CASSIE and library privacy questions
Earlier today, I emailed Librarica with questions about their CASSIE software’s features as they might relate to patron privacy and usage tracking (discussed here and in several subsequent blog entries on libraries and privacy). Great thanks to Anna Achruk, President of Librarica, for getting back to me so quickly with answers to my questions, below:
1. Can the feature to be able to view a patron’s screen remotely be disabled library-wide via configuration settings?
Yes, it can be disabled system-wide, and it is disabled by default. If enabled, the system can be configured so that only selected staff members have access to the function. We added this function in response to a large number of requests from organizations who had already been using software systems like VNC (Virtual Network Computing) to enforce their usage policies. CASSIE also allows organizations to display a custom usage policy statement that users must accept at the beginning of each session before they are allowed to access the computer.
2. Is there any administrative function that permits the admin to determine if employees have been using the remote viewing option, and if so, which employee, how often, and for which patron(s)?
No. No record that a screen was viewed, whose screen was viewed, or screen image data, is logged or stored by CASSIE. As stated above, the system can be configured so that only selected staff members have access to the screen-viewing function.
3. If the remote viewing feature is in use, does the patron’s screen indicate that their screen is being remotely viewed if the employee does not send them a message to their screen? (I assume not, but want to verify that)
No. The function is intended to allow the organization to enforce their usage policies as they require.
4. If a user’s screen is viewed remotely, is there a screenshot or log or anything that gets stored about the web site that was on the screen at the time of the remote viewing?
No record that a screen was viewed, whose screen was viewed, or screen image data, is logged or stored by CASSIE. As a clarification, CASSIE does not log or store records relating to web sites visited, applications used, or documents printed.
5. *Why* did you develop a feature that allows the patron’s name and ID number to be analyzed/stored in statistics? Was there a demand for this particular feature, and if so, what reasons were you given for using this feature?
The ISPs for a number of customers *require* that they log a user name, start/end time, and computer station name (therefore source IP address) for all sessions. Before they implemented CASSIE, they were keeping these records on paper. This is the full extent of the user-identifiable information that is logged relative to users’ sessions. We recognize that some organizations have policies that explicitly prohibit the logging or maintenance of this information, and those organizations leave this function disabled in CASSIE.
Organizations desiring to maintain this data have to explicitly enable the function.
6. If session statistics are enabled, must all of the session statistics be collected or is there a way to only enable computer name, session start time, session end time, and session length?
The parameters you mention here are the only parameters collected. CASSIE does not log or store records relating to web sites visited, applications used, or names or contents of documents printed.
7. If session statistics are enabled, is there a default for how often they roll over or are cleared? If so, what is the default?
Yes. All statistical data (including session statistics) in CASSIE is cycled out after an organization-defined time period. The default is 30 days.
8. If a library uses a system whereby a patron must request a page or site to be unblocked so that it can be accessed, can your software keep track of those urls and crossmatch them to specific patron IDs or patron names?
No, CASSIE does not log or store records relating to web sites visited, applications used, or names or contents of documents printed.
9. Are there any other features that are not listed on your web site that might permit libraries to compile/correlate specific patrons with specific web pages/urls?
No.
*Additional information:
The reason that CASSIE uses the library card number as an identifying number is because this number is unique among users, and because it is available for electronic authentication against the organization’s ILS (circulation) system. Using the number allows the organization to ensure that computers are being used only by valid patrons (if that is part of the policy), or guests that the library personnel have approved pursuant to their policy.
It also ensures that patrons are operating within the contraints of other policies such as total usage time allowed per day, etc.
Looking over the information, I’m pleased (relieved?) to see that there is no built-in feature that would permit automatic matching of patron data with urls (given the post-9/11 mentality and attempts to track terrorists, predators and child porn, it would not totally surprise me to see some software with that ability, despite ALA policies).
I’m not thrilled that there is no way to monitor the monitors (Q-2). There’s really nothing that stops that an overly-curious or “snoopy” employee — or one who believes that s/he is just helping law enforcement protect children — from using the remote view function and then Ctrl-PrtScn. But I’m probably being a bit paranoid…. right? And of course, this issue is not specific to CASSIE — any system that permits remote viewing seems to have some potential for abuse.
So what do you think, Michael Zimmer? Do you see any particular causes for concern with this type of software, or are we back to the point that what we really need are: (1) a survey of current policies with respect to patron privacy, surveillance, and tracking, and then (2) to see if the policies are really being implemented?
Good work. I’ve commented here