A student logs onto their computer.
State legislators are taking strides to make personal information more secure for citizens on the heels of several major cyberattacks that have allowed outside sources to access data of customers of large corporations such as Target and affiliates of universities like this one.
February’s security breach at this university, which exposed the personal information of more than 309,000 students, faculty members, staff and alumni from 1998 onward, stands as an example of the pressing need for new cybersecurity laws, according to state legislators such as Sen. Ronald Young (D-Frederick and Washington).
Young passed a bill in the Senate in 2013 that would have made it illegal for university administrators to ask for student passwords to social media accounts. Though the bill failed in the House of Delegates, Young said he would continue to search for ways to make digital privacy lines bolder.
“A lot of information, through various means, is being gathered on students all the way through schools,” he said. “We’ve entered a whole new world with computers, and I think we still have our rights to privacy as much as they can be protected today.”
University officials told The Diamondback earlier this week that they had begun purging their databases of the information that was copied in February’s breach, though it was not made clear why Social Security numbers were retained from individuals who might have left the university more than 15 years ago.
Brian Voss, this university’s information technology vice president and chief information officer, told The Wall Street Journal that Social Security numbers were used as identifiers for the individuals in the databases, although a random number combination would have been just as effective, he said.
“Maryland’s supposed to have a very secure system, but obviously there’s always somebody out there one step smarter,” Young said. “We’ve got to keep looking to establish firm guidelines of what can be kept and what can’t and how secure it is — what can be shared and what can’t. Right now it’s kind of a free-wheel engagement.”
Sara Love, public policy director at the American Civil Liberties Union of Maryland called other potential privacy infractions to question, such as cellphone GPS tracking and license plate-reading cameras, which this university has stationed at each of its five entrances.
“You have this tiny, tiny amount of license plates that have a potential of a connection with something more serious than a registration issue,” Love said. “At the same time, you have a year’s worth of location data.”
University Police Chief David Mitchell told The Diamondback last month that the information collected by the tag readers was kept for 30 days before being sent to the state.
“Especially in this day and age, when you go out into the public, there really is very limited privacy,” said Michael Toscano, president and CEO of the Association for Unmanned Vehicle Systems International. “You know, I get in the car and there’s GPS, I go past banks, I go past intersections, I walk inside buildings that have cameras. It’s really what your expectation of privacy is.”
The truth of this — while “very scary” to Young — is exactly the reason he fights for change, regardless of how daunting the issue, he said.
“I almost wonder if it’s possible to totally stop it, but I think we’ve got to start trying to build guards in there somewhere,” Young said. “The worst-case scenario is almost there now.”
