By David A. Chiodarol
In a recent article in the Baltimore Sun, reporter Meredith Cohn mentioned a number of safeguards that the University of Baltimore has put in place to protect the identity of their students. The article, which was published on January 26th, stated that a database containing the per- sonal information of over a hundred and seventeen thousand students had not been encrypted, as explained an audit issued by the University System of Maryland. Without digging further into the meat of the matter, the Sun made it seem as though the school had acted in gross negligence, exposing the personal information of their students and leaving them at risk of identity theft.
Looking for answers, I was directed to David Bobart, the Chief Information Officer for the Office of Technology Services, who informed me that the situation was not nearly as dire as the Sun made it out to be. According to him, UB’s case was not special, and that every school within the USM was subject to such scrutiny by the state’s audit office.
“The University System of Maryland, jointly, with all the schools, develops security guidelines,” Bobart said, “and the Office of Legislative Audits (OLA) comes in every three years and they will audit all the schools against the guidelines that we developed.” Bobart said that, despite the bad rep audits receive among the general public, the audit gives the schools useful feedback on how to better manage their institutions, similar to how professors give feedback on a paper or workshop assignment.
Bobart mentioned that the pro- cess of encrypting the database documents had begun long before the audit was published, beginning in the Fall of 2016 and fully implemented last March. “In between us starting and finishing, they [OLA] arrived,” during which the univer- sity mentioned its ongoing efforts to them.
Despite this, and the fact that other schools are audited all the time, the findings were apparently too much for the Sun to ignore, prompting them to write the fear-mongering article. However, as Bobart mentioned, even without the safeguards in place, the chances of a student falling victim to identity theft because a database is unencrypted is slim.
“Think about it this way,” Bobart tells me, “if you have a computer in your house, and you have a spreadsheet on that computer with your date of birth and social security number on it, to get it someone would need to literally break into your house and steal it, pull the hard drive out, and use Excel to open it.” But in this case, Bobart says, you have safeguards to protect your data, such as keeping your computer in a safe place and protecting it with a password. The extra encryption methods were simply extra procedures and protocols that were put in place to strengthen
the school’s already rigorous security. While news organizations will often exploit their audience’s lack of understanding to push fear-mongering articles, it’s important to remember that the world of computing isn’t nearly as scary as you’d think. Computers aren’t magic, hackers aren’t wizards, and using basic common sense may be the best way to protect yourself from online threats. In the case of UB, students can rest assured that their data is safe, and that the school is always looking for ways to keep their information sealed.