Risk
4/20/2007
03:24 PM
Connect Directly
RSS
E-Mail
50%
50%

Pop Quiz: Who's Got Access To The Government's Student Loan Data?

It wouldn't surprise me if Sen. Edward ("Ted") Kennedy--well, his staff, really--had a bad case of writer's cramp. The senator's office this week alone issued four public statements criticizing the misuse of student data by student loan lenders, guarantors, and other members of that $85 billion-a-year industry. He's also made very speci

It wouldn't surprise me if Sen. Edward ("Ted") Kennedy--well, his staff, really--had a bad case of writer's cramp. The senator's office this week alone issued four public statements criticizing the misuse of student data by student loan lenders, guarantors, and other members of that $85 billion-a-year industry. He's also made very specific requests of the U.S. Education Department and certain members of the student loan industry, asking them to explain a number of their recent actions and apparent conflicts of interest. Speaking as someone with extensive experience with student loans, I say, "It's about time."Monday's lead news story in InformationWeek (which, of course, is available online over the weekend) takes a look at the reasons why Education Secretary Margaret Spellings has blocked businesses within the student loan industry from accessing the department's National Student Loan Data System database, the potential impact this suspension could have on this industry, and why it needed to be done.

While the department itself had been vague about how, exactly, student data was being misused, a conversation I had earlier today with Craig Munier, chairman of the National Direct Student Loan Coalition and director of scholarship and financial aid for the University of Nebraska, Lincoln, shed significant light on the situation.

During a February meeting with members of the National Direct Student Loan Coalition, an alliance of schools participating in the Federal Direct Student Loan Program, Theresa Shaw, chief operating officer Education Department's Office of Federal Student Aid, acknowledged the coalition's concerns that the National Student Loan Data System was being misused by companies within the student loan industry. "We were concerned that they were using the database to raid the direct loan portfolio to the detriment of the loan program and to the detriment of taxpayers," Munier told me. The Federal Direct Student Loan program, which has 1,100 member schools, advocates that borrowers get their education loans directly from their schools, so it competes with many of the companies the Education Department is cracking down on.

"We were looking for guidance from Terry as to why this was happening," said Munier, who was joined by Eileen O'Leary, assistant VP for finance and director of Student Aid and Finance at Stonehill College in Massachusetts, and Nancy Hoover, director of Ohio's Denison University financial aid office, for his meeting with Shaw. Munier told me he was "shocked" to hear that the Education Department was already looking into this matter itself.

Indeed, Shaw told the coalition members that some student loan companies were pinging the National Student Loan Data System several thousand times per minute, Munier says, adding, "This was indicative of a concerted effort to retrieve the database's information for other than its intended purpose."

Munier says that loan companies have for years been mass marketing to students, especially since Congress a few years ago gave the green light for companies to offer consolidation of direct student loans. As student loan payer, I share the concerns brought to the fore by Munier's coalition as well as Sen. Kennedy. It's hard enough repaying tens of thousands of dollars in student loans without having to worry about who's holding my loan and why I'm constantly getting mailed offers for loan consolidation.

There's no question that cutting student loan companies off from the database will hurt these businesses. But if they're guilty of misusing the information contained in the database, they've got no one but themselves to blame. The act of blocking all loan companies from the database is a drastic move, but a necessary one as the Education Department sorts out this mess. Munier believes the situation should never have degraded to the point where even legitimate companies would be shut off from access. "It's so irritating to me because the abuse always comes first with government regulation," he says.

Put another way, reactive regulation:government::oversleeping exam:students.

For extra credit:

In response to allegations that lenders, guarantors, and other student loan companies are misusing information about students and their parents, the Education Department should: 1) Permanently eliminate National Student Loan Data System access to everyone except loan borrowers and their schools. 2) Investigate specific allegations of misuse but allow all other student loan companies to access the database. 3) Be investigated itself, given that the department is responsible for protecting the misused data. 4) None of the above.

Your answer?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Payday Loans
50%
50%
Payday Loans,
User Rank: Apprentice
4/4/2012 | 5:49:14 AM
re: Pop Quiz: Who's Got Access To The Government's Student Loan Data?
Student loans to pay your way through higher education, obtain housing throughout higher education, and pay for other odds-and-ends while while attending higher education. An education relief then takes all these different loans, pays for each of them, at which time you then pay the education relief company for the total amount of loans taken out during higher education.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7052
Published: 2014-10-19
The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2.4.9.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7056
Published: 2014-10-19
The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7070
Published: 2014-10-19
The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7075
Published: 2014-10-19
The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7079
Published: 2014-10-19
The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.