By Addison Chrivia, Editor, Interviews by Kiera Mae, Staff Writer and Emma Harrison, Editor, Edited by David Lavrinovich, Staff Writer
All students at Pellissippi State Community College have the right to data privacy according to Pellissippi Policy 08:13:12, section IV, which states that “Pellissippi State Community College will ensure the confidentiality, integrity, and availability of technology and data.” While college students enrolled at Pellissippi State have these rights, dual enrollment students are a different story.
According to the Knox County Schools website, under the Chromebooks tab it’s stated that “No right of privacy exists in the use of technological resources.” They add that anyone in K-12 classes using a school-issued device should assume that all activity and data can be monitored and freely accessed by the school administration at any time. If those at Pellissippi State have the right to online privacy, and those in high school do not, where does that leave dual enrollment students? This gray area allowed for one particular security instruction from parent schools, which puts the cybersecurity of many students at risk. Â
About a year ago, different schools began giving dual enrollment students a universal password for their Pellissippi State accounts, email, and Brightspace. In essence, every student attending a certain school would have the same password. When this was brought to Imaginary Gardens’ attention, there was a lot of concern considering the student’s privacy, the violation of Pellissippi State policies, and the risk to Pellissippi State’s online security.
Sharing passwords, or having every student use a universal password, leaves an open door not just for the individual’s account, but also the Pellissippi State network in general. At the end of 2021’s fall semester, Pellissippi State suffered a ransomware attack which resulted in students’ personal information being leaked.
Students sharing a password might seem harmless, but it could easily snowball into a much bigger issue. If one bad-intentioned person finds out the password, they would have access to dozens of accounts, their Brightspace, their email, and all the information within to do whatever they want with it. Pellissippi State instituted the dual factor identification specifically to prevent break-ins like this, but having a single shared password renders this safeguard null. The accounts could be held hostage and the info could be ransomed back to the users or sold online, which is especially dangerous for dual enrollment students who are underage.
Interviewing the dual enrollment students made it clear to us that they were completely unaware of the risks caused by such an issue. We talked to students from online academies, local public schools, and charter schools who report that in the past year, they’ve moved to assigned individual passwords, or one universal password used by all the dual enrollment students at that school. While the students wished to remain anonymous, none of them were concerned with their own privacy or risks to the Pellissippi State system.
Both of the students we interviewed for this article stated that they believed the main purpose of the shared password was convenience. One student was strongly advised against changing their password, while another wasn’t advised against it but told us that they believed the majority of the students in the school never changed it. When speaking about the actual setup of the Pellissippi State account, a returning student stated that, in their first semester, they were given a unique password assigned by their school’s teacher. This semester, however, they were given a new slip of paper with the universal password that all of the students would be using. This brings into question how and when the school faculty were able to initiate password changes on such a massive scale.
When speaking with Spencer Joy, Pellissippi State’s Dual Enrollment Specialist, it was clear that he had no idea about the situation and wouldn’t condone the use of a universal password. According to another source with a background in dual enrollment counseling, they also were unaware of the situation and said that in their many years working with dual enrollment students, they had never and would never advise students to use the same password or to share their password with anyone. The Pellissippi State IT department also was unaware of the issue, but was extremely concerned about the possible security concerns caused by this and assured that they would investigate the matter. A member of the Pellissippi State IT department stated that “Every student should have their own unique 16-character password and should not be sharing it with anyone.” The same IT professional also indicated that the department is extremely concerned about this issue and eager to rectify it.
Considering the severity of the situation, one question stands out above the rest: why would the schools want the students to use the same password in the first place? Convenience is an easy answer, but control may be more likely. Having a universal password could give the Knox County Schools and other private school administration the ability to sign into any dual enrollment student’s account at any time and view personal information. While none of the students have reported an invasion of their online privacy or information, they most likely wouldn’t even be aware of it, and already don’t expect to have privacy online. Not only can the school administration access the accounts, but it is also possible for a bad actor to easily sign into another student’s account to deface their account and academic integrity, which will be left on their permanent college record.
While there are plenty of reasons why universal passwords are a bad idea, the violation of Pellissippi State policy speaks for itself. Pellissippi Policy 08:13:01, section VI, specifically states that “Every personal and service account will be assigned a unique password and/or other authorization factor. Users must not share their password(s) with another person.” The schools and the students (unknowingly) are directly violating Pellissippi State policy, which could lead to serious disciplinary action being taken. Based on this policy, it’s clear that this is an issue that needs to be addressed as soon as possible, before it causes more problems in the future.
One of the reasons Pellissippi State has such a strict password policy is the security breach the college previously experienced. The hacker was able to access the system and change the passwords of the students, as well as access their private information and sell it on the dark web. This new shared password policy instituted by high schools in the area is a security issue waiting to happen. By having students use a universal password, the schools are conditioning the students to devalue their own online privacy. Not only that, but with an increasingly digital world it’s simply irresponsible to instruct students to devalue cybersecurity.
Dual enrollment students have just as much a right to privacy as other students and, furthermore, Pellissippi State doesn’t need a new security breach caused by the negligence of Knox County Schools. The fact that none of the students were aware of the issues that could be caused by this and that none of the Pellissippi State staff we spoke to were aware of the situation at all is a huge red flag. This whole situation warrants much more attention than it’s being given, especially with the threats to student information; it’s a wake up call that more people need to be aware of their own cybersecurity and care about their right to privacy online.
