Email nightmare for some FSU students

shieldI mentioned yesterday that sometimes people and software screw up in ways that cause problems. Today I saw an article demonstrating just how bad these issues can be. Florida State University Housing Department sent detailed and confidential violation reports to tens of thousands of students.

On Monday, March 14 at around 2 p.m., FSU first became aware that a glitch in the University Housing software caused the system to email approximately 13,195 current and former FSU students detailed incident reports of any and all code of conduct complaints associated with them, the FSView has learned. FSU News

In some cases, reports were of minor issues like halogen lights or open flames. But in other cases the violations were much more serious. These include reports of drug offenses, harassment and assault. Emails were only sent to the students associated with the report, but there is the possibility that some anonymous reporters were revealed by this glitch. Given some of the reports were more than 10 years old, it’s also possible these emails went to non-involved recipients.
As an email professional this type of glitch is horrifying. I can’t fathom what the glitch was. Whether it involved a human making a mistake or was triggered by the software, this is horrible design. No email containing sensitive and personal information should ever be sent unintentionally.
FSU reports they’ve stopped using the software. I hope they’ve unplugged it from any network completely. A little bit of poking at Google doesn’t tell me who the vendor is, although one of the major campus conduct software vendors (Maxient) has a note on their Facebook page that they are not the software used by FSU.
Like I said yesterday, stuff breaks online. The problem is some of these failures can cause problems and injury to real people. What happens online isn’t that separate from what happens offline these days. Our security needs to be better.

Related Posts

Security, backdoors and control.

WttWColorEye_forBlogThe FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control. Apple letter to customers

Read More

Random thoughts on reporting abuse

stop_atOn IRC today, someone mentioned an Ars Technica article discussing how a research team tried to contact Xfinity about a security flaw in their home security system.

Read More

Fast and loose

Politicians often play fast and loose with permission and data. This can cause them all sorts of problems with email delivery at major ISPs. I really expect that politicians buy, sell, transfer, spindle, mutilate and fold data. If they can use it to further their goals, they will. And, many of the consumer protection and privacy laws don’t apply to political groups.
The news that Representative Bachman may have known that some of her mailing list was taken and used by others is a surprise even to me. I talked with a few ESP reps, though, and they told me that this was mostly par for the course and that they often have a lot of delivery and compliance issues with their political clients. Many have had to suspend or terminate political clients, and a couple people mentioned SBL listings.
This isn’t a problem with just one side of the political spectrum, it seems endemic in how the game is played.
 
 

Read More