records:

It does not appear it would be a violation because these applicants were not yet "students" - the Department has long held that FERPA only protects the records of students as defined by FERPA. They are "students" if they are "in attendance." FERPA does protect records received from another school under the redisclosure provision - but applications or information provided by an applicant are not "education records" and those not protected.

John also reports that, according to a Wash Post story, Princeton was not just checking random students. Princeton checked on Bush's niece, who was admitted to Princeton and Yale.

No comments: