With the simple swipe of a card, students at Pennsylvania State University can unlock doors, pay for meals and borrow books from the library. Some students also link their IDs to a bank account and use them like debit cards at local stores. For others, the cards are virtual time slips, recording hours logged at campus jobs.
These cards have become a fixture of campus life as U.S. colleges and universities have doled them out to students, faculty and staff over the years. The cards were first introduced to save money and eliminate the need to issue new room keys each year. But as schools have added more sophisticated features to the cards, they have amassed a mountain of personal data about the cardholders.
"There's a tension here between security and privacy concerns," said Ari Juels, a research scientist at RSA Security Inc., a Bedford, Mass.-based maker of ID card systems.
Each time a card is used, information is relayed to a central database. Colleges differ widely on how they use this information: some see it as a burden best left untouched, while others make a point of purging it regularly. Some store the data indefinitely and mine them for criminal investigations. Card records have been cited as a key piece of evidence by defense attorneys representing a Duke University lacrosse player accused of rape.
Students are often in the dark about how card data are being used. Portland State University ignited a controversy when it began using a combination ID-debit card system from an outside company. Students were angered to learn the company had access to their personal information, said student body president Courtney Morse.
Lindsay Desrochers, Portland State's vice president for finance and administration, said the students had some "legitimate issues" with the new system, but that the school didn't do anything improper. "Most campuses are going in the direction of providing a card like this, and it's a service that most students want," she said.
Read more (subscription required; contact me for a copy)
