This campus has an information system that, as currently configured, violates federal records law. The Buckley Amendment protects student grade and financial awards records which are routinely exposed to the public through the Uni-Link Touch Tone student records system. Anyone with a minimum of skill can access these records illegally.

The system’s main vulnerability is its default password assignment. Passwords are granted in the format DDYY, where DD is the day of birth and YY is the year. The ID of each student, of course, is the Social Security number. Both of these numbers easily are stolen from voter registration cards, military discharge forms, medical checkup applications left in Student Health Service trash bins, memorized or photocopied driver’s licenses, SIUC Bursar bills, credit card applications, library registration records, job applications, curricula vitae or directly from scanned SIUC ID cards. The latter now are used as point-of-sale debit cards as well, opening another potential for misuse of the stolen information.

About one out of five students never changed their default PIN between fall 1995 and sprint 1996 (Editor’s Note:This information was verified by Stephen Foster, associate director of records administration in Admissions and Records). Unless you have changed your PIN, your grades, class schedules, unlisted address and phone number are an open book.

Advertisement

Would you publish your Social Security number in the phone book? SIUC publishes list of Social Security numbers every day, in Dumpsters and bulletin boards across the campus in part because that is the most anonymous way to post grades. Yet credit card companies and governments use the Social Security number for ID because it’s so unique!

It is my opinion that continued use of the present system is a gross violation of each student’s right to privacy, security of identity and security of assets. The University must change this practice or risk being held accountable for untold millions of dollars in stolen credit, as well as violations of federal laws protecting student records from unauthorized disclosure.