Orwell Award Announcement SusanOhanian.Org Home



Home
Books
Button Up the Tests
Cartoons
Commentary
Common Core State [sic] Standards
Duncanisms
Gerald Bracey tributes
Militarization of Our Schools
Notable Quotes
Outrages
Outrages of the Day
Research that Counts
Resisters' Letters
RTTT & NCLB Outrages
Stupid Test Items
The Eggplant
Yahoo Good News!
State News
Vocabulary: The Great Word Catalogue
World of Opportunity
Write to Susan


Outrages

  

9486 in the collection  

    IPS student data exposed

    Data warehousing: Confidential info about thousands of students was available online. We're not talking just about birth dates and Social Security numbers here. Some very personal information about alleged abuse, medical diagnoses, and so on was on the Internet. There was also information about some teachers.

    By Andy Gammill


    In what appears to be one of the broadest online school security failures ever in the U.S., thousands of confidential Indianapolis Public Schools student records were available to the public through Google searches.

    An Indianapolis Star reporter using Google found information on at least 7,500 students and some staff members, including phone numbers, birth dates, medical information and Social Security numbers. Such student information is required to be kept private under federal law.
    Internet security experts said the inadvertent release of information resulted from a network setup that was sloppy. It appears that teachers and students unwittingly posted the files to the Web when they tried to save their work on the system.

    IPS officials moved to correct the problem within an hour after The Star made them aware of the issue Wednesday morning. The Star broke the story online only after the district said the files had been protected and administrators began notifying staff.

    "We will protect this information in the future," Superintendent Eugene White said. "This matter has received the highest priority of the district, and the IT department has made the necessary changes."

    He also said the district would continue to investigate what went wrong.

    Yet, in an example of the complexities of the Internet, copies of the records may remain accessible on other computers for some time. Wednesday night, duplicate versions remained up on Google.

    IPS officials said they had contacted Google about removing copies of district files, but a Google representative did not return calls seeking confirmation that the request had been made.

    Aside from privacy concerns, releasing the information could put students at risk for identity theft and make them vulnerable to predators. The district could face a state or federal inquiry if parents file complaints and could face lawsuits if any of the information was misused.

    IPS began notifying staff and parents Wednesday afternoon. Bull Hicks, whose daughter and stepson had information released, was among those who reacted with anger.
    "How can anyone just get in that information?" he said. "I thought that stuff was confidential."

    Yolanda Dotson, who is raising her nephew, was disappointed to learn confidential information about him was posted.

    "We'll just have to do what we have to do to make sure that his Social Security number isn't out there being used by someone," she said. "Let's correct it this time; let's get some firewalls up."

    Unusual mistake
    A roster of similar incidents nationwide, maintained by privacy watchdog group Privacy Rights Clearinghouse, showed no other cases in which schools had released as much information on the Internet. Indiana Assistant Superintendent of Public Instruction Wes Bruce said he knew of no cases in Indiana in which school districts had compromised electronic files.

    The Star also checked for confidential information on the Web sites of the 10 largest districts in the state, all Marion County districts and large suburban districts such as Carmel Clay, Hamilton Southeastern, Center Grove and Greenwood. Only IPS appeared to have the privacy problem.

    "It's something they need to clean up now," search engine expert Danny Sullivan said as he reviewed IPS files while they were still available.

    Sullivan, editor in chief of Search Engine Land, said only Google had indexed the confidential IPS files.

    Some of the files dated to 2003, but it was impossible to tell how long they had been exposed online. The documents also included files from this semester.

    The records reveal medical details, such as diagnoses of special education students. Others are rosters of students that include names, addresses, home phone numbers, birth dates and other information.

    A suspension list from Donnan Middle School and all the locker combinations at Marshall Middle School were among the files.

    The system also failed to protect details about the district's computer network and the cell phone numbers of the entire information technology department. Several employee job reviews and other personnel files were posted.
    Thousands of essays and writing assignments by middle and high school students were available. In the essays, some students wrote about abuse at home or selling drugs, or described abusive relationships.

    After uncovering thousands of records, The Star contacted IPS officials to tell them about the problem. The newspaper offered to explain how a reporter found the records and to share documents so administrators could understand the scope of the errors. The Star also alerted IPS to the most sensitive cases so those families could be contacted immediately.

    Limited options
    Parents who find that their child's Social Security number has been exposed may have little recourse if government agencies don't step in, said Chris Jackson, an Indianapolis attorney who specializes in consumer issues.

    They could file a suit against IPS, claiming invasion of privacy. But to win, the parents would have to show the child's information was used improperly, such as for identity theft. Then they would have to prove that improper use caused personal distress or damages, and that IPS was negligent and responsible for those damages.

    "That's hard to prove," Jackson said.

    It was unclear Wednesday whether the software IPS uses, ANGEL Learning Management Suite developed by Indianapolis-based ANGEL Learning, played a role in the security failure.

    The company's chief executive officer, Christopher Clapp, said he didn't have enough information to make that determination. He said technicians were helping IPS officials diagnose and fix the problem.

    ANGEL Learning Management Suite is designed to merge the old-school classroom experience of pencils and paper with the Web. For example, instead of turning in a homework assignment by putting a piece of paper on a teacher's desk, a student could upload it to a server, and the teacher could access it electronically.

    The software is open, meaning clients can configure it to their own specifications. They can choose to let everyone upload and download files, or only administrators. They can set limits on the content in files that are transmitted, or they can leave it to chance. The software supports Microsoft Word and Excel files, but what's in those files is up to the client.

    Clapp said he didn't know how IPS was using the software.

    "We haven't had this kind of situation before," he said.

    ANGEL Learning was founded in 2000 as an Indiana University-Purdue University Indianapolis spinoff. It now has about 1.5 million end users and about 300 clients, including universities and local school districts.

    — Andy Gammill
    Indianapolis Star
    2007-05-17

    INDEX OF OUTRAGES

Pages: 380   
[1] 2 3 4 5 6  Next >>    Last >>

FAIR USE NOTICE
This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of education issues vital to a democracy. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information click here. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.