Technology Prompts Changes to Policy on PrivacyBy Dan McGuire
Editor in Chief
A new policy covering the privacy of student information has been released to the MIT community for comment.
The new policy sets out general guidelines for when and how information about students, such as addresses, grades, and financial information, may be accessed and distributed.
The new document retains the focus of the original policy, but updates it to reflect technological changes. "MIT's philosophy remains the same, very much grounded in privacy," said Special Assistant to the Associate Provost Helen W. Samuels, who helped draft the policy with Associate Provost Phillip L. Clay PhD '75. "The thing that gets more clearly recognizedŠ and more fully developed is that access can be granted to MIT officials on a need-to-know basis."
"In the pre-technology worldŠ all of the information about you was bound into a volume housed in a vault in the Registrar's office," Samuels said. "The Registrar controlled access to that document."
Technology, however, has made that information much easier to access and increased the number of people who can easily access it. "Now the equivalent to that transcript is out there online," she said. Many people can access it, and the types of access allowed can be more tightly controlled.
"These questions of privacy are not ones that you resolve for all time - the policy doesn't need to change, but how that policy is implemented needs constant attention," said Professor of Urban Studies and Planning Joseph Ferreira Jr., who chairs the Committee on Privacy.
Class lists get limited distribution
One of the biggest changes in the new policy is that it recommends that personal information, such as class lists, not be made available online without additional safeguards. In addition, it recommends that sensitive information, such as performance reports and grades, not be sent out through unencrypted electronic mail .
"While most course related information posted on web sites can be public (syllabus, reading list, assignments etc.), communication with students as well as the work prepared by the students for the classŠ are regarded as student information," states the policy.
"Therefore, the following three categories of information must be restricted to use by the staff and students of that class only: class lists, online discussions and other shared e-mail exchanges between faculty and students, and student papers, reports and other work," the new policy continues.
The issue of class lists received additional attention in the report: "Faculty must ascertain from the students if any directory information has been suppressed, and receive permission from each student to post directory information and photographs."
"There are some students who suppress directory information," Samuels said. "We have documented cases where class information, directory information, was posted to the web when it shouldn't have been. People who were harassed by stalkers were again harassed by stalkers," she said.
"If you have suppressed information [from being published in the student directory] you should be able to tell a faculty member Œyou can put up my e-mail address, but not my room number,'" Samuels said.
Another new proposal is to require that sensitive information, such as performance reports and grades, not be sent via electronic mail without encryption.
"The people in [Information Systems] said that this is definitely doable," Samuels said. "This is technology that we can make available soon, but it's not here right now, which is a problem," she added.
Encryption "was something we discussed," Ferreira said. "It's worth more discussion [but] we don't want to say Œwe shalt not' until there's a reasonable alternative."
Nevertheless, "the convenience of sending things via e-mail shouldn't overshadow the security issue," he said.
Trials will happen in late spring
The plan as it stands gives a broad outline of MIT's goals. Answers to specific questions, such as who should be given what type of access to MIT's Student Information Services database, will come later.
After the comment period ends for the policy document, a committee will put together a list of suggestions on how to distribute student information, both in the class web pagesand in the Student Information Services database.
"It will be the implementation documents that say Œan adviser needs to see x' and Œa teacher will need to see y,'" Samuels said.
Once those decisions are made, however, actually implementing them should be fairly easy. "One of the advantages of the way that the systems are being designed is that you can build these rules into it. The various roles that they fill will equate them to various levels of access,"Samuels said.
"I wouldn't want to be chair of the Committee on Privacy at a number of other placesŠbecause sooner or later they're going to have a problem and their systems will be developed to a point where there will be no easy fix," Ferreira said. "There are some aspectsŠ like the site certificates and personal certificates" that other universities are not exploiting. They are presenting WebSIS-like data "without jumping into secure mode," he said.
The proposed policy can be found at <\http://tute.mit.edu/policies/proposed/mitmostly/sip.html>. Comments can be e-mailed to firstname.lastname@example.org.