Toward A More Secure Student Government

In a bizarre series of incidents, a group calling itself the “Iran Cyber Security Group” hacked the Undergraduate Council’s website on April 27 and displayed several aggressive messages, such as text reading “DOWN WITH THE USA,” as well as a cartoon of President Donald Trump being punched in the chin by a faceless individual wearing a wristband striped with the colors of the Iranian flag. A few days later, on May 1, it came to light that any student with a valid College email could log into the online spreadsheet that documents UC voting records and alter the results. Following these revelations, the UC’s cybersecurity protocols unsurprisingly have come under question.

The Council’s consistent technological problems are disappointing. The hacking by the so-called “Iran Cyber Security Group” serves as a reminder that the Council’s website may be a target of outside hackers, and their ability to easily infiltrate the UC’s cyber protections puts private information at risk. Regardless of the true identity of these hackers, this event underscores that the Harvard name and the leadership role the Council holds make the UC a particularly appealing target to those who would cause mischief or havoc. The Internet is open to all, and weak security puts the UC’s informational records at the mercy of infinite potential hackers, with serious implications for the jeopardization of student privacy.

This is especially true in light of the UC’s recent move to subsidize storage for low-income students. To accomplish this goal, the UC requested personal financial information from students which, as we have already opined, is fraught with risk. If the UC’s cyber security is not up to par, confidential student information could be endangered. In the future, the UC ought to reconsider whether it is capable of protecting personal data prior to asking students for it, and refrain from collecting confidential student information as much as possible to prevent these risks. If they see it necessary to pursue this information, they must ensure beyond doubt that it remains private and protected.

The issues with the Council’s web presence do not stop here. The editable nature of the voting records demonstrates not only the UC’s lack of online security, but also the confusing layout of its website. The voting records were editable by all College students for months, but no unauthorized edits seem to have been made and no UC members appear to have been aware of this malfunction. In short, while voting records may be open and accessible to all, no one seems to be much aware of them.

While it is good that the records appear to have not been tampered with, this indicates a larger issue in how the UC conveys information to the public. These records may have been so poorly publicized and accessible on the UC website that students did not know how to find them, let alone realize they were not secure. We believe the UC should not only be transparent with their actions, but also work to disseminate information regarding those actions. To do so, they need a website that is not only available to all students, but also easily navigated, cleanly presented, and well-organized.

We hope that the UC will address these worries when creating their new website. Any technological advancement made by the UC should prioritize the protection of student and financial information, and take user-friendliness seriously. We hope that the new format ensures that all information is coherently presented, as it presents an opportunity to learn from these mistakes and further the UC’s ability to serve the College student body.

This staff editorial solely represents the majority view of The Crimson Editorial Board. It is the product of discussions at regular Editorial Board meetings. In order to ensure the impartiality of our journalism, Crimson editors who choose to opine and vote at these meetings are not involved in the reporting of articles on similar topics.