Search the Archive:

Back to the Weekly Home Page


Palo Alto Online

Publication Date: Wednesday, June 25, 2003


Security breach

by Rachel Metz

In the heart of Silicon Valley, where companies secure information as tightly as a bank safeguards money, some student records on Palo Alto school district computers have been as easy to obtain as a dollar bill left on a street corner.

Related Stories
- Security breach
- Are wireless networks worth the risk?
- When student privacy becomes a federal case
- What those computer terms mean...

Like leaving a vault open, PAUSD failed to place a number of highly sensitive computer files containing student information in a locked location on its network. Using a laptop with a wireless card outside the district's main office, the Weekly gained access to such data as grades, home phone numbers and addresses, emergency medical information complete with full-color photos of students and a psychological evaluation.

Unauthorized users could copy many of those sensitive files, as well as upload their own files onto one of the district's servers, Fuji, the Weekly found. Unlike the majority of the district's information, the documents were not password protected.

The same information was also accessible to individuals using district computers within school sites.

The district has known about some aspects of this vulnerability for nearly nine months, but failed to take action until the Weekly informed officials of the situation late last week -- a somewhat ironic development given the school board's recent adoption of a technology-use policy.

"I don't see this as such a huge news story," Superintendent Mary Frances Callan said the day after the district office abruptly shut down its wireless network and student information program. The real news, she added, was the great progress the district has made to its network plans, thanks to new software purchases, planned employee training sessions and the technology-use policy.

However, the availability of such student information is not only a breach of said policy, but of federal law governing distribution of students' education records.

District administrators are blaming the security breach on everything from bureaucracy to teacher error to grass-root efforts to establish wireless networks at school sites.

"We're not in any way trying to make excuses, but we knew there were issues, we knew that there were things that needed to be more secure," Marie Scigliano, PAUSD's director of educational technology and information services, said.

School board President Mandy Lowell was surprised by the amount of sensitive data the Weekly was able to access.

"Unless I missed it no one reported to me that there was a gaping hole in security and needed to be repaired and couldn't unless a policy was enacted," said Lowell, the parent of three children attending district schools.

"I never heard this was a matter of urgency to accomplish or our documents could be printed on the front page of a newspaper," she said.

The Weekly's ability to access student files was called by one district employee the biggest security hole in PAUSD's system to date.

Andrew Hannah, a network administrator for the district, admitted security was an afterthought when the first open wireless networks were installed at the Jordan and Jane Lathrop Stanford middle schools and the district office between 2000 and 2002.

The district, he said, was more interested in equipment issues than securing information.

"With every subsequent school that we're putting up with wireless, security is now part of the pre-thought process," he said, pointing out that newer wireless networks at Walter Hays and Juana Briones are locked from outside wireless use. A Weekly check confirmed Hannah's statement.

No other schools in the Palo Alto district have permanent wireless set-ups.

The district uses a wide-area network, or WAN, to link computers at school sites and the district office.

There are about 40 servers on PAUSD's district-wide network. Each school has two servers: one academic and one administrative. The academic server provides access to the Internet, while core school information -- such as names, grades and medical information -- is stored on the administrative server.

The district office has access to several other servers, as well as those of the individual school sites. One of the district servers -- PAUSD Resources -- contains a sub-server known as Fuji, which was designed to allow authorized personnel to share files.

Although the server was not intended for high-security documents, the Weekly was able to access some of Fuji's contents as easily as opening a Microsoft Word file. We found student medical cards listing health conditions accompanied by a photo of the child, a psychological profile with the student's first and last name, and a file containing student addresses, phone numbers and grades. We also able to view the district's student information system, SASIxp.

This same information could also be obtained from Jordan Middle School's computer network.

Such access illustrates the hazards of an open wireless network if proper security measures are not enacted.

Although students and district employees need a password to log on, laptops with wireless cards skip this step by connecting directly to the system as a guest.

Gregg Gunkel, security and information systems manager for the Sequoia Union High School District, said an open network exposes the district to the risk of pranks, viruses and stolen information.

"I can't imagine that school districts do provide guest access to their network," said Gunkel, who added the Sequoia district does not leave its wireless nodes open.

"We have a requirement by the federal government to maintain secure networks. Because they're for student use, we have to be careful where those networks have access to," he said. "And because of the confidentiality of the information in our student-information databases, we have to really be sure that's in a really secure mode."

To test whether the network was accessible by other means, we entered a Paly classroom accompanied by a teacher and were able to log on to Fuji from a desktop computer without a password.

"In some ways I guess I shouldn't be too surprised this would be a problem too but at the same time I'm sort of flabbergasted that they knew about this but didn't make it a priority," Suzan Stewart, Paly social studies instructional supervisor, said.

Our ability to access the network comes a week after the district passed a new technology-use policy that took nearly a year to draft. Under the terms of that policy, distribution of private or personal information -- including home addresses, phone numbers, age, sex or other personal information -- over PAUSD electronic-information systems is prohibited.

The district's "Student Handbook" regarding use of Internet and district information systems also states users should identify student work and images only by first name and initials. No images are allowed without parent permission.

The federal Family Education Rights and Privacy Act (FERPA) also enforces student and parental rights regarding private information, placing the Palo Alto district in violation of the law.

"We're not trying to disregard the law, we're not trying to make data available. We have to work through a process with our staff because we wanted them to be positive and moving through it. We didn't want to be cutting people off," Scigliano said.

In May, Christopher Grant, a district systems administrator, learned it was possible to access the district's Fuji server through the wireless network.

Grant recommended locking down the wireless network, but was told the district was waiting for the school year to end and the board to approve the technology-use policy.

"My understanding that what we were planning on doing is taking down wireless networks that we could not secure until such time we were able to bring on board the new wireless networks or update the old ones. My understanding is that has not changed," he said.

Scigliano said the policy was necessary "in this political environment to be able to move to the next step."

"It's not to say that it's not an important problem, but we find that we have to educate our staff to let them know what we're doing rather than do it to them -- and it's not like we're trying to risk the child, the student information or any of that," she said.

Callan echoed that sentiment: "We are totally in the process of addressing the issues but we address them starting at the policy level."

Despite their stated preference for the slow-and-steady approach, the district office's wireless network was completely shut down within four hours after the Weekly informed district officials of the breach.

The next day, Hannah circulated an e-mail to district employees stating, "Wireless connectivity to the District Office is unavailable due to a security incident. Wireless connectivity will return after the system has been upgraded. If you have any questions please contact me. Thank you for your patience."

Questioned about the speed of their reaction, district officials said they were going to start maintenance work on the network in a few days anyway, and asserted the Weekly's revelation only sped up the process.

As of press time, the district's wireless network is off. Networks at Jordan and JLS middle schools were locked.

Scigliano and Hannah admitted it's difficult to close a network.

Though Walter Hays and Juana Briones started out with some protection from unauthorized use or abuse, Scigliano said grass-roots parent organizations that developed the earlier wireless networks hampered the district's ability to standardize technology. Hannah said they were in the process of locking down open wireless nodes at Jordan and JLS for about three months now. He added that the new technology-use policy forbids people from setting up grass-roots networks at district schools.

Scigliano expressed some frustration over the haphazard method wireless networks were installed.

"The wireless was brought up at Jordan by a group of parents, OK? Separate of the district," she said. "So this is what I'm trying to explain. It's not to make an excuse," Scigliano said.

She added that teachers were not trained appropriately to use the computer systems.

"A year ago, some of the documents were in print documents and (teachers) never ended up transferring, sharing files, doing any of those types of things," Scigliano said. "Folks have the capability now so they're doing some of these things, without following the pieces in place of whether they should be doing it or not, because it's just normal -- it's considered 'A Job That I Need to Do,' OK?"

Scigliano said holes in the PAUSD system should be patched by the end of the summer.

"Give us a week and we'll see what you can get on and what you can't get on," she said.



Copyright © 2003 Embarcadero Publishing Company. All rights reserved.
Reproduction or online links to anything other than the home page
without permission is strictly prohibited.