More than your SSN can be exploited
To the editor,
According to the March 3 Wildcat, the state legislature has ordered the three state universities to move away from using Social Security numbers as the student identification number. This is good. But care must be taken to insure that one all-purpose number isn't merely replaced by another ubiquitous number.
For example, on this campus universal use of the SSN is slowly being replaced by the CatCard ISO number. Now to join an intramural team I give my CatCard number to the captain instead of my SSN. To request an interlibrary loan I give my CatCard number. The problem is all we've done is substitute one omnipresent number for another. Anybody who knows my name and my CatCard number has access to my library records and probably other records the university maintains.
Maybe I should have multiple ID numbers: one for the Social Security administration, one for my library card, one for the registrar and one for the recreation center. Then the hockey team captain won't know my library card number.
Just knowing the student's CatCard number must not be enough to get access to records. A challenge form of identification should be used, for example a personal identification number should be required to get access to library records.
The university already assigns students a "secret" PIN to use with RSVP.
The forms used to request information should also cite relevant laws restricting who may issue such a request. If it is illegal for me to punch up somebody else's library records by entering their name and library card number then the computer interface should cite the law and possible punishments.