By: Ibraheem Fiyinfoluwa
John had an already eventful morning after travelling home early sunday morning following the university’s closure on Saturday afternoon. Upon getting home, he switched on his data connection, waiting for messages to trickle in, but to his surprise, a substantial number of mail notifications were coming in, they were from his school email.
He opened his Gmail application only to see different mails from unknown individuals. For one moment, he assumed the school mailing system had been hacked and this brought to his mind various scenarios where he thought the school email network was not properly managed, and now it seems his email address is open to the whole school.
John experiences with the school email had always caused him to question the integrity of the system and if it was being properly handled. He believes that this occurrence will further raise questions in students minds about how properly managed the system is.
The Recent Unsolicited Messages
Most students of the University of Ibadan, like John, started receiving a plethora of spam messages on their student mail on Sunday morning, September 1st. The number of emails kept on increasing by the hours of the morning. Some students confused on the reason for their reception of the messages also began sending mails to express their disinterest in the reception of the mails and asking to be removed from whatever was going on. Some even tried to proffer solutions or explain what was happening. However, all the responses were also received by most of the students, further increasing the number of spam emails.
On August 15, the school management, in an effort to publicise an interactive session that was to occur the next day between the Nigerian Education Loan Fund (NELFUND) and the students of the University of Ibadan, sent bulk emails to the students to inform them of the event – This method of carrying this out seems to be the major root of the problem of the subsequent spam emails.
The sender of the mail merged most students email addresses into a singular one to facilitate the sending of the emails to the students. However, due to that merge, if anyone decides to reply to that mail sent by management without “manually” tweaking the recipients of the reply, everyone who had their email address merged to form the singular e-mail address used by management would receive the reply mail, and that is exactly what happened.
A student who had most probably initiated the process to get the student loan wanted to stop. To express his disinterest, he sent a reply mail to the email from the management about the NELFUND interactive session, and most students also got his reply mail. This kicked off a chain reaction with a lot of responses coming in, and students at this point noted that they could reach the whole school. People then began to use the opportunity for advertising and promotion purposes, with some individuals also complaining about what was occurring.
UCJUI spoke with multiple students across various faculties and the responses revealed that many of the students were disturbed with the loophole that had led to them receiving unsolicited messages in their students’ mails, raising safety concerns, while some others blamed the students that initiated the glitch.
Also, these students think the Information Technology and Media Services Department (ITEMS) has a share of the blame in making the situation cascade to that level. They maintained that this is because the department is concerned with issues regarding the internet and the student portal.
“We know, because we have been directed to them whenever we have internet-related issues with regard to our studentship,” one of them noted.
The issue, however, had raised the probability for a crisis. With an audience of the whole school, a student can simply put out scandalous messages that could incite different negative reactions from students, and students could fall victim to scams.
Also, this issue in relation to others that had happened in the past on the school email definitely raises questions on the security of students’ data.
Previous Cases of Receiving Unconsented Emails
The internet has made information sharing and data collection an easy and dominant process in today’s modern world. The easy collection and dissemination of people’s data has, however, raised the issue of data privacy. Data privacy has to do with the control of one’s personal information and the restriction of certain information from other parties. It also extends to sharing information with only another party but not letting it get out to a third party.
The University of Ibadan, like most other institutions in the world, has to collect data about its students. The student’s school email addresses are another important dataset that the school holds, and this can be a means through which other parties can reach students if not properly managed. It would seem that access to the student’s school email addresses is not one that is properly safeguarded.
Students of the University of Ibadan receive different mails apart from the ones authored by the institution on their school e-mail addresses. The nature of some of these emails, some of which have to do with scholarships, academics, and other school-related matters in a way, makes it permissible and unproblematic to receive these e-mails.
However, most students at certain points have received emails on their school email addresses that have nothing to do with the aforementioned matters and which they did not consent to.
A popular experience about this was in 2023. In the electioneering activities that produced Samson Tobiloba (HOST) as the Student Union President, students received e-mails on their school email address from another contestant, Adeyeye Bukola Shalom (ABS), who used it as a means to canvass for votes. Most students did not consent to receiving these emails and there were two confirmed receptions of these emails from ABS in 2023, one on April 10 and the other on April 22.
Another popular experience with receiving unsolicited e-mails on school e-mail addresses was the reception of e-mails from a “Gbera,” who seemed to be running a newsletter. Though there were two confirmed receptions of emails from him, one on October 9, 2023, and the other on October 11, 2023, he mentioned in the e-mail received on October 9 that “I’ll be in your mail more often, sometimes once a week, or maybe twice, and who knows, maybe everyday and twice on public holidays; it depends on how free and jobless I am or how serious I become.”
These raise the question of how these individuals get access to students school email addresses when students do not consent to or subscribe to receiving these emails.
Multiple sources that UCJUI also spoke with, confirmed to have received these e-mails from the aforementioned parties, and in response to the question if they found it problematic to receive emails that they did not consent to, they answered in the affirmative.
“Yes, I always wondered where they got access to the database from, and the student address didn’t come with any TOS (Terms of Service). Students don’t agree to these emails, and they could get in serious trouble for abusing it,” one of them said.
A Faulty Security System?
These occurrences raise the questions of how safe students’ information are and if there is enough security and protection for students’ data. The recent occurrences indicate that more can be done to handle the situation.
Students believes that something is wrong somewhere, and if that’s not the case, the recent occurrences should not have happened at all.
“Well, if the university does well enough to protect students’ data, these should not have happened. It is not because they’re bad, perhaps just because no one is aware of such likelihood,” another student said.
John, on his own end, believes the school is not doing what is required in protecting students’ data and in handling privacy and confidential materials. He thinks various instances also confirm this.
“From constantly resetting passwords while giving clues to them on public sites to having the Senate list detailing the results of every individual student be so poorly protected that it becomes an open secret. The university is not optimal with privacy,” he said.
