News from PRINCETON UNIVERSITY
For immediate release: August 13, 2002
Contact: Marilyn Marks (609) 258-3601, firstname.lastname@example.org
Statement by President Shirley M. Tilghman
On the evening of July 24, I learned from officials at Yale University that on 18 occasions in early April computers on the Princeton campus had been used to gain access to a Web site that Yale had established to report admission results to its applicants after they entered their name, birth date and social security number. Yale further reported that the computers used on 14 of these occasions were located in the Princeton admission office, and that a senior member of the admission staff had disclosed Princeton entries into the site at a May meeting of Ivy League admission officers. Yale also notified us that they were informing the U.S. Attorney's office in Connecticut of their findings.
We immediately launched an internal investigation and a day later engaged an experienced former federal prosecutor with no previous ties to Princeton, William Maderer of the Newark law firm of Saiber Schlesinger Satz & Goldstein, to conduct an independent investigation to help us understand as fully as possible what happened, why it happened and who was involved. His investigation included a review of relevant documentation, a forensic analysis of certain computer hard-drives from the Princeton campus and interviews with a total of 24 individuals: 19 at Princeton, 4 associated with Yale and an admission officer from another Ivy League school who attended the May meeting. We are cooperating fully with an inquiry being conducted by the U.S. Attorney's office in Connecticut, and we have shared a summary of Mr. Maderer's report with that office.
The purpose of this statement is to report on what we have learned and the actions we are taking. First, however, I want to reiterate what I said in a message to our faculty, students and staff on July 29. Violations of basic ethical principles of privacy and confidentiality are especially serious in a university that teaches these principles and counts them among its core values. Students who apply to Princeton, or to any other university, have every right to expect that information they provide in good faith will be used only for the purposes for which they provided it, and that their privacy and confidentiality will be respected. We clearly did not meet these expectations in this case. We have now reached all of the applicants whose confidential information was used by members of our staff without authorization to apologize for this failure to properly respect their privacy. As we have previously reported, we also have apologized to officials at Yale for the unauthorized visits to their Web site by members of our staff.
Second, I want to say clearly that the integrity of last spring's admission process was not affected by these actions. These actions were wrong, but the only information obtained from the Yale Web site was whether or not certain applicants had been admitted, and this information was not used in any way.
Finally, I also want to say how extraordinarily difficult it is for a university -- or for any human institution -- when those who make serious mistakes are deeply respected friends and colleagues with exemplary records of service over many years, as certainly is true in this case. This has made this investigation an especially painful process for all of us.
Of the 18 visits to the Yale Web site from computers at Princeton, four occurred outside the admission office. One was by a Yale applicant who happened to be visiting Princeton and decided to check the Yale Web site from one of our library clusters. One was by a Princeton student who had a sibling applying to Yale and was asked by the sibling to check the Web site from Princeton. The other two visits were by another Princeton student who twice checked the Web site after being asked to do so by a sibling who had applied to Yale.
The remaining 14 visits took place from four different computers in the admission office. We believe that what happened is the following:
At approximately noon on April 3, after letters announcing Princeton's admission decisions had been delivered to the post office the previous evening, Associate Dean and Director of Admission Stephen LeMenager decided to take a look at a Web site Yale had created to provide online notification to its applicants. It was widely known that Yale had created such a Web site and there had been discussion in our admission office about whether Princeton should adopt some form of electronic notification in the future. One of the reasons Princeton had not taken this step was because of concerns about the security of any online system. Mr. LeMenager was the member of the admission staff responsible for overseeing the office's use of the Web.
Mr. LeMenager entered the Yale site by using the name, birth date and social security number of a Princeton applicant who he thought might also have applied to Yale, fully expecting that he would then be asked for a password or an ID number. He was surprised to learn that there was no security beyond name, birth date and social security number. He told Dean of Admission Fred Hargadon and other members of the admission staff about his discovery. In the course of the next hour he demonstrated what he had discovered to other staff members on three additional occasions, using the names and confidential information of two additional Princeton applicants.
These actions represent the first two lapses of judgment by members of the admission staff, first, to use an applicant's confidential information and to enter a secure Web site without authorization from the applicant or from Yale, and, second, to continue to do so after the initial discovery about the absence of any additional security.
While we do not in any way condone these actions, there is no evidence that there was any intention on Mr. LeMenager's part to do anything other than test, and then demonstrate, the site's security or that he used confidential information for any other purpose.
As Mr. LeMenager informed others on the staff of his discovery and demonstrated it to them, the next serious lapse of judgment occurred as no one on the staff who learned about what he had done, including Dean Hargadon, recognized the impropriety of what had happened, cautioned that there should be no further visits to the Yale Web site, alerted more senior officers at Princeton, or immediately contacted Yale to report on what had occurred.
In part because a senior member of the office had engaged in similar activity, other, more junior, members of the staff then proceeded to visit the Yale site eight times on the afternoon of April 3 (using two different computers), although apparently without the knowledge of either Dean Hargadon or Mr. LeMenager. While some of these visits were still being used to demonstrate the site, others were used to learn whether certain applicants had been admitted to Yale. Our investigator is persuaded that the motive in each of these latter cases was simple curiosity -- wanting to know whether Yale had admitted a particular applicant, who in some cases had been admitted to Princeton and in other cases had not been admitted. There is no evidence that this information was ever used in any way beyond satisfying that curiosity. This motive also seems to account for the thirteenth visit to the Yale Web site from the admission office, which occurred on April 5 from one of the computers that had already been used on April 3.
The final visit to the Yale Web site occurred on April 15 from a fourth computer in the admission office, by a member of the staff who we believe was motivated by a desire to see the site first-hand, as the student record accessed was one that had been previously entered.
Our investigation confirmed that Mr. LeMenager did disclose Princeton's entry into the Yale Web site at a meeting of Ivy League admission officers on May 15 at which Yale was represented. Those interviewed cannot remember any discussion at the meeting about this action being wrong; the discussion instead was about the need for such sites to have better security than the Yale site had used. To our knowledge there was no call to anyone at Princeton following that meeting to inquire further into what Mr. LeMenager had disclosed.
Our understanding is that Mr. LeMenager's comments were reported to other officials at Yale and that Yale then began an investigation of its Web site. As reported by Mr. Maderer, a preliminary security report was prepared at Yale, dated June 20 and amended on June 28. As indicated earlier, I was first notified by Yale of this matter on the evening of July 24, the evening before the story was to be reported online by the Yale Daily News.
Having completed our investigation, and following difficult deliberation, we have now taken the following actions:
(1) We have regretfully concluded, and Mr. LeMenager has agreed, that he should leave the admission office. We are very sorry to have to take this action because he has served that office exceedingly well for almost 20 years in positions of increasing responsibility and because he is so widely respected both in the Princeton University community and throughout the national higher education admission community for his integrity and professionalism. Over recent weeks I have received many heartfelt communications from students, alumni, colleagues and others testifying to their high regard for him personally and for his work. At the same time, it is clear that it was his action that started a chain of events that led to more junior members of the admission staff accessing the site. We will be working with him to identify an administrative position commensurate with his considerable talents and experience. In the interim, Mr. LeMenager has agreed to work with the publications staff in the University's Office of Communications, providing needed assistance in that office and drawing on skills that he has developed during his many years in the admission office, where one of his principal responsibilities has been to help write, edit and design a wide range of publications.
(2) As indicated in the attached statement, Dean Hargadon has accepted responsibility for his failure to recognize the impropriety of the actions that were taken by members of his staff, to intercede to stop them, or to report them to other senior officers at Princeton and to officials at Yale. For more than four decades, Dean Hargadon has been a towering figure in the field of college and university admissions with a reputation for insisting on the highest possible standards, and he has pledged to do everything he can this coming year to restore the integrity of the admission office and the confidence of applicants that their privacy and confidentiality will be protected. Dean Hargadon will be retiring next June when he completes this final year of his term as dean.
(3) We are taking disciplinary actions against all members of the professional admission staff who participated in entering the Yale Web site or who were aware that the Web site was being entered and failed to recognize the impropriety of doing so. In addition, we will be undertaking a training program for all members of that staff on their special responsibilities to respect the privacy and confidentiality of our applicants, and will be establishing measures to ensure compliance.
(4) I have asked Dean of the College Nancy Malkiel, to whom the admission office reports, to oversee this training program and to work closely with Dean Hargadon to make sure that adequate procedures are in place to insure that admission staff will unfailingly respect the privacy and confidentiality of our applicants in the future.
(5) I have asked Charles Kalmbach, our senior vice president for administration, and Betty Leydon, our vice president for information technology and chief information officer, to undertake a thorough assessment of Princeton's policies regarding issues of privacy and its practices regarding the security of data. Properly protecting privacy and insuring the security of data are challenges for all universities, as for many other institutions in our society, and Princeton has already taken a number of steps and has others under active consideration. Recognizing the importance of sustained attention to these issues, this past spring we approved a request from our Office of Information Technology to add a new position of Information Technology Security Officer and applications for that position are currently being reviewed. I want to be sure that we are giving all of these issues the full senior-level attention they deserve and that we take whatever steps are necessary to ensure that all members of our community are fully aware of their responsibilities with regard to privacy and confidentiality.
As I said in the beginning of this statement, universities are built on integrity. They are also human communities in which individuals can make mistakes that jeopardize that integrity. One of the lessons of this experience is that even individuals with a high degree of sensitivity to ethical principles in traditional settings can fail to be equally sensitive when technology is involved (as when someone who would never open a sealed envelope addressed to another person enters a secured Web site). We will do everything we can in the months ahead to learn from this experience, to heighten sensitivity on our campus to ethical issues in an age of computer technology, and to restore confidence in our admission process and in those who conduct it.