PAnet 2.0, a revamped and modernized version of Andover’s intranet PAnet, was launched during the summer. Although many students have been longing for an update, the change has prompted unexpected consequences. There have been two known instances where private information was made public since PAnet 2.0 was released. The first incident, which occurred in June, shared detailed concerns with certain students’ performances in the 2020-2021 Winter Term, including their grades and a list of students whose team met for a Full Team meeting. It additionally included the support resources each of these students would receive. The second incident granted students access to absence records accumulated since the beginning of the school year, as reported on by The Phillipian last week.
Jeffery Shi ’22 provided information to The Phillipian regarding the concerns and grades of students that were accessible on PAnet during the summer. While browsing through the newly implemented PAnet service, he discovered grade reports for certain students.
“When the new PAnet came out during the summer, I was looking through it, and I searched grades, and I just kind of found a bunch of documents meant for faculty on GPA and grades. It gave reports for students who needed more review, so it called out individual students’ names. There was also another document that was a survey sent to all faculty and it asked them what their grading scale was and how many sixes they gave out the whole year and, and just stuff about GPA,” said Shi.
The issue was immediately reported to the Office of Information Technology (OIT), who decided to disable PAnet entirely to thoroughly investigate the accessibility of private information. According to Dr. Erin McCloskey, Associate Director of the OIT, the office communicated with Communifire’s support services and worked to ensure that all configurations were correct before relaunching the site.
“By working collaboratively in our office and with the platform vendor’s support services, we discovered a discrepancy between our understanding of how multiple role assignments work in Communifire and the way we had set them up. We worked to redefine the roles, reassign the permissions, and conduct multiple rounds of testing using various account roles and settings, to ensure that all access to content was properly configured. After that, we relaunched PAnet to the community,” said McCloskey.
Following the first incident, absence records of students with three or more absences, excused or unexcused, were available to the campus community for 22 days. The information was available publicly as of October 21, 2021.
Shi was also aware of the absence report incident and reported the error to The Phillipian. He detailed feelings about the event, having discovered two publications of private student information on the new website.
“The fact that this is the second time there’s been a PAnet leak is sort of concerning because it really shows that there [are] some errors in PAnet’s IT or security. I think that so far the documents have not been serious, but if there is a problem with this system, there is a greater issue. I also don’t think it was intentional, it wasn’t on the homepage, which is why I think it wasn’t as public. It definitely seemed like an accident, which is a good thing as a student,” Shi stated.
According to McCloskey, who immediately took the files regarding absences down after being informed by the Dean of Students office, PAnet 2.0 differs from the original platform in that each department can upload and control their own content instead of having to go through the OIT to create and post changes in the pages. While the new system has been more efficient, it also signifies that the departments need to be more knowledgeable on how the platform works, which is something the OIT is trying to accomplish.
“While we have provided training along the way, we also recognize that it is a significant, new responsibility and a learning process for everyone involved, which can be challenging, especially against the ongoing backdrop of Covid-[19]-related stress. Having individuals outside of OIT participate in the management and dissemination of campus information is an important shift in how the community operates, and we need to make sure everyone has the knowledge and resources they need to do this well,” said McCloskey.
Despite the students’ private information being taken down, there still exists concern among the student body about their confidence in the school’s confidentiality. Karen Wang ’24 believes that the error regarding student absences especially infringed students’ privacy and should not have happened.
“That’s one of the pieces of information about students that should be protected even more because attendance can sometimes reflect a person’s situation in life which is private. I do understand that there are mistakes because of the new platform, but that means there’s a chance of this happening again,” said Wang.
Students also understand that the error was accidental, and only hope to see further means of protection for private documents. Rhine Peng ’24 recognizes that the transition to the new platform might be challenging for OIT and the various departments, but she wishes that there will be no more leaks in the future.
“Personally, I think this is understandable—as we are living in pandemic times, we have to constantly adjust to different systems and platforms and transition from one to another, so I can understand the difficulties in transitioning from Blackboard to Communifire. However, I really hope incidents like these do not happen again—I really value privacy personally and I believe it is one of Andover’s community values,” said Peng.
The OIT, according to McCloskey, will be working with departments to prevent more errors from happening and to protect students’ privacy.
“Going forward we hope for a collaborative, ongoing partnership across departments that allows us to develop the best method for ensuring that we avoid these important errors of data visibility in the future,” said McCloskey.
Editor’s Note: Jeffrey Shi ’22 is an Arts and Digital Editor for The Phillipian.