For the first 15 minutes after schedules were released at 11:30 a.m. last Thursday, community members with PANet accounts were able to access all private student information including schedule, attendance record, and transcript. The incident was soon resolved, as the technology office immediately determined the technological errors.
According to Clyfe Beckwith, Assistant Head of School for Teaching and Learning, higher level permissions within the computer program inadvertently remained activated when schedules were launched, allowing the students to access private information.
Beckwith said, “When we tried the technical aspects of releasing the new schedule, a permission was overrode. This means that students were able to see that when they went on to the “My Schedule” tab, they could actually search for names, which is not a function that students typically should have. As a result, students could in fact access other students’ schedules. In that practice, what happened was that you could also see other peers’ transcripts.”
A community-wide apology email was sent to all parents by Beckwith soon after the conclusion of the incident, stating that no private information was spread beyond school boundaries due to the quick removal of the error.
Beckwith wrote, “Within minutes of being made aware of the error, IT staff were able to remove those permissions and quickly determine how the error occurred… and at no time was any student’s information visible beyond our internal campus portal.”
In spite of sending a community-wide apology email to all parents, Beckwith found the incident to be more serious than expected due to many students who were eager to see their schedules immediately after the launch.
“Although the option of overriding the permission was only available for 15 minutes, since students were eager to see their schedules, a lot of people were hammering at their schedules. Therefore the overlap of the mistake, even for a very brief time, allowed quite a few students to be able to see others’ private information,” said Beckwith.
Students such as Uanne Chang ’20 and Alex Mitchell ’22 shared similar sentiments with Beckwith, as they also witnessed peers who accessed private information throughout the duration of the incident.
Chang said, “I know that there were definitely people who attempted to abuse that kind error into looking at other people’s private information, and I hope that no one had the opportunity to do that because it lasted 10-15 minutes. This information is definitely not something that a lot of people would feel comfortable as being out and available for everyone to see.”
Mitchell added, “I do not think that the incident had too much of a very specific effect on me, but I came to realize that someone I know pretty well searched up my grades as a joke. But from this experience, I can clearly see that people who are sensitive about their grades and information will definitely be hurt by it.”
While noting that many Andover students continue to be concerned by the incident, Beckwith understood why such incident would have caused reactions of fear and worry among any given student body.
Beckwith said, “I do not know whether the huge concern is any different in Andover than it is at other schools if it happened there as well, because grades and schedules are not information that schools typically should share. Although nothing was ever beyond PANet, I get that students would have been worried and confused due to such unconventionality.”
Beckwith also believes that the administration’s error in handling the system was partly because of its decision to use an unfamiliar scheduling program for the 2019-20 school year. In order to prevent the accident from occurring, the administration plans on having strict precautions in the future.
“The way that the schedule was presented was a whole new computer program, and because of that, the tech and scheduling office wanted to test it. And while testing it, the permissions got overwritten by mistake, just because we are all so unfamiliar with this new setup,” said Beckwith.
He continued, “What we will never do in the future is to test a new system the day that students are checking for their new schedules, and we will never intentionally override a permission system.”
Despite the aftermath of the incident, students like Jake Zummo ’21 were impressed by the maturity of students in dealing with the incident. Though Zummo believes that the incident could have been prevented, he also thinks that the results would have been worse without most students’ respect towards privacy.
“It seemed like a lot of people were pretty mature about the situation. At least the people I knew who were there in the dining hall did not abuse the system and access others’ grades. Overall, I thought it was an interesting error to the system, but when thinking about the important, long term consequences, I feel like it could have been a lot worse,” said Zummo.