Princeton admissions officers gained repeated, unauthorized access to the admissions decisions of 11 Yale applicants in early April by exploiting Yale’s new online admission notification system, Yale and Princeton officials said Wednesday.
A security report drafted by Yale’s Information Technology Services showed that Princeton officials viewed Yale admissions decisions — in several cases before applicants learned whether they had been accepted — by inputting the applicants’ birth dates and social security numbers to bypass Yale’s security measures.
Yale General Counsel Dorothy Robinson said the University considers Princeton’s actions an abuse of the private information students provided on their applications, a violation of Yale’s computer network, and possibly a breach of several criminal statutes. Robinson said the University will consult law enforcement officials Thursday and notify all the affected applicants of Princeton’s actions.
“We do believe there was a very serious violation of the privacy of the individuals,” Robinson said. “It is a matter which we believe law enforcement should be informed about.”
Stephen LeMenager, a dean of admissions at Princeton, characterized Princeton’s use of Yale’s Web site as an innocent way to check whether the site was secure by using a random sampling of students whose social security numbers were listed on their applications to Princeton. He said he did not know why certain records were accessed several times.
Yale officials said they learned of the security breach in June, after Princeton officials informally mentioned that they had accessed students’ records on Yale’s admissions Web site at an Ivy League deans’ conference.
Yale then commissioned an investigation, which found records of 18 separate log-ins to the site from Princeton computers, accessing the information of 11 applicants. Fourteen of the log-ins were traced to four different computers at the admissions office.
In four cases, applicants did not view their sites — or admissions decisions — until after they had been accessed by computers at Princeton.
Alexander Clark ’04, who developed the admissions Web site and prepared the security report for Yale officials on June 20, said he double- and triple-checked data in his report. Clark said members of Yale’s Information Security Office also reviewed and signed off on his findings.
The Web site, which was launched by the admissions office in December, was designed to allow applicants to access their admissions decisions online using their names, birth dates and social security number as passwords.
Upon the first log-in, accepted students were greeted with a display of virtual fireworks. Rejected students also received notification. After the first log-in, the decision screen no longer appeared, making it unclear to a student whether they had been admitted or denied admission.
Students were able to provide information about themselves, including extracurricular interests and a personal profile. By logging in, Princeton officials had access to those students’ records and profiles.
Princeton could face legal troubles as well as a loss of funding as a result of its employees’ actions.
The university could potentially lose its limited amount of federal funding if it is found to have violated the Family Educational Rights Privacy Act — commonly known as the Buckley Amendment. The Buckley Amendment was designed to safeguard student information, and experts said the use of students’ social security numbers and access of protected information for Yale applicants may constitute a legal infraction.
Jennifer Granick, the litigation director for the Stanford Law School Center for Internet and Society, said Princeton could also be sued for accessing Yale’s Web site accounts without authorization.
Granick said that requiring a name, birth date and social security number to access the Web site could legally be construed as meaning anyone with those three pieces of information could log in. But she added that the presence of a disclaimer screen, which warned users of the site that it was only intended for the personal use of the applicant, made Princeton officials’ use of the site vulnerable to a lawsuit or even criminal charges.
Granick said the standard for criminal charges includes proof of criminal intent. To be charged criminally in the federal system, she added, someone would have to have caused $5,000 worth of damage. LeMenager said he and his colleagues meant no harm in accessing the information, and instead were attempting to assuage their own concerns about Web site security.
“It was really an innocent way for us to check out the security,” LeMenager said. “That was our main concern of having an online notification system, that it would be susceptible to people who had that information — parents, guidance counselors, and admissions officers at other schools.”
Harvard’s director of admissions, Marlyn McGrath Lewis, said she was not surprised there had been unauthorized access to Yale’s Web site.
“Any system that could be cracked, I think will be,” she said.
Clark, the designer of Yale’s system, defended the admissions’ site’s security and said security is only as good as the password. He said the passwords were chosen because of their “personally identifiable nature.”
He added that he expects Yale will use a similar notification system for the Class of 2007, but will require personal identification numbers to access the information. Robinson said Yale’s Web site was secure, and that no other breaches of security had been recorded.
“We did take a broader view and a broader look at the security of the system and we did not find evidence of any similar break-ins or wrongdoing,” Robinson said. “So in other words, the activity that happened from Princeton was unique.”