Harvard Law School Makes Online Zero-L Course Free for All U.S. Law Schools Due to Coronavirus
For Kennedy School Fellows, Epstein-Linked Donors Present a Moral Dilemma
Tenants Grapple with High Rents and Local Turnover at Asana-Owned Properties
In April, Theft Surged as Cambridge Residents Stayed at Home
The History of Harvard's Commencement, Explained
Because of a loophole in a computer system, fellowship applicants have been able to access their own and other students’ recommendation letters submitted to the Office of Career Services—making available what are supposed to be confidential documents on a wider basis than previously believed.
The Crimson previously reported that individual students were able to view letters of recommendation submitted on their behalf, but the loophole in the system is in fact broader and allows students to also view letters submitted on behalf of other students.
A student at the College confirmed that a friend, who had the same recommender, demonstrated on a computer screen that it was possible to view both their recommendation letters through the friend’s account in the application system.
The student, who spoke on condition of anonymity, said that they could also see two other students’ recommendation letters written by the same recommender.
Director of OCS Robin Mount confirmed the nature of the system loophole in an email, acknowledging that students could “see all the recommender’s letters, for themselves and other students”.
In a March 25 memo to Mount, Dean of the College Evelynn M. Hammonds, and Dean of Undergraduate Education Jay M. Harris obtained by The Crimson, 26 faculty members requested “information about the exact nature of the lapse and the specific steps that are being taken to avert such system failures in the future.”
“We have not been made aware of the full extent of the security breach. The email sent out by OCS did not provide any details about who may have read or even downloaded our recommendations—this introduces awkwardness into the relationship, particularly if the recommendation was not in line with student expectations,” professors wrote in the memo.
“Of even graver concern is the possibility that a student could have read or even downloaded letters written for other students. This would represent a far more serious breach of confidentiality,” the memo continued.
Expressing serious concern about a lack of confidence in the OCS system, professors in the memo specifically requested information about “which fellowships were involved, which recommendations would have been available to students based on date of submission, and what is being done to increase security going forward.”
In addition, the memo said OCS should “ideally” disclose which students accessed recommendations if the office can obtain such information.
The memo also proposed that the system security be upgraded so that professors must enter their Harvard PIN to access the recommendation files.
Since last fall, notification emails were sent to faculty members—with students copied on the message—when they uploaded recommendation letters. Those emails included a link at the bottom of the e-mail that allowed students to view their letters of recommendation.
A student first alerted OCS to the problem in mid-January, after which OCS stopped copying students on the notification emails.
However, until students notified Dean of Faculty Michael D. Smith of the problem in mid-February, it did not come to OCS’ attention that students could still access recommendation letters through links sent in previous emails.
OCS told The Crimson on Feb. 18 that the problem was completely fixed.
“We learned recently through reports from students that the system email to a recommender requesting a recommendation, which included a link to a file with the recommendations the recommender had entered in the system, was cc’d to the student to keep the student up to date and, unfortunately, the cc included the same link,” OCS wrote on Feb. 22.
It was unclear from this letter whether students were able to access only recommendation letters written for themselves, or the ones written for other students as well.
Mount said OCS is now working with FAS IT and Symplicity—the company that designed the software—to “gather the data necessary to enable [OCS] to report as quickly as possible to faculty who have raised concerns”.
Harris declined to comment today in an email to the Crimson, adding that the administration will share a full report with the faculty after investigating the matter.
Representatives from Symplicity could not be reached for comment yesterday.
—Staff writer Heng Shao can be reached at firstname.lastname@example.org.
Want to keep up with breaking news? Subscribe to our email newsletter.