source |
Constant vigilance! CONSTANT VIGILANCE!
Mad-eye Moody’s catchphrase in Harry Potter and the
Goblet of Fire expresses his view of the primary requirement to defend
against the Dark Arts: continually paying attention to potential threats.
Moody’s dictate is something I keep in mind as I do my job. Many
of us run catalogs and discovery systems and are audacious enough to put them
on the web, for anybody to search. Absolutely anybody – including the script
kiddies, crackers, and botnet operators could take our servers over for their
own ends – or simply vandalize them for the lulz.
That’s a threat that the people behind every public-facing
server must either attempt to prevent or ignore, of course. But in libraries
we’ve also taken upon ourselves a greater responsibility: to safeguard the
privacy of our patrons.
Reader privacy isn’t something to take lightly, unless we
choose to take our profession lightly. The freedom to read, one of our core
tenets, is curtailed if the reader has to worry about somebody looking over
their shoulders or judging them. The freedom to read can sometimes be a
life-or-death matter. I’m not just talking about readers in war zones or
politically unstable areas: a teenager trying to figure out their place in
life, or their very sense of self may find succor in a library; to have what
they are reading to find themselves be revealed to the wrong people can be
deadly. It’s not always a life-and-death matter, of course, but it’s sufficient
to recognize that what a patron is reading is nobody ’s business but their own.
Here are some ways to protect patron privacy that I, a
library technologist who also wears the hats of programmer, system
administrator, and manager, have learned along the way. (There’s a lot more to
each of these ideas, but I wanted to give you an overview.)
There’s no point in giving up. It’s commonly
expressed that privacy is either dead, impossible to protect, or unwanted. No! It
has become more difficult to protect; modern software and the urge to
automate all the things and store all the data makes it easier to gather and
collate information about people and their activities. Libraries can resist
that, though. And if you think that teens don’t care about privacy, you’re
wrong. (For research, click the danah boyd link below.)
Think carefully about what data you collect. For instance, U.S. libraries should
never be in the business of collecting Social Security Numbers. If a public library’s
policy for establishing proof of residence requires gathering SSNs, it’s time
to go to the library board and get that changed.
Protecting confidential data – or losing it - depends on
people. There are lots of technical and software measures that can hide,
destroy, or encrypt patron information -- but they can be for naught if a clerk
isn’t trained to refer every law enforcement request to the appropriate
administrators.
There is a lot to learn. Here’s one example:
it’s a terrible, no good, very bad thing if a patron calls up the circ desk,
tells you that they’ve forgotten their password, and for you to be able
to tell them what it is. Don’t know why? Read up on “password hashing.”
There is a lot to teach. Like it or not, one of the
roles that many libraries serve is as community tech support. This is also an
opportunity: via programs, classes, and one-on-one interactions, you can help
patrons learn to better protect themselves online.
You will mess up. Some libraries have had their
patron databases breached; many others have had their OPAC servers get pwned. Some
libraries have kept too much circulation data and had to hand it over to law
enforcement for dubious fishing expeditions – and worst of all, they can be legally
bound to say nothing.
This is why I say protecting reader privacy is an ongoing, continuous improvement project. Aim to get better incrementally, learn from your mistakes, and take heart: even Mad Eye Moody’s vigilance failed him, but in time he was freed and able to continue his fight against Voldemort. Don’t take it just from me. Some folks to read on the topic: Alison Macrina of the Library Freedom Project, danah boyd, Barbara Fister, Gary Price, Eric Hellman, and as well as folks outside of the library profession such as Latanya Sweeney. Want to join the discussion? Subscribe to the LITA Patron Privacy Technologies IG’s mailing list. There are also numerous resources available; a good starting point is ALA’s Privacy Toolkit.
And remember... constant vigilance!
Galen Charlton is a
developer and manager at Equinox Software,
where he spends his time helping libraries to use and improve the open source integrated
library systems Koha and Evergreen. He was named an LJ Mover & Shaker in
2013, which he took as an opportunity to sneak Tux the Penguin onto the pages
of Library Journal. He can be found
on Twitter as @gmcharlt; if you want to
send him an encrypted message, check out https://keybase.io/gmcharlt.
(argle bargle blogger just ate my comment - trying again)
ReplyDeleteWhat are you thoughts on the "reading history" function available to be enabled in some library catalogs? MPOW has a no-way policy, my public library system has enabled it on an opt-in basis (I personally opted in, understanding more or less what risks I was taking, and weighing that against my desire to be able to look back to see what I read and when.)
I think functionality to let users retain and manage their reading history (and hold request history, and so forth) is fine provided that it's implemented well.
DeleteWhat does that mean for me?
First, it should be opt-in, and should give users the ability to make informed consent without being patronizing about explaining the risks. (What the specific risks are will vary from place to place, of course.)
Second, it should give the user full, granular control over their data. That means that the user should be able to delete all of their reading history at will -- or just parts of it. The data should be transportable: in other words, the user should be able to get an export of their reading history at will in a variety of useful formats. (Possibly bonus points if a user could *import* their reading history from another library -- I'm now wondering if anybody has ever had a patron ask for that.)
Third, it should be implemented so that nobody can just snoop on it. For example, all library catalogs and discovery systems should implement HTTPS -- ideally, across the board, but at the very least, in all parts of the web interface that display data that's linked to a particular user while they're logged in.
Fourth, if the catalog offers APIs that would allow a user to use a third-party services (e.g., Library Elf or online citation managers) to do something interesting with their reading history, the user should be able to grant and revoke third-party access at will.
Fifth, the library should have policies in place. It should be clear to library users what is going on with their data; it should be clear to the library what to do in the event of a data breach.
Thanks Galen. Any library considering a reading history option would do well to consider what you've brought up, and I'm going to take these questions to my local public library to see if they can answer them. If they can't, it's possible I'll opt out of using that feature in the future.
Delete