My name is Jim Loter, I’m the Director of IT for The Seattle Public Library and one of my primary responsibilities is to manage data collected by the library related to circulation of library materials and use of library technology. It’s a responsibility that we take very seriously and operate under principles that strive to protect the intellectual freedom and freedom of inquiry of our patrons.
As you may know the individual right to privacy is not explicitly addressed in the US Constitution but it has been recognized in many court cases. The state laws related to library privacy vary widely in their approach and details. Some are independent statutes that expressly address library records; others are integrated statutes that address library records in open records laws.
In our state, the Revised Code of Washington addresses library records in the context of open records laws – specifically, it exempts library records from public disclosure. The law does not say anything about privacy but it does direct how records retention schedules are developed. This exemption has allowed us to manage patrons’ records in a way that helps us protect patron privacy.
The Seattle Public Library’s policies are consistent with the library bill of rights, the ALA’s professional guidelines, and applicable state laws. Note, however, that our guarantees are not absolute. For example, we need to keep records to manage and enforce lending books. During the time that we have those records, there are situations, largely related to law enforcement, in which records may be subject to disclosure.
In practice, we treat library data management as a special case of records management. Once you return a book, the data related to your possession of that item is deleted. Importantly all Library staff receive extensive training regarding what information they can disclose. So our practices are not just a function of IT systems but critically rely on effectively trained and committed staff as well.
I’m going to talk about 3 factors that are disrupting the traditional approaches to patron privacy in libraries. I call these “disruptions” rather than challenges because, to me, a challenge implies an obstacle or roadblock that needs to be overcome before you can continue on your path. A disruption changes the very landscape under your feet.
One of the biggest disruptions related to security and civil liberties is the PATRIOT Act. Two sections of the Act address overrides to library privacy protections and restrict libraries’ rights to notify patrons if information has been requested. The ALA urges librarians and advocates to educate the public on the impacts of PATRIOT Act. The Seattle Public Library has information on our web site about the Act.
But Libraries have always been required to comply to subpoenas and search warrants. What has changed are the conditions under which warrants could be obtained by law enforcement and the fact that libraries are effectively under a gag-order if such warrants are served and fulfilled. But borrower records are still exempt from records retention laws and the library still discards those records as soon as we can.
In many cases, libraries contract with third-parties who make digital content available to eligible users. This situation often involves a chain of parties and a process that takes control of patron data further away from patrons and libraries. Some content providers have complex arrangements with content owners that require that data be further shared for Digital Rights Management purposes.
In simple cases, libraries have contracts directly with content providers who agree to manage patron data according to the library’s local policies and practices. These agreements are largely in place with providers of services such as online databases, journals, and periodicals.
We also try to minimize the amount of data that is passed to third-parties. A middleware technology known as “EZProxy” is in widespread use throughout libraries and the content providers we routinely deal with. EZProxy can not only broker logins to digital services but it also proxies a patron’s traffic through the library’s network, thus providing an additional layer of privacy and anonymity.
But the library community lacks a true federated identity and authentication service that can enable practices of secure identity assertion and verification rather than the direct submission of credentials. Current practice opens up a risk that third-parties may intentionally or unintentionally mis-manage data or create records that can be vulnerable to disclosure.
For digital content such as eBooks, most content owners require the use of technology to restrict sharing and copying and to impose time limits on lending. The technology to manage so-called Digital Rights is beyond the scope of most libraries to implement and manage. Libraries generally rely on eContent providers such as OverDrive, to host content and manage the DRM required by publishers.
Even OverDrive relies on yet other parties – such as Adobe – for the DRM technology they use. This practice has required library patrons to establish accounts with Adobe to complete the DRM process. The interplay between the library, OverDrive, and Adobe is not well understood by patrons, or, indeed, by a lot of libraries. The risks inherent in this situation were made manifest last year.
In fall 2014, security researchers noted that the Adobe Digital Editions software transmitted detailed information about a reader’s eBook reading experience to Adobe. Adobe stated that this information is only used to enhance the reading experience but libraries are concerned about unintentional uses.
The library urged Adobe to be more transparent with our patrons about the data it collects. Adobe has since encrypted the data it transmits but otherwise does not seem to altered its other practices. OverDrive, however, has taken steps to minimize Adobe’s access to individual patron data and no longer requires an Adobe ID.
Another area of concern is OverDrive’s relationship with Amazon for fulfillment of eBooks in Amazon Kindle format. OverDrive cannot produce Kindle eBooks directly, so those requests are passed on to Amazon where patrons complete their borrowing transaction. What happens to data that is generated by that process and how long that data is retained is not disclosed, but a safe guess is “anything, and forever.”
The Seattle Public Library acknowledges our relationships with third-parties in our policy and encourage patrons to make educated choices about the services they engage with online.
DRM is the primary reason we need third-party services like OverDrive to exist, and why OverDrive needs to rely on Adobe and Amazon. Libraries have solved the problem of how to store, lend, and distribute millions of physical books; without DRM we can figure out how to do that for digital content and retain better control of your data. Until then, we will continue to protect the data we do have and to advocate for and educate you about how data may be used by others.
Libraries and Privacy: PechaKucha Seattle: Watch Me Now, Notes on a Surveillance Society
Why do libraries
so much about
“Choice requires both a
varied selection and the
assurance that one's
choice is not monitored.”
H A V E L A W S P R O T E C T I N G T H E
CONFIDENTIALITYOFLIBRARYRECORDS48 STATES Kentucky & Hawaii have attorney general's opinionsPlus the district of Columbia
Any library record, the primary
purpose of which is to maintain
control of library materials, or to gain
access to information, that discloses or
could be used to disclose the identity
of a library user is exempt from
disclosure under this chapter.
The Librarywillkeeppatron records confidentialand will
not disclosethis information except asnecessaryforthe
properoperationof theLibrary,upon consent of theuser,
pursuant to subpoena or court order, or as otherwise
required by law.
The Library retains the minimum
number of records necessary for
Public computer information is
automatically deleted at the end of
Information about check-outs and
returns is automatically deleted at
day-end (unless the patron has fines
or has been referred to a materials
Mandatory library staff training in
library policy and intellectual
USA PATRIOT Act
Section215 permits gov’tto secretly
request and obtain library records
forlarge numbers of individuals
without any reason to believe they
are involvedin illegal activity
Section505permits the FBI to obtain
electronic records fromlibraries with
a National Security Letter without
Photo by Jessamyn West / CC BY 2.0
Seattle Public Library
expresses ‘concern and
alarm’ over Adobe’s
data tracking policies
Taylor Soper on GeekWire.com, October 8, 2014
1. Clarify what data is
especially if that data
2. Explain how long the
data is bring retained
3. Stop transmitting data
in plain text
“The Library has teamed up
with reputable third party
partners in order to provide
certain services to its users.
Information a patron submits
to the Library may be
provided to those third
parties so they can assist the
Library in providing certain
services. Users are
encouraged to read and
become familiar with the
privacy policies of these
third party partners.”
problems by restricting
preventing you from
access to those
privacy and security.”
Photo CCA3 Jonathan Worth, JonathanWorth.com