A security breach at the top levels of higher education has raised many questions about the safety of students' personal information and about who they can trust in the admissions office.
In May, Princeton University's Director of Admissions Stephen LeMenager admitted to accessing the admissions information of Yale University applicants who had also applied to Princeton.
He did so by entering the social security numbers of the dual applicants into Yale's Web site, designed to notify students of their acceptance status.
LeMenager made his confession during an admissions conference at Penn, and afterwards Yale reported 14 unauthorized taps into their site that were traced back to Princeton's admissions office.
Penn implemented a similar site to Yale's this spring, leaving students and future applicants to wonder whether the same thing could have happened to them.
Penn Information Security official David Millar reassured students that their personal identification numbers have always been confidential, as Penn sends passwords to applicants in the mail.
Millar blames Yale's Internet policies for the breach.
"It's just not a good practice to use Social Security numbers as identification... there is always something more you can do to prevent this from happening," he said.
Yale spokesman Thomas Conroy said that experts will work to make the site more secure before the admissions office reactivates it in April.
Other than Princeton and Yale, no Ivy League admissions office, including Penn's, would comment on the incident.
In light of what happened, the National Association for College Admissions Counseling has taken steps to ensure that students' information will remain confidential.
Within the year, NACAC Executive Director Joyce Smith said she hopes to amend the organizations Statement of Principles of Good Policy to include very open guidelines for handling students' information.
"The language can be as simple as '[offices] will take due care in preserving students' privacy,'" she said.
Peter DeBlois, a spokesman for educational information technology association EDUCAUSE, said he believes it was "risky" for Yale, or any other school, to launch such a site without fully exploring its security.
"I was surprised that they were using such standard information for students in this sensitive admissions process," he said.
And while many officials indicated that there is often collaboration among college admissions offices, the consensus has been that LeMenager crossed the line.
Barmak Nassirian of the American Association of Collegiate Registrars and Admissions Officers said schools do share information.
"There are often collegial conversations about [admissions] processes," he said. "But it rarely comes down to handing a playbook to another school."
While Princeton President Shirley Tilghman said in an August statement that LeMenager's motivation for accessing the Web site was to show its security, Smith attributes the breach to a different source.
"In general, this speaks to the growing competitiveness of universities," she said.
Smith also said that this is not the first time a school has used personal information in this way, leading colleges to internally beef up their security.
She would not comment on the specifics of past incidents, though.
Students' reactions to Princeton's misuse of personal information are mixed.
College sophomore Molly Dixon said, "It reflects poorly upon Princeton... these institutions should set the best example for their incoming students."
But another College sophomore, Eli Schlam, disagreed.
"It doesn't really affect the university as a whole," he said, adding, "A university like Princeton won't be tainted."
