Last year, fewer than 1 percent of eligible Lane students voted in the student government general election. That’s a disturbingly low turnout, even for a campus with a historically apathetic student body. What’s more disturbing? That the Associated Students of Lane Community College is complicating the voting process.
The polls open April 28, and, barring any last-minute changes to the elections process, the student government plans to add an additional step to the two-step process by which students used to vote. Students used to cast ballots through myLane, by logging in and clicking a link that said “answer a survey.”
This year, student leaders want us to vote through OrgSync, a Texas-based corporation that provides a one-stop web portal for student governments and organizations. Lane students can log on to its website, orgsync.com, and after they enter their L-numbers and passwords, they can view student government meetings records, check the hours for the Rainy Day Food Pantry, and browse a handful of student clubs and unions.
The goal, to improve students’ access to the wide variety of student-funded activities, is sound — so sound, you might have glossed over the part about the third-party website having your L-number and password. Whenever your information is duplicated, the number of places from which hackers can steal your data is duplicated too.
OrgSync makes much of its security measures in a detailed pitch aimed at colleges looking to procure its services, but the company representatives dance around an appalling admission: Its website uses OpenSSL, the same security protocol that made headlines when Google’s security team discovered the Heartbleed exploit, a flaw that, from December 2011 to April 7, enabled hackers to steal users’ data.
A search for “Heartbleed” on OrgSync’s website yields no results. A similar Google search reveals a post on the University of Louisville’s OrgSync blog, in which students and advisers are urged to change their OrgSync passwords.
You should take that advice. Immediately.
While it’s unlikely any hacker would go to the trouble of dropping you from your classes, the damage one could do with that information is substantial, especially if you use the same password across multiple websites.
The switch to OrgSync has other, albeit less troubling, implications. By moving the general election out of the Lane information technology department — to Texas, of all places — student government has surrendered the guarantee that the results can’t be tampered with, diminishing our ability to detect any vote-tampering and reducing the likelihood recourse if they were.
This is an election, the winners of which will control more than $150,000 in revenue from the $50.30-per-term student activity fee. With the move to OrgSync, it has all the integrity of a Facebook poll.
Nonetheless, OrgSync already has your L-number and password. You might as well vote. And, while we’re not endorsing candidates this year, we suggest you vote for the candidates who promise to take governance seriously and return the elections to myLane.