<div dir="ltr"><a href="http://www.reuters.com/investigates/special-report/college-sat-security/">http://www.reuters.com/investigates/special-report/college-sat-security/</a><br><br>Shortly after David Coleman took over as CEO in 2012, the College
Board began redesigning its signature product, the SAT college entrance
exam. The testing company also hired a consultancy to identify the risks
associated with the monumental undertaking.<p>Among the red flags
that consultant Gartner Inc raised in an October 2013 report: The
not-for-profit College Board needed to better protect the material being
developed for the new SAT.</p><p>Plans to secure the new test from
leaks or theft had “not been developed” by the organization, the
consultancy wrote in the report, reviewed by Reuters. At risk were
thousands of items, or questions, that were being prepared for the
redesigned SAT.</p><p>In 2014, employees at the New York-based College
Board also raised concerns, arguing for limits on who could access items
and answer keys for the revamped SAT, an email shows.</p>
<p>They were right to be worried. </p><p>Just months after the College
Board unveiled the new SAT this March, a person with access to material
for upcoming versions of the redesigned exam provided Reuters with
hundreds of confidential test items. The questions and answers include
21 reading passages – each with about a dozen questions – and about 160
math problems. </p><p>Reuters doesn’t know how widely the items have
circulated. The news agency has no evidence that the material has fallen
into the hands of what the College Board calls “bad actors” – groups
that the organization says <a href="https://www.collegeboard.org/membership/all-access/counseling-admissions-financial-aid-academic/note-our-members-regarding-today" class="gmail-c15">“</a><a href="https://www.collegeboard.org/membership/all-access/counseling-admissions-financial-aid-academic/note-our-members-regarding-today" class="gmail-c15">will lie, cheat and steal for personal gain.”</a> But
independent testing specialists briefed on the matter said the breach
represents one of the most serious security lapses that’s come to light
in the history of college-admissions testing. </p><p>To ensure the
materials were authentic, Reuters provided copies to the College Board.
In a subsequent letter to the news agency, an attorney for the College
Board said publishing any of the items would have a dire impact,
“destroying their value, rendering them unusable, and inflicting other
injuries on the College Board and test takers.” </p><p>College Board
spokeswoman Sandra Riley said in a statement that the organization was
moving to contain any damage from the leak. The College Board is “taking
the test forms with stolen content off of the SAT administration
schedule while we continue to monitor and analyze the situation,” she
said. </p><p>Riley declined to say whether those steps would involve
cancelling or delaying upcoming tests. The next sitting of the SAT is
October 1.</p><p>The breach is “a serious criminal matter,” Riley wrote.
“A thorough investigation is ongoing, therefore our comments must be
limited.” The College Board did not grant requests for interviews with
CEO Coleman and other employees named in this article.</p><p>The SAT is used by U.S. universities to help evaluate more than a
million college applicants a year, and so a major security lapse could
cause havoc for admissions officers and students alike. </p><p>That
College Board security was breached is “a problem of a massive level,”
one that could “put into question the credibility of the exam,” said
Neal Kingston, who heads the Achievement and Assessment Institute at the
University of Kansas.</p><p>If unscrupulous test-preparation centers
were to obtain the items, the impact on the SAT would be “devastating,”
said James Wollack, director of the Center for Placement Testing at the
University of Wisconsin.</p><p>“Everyone will pull out all stops to try
to compromise this test,” Wollack said. That items for upcoming exams
have leaked is “very alarming, very concerning indeed.”</p><p>It’s too
soon to know what damage the leak could cause. Harm can be minimized if
the items aren’t widely distributed. But Wollack and Kingston noted that
the latest incident is more serious than the widespread SAT cheating
reported in East Asia during the past few years.</p><p>As Reuters reported in March, <a href="http://www.reuters.com/investigates/special-report/college-sat-one/" class="gmail-c15">the College Board has been unable to prevent foreign test-preparation operators from </a>giving
their clients an advance look at exam questions. Those problems were
primarily a result of the organization’s reuse of previously
administered exams. This breakdown involves test items that have never
been given.</p><p>The materials provided to Reuters contain a wealth of
items for upcoming tests: reading passages drawn from novels, historical
documents, scientific journals, essays and other texts, each
accompanied by questions. Also among the materials were math problems
involving geometry and quadratic equations.</p><p>The security breach
comes as the College Board already faces pressure from U.S. universities
to better protect its marquee test. </p><p>The Reuters reports earlier this year detailed how an <a href="https://www.collegeboard.org/membership/all-access/counseling-admissions-financial-aid-academic/note-our-members-regarding-today" class="gmail-c15">East Asian industry </a>is exploiting the College Board’s routine practice of recycling items from past tests.<a href="http://www.reuters.com/investigates/special-report/college-sat-two/" class="gmail-c15"> Cram
schools drill their students on questions harvested from previous
tests, conferring an enormous advantage over students who see the items
for the first </a><a href="http://www.reuters.com/investigates/special-report/college-sat-two/" class="gmail-c15">time when the exam is given.</a></p><p>In a statement at the time, the College Board pledged to do more to
protect the exam. University admissions officers, however, continue to <a href="http://www.reuters.com/article/us-college-sat-usa-idUSKCN0XH1PJ" class="gmail-c15">voice concerns to College Board officials </a>about
reuse of exams. If the College Board can’t keep test material secure,
schools are left with the impossible task of determining whether an
applicant saw questions before taking the exam and therefore gained an
unfair edge.</p><p>UNEXPLAINED LEAKS</p><p>Questions about security
inside the College Board emerged earlier this year. Internal documents
reviewed by this news agency showed that material for past exams had
been “compromised,” a term the College Board uses to describe tests
whose contents have leaked outside the organization.</p><p>In
February, Reuters asked the College Board how it went about protecting
exam materials. Spokesman Zach Goldberg described the organization’s use
of lock boxes to help prevent the theft of SAT booklets sent to
international testing locations. </p><p>But lock boxes, he acknowledged,
“would not preclude a leak that originated earlier in the content
development and distribution cycle.”</p><p>The question related to a
confidential June 2013 PowerPoint presentation the College Board
prepared after a major security breach in South Korea. After local
test-prep operators obtained the test in advance, the College Board
canceled the May 2013 sitting in South Korea. The PowerPoint also noted a
type of breach that differed from the exploitation of recycled
tests: outright leaks of new test booklets. </p><p>According to the PowerPoint, SAT tests on specialized subjects – two
in Mathematics Level II and one in biology – had been compromised. These
were “new forms” – that is, tests that had never been administered in
the United States or abroad. </p><p>The PowerPoint gave no explanation
for how those subject tests leaked. The College Board has cautioned that
“cartel-like companies” in China and other countries “will stop at
nothing to enrich themselves.”</p><p>EXAM INSECURITY</p><p>Historically,
the development of questions to be used on the SAT was primarily
handled by the non-profit Educational Testing Service, or ETS. Based in
Princeton, New Jersey, ETS also oversees security for the College Board
when exams are administered.</p><p>After Coleman took over, however, the
College Board began handling many aspects of the SAT redesign in-house
rather than through contractor ETS, documents reviewed by Reuters show.
The College Board also began managing the “Item Bank,” the repository of
questions created for the SAT. In the past, that responsibility had
belonged to ETS.</p><p>Taking on these roles gave the College Board
greater control over the material, internal documents show. Developing a
single version of the SAT typically takes about 18 to 30 months and
costs about $1 million.</p><p>The College Board knew that assuming those roles presented challenges. </p><p>As
its staff worked on the new exam in 2013, the outside consultant was
brought in to evaluate the risks the organization faced as it worked to
finish the redesign. </p><p>In an internal report from October 2013
labeled “FINAL DRAFT,” Gartner advised the College Board to “develop and
document a program security plan” to handle test materials. The plan
should address not only the physical security of printed exam booklets
but also the safeguarding of the College Board’s network, servers,
storage and data, the consultant recommended. </p><p>The security issues, the consultant concluded, presented a “medium”
risk to the College Board. A “medium” risk was defined as having “a
potential material impact...on program success that needs to be
addressed proactively at this time.”</p><p>Risks considered “high” included the issues related to the schedule and budget for redesigning the test.</p><p>The
report also recommended appointing a manager to protect the new exam.
It suggested the College Board “explicitly assign a Security Lead to the
Program with overall responsibility for all aspects of security related
to the Assessment Redesign Program and the redesigned assessments.”
Officials should “clearly document the responsibilities and mandate of
this role.”</p><p>It’s unclear whether the College Board named a
security chief or what steps, if any, it took to protect exam materials
stored digitally. In a statement, spokeswoman Riley said the consultant
later assessed how the College Board responded to the recommendations
and determined “we made significant progress in every area, including
our security policies and procedures.”</p><p>A spokesman for consultant Gartner declined to comment about its findings or recommendations. </p><p>An
internal email shows that security concerns about access to test items
remained months after the consultant’s October 2013 report. </p><p>In a
June 16, 2014 email to a College Board official, test development team
member Daming Zhu wrote that he and his colleagues were concerned that
too many people inside College Board had “access to such secure
data.” Zhu helped manage the digital repository of items being developed
for the new SAT. The subject line of his email reads, “Secure Item/Test
Information Sharing.”</p><p>Zhu sent the email to Sherral Miller, vice president of assessment design and development for the College Board. </p><p>Zhu’s
worries were wide-ranging. “We are very concerned that IT is
duplicating key information of our items and test in a parallel system,”
he wrote. Another College Board unit also wanted exam information, Zhu
explained. He told Miller that “storing such important secure test data
in more than one place...is hard for us to understand.” </p><p>Zhu said
the item bank team “believes that we ought to limit the access to the
secure item/test data, especially the [answer] keys, to the minimum
possible,” according to the email.</p><p>“Nowadays system hacking is not
a surprise anymore,” Zhu wrote. “Expanding the sources for secure test
data will not help the security of test information of high stake
programs such as SAT…”</p><p>Zhu said the team “would appreciate some policies/guidelines from the department or division upper management.”</p><p>Miller
replied the same day, June 16. “You are right to be leery of them at
this time,” she said of the requests Zhu mentioned. Miller said she
would be discussing the matter with her boss “and will then get back to
you so we can set guidelines and policy.”</p><p>College Board
spokeswoman Riley said the “reference to several internal inquiries to
access test item information” in Zhu’s email were “potential scenarios
that never manifested.” Riley said Zhu asked Miller “to confirm College
Board’s policies and guidelines in order to respond to these inquiries,
which Dr. Miller subsequently provided.” </p><p>Riley declined to share
the guidelines, or to say how many College Board employees and
contractors had access to the test items. </p><p>Testing specialists
said damage from the current breach can be limited so long as the items
aren’t widely distributed. They cautioned, however, that major breaches
have the potential to jeopardize the very existence of a standardized
exam. </p><p>“A test like the SAT … is so important and so consequential
and is taken by people all over the world,” Wollack said. The “College
Board, especially for this program, needs to be leading the industry in
terms of security.”</p><br>
</div>