Information Technology (IT) will remove the ability to search the University's directory using Ealge ID numbers this week, following a Heights investigation.
Currently, any person accessing the directory from Agora or the Boston College Web site can insert a person's first and/or last name, username, or Eagle ID number into the search field to find personal information on any person involved with the University, including students, administrators, faculty, and staff.
This would include any information a person releases for viewing by the public or the BC community.
This includes name, year of graduation, school, campus or local residence, local and voicemail telephone extensions, and personal website address.
Directory searches using different identifiers have been allowed in the past because various administrative departments found it useful, said David Escalante, director of policy/security for IT.
The capability is being removed after The Heights discovered that several professors post or return grades to their classes using the Eagle ID number instead of students' names to identify which grade belongs to whom for anonymity.
"[The grades] were in e-mails, with the Eagle number listed next to it," said Allison McDonough, A&S '07 of her Survey of Mass Communications class. "Most of the grades I've received that way were in very big classes. I remember Survey of Biology did it as well."
"The classes I had it done in were Introductory Biology. It's easier for students to find their grades that way. It's more anonymous and a little less competitive than if people knew how their friends were doing in class," said Antonia Melas, A&S '06. "I didn't know that you could search for people like that [with Eagle ID numbers.]"
The biology department also posts grades arranged by Eagle ID number on the third floor of Higgins Hall.
FERPA Violations
Posting grades in this manner is a violation of the Family Educational Rights and Privacy Act (FERPA), also known as the Buckley Amendment, because students can take the Eagle ID numbers and match each grade with the corresponding student.
All BC faculty members are given a FERPA handout that specifically prohibits using the "Social Security number or BC student ID number in a public posting of grades or any other information."
It also prohibits linking the "name of a student with that student's Social Security number or BC student ID number in any public manner."
Louise Lonabocker, director of student services, said enforcing FERPA only goes so far as the handout that faculty are given advising them not to distribute grades in a public manner using the identifiers described in the law.
"There's nobody going around policing the hallways to see what's going on," she said. "I think they do it innocently; I don't think they know it's a violation of FERPA. I think they're responding to student requests for faster responses for papers or whatnot."
Lonabocker said that if students notice their professors doing this, they should point it out.
She said one of the few ways professors could return tests anonymously under FERPA would be to associate the grades with random numbers.
"If any faculty members knew they were violating FERPA and did so repeatedly, the department chair would probably step in and remind them that is something they shouldn't be doing," said Lonabocker.
The Solution
Security issues like those delineated in FERPA have caused alterations to the BC directory in the past, said Escalante.
"We took the username out of the phonebook about a year ago because we were concerned about this kind of thing," he said.
"You can put your Eagle number in various parts of Agora and we're trying to eliminate those capabilities," continued Escalante.
Escalante said the capability may not be deleted entirely after alterations are made to the system.
"It may be possible that certain people in certain offices can look people up by ID number, but they would have to be authenticated," he said.
"We're working on drastically limiting the number of people who can do it and any documentation that it [the capability] exists will be removed," he added.
Escalante said although the capability will be removed in the next few days, it will take time for the documentation to be updated.
He also advised students to be wary of putting personal information on their personal BC Web sites due to their easy accessibility.
"Most BC Web sites get Googled. They're on a personal Web server and tend to hang around in Google for a while until Google re-indexes BC," he said.
"Students should be aware that anything they do on their personal pages is Google-able," Escalante added.
He encouraged the BC community to report any security issues to IT immediately.
Be the first to comment on this article!