Libraries and privacy
As a follow-up to recent blog entries on this site (here and here) and comments by Michael Zimmer on his blog, I contacted the American Library Association to ask their opinion about whether library privacy is being eroded. I spoke with Deborah Caldwell-Stone, their Deputy Director.
Ms. Caldwell-Stone did not see requiring a library card to login to a library’s computers as a privacy issue per se, although the potential for it to become one may exist. When I put my correspondent’s question to her about why we can browse shelves and read without identifying or authenticating identity but not use computers in some libraries without producing our library card, she explained that local libraries may be under financial pressure to only make internet services available to local residents, i.e., some libraries simply cannot afford to allow anyone and everyone to use resources that are not part of the library’s actual holdings. Her view was that requiring a library card to login is not really a problem in terms of privacy as long as the computer/library discards that information as soon as the user is authenticated if there is no suspicion or evidence of abuse. Examples of abuse that she provided included one case where an eBay scam was being run using a public library’s computers, accessing pornography sites or other sites that do not constitute “protected speech,” and of course, using the library to further terrorist plans.
She was not familiar with the CASSIE software that I blogged about previously that had some features that might increase the potential for abuse, but she affirmed that the ALA’s policy is for libraries to retain only that information which is necessary for them to function efficiently. So statistical analyses of usage for the month might be deemed as a necessary function for some libraries, but again, the data should be anonymized and aggregated data.
Unfortunately, the ALA’s policies are just that — policies, and they are not binding on libraries. Some states have very strong library confidentiality laws while others have much weaker laws. But even when confidentiality laws are strong, local politics come into play as the library is under the control of a board that may have its own agenda.
Caldwell-Stone expressed concerns about some recent trends that threaten or may affect privacy:
Some libraries, due to staff shortages and financial cutbacks, have apparently starting leaving books that patrons have reserved out in plain sight with the patrons’ names taped to the books so that people can come in to find and pick up the book that they reserved. Of course, this means that anyone can walk over to the “self-check” area and see what specific books others have reserved.
Another potential privacy concern is the use of RFID tags on books in some libraries, although Caldwell-Stone said that it is premature to say whether there really is any privacy concern there.
The use of surveillance cameras in libraries is troubling to the ALA, and they have been reminding libraries that libraries are there to protect the confidentiality and privacy of patrons, not to serve as extensions of law enforcement. But because libraries are under the control of boards, there may be tremendous pressure in some communities for local librarians to assist law enforcement — despite state laws. Not surprisingly, the two biggest “reasons” given are to protect children from pornography and to prevent another terrorist attack.
She told me of a troubling story out of Pennsylvania where a library board member who was concerned about pornography insisted that a librarian compile daily reports of what specific web sites users were visiting and to provide him with those lists showing names and web sites. The librarian tried to resist the demands, but being threatened with her job and having nowhere else to go, she eventually complied. The board member reportedly took those lists home with him — and all of this happened despite the fact that Pennsylvania has a very strong library privacy law.
We also discussed the Hasbrouck Heights case where a librarian who upheld the law came under fire from borough officials and faced potential disciplinary action because law enforcement wanted records production without a warrant. That was a case in which police used a “children might be in danger” argument to try to get the library to turn over records on all library patrons who had taken out one particular book. According to Caldwell-Stone, one of the positive outcomes of that particular case was that more libraries in NJ wrote up clearer policies about requiring warrants before turning over records to law enforcement.
So are libraries still the bastions of privacy or is library-related privacy eroding? I was left with the sense that although the ALA is as protective as ever of the privacy of library records, financial issues, the use of surveillance cameras, technological advances with the potential for abuse, and the local political climate may be combining to somewhat weaken or threaten privacy in some communities. And to the extent that libraries now have greater potential to place patrons under surveillance — including, if they use the CASSIE software, to remotely “look over your shoulder” to see what web page you are viewing — it might not be a bad idea to request a copy of your library’s privacy policies the next time you go there.
Caldwell-Stone said: “requiring a library card to login is not really a problem in terms of privacy as long as the computer/library discards that information as soon as the user is authenticated if there is no suspicion or evidence of abuse.”
Sounds nice, but the problem is that “suspicion or evidence of abuse” seems to lead to two possibilities: either (a) engage in some kind of profiling to determine if this user might engage in abuse, leading to the need to log their usage, or (b) suspicion of abuse is only determined after use of the computer, therefore logs are retained by default, and only deleted if someone deems the activity “unsuspicious”. Both scenarios are problematic.
I agree with your overall assessment of the situation – the ALA only provides policy guidelines, and in the face of shrinking budgets and increased suspicion of everyday people’s activities (yellow alert!), I fear that more and more libraries are deferring to increased tracking of user behavior. We can ask for their privacy policies, but ensuring they are actually enforced is the next problem for us to tackle.
I suspect that if we surveyed libraries on this, we would find a fairly wide range of strategies for monitoring for or determining abuse and some of the strategies would be worrisome to us. I’m tempted to call the CASSIE folks and ask why they even included certain features and if they know whether and how they’re being used. Of course CASSIE is just one app, but they must have thought there was a market for some of the features like remotely seeing what a patron is viewing in real-time without the patron knowing.
In your dissertation, did you delve into the “monitoring for abuse” issue at all, and if so, what did you find?
Unfortunately I wasn’t able to spend much time on the particulars of current library surveillance – instead, I focused on the historical protections the ALA have tried to provide patrons (including their resistance to the FBI Library Awareness Program and the Patriot Act), and then related it to new threats from web search engines as many of these activities moved from the physical library to cyberspace). This is an untapped research area….
Yep, there’s a master thesis or dissertation or two or three in there for any grad student who needs one… at least one on practices/trends and at least one on the psychological impact on library users.