Last Monday, The Washington Post released a special report detailing how at least 44 U.S. public and private colleges and universities are employing private contractors to collect prospective students’ data without their acknowledgment.
This report comes at a time where national concern for data privacy is at an all-time high. While Facebook and Google execs are being called down to testify on Capitol Hill, universities like Virginia Tech and the State University of New York were learning all about those interested in their school. It’s just another example of the exploitative college admissions process that needs broad reform. six
This has already affected the St. John’s community. According to the college counseling department, members this year’s senior class are applying to eleven of the schools in the Post’s report, and have expressed interest in an additional seven. All of these students almost certainly visited the admissions website, meaning they were vulnerable to cookies and data mining.
The Post found that these companies would have tracking cookies installed on the browsers of those who visited the university’s admissions page. These cookies would then create a profile of the students’ test scores, zip codes, high school transcripts, academic interests, Web browsing histories, ethnic backgrounds and household incomes for clues about which students would make the best candidates for admission. This data is then used to determine how much the university should try to attract this student, and, even worse, to guess how much financial aid they would need before they even apply.
This shouldn’t have ever happened. Sharing information about these students, information these companies used to begin building their comprehensive profiles, would require parents to waive their FERPA rights – protections for minors’ information given by the Family Educational Rights and Privacy Act. Anyone working on college applications right now has almost certainly come across the FERPA waiver on Naviance or their applications that allow outside organizations to view their grades and other sensitive details.
But universities were able to get around this by classifying these private companies as “school officials.” The Department of Education should be investigating this; instead, they declined to comment on whether this is even a violation.
The schools were then able to say that they did not utilize cookies, because they didn’t – those private companies were. Despite the fact they were hosting their cookies, those visiting their sites were unaware of who was watching them. Many don’t allow students to opt-out of their information being collected, while those who do require a written letter to the Admissions Department.
Universities built these profiles not only from these cookies but from buying students’ data from the College Board, a nonprofit whose directors and software engineers make six-figure salaries. Their very own website lists the price per student as only 47 cents. This data is gathered from students registering for the SAT and surveys taken as part of Advanced Placement Exams, and as someone who has taken both, the College Board does not make it clear to students that these questions are optional, meaning that many families likely filled out these sections under mistaken assumptions.
One school administrator’s suggestion to protect your data? Just don’t visit their website.
“You have a choice of not interacting at all,” Jacquelyn Malcolm, chief information officer at SUNY Buffalo, offering several other ways to get in touch with the college admissions department.
But why should they have been wary of the sites in the first place? The advance of technology has revolutionized the college search and application process, mostly for the better. However, these predatory practices from organizations students are essentially forced to trust out of necessity spoil the good work online college resources can provide.
St. John’s Director of College Counselling, Ms. Martin, spoke to the advantages of schools having this data: “Tracking website data can inform a college of student interests, demographics, and trends. This information is helpful when driving a recruitment plan and deciding things like where should recruiters go.” She also said that tracking how students complete their applications can help universities reform their application.
While there can be benefits to this data, there also comes the need to inform the user that it is happening and give them the option to opt-out. There’s also an inherent risk to collecting any data, and the more data these universities have, the greater the risk. They can try to guarantee safety, but as students at Oberlin, Grinnell, and Hamilton found out last March, admissions profiles are never completely secure.
The college process is difficult enough. We shouldn’t have to deal with cybersecurity risks we’re not even aware of. We need to demand better of our universities and the government that regulates them to protect high school seniors and college students across the country.