I saw a story on the news tonight about more than 100 students who won’t be getting into MBA programs. Why? When they applied to a number of prestigous universities, a posting on a bulletin board claimed to let them view their records and see if they were admitted or not.

It didn’t work for all of them. But those who tried to peek are being punished.My question is why is this information on the public Internet to begin with? This is precisely what intranets are for: You put sensitive information on a web server behind a firewall. Then you define one or more computers who can see it. The rest of the world can’t access it, because the rest of the world doesn’t know it exists. But those who are authorized to see it can see it, through the convenience of a web browser.

Leaving this kind of information on a web server that’s open to the public via the plain old Internet is akin to keeping student records, finals, and other sensitive information at the campus library. If it’s out where someone can see that it’s there–or might suspect it’s there–then someone’s going to look. It shouldn’t be there in the first place. I had professors who never kept tests in their office because some student at some point in time had broken in, hoping to get a preview of the final.

Punishing applicants for typing in a link that they figured wouldn’t work anyway accomplishes little or nothing, except to say that some of the nation’s finest universities have given no thought whatsoever to their computer security and network design.

I hope their graduates are smarter than the people who run the place. But that’s probably a given.