News

Harvard Salata Institute Announces 8 New Seed Grants for Climate Research

News

Department of Health and Human Services Broadens Harvard Investigation, Requests Antisemitism Task Force Documents

News

Seniors Blame Low Attendance For ‘Lackluster’ Class Committee Events

News

Students Disturbed by Delay in HUPD Updates After Shots Fired in Harvard Square MBTA Station

News

Three Harvard Faculty Members Win Guggenheim Fellowship

News

Education Department Demands Records on Foreign Funding to Harvard

News

Harvard Finishes Installing New Yard Surveillance Cameras

Concerns Over Web Portal Force Password Change

By Laura L. Krug, Crimson Staff Writer August 15, 2003

So he complied, but before he did, he sent an e-mail to everyone with a houseSYSTEM account.

“I have been asked to disclose the entire table pertaining to members in unaltered form, complete with information about your choice to remain anonymous on houseSYSTEM,” he wrote. “I realize that this is an egregious breach of your privacy. Adding further irony to the situation is the College’s claim that it is necessary in order to protect your privacy, and the fact that it has been justified by administrators who actively refuse to understand the technical details necessarily involved. I have done all that I can to avoid this situation.”

But both Ellison and Dean of Harvard College Benedict H. Gross ’71 said that they had neither requested nor received any information other than the list of user names registered to use the portal.

“The College is not interested in any private information stored on the houseSYSTEM database,” Gross wrote in an e-mail. “We asked for a list of all FAS user names which were recorded as having submitted FAS passwords to the SEC web site. We are not asking for any other information, such as names, posts, history, etc.”

And Ellison maintained that the only reason the school had requested that list was in order to inform the students that they were encouraged to change their passwords.

“We haven’t asked for anything but usernames,” Ellison said. “We asked so that we could notify the students that they needed to change their passwords immediately, because their passwords were in a non-Harvard system. Because of that, they were essentially open to hacking or some other kind of security breach.”

“Nothing is impregnable,” Ellison added. “Even though Aaron did make some guarantees, we still have concerns about the information being out there.”

Ellison noted that Greenspan had no way of differentiating between a genuine and a dummy password, which would account for some people’s receiving the notice to change their passwords—even if they had not originally given their real ones.

Several students who received the notice from HASCS expressed concerns. The message made no specific reference to Greenspan, the SEC, CriticalMass or houseSYSTEM, but rather said simply that FAS had learned that their passwords might have been endangered.

“I was surprised that they had e-mailed me because I never gave my FAS password to houseSYSTEM,” said Gregory N. Price ’06. “I wasn’t planning on changing it, I wasn’t expecting that to be the case.”

He said he then tried to log on.

“It was an unpleasant surprise to get an error message I’d never gotten before,” he said. “Shell access denied.”

David A. Molnar ’02-’03 said that had he not been aware of the controversy over houseSYSTEM previously, he would not have known what the HASCS message was in reference to.

“If I didn’t know that the houseSYSTEM thing was behind it, I wouldn’t have known what was going on,” he said.

Steen said the HASCS e-mail did not specify houseSYSTEM as the potential source of risk because the College’s decision in the case was still pending.

HASCS had simply wanted to get the news out to students to tell them to change passwords, he said, though there had been no proof of actual compromise.

“As far as I know we haven’t detected anything that’s actually happened,” said Steen. “This is basically a protective measure.”

—Staff writer Laura L. Krug can be reached at krug@fas.harvard.edu.