As ASUP elections go online, Web Services emphasizes security
By Ame Phitwong
A UP student's identity was compromised last week when her password was stolen. With the ASUP online election nearing, the departments of Web Services and Administrative Systems are trying to safeguard against incidents like this not only to protect students, but also to insure that the election results are fair.
"We're coming up on the online election," said Jenny Walsh, director of Web Services. "The one thing that allows you to vote is your password."
Walsh said it's important that students change their passwords if they have shared them with a friend. Last week, a UP student's account was hacked by a non-UP student because the person knew the UP student's password and secret question.
The non-UP student signed onto the UP student's PilotsUP account, changed the password and started sending malicious e-mails from the UP student's account to a professor. Walsh declined to release the UP student's name.
The problem has since been resolved, and Walsh contends that the network is safe.
"We have a lot of security measures on the network that wouldn't allow (password theft)," she said. So long as passwords are kept, Walsh recommends that passwords not be written down on post-its, that students always log out the portal when completed and never share their passwords and secret question.
Walsh said her department did a test trial of the online voting system when students voted on ASUP's Capital Improvement options last semester. She received some complaints from students because they were not comfortable entering the last four digits of their social security numbers to participate in the poll. That requirement to vote was eliminated for this upcoming election. Instead, only the student's portal password will be required.
Since last November, Walsh has received five complaints from students claiming that when they logged onto the portal in the dorms, they would be logged in as another student. They were only able to see the PilotsUP homepage and were unable to log into that person's account.
Walsh explained that this situation was very rare, and, due to its limited occurrences, Web Services had difficulty in fixing the problem. Walsh contacted the Web consortium, the group that oversees UP's network, about the problem but has yet to hear back from the group. Although the issue does raise security concerns, Walsh said it is hard to predict when or how it happens. Despite this, she said the UP network is still secure.
Because the upcoming ASUP election will include online voting, Walsh said the election will be more accurate in tallying votes and will enable students who are studying abroad to vote.
Jeromy Koffler, director of Student Activities, said in an e-mail that students who paid a student government fee for the semester and are registered undergraduate students will be able to vote, including students studying abroad.
Koffler said there had been great interest in moving the elections online for accuracy and to eliminate possible suspicions of a rigged election.
"Student leaders have been requesting the ability to vote online for quite some time, and the elections committee has been exploring ways to remove human error from the process," Koffler said.
Koffler explained that when ballots were hand-counted in previous years, inevitably someone would complain that bias existed.
"Online voting removes doubt that an election was handled improperly by the committee," Koffler said.
He said there is a small concern with security if students have shared their passwords with each other that someone might try to use that information to vote for someone else.
"This is just another good reason to keep that information private and secure," he said.
