Last year, with much fanfare, the Harvard University Admissions Office introduced a new notification system for prospective students. For the first time, applicants could elect to receive their admissions decisions via e-mail as a supplement to the standard postal mail package. Hoping to avoid the agonizing wait that has plagued generations of high school seniors, many elected to use the new system. When I saw the Harvard web site that students were using to choose their e-mail preferences, I was shocked—the site was a disaster waiting to happen. By removing only a couple of characters from the address in a standard web browser, I was able to reveal line upon line of proprietary database code. Removing a few more brought me to a page with assorted grayscale photographs of computer parts: a welcome screen from IBM, beckoning me to log in as the system administrator. I immediately notified the Office of the problem.
Now, in order to prevent a similar breach of security, the innovative efforts of the Undergraduate Council have been stymied. For a time, the Council's site totally disappeared, while the administration supposedly deliberated out of concern for what it claimed to be our privacy. In the end, the administration elected to protect the confidentiality of student data. Ironically enough, the resulting actions failed to do so, at the expense of our time, and better yet, our privacy.
The entire undergraduate population has already received a generic, unsolicited e-mail to accomplish what could otherwise have been done through a simple web site. Compounded with the irritating "vote-for-me" spam that certain Undergraduate Council candidates have already sent to their houses, the precedent is becoming increasingly troubling. For the meantime, at least, such actions are permissible; from Dean Illingsworth's perspective, spam "hasn't been a serious consideration."
Dean Illingsworth is under no obligation to put spam high on his priority list, but apparently, privacy already is. It is unfortunate, then, that Dean Illingsworth's plan has inadvertently created a permanent record of students' votes, which can be traced back to individual student identities in a variety of interesting ways. This log, automatically generated by the Apache web server software on which the election site runs, neatly correlates voting database records with IP addresses. Not to mention the e-mails themselves, which clearly establish a link between voting database records, e-mail addresses, and by extension, student names. Using the Undergraduate Council's original plan, the log would not have been able to record any of the voting database information, nor would any of the e-mails have existed in the first place. All in all, Illingsworth indirectly authored a fascinating read for any curious hacker: an on-line Harvard phonebook, with the bonus material of voting preferences.
The logic behind Illingsworth's original concern, that non-Harvard servers are inherently less secure than Harvard servers, is flawed at best. Such a statement ignores what must be the most fundamental concept of the internet: that everything is connected. Physical server location is completely irrelevant on the internet, since the difference between logging on remotely and walking up to a keyboard is virtually nil. Web surfers in Istanbul can access fas.harvard.edu in any number of ways, with trans-continental communications delays under three-tenths of a second. Clearly, if this were not the case, no student at Harvard would be able to access a web site anywhere else; the World Wide Web would be rendered useless.
As Harvard's own computer science professors teach, data is only as secure as the weakest link. Given the size and complexity of Harvard's internal network, there are bound to be many weak links—far more than would exist at a small internet service provider, with staff devoted full-time to data security. Given enough interest, time and computing power, any system of encryption can be broken. By making such a fuss over the non-issue of physical location, Illingsworth has at the very least succeeded in boosting interest tremendously.
Perhaps the most surprising aspect of the administration's reaction is the manner in which Dean Lewis has reportedly responded. As a respected professor of computer science, one certainly would not expect him to support a technically harebrained plan. As a high-ranking administrator, his surprise at Sujean Lee's criticism of the administration implies a fundamental misunderstanding on his part. The Undergraduate Council exists to represent the student body. As the organization's president, Sujean Lee was well within her rights to express frustration. It may, in fact, be the most representative stance that she or Undergraduate Council has ever taken on behalf of students.
Indeed, we are frustrated. At an institution where tradition outweighs technology and plans of study are recorded on carbon paper, it is not surprising to occasionally encounter people who fear computers and the inherent change that they bring. It is, however, worrisome when those people are the same ones who run the University. In this instance, Harvard's more computer-savvy administrators did not have the sense to put a stop to Dean Illingsworth's unintentionally backwards plan. Had the Undergraduate Council made reasonable efforts to protect data through solid programming and standard encryption technology, it is highly unlikely that confidentiality would have ever been a problem, even if the site was hosted off campus.
After all, using the Admissions Office as an indicator, Harvard's servers are no better at protecting data than its administrators are at protecting privacy.