It won’t be “Magic” if cyber criminals break into your child’s school database

And, proposed database additions will make the target more tempting

It was called “Magic,” and it was a critical key to the Allied victory in World War II. Magic was a combined US and British effort to crack the secret radio transmission codes of the German and Japanese military. Despite the smug self-assurance of military leaders in Germany and Japan that their codes were unbreakable, Magic succeeded. And, Magic really cost the Axis Powers.

Thanks to Magic, a badly overmatched US Navy task force was able to gain a critical advantage in the Battle of Midway, sinking every aircraft carrier in the Japanese Imperial Navy’s attack force and sending the remaining fleet packing. It was the beginning of the end for Japan in the Pacific.

Flash forward to the present and at least one message from Magic still lives. If penetrating electronic transmissions is valuable enough, people will work hard to figure out how to do it. And, sadly, it isn’t always the good guys who are intent on cracking the electronic code.

Today, cyber thieves are constantly on the prowl in the Internet, looking for vulnerable data systems to penetrate. The recent compromise of the most carefully guarded NSA data system shows that if the target is juicy enough, a breech is all too possible.

Unfortunately, the message from Magic has importance for the growing database of information your school is collecting on your child.

Education Week reports in “Cyber Attacks on School Networks Increasing” that Kentucky’s Infinite Campus public school database system has been the subject of recent cyber attacks. The Kentucky Department of Education says it beat off those attacks, this time. The department also says the attacks were aimed at disrupting access to the system by parents – a denial of service attack – rather than an actual attempt to access student data.

Still, EdWeek’s article makes it is clear that school databases are becoming an increasing interest item for cyber criminals.

Unfortunately, the temptations posed by student databases could get a lot more attractive in the future. A federal proposal for a common student database across all the states adds an enormous amount of material, some quite sensitive, to that already found in existing systems. This federal model is called the Next Education Data Model (NEDM), and it is already in version 3. It proposes collection of over 400 different items, or “Attributes” of data about your child.

Some of those attributes will have great value to criminals like identity thieves. Social security numbers, full home addresses, birthdates, date and cause of death (this actually is a cradle to beyond the grave data system), professional activities, even religious preferences, they are all in this proposal.

And, the public school system will be a major source of entry for much of this data.

Now regular readers know I am a data fan, and I want to make it clear that I see legitimate needs for schools to collect reasonable sorts of data. I also see legitimate needs to very carefully share that data with some other organizations and legitimate research teams.

Never the less, I do recognize the huge danger to security and personal privacy that could be created by the enormous assembly of data in a single file envisioned in the NEDM. If this database is shared as widely as proposed, keeping the material secure will be a tremendous, perhaps impossible, challenge.

So, I think our legislators need to get involved in a serious manner to decide exactly what data schools should and should not be allowed to collect on our kids. We also need some firm restrictions, with criminal penalties, for those who mishandle or purposely misuse this potentially quite sensitive information, including strong restrictions about limited sharing of the data under tightly controlled conditions that protect parent and student rights, privacy and security.