A FRIEND of mine forgot her student ID card the other day, so when we went to the dining hall to get lunch she had to complete the familiar ritual of telling the cashier her student ID number. As is the case for most students, this meant that she had to announce her Social Security number in front of the other 15 to 20 people waiting behind us in line. But this particular cashier must have been hard of hearing, because she made my friend repeat the number at least 10 times before finally reading it off the sheet my friend had to sign her name and number on.
Now, thanks to our happy community of trust, chances are no one took note of my friend's Social Security number either when she had to practically yell it or when they passed by the sheet now bearing her name and number. But this presents just one example of how the University's continued use of Social Security numbers as student ID numbers puts students in unnecessary danger of identity theft.
Access to a person's Social Security number makes them vulnerable to credit card fraud and a host of other financial calamities. Concern about this issue at the University has waxed and waned, coming to its highest point last semester with the overwhelming passage of a referendum asking the University to "take action to replace such a system with a new system within the time period of one year." But as with many ballot initiatives, the issue fell out of the limelight shortly after the election. It only came back into focus two weeks ago when Student Financial Services revealed that they had accidentally released the Social Security numbers of 623 students by sending e-mails containing that information to the wrong students.
According to Student Council College Rep. Victoria Ingenito, "Student Council understood this as an issue the University was taking care of. But after recent events, it's clear that this is still a salient issue and we'd like to reinvestigate it." Todd Eley, co-chair of Student Council's Legislative Affairs committee, echoed those concerns, saying that he was worried that the administration wasn't moving fast enough in the direction of "presenting a plan that the student body can review." Ingenito and Eley said they were trying to arrange a meeting with representatives from the University's Information Technology and Communication division, which would have to engineer the switchover from using social security numbers to some other system.
Shirley Payne, ITC's director for security coordination and policy, explained that part of the problem is that in ISIS, the University's current data management setup, the social security number functions as a "key identifier that ties the entire database together," and as such simply changing it is no easy task.Eventually, ISIS is going to be replaced, but, "The University is still working on the details and project completion is several years off," she said. "In the meantime, we are doing everything we can to limit access to and use of Social Security numbers," like removing them from Toolkit rosters available to professors and removing them from student ID cards, two changes made in the past few years.
College Chief Technology Officer Charles Grisham heads the Student Systems Project, which will eventually replace ISIS. He said that in the new system, "Students' Social Security numbers will not be their primary identifiers" and that they will be replaced by random seven-digit numbers. However, he said that he didn't expect the first pieces of the new system to be in place until summer 2008, with the whole system to be up and running by 2010.
With complete system reform still several years off, both Student Council and the administration need to start looking at options to stem the risk of identity theft in the short term. For one, there is absolutely no reason why the University shouldn't begin assigning its incoming classes random student ID numbers instead of their Social Security numbers. Students have to be assigned a number when they enter the University, but there's nothing other than force of habit keeping them from being assigned random student ID numbers. Grisham also mentioned that ITC is currently considering trying to phase out the use of Social Security numbers in the existing system rather than waiting for the SSP to replace ISIS, an option he described as "certainly possible."
In the meantime, students can take matters into their own hands by getting their numbers changed through the University Registrar, and option few students are aware of and even fewer have taken advantage of.Still, until University-wide reform becomes a reality the entire community will remain a huge target for identity theft, and serious action needs to be taken in the next few months, not the next few years.
A.J. Kornblith's column appears Mondays in The Cavalier Daily. He can be reached at akornblith@cavalierdaily.com.
Read More
EDITORIAL: Carla Williams deserves her seat at the table
By Editorial Board | YesterdayLooking beyond basketball and football reveals that Virginia Athletics is, in many ways, thriving.
UPADHYAYA: The Great and not-so-Good sides of U.Va.’s 2030 housing plan
By Apal Upadhyaya | 3 days agoInstead of improving the dire state of existing infrastructure, however, the University has shifted attention away from it and chosen to expand.
EDITORIAL: Support low-barrier shelters in Charlottesville
By Editorial Board | 4 days agoInvesting in low-barrier shelters now will pay off in increased stability for the homeless, which will undoubtedly improve the safety of shelters and the community writ large.
