Card convenience, security examinedBy Ifung Lu
Anumber of new services were added to the MIT Card's repertoire this past year. The card, which also serves as the main form of identification for students, allows holders to charge purchases to meal and auxiliary accounts, check out material from campus libraries, open doors to dormitories and other campus buildings, and access campus parking lots.
But the consolidation of so many functions onto one card has raised a number of security concerns, many of which have yet to be resolved.
Students, faculty, and staff gained access to more fiscal services than ever in 1995 when this year's card took effect on Sept. 28. The two-year-old card - which previously covered just dining services and Domino's Pizza purchases - now allows holders to charge new transactions to its expanded Multiplan combined meal and auxiliary declining balance account.
Such new charges include use of laundry machines in dormitories fitted with card readers, payment for photocopies made at Graphic Arts, and purchases from the 24-Hour coffeehouse and from campus vending machines, said MIT Card Office Manager Lucy A. Barrera.
In addition to simplifying these financial transactions, the MIT Card also began use as a key card for buildings other than just students' dormitories this year, operating a new security system of card readers on doors around campus.
The key-card system started out on east campus as part of a pilot program to test ways of increasing general campus security. The program began late last spring, when people working on the pilot project buildings approached the Campus Police about increasing security in those buildings, leading to discussions with the Campus Police and Physical Plant.
The east campus program, which was fully implemented at the end of last semester, mandated the installation of card readers on Buildings E23, E25, and 66 and on the Medical Center. Only cardholders were allowed access to the high-traffic doors in these buildings when the doors are locked in the evening.
This kind of card access "is a very commonly used system at universities," said Chief of Police Anne P. Glavin, because it "maintains convenience and ease of access but limits access for people who don't belong there."
Card security sparks concerns
The consolidation of a such a large amount of information in a single system has sparked student concern over the potential for disuse. Specific questions about Institute offices monitoring card transactions have some card users worried.
The system does have the capability to record entrances into dormitories, said Associate Director of Housing and Food Services Kenneth R. Wisentaner, though he added that "we will not be tracking" students.
Although the card readers on doors are not monitored, itemized records of Val-u-dine transactions are kept in case of account disputes. The Department of Housing and Food Services has not officially decided how long to keep these records, but Wisentaner estimated that the data would be maintained for one academic year.
Parking lot usage is also recorded and kept for a two-year period, according to Glavin. The CPs use this information "for parking and traffic enforcement" and long-range parking planning, she said.
To maintain data security, these functions are coordinated on a dedicated computer system that is not tied into the MIT network, Wisentaner said. The CPs can access only parking data, and the Office of Housing and Food Services can access only Val-u-dine accounts, he said.
Wisentaner believes that the system is safe from hacking. "The system we use is an excellent system," he said.
Although the level of security provided by the dedicated computer system may be high, Andre M. DeHon G, a graduate student in electrical engineering and computer science, concluded in a report last year that the level of security provided by the Card is not very good.
The data on an MIT Card could be compromised whenever students surrender possession of the card, DeHon said. Dormitories are one of several such places where this could happen: Five of the nine undergraduate dormitories that allow students to check out video and sports equipment require them to surrender a current MIT Card as collateral for the items loaned.
DeHon's report was taken very seriously by the Office of Housing and Food Services, which sent out a memo April 3 instructing dormitory desks to stop accepting the MIT Card as collateral for loaned items.
That action was reversed on April 7, however, when the Office of Housing and Food Services deceived to leave card security issue up to each individual house government.
Director of Housing and Food Services Lawrence E. Maguire realized after he had sent out the memo that he ought instead to work out the plan with the Dormitory Council, Barrera said. The MIT Card Office still disapproves of using the card as collateral in the long run, she said.
Senior Vice President William R. Dickson '56 also disagrees with the current use of the card. Dickson is in charge of the MIT Card Steering Committee, which deals with issues and concerns surrounding the growing use of the card.
"I'm not in favor of using the card as collateral," Dickson said, although he would prefer not to see an Institute-wide policy eliminating this practice. "Student groups should govern themselves as much as possible," he said.
An all-purpose Card has its risks
DeHon, however, maintains that "the level of security provided by the Card is laughable." One of his main objectives in writing the report was to debunk the myth that the MIT Card is difficult to duplicate.
The magnetic strip encodes information including a student's MIT ID number and a secret code that identifies the card as belonging to a particular student. This is, however, an improvement over previous cards: In prior years, the security number of all successive cards issued by the MIT Card Office could be predicted from a single compromised card.
Now a new security number is randomly generated and placed onto a replacement card when a student reports a lost or stolen card. But students whose cards have been compromised without their knowledge are still vulnerable, DeHon said.
DeHon applauds the card office for the change but maintains that "there's still plenty of room for improvement.
"Equipment to duplicate or synthesize MIT Cards can be readily obtained for less than $500 and requires no technical expertise to operate. The technically inclined can put together suitable equipment at a much lower cost," DeHon wrote.
To copy a card, the data on it must be read and stored until it can be written onto a blank card - or an expired ATM card or a strip of magnetic tape on an index card. The data required to duplicate a card "can be captured accurately in seconds on a portable device that costs as little as $15," DeHon said.
The data on a card could be stolen whenever a student surrenders possession of the card. This could happen both accidentally, when a student loses the card or passes the card through an unauthorized card reader, or voluntarily, when a student uses the card as collateral in exchange for a video or for sports equipment.
"Consolidating diverse functions with conflicting requirements onto one card with a single mechanism for authorization and authentication inevitably leads to compromise" and privation for the owner, DeHon said. When an identification card that also facilitates purchases and access to buildings is taken for collateral, the owner loses purchasing and entry rights, he wrote. The owner also gives up privacy.
"Coupling collateral and authorization information makes it impossible for the owner to simultaneously protect the security of his own data and ever use the card for collateral," DeHon wrote.
Dorms back Card's use at desks
Despite the security concerns raised in DeHon's report, dormitories and Dormcon defend the continued use of the Card as collateral.
House Manager of East Campus John P. Corcoran defends the house government's decision to continue using the collateral system and believes that the it is the best method to ensure the return of items borrowed from the desk.
"The house government has voted on this. It's the only way that [the desk] will get anything back," Corcoran said.
Corcoran pointed out that card security behind the desk is based on the trustworthiness of the student desk workers. "I feel that the people we do hire are trustworthy," he said.
Although DeHon does not question the trustworthiness of any individual desk worker, he believes that guaranteeing a level of security among all workers is a heavy burden.
"Most of the community wouldn't do it, but we're talking [many] undergraduates. It only takes a few to have abuse," he said.
Corcoran admitted that at times when there are no workers behind the desk, it is possible for a person to gain access to the MIT Cards.
"There isn't anything that is 100 percent perfect," Baker House House Manager Kenneth F. Winsor said. But the card arrangement "is the best system. We've yet to have a card stolen," he said.
Dormcon and East Campus President Dhaya Lakshminarayanan '96 is also confident that the cards behind the East Campus desk are secure, and that the presidents at other dormitories are confident about their security systems as well.
"I'm 100 percent sure about leaving my card behind the desk," Lakshminarayanan said. "I have spoken to the dorm presidents at other dorms - they all feel the same way."
The MIT Card is the ideal form of collateral because it is "in the balance in between being too valuable and being just valuable enough so that you can bring back the equipment," Lakshminarayanan said.
However, Lak-shminarayanan said that if students feel strongly either for or against using the MIT Card as collateral, they should raise the issue at their house government meetings.
Libraries may offer an alternative
Despite most dormitories' confidence in the collateral system, DeHon believes that a system employing fines and penalties is a better way to ensure the return of loaned material.
"The library has [problems of ensuring the return of items], but they don't take your card away from you. They have dealt with this particular problem before," DeHon said.
Dormitories could fine students for late or lost equipment, DeHon said. All that is necessary is to establish a method of knowing who is checking things out and where to find these people, he said.
In "setting fees, et cetera, you want to be fair. But it's one of the things that can be worked out," DeHon said.
Assistant Bursar Sandra Chauncey also believes it is possible to develop a system to include dormitory fines in a student's account.
"I am trying to work on having a system to allow other charges on the bursar's bill," Chauncey said.
Currently, library fines can be charged to a student's account as an education related expense, Chauncey said. But there are some restrictions on what can be charged, she said. Currently, fines cannot be added directly to a student's account "until we get some clear guidelines from the federal government and more programming for the computer," she said.
However, if in the re-engineering effort dormitory fine bookkeeping becomes part of the Bursar's Office's duties, Chauncey believes the office could adapt without too much trouble. Whether or not that will happen will become clearer in the year to come.