[Wildcat Online: opinions] [ad info]





Jobtrak breach exemplifies internet security threats

By Wildcat Opinions Board
Arizona Daily Wildcat,
April 20, 2000
Talk about this story

Jobtrak is not the devil - not even close.

It is noble service that expands job availability for thousands of college students at almost 1,000 universities. It is the front-runner in the market of online job databases, handling hundreds of thousands of students' resumes and records. The validity of the company is not an issue.

But a relatively minor irresponsibility on its part led to the inadvertent release of hundreds of students' personal information.

While the breach was small in comparison to the mammoth database of secure files, the results exemplify the potential danger of the booming information market available on the Internet.

In the past, such an error was impossible. But so was Jobtrak. The nature of online conduits of data is a dangerous one that, if not held to the highest level of security, can allow a good-natured service like Jobtrak to risk the privacy of an indefinite number of people.

The vendor's founders have poured out damage control statements, insisting the error was such a small percentage of their total patronage - that it really isn't that big of a deal. As stated above, the relative size of this breach is perfectly clear.

But one thing doesn't change. On Tuesday night, tall stacks of printouts were sitting in the Daily Wildcat newsroom containing names, numbers, addresses, classes, grades and business letters - all belonging to unsuspecting college students or graduates. They were accessed easily - not hacked in any way - and reporters only printed out a small fraction of what was available in the open files.

John Doe had no intention of allowing anyone to see that he had failed organic chemistry, or that he had hopes of working for Boeing someday. But because of this so-called minor error on the part of Jobtrack, they did just that.

Five hundred students (a mere estimation of what was available) may not seem like a lot to Jobtrack executives. Surely, they see that many names fly by on a regular basis. But to one Berkeley graduate whose transcripts were released, it was definitely a big deal.

"It makes me feel betrayed by Jobtrack and my university," the graduate said.

For company officials to try to claim this is an insignificant error is disturbing. They accused the Wildcat of sensationalizing the report - abusing its power.

Well Jobtrack had a hefty share of power of its own, and its chief technology officer and the university's Career Services director, among others, weren't exactly thrilled with the way the company was using it.

"FTP stinks. I don't know how else to put it," said Rob Cresswell, the chief technology officer at Jobtrak.

"I am appalled at this," said Marie Rozenblit, Career Services director at the University of Arizona.

Jobtrak is a good and useful service that has helped a lot of students.

But in this age of electronic information, where one company is responsible for massive amounts of personal records, even a tiny slip-up can be disastrous.

Jobtrak's breach should be a warning to UA students and officials to act with extreme caution and protect valuable information.

If a company like Jobtrak can create such a risk with a small error, imagine what someone with malicious intent could do.

[end content]
[ad info]