This Week in Student Privacy: 11/25

Berkman SPI
Student Privacy Initiative
Sent as a

Newsletter

3 min readDec 1, 2015

The US Education Department’s Vulnerable Databases

At a House oversight hearing, “the department came under withering criticism […] about just how vulnerable its information systems are to security threats.” At the hearing on November 17, “Inspector General Kathleen Tighe testified that USED’s […] ‘data security’ system is riddled with vulnerabilities.” “She said that her office had been able to penetrate some department systems without being detected” and that she “is still concerned about the potential for breaches

“Lawmakers at the hearing […] took Danny Harris, the chief information officer of the Education Department, to task for the way data is handled,” and found that USED “needs significant improvement in four key security areas: continuous monitoring, configuration management, incident response and report, and remote access management.”

When “a congressional scorecard issues this month on how well federal agencies were implementing four key areas of the Federal Information Technology Acquisition Reform Act, or FITARA gave the Education Department three Fs and one D,” Danny Harris, the CIO of the Education Department, “said he thinks the department should have received a C.”
When asked about “how long it would take to modernize all of its data systems, Harris “said he didn’t know across the entire platform.” But, he says, “we are working hard

Read more about the hearing: “Congress blasts U.S. Education Department for vulnerabilities in data bases” (The Washington Post), and from a more partisan perspective: “U.S. Department of Education Data System Riddled with Vulnerabilities for Students” (Breitbart).

Watch the hearing on YouTube: Department of Education — Information Security Review

Articles/Resources

These kitties are hard at work, trying to improve security

This update was compiled by Jeremiah Milbauer, with help from Paulina Haduong. Jeremiah is a first year at the University of Chicago and an intern for the Student Privacy Initiative at the Berkman Center for Internet & Society.

--

--

Berkman SPI
Student Privacy Initiative

Berkman Center’s Student Privacy Initiative: Identifying and evaluating central privacy issues in ed tech