Student Recommendation Letters Accidentally Viewable to Others
Because of a loophole in a computer system, fellowship applicants have been able to access their own and other students’ recommendation letters submitted to the Office of Career Services—making available what are supposed to be confidential documents on a wider basis than previously believed.
The Crimson previously reported that individual students were able to view letters of recommendation submitted on their behalf, but the loophole in the system is in fact broader and allows students to also view letters submitted on behalf of other students.
A student at the College confirmed that a friend, who had the same recommender, demonstrated on a computer screen that it was possible to view both their recommendation letters through the friend’s account in the application system.
The student, who spoke on condition of anonymity, said that they could also see two other students’ recommendation letters written by the same recommender.
Director of OCS Robin Mount confirmed the nature of the system loophole in an email, acknowledging that students could “see all the recommender’s letters, for themselves and other students”.
In a March 25 memo to Mount, Dean of the College Evelynn M. Hammonds, and Dean of Undergraduate Education Jay M. Harris obtained by The Crimson, 26 faculty members requested “information about the exact nature of the lapse and the specific steps that are being taken to avert such system failures in the future.”
“We have not been made aware of the full extent of the security breach. The email sent out by OCS did not provide any details about who may have read or even downloaded our recommendations—this introduces awkwardness into the relationship, particularly if the recommendation was not in line with student expectations,” professors wrote in the memo.
“Of even graver concern is the possibility that a student could have read or even downloaded letters written for other students. This would represent a far more serious breach of confidentiality,” the memo continued.
Expressing serious concern about a lack of confidence in the OCS system, professors in the memo specifically requested information about “which fellowships were involved, which recommendations would have been available to students based on date of submission, and what is being done to increase security going forward.”
In addition, the memo said OCS should “ideally” disclose which students accessed recommendations if the office can obtain such information.
The memo also proposed that the system security be upgraded so that professors must enter their Harvard PIN to access the recommendation files.
Since last fall, notification emails were sent to faculty members—with students copied on the message—when they uploaded recommendation letters. Those emails included a link at the bottom of the e-mail that allowed students to view their letters of recommendation.
A student first alerted OCS to the problem in mid-January, after which OCS stopped copying students on the notification emails.
However, until students notified Dean of Faculty Michael D. Smith of the problem in mid-February, it did not come to OCS’ attention that students could still access recommendation letters through links sent in previous emails.
OCS told The Crimson on Feb. 18 that the problem was completely fixed.