Risk
4/20/2007
03:24 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Pop Quiz: Who's Got Access To The Government's Student Loan Data?

It wouldn't surprise me if Sen. Edward ("Ted") Kennedy--well, his staff, really--had a bad case of writer's cramp. The senator's office this week alone issued four public statements criticizing the misuse of student data by student loan lenders, guarantors, and other members of that $85 billion-a-year industry. He's also made very speci

It wouldn't surprise me if Sen. Edward ("Ted") Kennedy--well, his staff, really--had a bad case of writer's cramp. The senator's office this week alone issued four public statements criticizing the misuse of student data by student loan lenders, guarantors, and other members of that $85 billion-a-year industry. He's also made very specific requests of the U.S. Education Department and certain members of the student loan industry, asking them to explain a number of their recent actions and apparent conflicts of interest. Speaking as someone with extensive experience with student loans, I say, "It's about time."Monday's lead news story in InformationWeek (which, of course, is available online over the weekend) takes a look at the reasons why Education Secretary Margaret Spellings has blocked businesses within the student loan industry from accessing the department's National Student Loan Data System database, the potential impact this suspension could have on this industry, and why it needed to be done.

While the department itself had been vague about how, exactly, student data was being misused, a conversation I had earlier today with Craig Munier, chairman of the National Direct Student Loan Coalition and director of scholarship and financial aid for the University of Nebraska, Lincoln, shed significant light on the situation.

During a February meeting with members of the National Direct Student Loan Coalition, an alliance of schools participating in the Federal Direct Student Loan Program, Theresa Shaw, chief operating officer Education Department's Office of Federal Student Aid, acknowledged the coalition's concerns that the National Student Loan Data System was being misused by companies within the student loan industry. "We were concerned that they were using the database to raid the direct loan portfolio to the detriment of the loan program and to the detriment of taxpayers," Munier told me. The Federal Direct Student Loan program, which has 1,100 member schools, advocates that borrowers get their education loans directly from their schools, so it competes with many of the companies the Education Department is cracking down on.

"We were looking for guidance from Terry as to why this was happening," said Munier, who was joined by Eileen O'Leary, assistant VP for finance and director of Student Aid and Finance at Stonehill College in Massachusetts, and Nancy Hoover, director of Ohio's Denison University financial aid office, for his meeting with Shaw. Munier told me he was "shocked" to hear that the Education Department was already looking into this matter itself.

Indeed, Shaw told the coalition members that some student loan companies were pinging the National Student Loan Data System several thousand times per minute, Munier says, adding, "This was indicative of a concerted effort to retrieve the database's information for other than its intended purpose."

Munier says that loan companies have for years been mass marketing to students, especially since Congress a few years ago gave the green light for companies to offer consolidation of direct student loans. As student loan payer, I share the concerns brought to the fore by Munier's coalition as well as Sen. Kennedy. It's hard enough repaying tens of thousands of dollars in student loans without having to worry about who's holding my loan and why I'm constantly getting mailed offers for loan consolidation.

There's no question that cutting student loan companies off from the database will hurt these businesses. But if they're guilty of misusing the information contained in the database, they've got no one but themselves to blame. The act of blocking all loan companies from the database is a drastic move, but a necessary one as the Education Department sorts out this mess. Munier believes the situation should never have degraded to the point where even legitimate companies would be shut off from access. "It's so irritating to me because the abuse always comes first with government regulation," he says.

Put another way, reactive regulation:government::oversleeping exam:students.

For extra credit:

In response to allegations that lenders, guarantors, and other student loan companies are misusing information about students and their parents, the Education Department should: 1) Permanently eliminate National Student Loan Data System access to everyone except loan borrowers and their schools. 2) Investigate specific allegations of misuse but allow all other student loan companies to access the database. 3) Be investigated itself, given that the department is responsible for protecting the misused data. 4) None of the above.

Your answer?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Payday Loans
50%
50%
Payday Loans,
User Rank: Apprentice
4/4/2012 | 5:49:14 AM
re: Pop Quiz: Who's Got Access To The Government's Student Loan Data?
Student loans to pay your way through higher education, obtain housing throughout higher education, and pay for other odds-and-ends while while attending higher education. An education relief then takes all these different loans, pays for each of them, at which time you then pay the education relief company for the total amount of loans taken out during higher education.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web