Risk
4/20/2007
03:24 PM
50%
50%

Pop Quiz: Who's Got Access To The Government's Student Loan Data?

It wouldn't surprise me if Sen. Edward ("Ted") Kennedy--well, his staff, really--had a bad case of writer's cramp. The senator's office this week alone issued four public statements criticizing the misuse of student data by student loan lenders, guarantors, and other members of that $85 billion-a-year industry. He's also made very speci

It wouldn't surprise me if Sen. Edward ("Ted") Kennedy--well, his staff, really--had a bad case of writer's cramp. The senator's office this week alone issued four public statements criticizing the misuse of student data by student loan lenders, guarantors, and other members of that $85 billion-a-year industry. He's also made very specific requests of the U.S. Education Department and certain members of the student loan industry, asking them to explain a number of their recent actions and apparent conflicts of interest. Speaking as someone with extensive experience with student loans, I say, "It's about time."Monday's lead news story in InformationWeek (which, of course, is available online over the weekend) takes a look at the reasons why Education Secretary Margaret Spellings has blocked businesses within the student loan industry from accessing the department's National Student Loan Data System database, the potential impact this suspension could have on this industry, and why it needed to be done.

While the department itself had been vague about how, exactly, student data was being misused, a conversation I had earlier today with Craig Munier, chairman of the National Direct Student Loan Coalition and director of scholarship and financial aid for the University of Nebraska, Lincoln, shed significant light on the situation.

During a February meeting with members of the National Direct Student Loan Coalition, an alliance of schools participating in the Federal Direct Student Loan Program, Theresa Shaw, chief operating officer Education Department's Office of Federal Student Aid, acknowledged the coalition's concerns that the National Student Loan Data System was being misused by companies within the student loan industry. "We were concerned that they were using the database to raid the direct loan portfolio to the detriment of the loan program and to the detriment of taxpayers," Munier told me. The Federal Direct Student Loan program, which has 1,100 member schools, advocates that borrowers get their education loans directly from their schools, so it competes with many of the companies the Education Department is cracking down on.

"We were looking for guidance from Terry as to why this was happening," said Munier, who was joined by Eileen O'Leary, assistant VP for finance and director of Student Aid and Finance at Stonehill College in Massachusetts, and Nancy Hoover, director of Ohio's Denison University financial aid office, for his meeting with Shaw. Munier told me he was "shocked" to hear that the Education Department was already looking into this matter itself.

Indeed, Shaw told the coalition members that some student loan companies were pinging the National Student Loan Data System several thousand times per minute, Munier says, adding, "This was indicative of a concerted effort to retrieve the database's information for other than its intended purpose."

Munier says that loan companies have for years been mass marketing to students, especially since Congress a few years ago gave the green light for companies to offer consolidation of direct student loans. As student loan payer, I share the concerns brought to the fore by Munier's coalition as well as Sen. Kennedy. It's hard enough repaying tens of thousands of dollars in student loans without having to worry about who's holding my loan and why I'm constantly getting mailed offers for loan consolidation.

There's no question that cutting student loan companies off from the database will hurt these businesses. But if they're guilty of misusing the information contained in the database, they've got no one but themselves to blame. The act of blocking all loan companies from the database is a drastic move, but a necessary one as the Education Department sorts out this mess. Munier believes the situation should never have degraded to the point where even legitimate companies would be shut off from access. "It's so irritating to me because the abuse always comes first with government regulation," he says.

Put another way, reactive regulation:government::oversleeping exam:students.

For extra credit:

In response to allegations that lenders, guarantors, and other student loan companies are misusing information about students and their parents, the Education Department should: 1) Permanently eliminate National Student Loan Data System access to everyone except loan borrowers and their schools. 2) Investigate specific allegations of misuse but allow all other student loan companies to access the database. 3) Be investigated itself, given that the department is responsible for protecting the misused data. 4) None of the above.

Your answer?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Payday Loans
50%
50%
Payday Loans,
User Rank: Apprentice
4/4/2012 | 5:49:14 AM
re: Pop Quiz: Who's Got Access To The Government's Student Loan Data?
Student loans to pay your way through higher education, obtain housing throughout higher education, and pay for other odds-and-ends while while attending higher education. An education relief then takes all these different loans, pays for each of them, at which time you then pay the education relief company for the total amount of loans taken out during higher education.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8802
Published: 2015-01-23
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

CVE-2014-9623
Published: 2015-01-23
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVE-2014-9638
Published: 2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

CVE-2014-9639
Published: 2015-01-23
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

CVE-2014-9640
Published: 2015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.