Publication Date: Wednesday, June 25, 2003|
by Rachel Metz
Like leaving a vault open, PAUSD failed to place a number of highly sensitive
computer files containing student information in a locked location on its network.
Using a laptop with a wireless card outside the district's main office, the
Weekly gained access to such data as grades, home phone numbers and addresses,
medical information complete with full-color photos of students and a psychological
Unauthorized users could copy many of those sensitive files, as well as upload
their own files onto one of the district's servers, Fuji, the Weekly found.
Unlike the majority of the district's information, the documents were not password
The same information was also accessible to individuals using district computers
within school sites.
The district has known about some aspects of this vulnerability for nearly
nine months, but failed to take action until the Weekly informed officials
situation late last week -- a somewhat ironic development given the school
board's recent adoption of a technology-use policy.
"I don't see this as such a huge news story," Superintendent
Mary Frances Callan said the day after the district office abruptly shut
down its wireless
network and student information program. The real news, she added, was
the great progress the district has made to its network plans, thanks to
planned employee training sessions and the technology-use policy.
However, the availability of such student information is not only a breach
of said policy, but of federal law governing distribution of students' education
District administrators are blaming the security breach on everything from
bureaucracy to teacher error to grass-root efforts to establish wireless networks
"We're not in any way trying to make excuses, but we knew there were issues,
we knew that there were things that needed to be more secure," Marie
Scigliano, PAUSD's director of educational technology and information
School board President Mandy Lowell was surprised by the amount of sensitive
data the Weekly was able to access.
"Unless I missed it no one reported to me that there was a gaping
hole in security and needed to be repaired and couldn't unless a policy
was enacted," said
Lowell, the parent of three children attending district schools.
"I never heard this was a matter of urgency to accomplish or our documents
could be printed on the front page of a newspaper," she said.
The Weekly's ability to access student files was called by one district employee
the biggest security hole in PAUSD's system to date.
Andrew Hannah, a network administrator for the district, admitted security
was an afterthought when the first open wireless networks were installed at
and Jane Lathrop Stanford middle schools and the district office between 2000
The district, he said, was more interested in equipment issues than securing
"With every subsequent school that we're putting up with wireless,
security is now part of the pre-thought process," he said, pointing
out that newer wireless networks at Walter Hays and Juana Briones are
A Weekly check confirmed Hannah's statement.
No other schools in the Palo Alto district have permanent wireless set-ups.
The district uses a wide-area network, or WAN, to link computers at school
sites and the district office.
There are about 40 servers on PAUSD's district-wide network. Each school has
two servers: one academic and one administrative. The academic server provides
access to the Internet, while core school information -- such as names, grades
and medical information -- is stored on the administrative server.
The district office has access to several other servers, as well as those of
the individual school sites. One of the district servers -- PAUSD Resources
-- contains a sub-server known as Fuji, which was designed to allow authorized
to share files.
Although the server was not intended for high-security documents, the Weekly
was able to access some of Fuji's contents as easily as opening a Microsoft
Word file. We found student medical cards listing health conditions accompanied
a photo of the child, a psychological profile with the student's first and
last name, and a file containing student addresses, phone numbers and grades.
able to view the district's student information system, SASIxp.
This same information could also be obtained from Jordan Middle School's computer
Such access illustrates the hazards of an open wireless network if proper security
measures are not enacted.
Although students and district employees need a password to log on, laptops
with wireless cards skip this step by connecting directly to the system as
Gregg Gunkel, security and information systems manager for the Sequoia Union
High School District, said an open network exposes the district to the risk
of pranks, viruses and stolen information.
"I can't imagine that school districts do provide guest access to their
Gunkel, who added the Sequoia district does not leave its wireless
"We have a requirement by the federal government to maintain secure networks.
Because they're for student use, we have to be careful where those
networks have access to," he said. "And because of the confidentiality
of the information in our student-information databases, we have to
sure that's in a really
To test whether the network was accessible by other means, we entered a Paly
classroom accompanied by a teacher and were able to log on to Fuji from a desktop
computer without a password.
"In some ways I guess I shouldn't be too surprised this would be a problem
too but at the same time I'm sort of flabbergasted that they knew about this
didn't make it a priority," Suzan Stewart, Paly social studies
instructional supervisor, said.
Our ability to access the network comes a week after the district passed a
new technology-use policy that took nearly a year to draft. Under the terms
policy, distribution of private or personal information -- including home addresses,
phone numbers, age, sex or other personal information -- over PAUSD electronic-information
systems is prohibited.
The district's "Student Handbook" regarding use of Internet
and district information systems also states users should identify
student work and images
only by first name and initials. No images are allowed without parent
The federal Family Education Rights and Privacy Act (FERPA) also enforces student
and parental rights regarding private information, placing the Palo Alto district
in violation of the law.
"We're not trying to disregard the law, we're not trying to make data available.
We have to work through a process with our staff because we wanted
them to be positive and moving through it. We didn't want to be cutting people
In May, Christopher Grant, a district systems administrator, learned it was
possible to access the district's Fuji server through the wireless network.
Grant recommended locking down the wireless network, but was told the district
was waiting for the school year to end and the board to approve the technology-use
"My understanding that what we were planning on doing is taking down wireless
networks that we could not secure until such time we were able to bring
on board the new wireless networks or update the old ones. My understanding is
not changed," he said.
Scigliano said the policy was necessary "in this political environment
to be able to move to the next step."
"It's not to say that it's not an important problem, but we find
that we have to educate our staff to let them know what we're doing rather
than do it to them
-- and it's not like we're trying to risk the child, the student information
or any of that," she said.
Callan echoed that sentiment: "We are totally in the process
of addressing the issues but we address them starting at the policy
Despite their stated preference for the slow-and-steady approach, the district
office's wireless network was completely shut down within four hours after
the Weekly informed district officials of the breach.
The next day, Hannah circulated an e-mail to district employees stating, "Wireless
connectivity to the District Office is unavailable due to a security
incident. Wireless connectivity will return after the system has been
you have any questions please contact me. Thank you for your patience."
Questioned about the speed of their reaction, district officials said they
were going to start maintenance work on the network in a few days anyway, and
the Weekly's revelation only sped up the process.
As of press time, the district's wireless network is off. Networks at Jordan
and JLS middle schools were locked.
Scigliano and Hannah admitted it's difficult to close a network.
Though Walter Hays and Juana Briones started out with some protection from
unauthorized use or abuse, Scigliano said grass-roots parent organizations
the earlier wireless networks hampered the district's ability to standardize
technology. Hannah said they were in the process of locking down open wireless
nodes at Jordan and JLS for about three months now. He added that the new technology-use
policy forbids people from setting up grass-roots networks at district schools.
Scigliano expressed some frustration over the haphazard method wireless networks
"The wireless was brought up at Jordan by a group of parents, OK?
Separate of the district," she said. "So this is what I'm trying
to explain. It's not to make an excuse," Scigliano said.
She added that teachers were not trained appropriately to use the computer
"A year ago, some of the documents were in print documents and (teachers)
never ended up transferring, sharing files, doing any of those types of things," Scigliano
said. "Folks have the capability now so they're doing some of
these things, without following the pieces in place of whether they
be doing it or not,
because it's just normal -- it's considered 'A Job That I Need to Do,'
Scigliano said holes in the PAUSD system should be patched by the end of the
"Give us a week and we'll see what you can get on and what you can't get on," she said.
Copyright © 2003 Embarcadero Publishing Company. All rights reserved.
Reproduction or online links to anything other than the home page
without permission is strictly prohibited.