Campaign to REVERSE the DEFAULTS: Protect Student Home Addresses

Expectations for Campus Policy Reform
The current Cal Poly policy of releasing home addresses, both online and in a printed directory, places students at unnecessary security risk and violates our right to privacy.  The status quo option to protect locator information is inadequately publicized, insufficiently explained, and prohibits students from keeping their email address public when their home address  is private.  The ASI printed directory relies on inadequate notification of student rights to privacy, uses an unreliable system for tracking student requests to block listings, and has been accused of bypassing  the more general university privacy flags, 
Particularly given student concerns about campus safety, Cal Poly must reverse the default settings for both the online and the printed directory.  By default, home addresses should never be listed, unless students specifically request that such information is released.  The accessibility of only name, major, email address, and phone number presents a much lower threat to personal safety.  Through a broad and diverse publicity campaign, students should be offered and made aware of additional options: to block all locator information, to block telephone number listings, to determine which email address is listed, and to specifically release their home address after weighing the security risks. 
Background Information

Legal and Ethical Argument for Opt-In Policy that Protects Students by Default
According to an online article by attorney David A. Banisar, posted by the Electronic Privacy Information Center (, “Directory information includes the name, address, telephone number, date place of birth, field of study, awards and degree awarded to students. There is no requirement that this information must be released and many schools do not. Many people prefer to keep their telephone numbers and other information private because of harassing calls and telemarketers. . . . Courts have upheld the right of the schools not to release information against requests under FOIA or open records laws. If a school still wishes to publish directory information, FERPA requires that notice be given before the directory information is released. Because of the often bewildering amount of information that a student receives and the many reasons for not disclosing it, schools should request the affirmative permission of a student before releasing this information. This is easily done by placing a box on an standard application, registration or other common form that student can check if they wish to have their directory information disclosed (in legal parlance, this is known as "opting-in"). Under an opt-in system, the default is set for the protection of privacy but the student can easily waive the right if they so choose. Schools that conduct telephone registration can offer an option in a voice menu to allow the student to opt-in.” 
Other Universities & Online Directories Protect Home Addresses by Default
At Smith College (, students are listed without street addresses using a box number system. Here is a sample entry: Heidenreich, Anna Jones ('00), Box 6288,  At USC, only students, faculty, and staff can access the online student directories (  At, one of the major web directories, users determine what information will appear. A generic Bigfoot email address is offered so that your real email address can be protected. The service explicitly describes three levels of privacy restrictions. At (sponsored by InfoSpace), users are only required to list the following items: First Name, Last Name, City, State, Country, and Zip Code.  Internet services such as Class Reunion and Populus are designed to help netizens connect with old friends via email while protecting home addresses for security reasons. 
The Dangers of Releasing Home Addresses
With the disappearance of two female students, the campus community is deeply concerned with safety and security.  Imagine the situation of a re-entry student who does not want to be found by a violent ex-husband but then sees her home address printed in the student directory.  Imagine the situation of an attractive young coed who places her photo on a personal web site and is then tracked down by a cyber-stalker via the Cal Poly online directory. Imagine the student who was dated raped in high school and then faced her assaulter again in college because her dorm address was posted online. Imagine the graduate student instructor who gave an undergraduate a failing grade and then heard that angry student pounding on her door at home.  Imagine the student who turned down a classmate’s invitation to dinner and then experienced threatening phone calls for two months following. Imagine the student whose name was overhead in a downtown bar and then suffered continued harrassment by an anoymous stranger who found her through the university’s directory.  Imagine the fury of a student who requested removal from the ASI Directory two years ago, only to have her request lost and her address printed anyway. 
Problems with the Cal Poly Online Directory & the MustangInfo System
Many students are completely unaware that the university posts their home addresses online.  The web interface could make students’ rights to privacy more apparent. Student who reach the online list of Cal Poly directories ( receive the following information with a hotlink: Students who do NOT want to be included in the Cal Poly On-Line Directory can request exclusion via MustangInfo.  This information is easy to miss because students commonly click on the directory link without skimming the text below. 
Once at the MustangInfo screen, it is not obvious exactly which clickable option restricts directory information. Several screens later, the link for "Student Directory Information Restrictions" is hidden down under bullet nine. Depending on monitor size, this typically means that the link is not visible without scrolling. Web site designers often estimate that as many as 90% of users never scroll down. If students manage to reach the necessary screen, they can block all Locator Information.  This is an unacceptable all or nothing proposition. Students do not have the discretion to leave their email address public while protecting their home address and telephone number.  No confirmation message is received when the student clicks "Submit restriction changes." If students read the MustangInfo FAQs, they will find an answer to the question: " What can I do to help enhance the security of my information?" The answer only addresses PIN numbers, not privacy and locator data.
Failure of the ASI Directory to Protect Student Data
MustangInfo states: "Note: If PROTECTED, then the information listed above will not be included in the ASI Directory and any other on-line directories."  If this is true, then ASI's announcements in the Mustang Daily need to convey this information rather than force students to drop off an additional statement at the ASI Business Office. Based on my discussion with both ASI and the Records Office, there is no guarantee that university privacy flags ensure unlisted information in the ASI publication. In fact, many anecdotal examples prove that ASI fails to consistently protect student security. The ASI Directory does not include any information on how to restrict listings the following year.  ASI relies only on a small two-week announcement in the Mustang Daily, a publication that goes unread by many student. ASI’s manual system of collecting requests for blocked listings on scraps of paper is absurd and unreliable.  In a February 1999 test case, a student who asked about withholding her address was sent to four offices, left waiting in a chair for twelve minutes, offered conflicting advice, and given no printed literature. 
Privacy Rights of Graduate Students
In the case of graduate students who have teaching positions, MustangInfo instructions are inaccurate and misleading.  Teaching Associates are treated like faculty in the online directory.  Home addresses are not listed.  Campus phone numbers replace home numbers.  This naturally leads graduate students to assume that our home addresses will be treated the same way by the ASI directory.  However, ASI prints the home addresses of graduate students.  Please note that ASI announcements in the Mustang Daily fail to reach many graduate students, who arrive on campus for evening classes when the newspaper racks are depleted or choose not to read a paper that focuses on undergraduate issues. Most graduate students are unaware that a printed ASI directory exists, unaware that their home address is printed, and unaware that locator information can be protected. By default, all graduate students with instructor classifications must automatically have their home addresses and home phone numbers blocked from the ASI Printed Directory. 
I suggest that by Summer Quarter 1999, we allow students the option of restricting "local address" without blocking all locator information. Currently the only option is to withhold all locator information, in effect erasing your listing from the online directory -- OR -- to allow your  private home address to appear online. I further believe that by Fall Quarter 1999, we should reverse the defaults, protecting all student local addresses automatically, unless the student specifically requests that this home address be made public on the web. 

Help REVERSE THE DEFAULTS by contacting Cal Poly President Warren Baker at, ASI President Dan Geis at, Information Technology Services Director Jerry Hanley at, and Registrar Tom Zuur at 

This issue has state and national importance.  Stay tuned for updates on the effort to change California State University statewide policies and federal FERPA guidelines. 
Main Index of Cyber Activist Web Site
Eight step tutorial for digital activism 
prepared by Sherri Andersen & Elizabeth Brunner, 1999 
Animated Banner from Animation Online 
Patriotic Border from Windy's Design Studi