LibraryLaw Blog: Patron Records

Patron Records

May 03, 2010

Neil Gaiman, Cory Doctorow, teenagers and others on What Privacy Means to Them

I just watched Neil Gaiman in the kick-off video (20 minutes) for the first-ever Choose Privacy Week. I recommend it highly. Find out what he has to say,about his family’s privacy, and his idea for a sequel to his “I Google You” (late at night when I don’t know what to do) song. Cory Doctorow tells the truth about why he cares about privacy. I also really liked all the students who say what privacy means to them. Not what I expected. The week’s activities and resources are sponsored by ALA’s Office for Intellectual Freedom, Choose Privacy Week, made possible in part by a grant from the Open Society Institute. Lots more resources on engaging the public in privacy awareness discussions at www.privacyrevolution.org, including possible events in your area. And yes, the inevitable ironic social media outreach at www.facebook.com/chooseprivacyweek and www.twitter.com/privacyala with #chooseprivacy tag.

One of my all time favorite resources is the epic privacy tools page, where you can go to find sources for snoop proof email, anonymous surfing, cookie busters etc. More at Epic.org (scroll down for EPIC privacy tools), and policy news at epic.org, privacy.org and privacycoalition.org.

Posted by Mary on May 03, 2010 in Patron Records, Privacy | Permalink | Comments (0)

Technorati Tags: privacy chooseprivacyweek chooseprivacy americanlibraryassociation ala

December 09, 2009

unstaffed libraries - privacy concerns

I just read about the King County unstaffed library. It's a great concept for the users - a spot where you can make and receive requests for books systemwide, drop off your books, browse paperbacks, and even use a telephone to get some assistance.

The concern I have is with privacy. If users must swipe their library card to get in, I assume this information is tracked. Surveillance cameras keep a close eye on what folks are doing. While I can appreciate the security basis for these measures, it seems that new types of records are being created that track not just our behavior, but what we choose to read as well.

Posted by Mary on December 09, 2009 in Patron Records, Privacy | Permalink | Comments (2)

November 11, 2009

Action alert: reader privacy

From Larry Siems, Director, Freedom to Write and International Programs

Dear Core Freedoms Friends and Supporters,
Now is the time to raise your voice in support of reader privacy.

This week, the House Judiciary Committee approved a bill to amend the Patriot Act’s bookstore and library provisions. This proposed bill would essentially accomplish the principal goals we’ve been working towards with our partners in the Campaign for Reader Privacy. The USA Patriot Amendments Act of 2009 (H.R. 3845) will now head to the floor for a vote, which could come any day.

Your representatives need to hear from supporters like you.

Currently, Section 215 of the Patriot Act allows the FBI to secretly obtain any “tangible thing,” which includes any business records that are “relevant” to an ongoing investigation, including the records of people who are not suspected of any criminal acts.

The new legislation will prohibit the use of Section 215 to search the records of a library patron or bookstore customer unless there are “specific and articulable facts” to show that the person is “a suspected agent of a foreign power” or someone who is in contact with or known to the suspected agent. H.R. 3845 thus allows readers to borrow and purchase books without fear that the government is monitoring their reading selections.

Please take a moment to call, email or fax your representative and ask him or her to support H.R. 3845 in its present form with its welcome and necessary protections for the privacy of bookstore and library records.

To find your representative’s contact info, please visit http://www.house.gov/

You can read the Campaign for Reader Privacy’s press release on the legislation here: http://www.pen.org/viewmedia.php/prmMID/4293/prmID/1331

Thank you for taking action!

Posted by Mary on November 11, 2009 in Patron Records, Privacy | Permalink | Comments (0)

October 13, 2009

California Library Association passes new Patriot Act Resolution

The California Library Association (CLA) has just announced a resolution calling on Congress to dramatically revise the up-for-renewal USA PATRIOT Act, passed hurriedly in the weeks following the 9/11 attacks.

CLA's resolution calls for Congress to allow Section 215 to sunset, to amend Section 505 to "include a clear exemption for library records," and in general to intensify Congressional oversight of the use of the Act.

Posted by Mary on October 13, 2009 in PATRIOT Act, Patron Records, Privacy | Permalink | Comments (1)

Technorati Tags: libraries, patriot act

July 23, 2009

Libraries and reader privacy - critical juncture / take action

Libraries have always respected reader privacy as essential to one's freedom to read. If someone is looking over your shoulder, you might not pick up that book on gay stories, witchcraft, communism or whatever the taboo topic du jour happens to be. Libraries require either patron consent or actual legal process before disclosing patron records.

Fast forward to reading books online via Google Book Search. Fabulous new life for old books, but where in the complex proposed settlement agreement between Google and the publishers are reader privacy guarantees? I'll save you the pain of looking. Nowhere.

Every time you go online, you leave digital tracks, and with the settlement, you will generally need to authenticate yourself before viewing the out-of-print but in-copyright books at issue.

The final contours are not yet set. The settlement is not yet in effect. It's time now to take action to make sure we build some privacy safeguards in. The ACLU of Northern California, the Electronic Frontier Foundation and Berkeley's Samuelson Clinic have joined in a letter to Google, requesting:

1- Protection against disclosure
2- Limited tracking
3- User control
4- User transparency

Our library users will be reading google books inside the library as well as at home/work. If a reader borrows a book from the library, we protect her privacy. If she reads the same book on our computer terminals, she needs the same protection.

Posted by Mary on July 23, 2009 in Patron Records, Privacy | Permalink | Comments (4)

Technorati Tags: google book search, google privacy, google settlement, privacy, reader records

May 17, 2008

Congratulations to vermont libraries on strengthened patron privacy

Congratulations and kudos to the Vermont library folks. The state governor signed a bill on May 13, 2008 that substantially strengthens library user privacy. It changes the law from permissive protection (a library MAY keep records confidential), to a mandatory protection (a library MAY NOT disclose records unless certain conditions are met.

It seems to assume that FERPA requires disclosure of student library records to parents, though this is not known for sure. It does allow parents of children under 16 to look at their kids' records, though IMHO it's not clear that this is always in the child's best interest.

But the best part is that it allows a private right of action. That is, a patron whose records have been wrongly disclosed may bring a civil action against the library.

Posted by Mary on May 17, 2008 in Patron Records, Privacy, State laws | Permalink | Comments (9)

Technorati Tags: confidentiality, library records, patron confidentiality, patron records, privacy

September 14, 2007

State privacy laws and libraries

Paul Neuhaus has been busy updating his great wiki of state laws on the confidentiality of library records. Thanks, Paul.

Posted by Mary on September 14, 2007 in Patron Records, Privacy, State laws | Permalink | Comments (0)

August 20, 2007

Don't ask for social security numbers in library applications

Some libraries still ask for social security numbers on their library applications. Others have stopped that practice, but haven't purged their patron record databases of these numbers.

Yes, collection agencies want the numbers, and perhaps having this information can increase your success rate in tracking down scofflaw patrons.

But consider the downside. If someone hacks your database, or if you have a bad employee, this highly sensitive information is at risk. Once it's gone, it's gone. Patrons have little recourse once identity thieves get their hands on these numbers.

Comments, readers?

Posted by Mary on August 20, 2007 in Patron Records | Permalink | Comments (0)

August 08, 2007

Library Elf and the UK

From Philip Jones:

I know I am coming very late into this debate, but Elf is just beginning to get publicity here in the UK, and so the issues are becoming relevant. It has also widened its coverage to library management systems (LMSs) which are mainstream over here.

An interesting slant which is emerging is around Elf's choice not to develop full working agreements with the LMS suppliers themselves. I know of one LMS company which regards with concern and suspicion any attempt by a third-party system to draw down data from its LMS installations unless there is a formal agreement in place which formalises the whole process and includes all appropriate legal protections for both parties and their customers.

I think the LMS suppliers' view is that they implicitly authorise a library service, and its registered customers, to gain access to data on its system in specific ways defined by the system. However, they argue that they do not authorise a third-party system, such as Elf, to act as an intermediary between the end user and the LMS system and to manipulate the data provided. And further that one or more end users cannot legitimately empower Elf to act on their behalf as an intermediary service simply by the process of providing their card number and PIN code to Elf for that purpose. It all seems to hinge on whom the LMS supplier believe they have authorised to gain access to their data files.

Mary: This just came in as a comment to http://blog.librarylaw.com/librarylaw/2005/11/my_library_elf_.html but I figured no one would see it there. I think that any smart tech person could figure out how to "roll your own" RSS feeds from a library's LMS system, needing only the user's library card number and PIN (if needed to get into the records). Why do you say end users couldn't empower Elf to act on their behalf... wouldn't that be considered consent? Is consent sufficient in the UK?

What concerns me is that the users don't need to give consent if the LMS password system is weak, as it is in so many libraries in the U.S. Your ex-girlfriend needs only your library card number and sometimes a (weak) PIN (often the last four digits of your phone number). Do UK LMS companies offer stronger PINs than four digits?

Many have told me that that this weak security has always been the case, Elf or no Elf. The difference that Elf or any RSS feeds (laden with personal content) makes is the convenience of daily delivery of the records from hither and yon.

By the way, I just happened to go back to the search box in Bloglines the other day, and typed in "library elf for" and then chose [Search for Feeds] and got about 200 personal feeds from probably unwitting library users. Gives me their first names and one more click shows their libraries, books out/requested etc. At least Elf got rid of their email addresses. Still, quite disconcerting to see so much personal information floating around, free for me to capture. I could (but won't) add a screenshot of the names with the libraries and titles.

BloglinesElfScreenshot.doc

Posted by Mary on August 08, 2007 in Europe, Patron Records, Privacy | Permalink | Comments (3)

May 24, 2007

Library patron records confidentiality? A proposed exception you could drive a truck through

The Wisconsin Library Association has a good explanation of the recent state attorney general opinion finding library surveillance tapes protected as library records under state law. Unfortunately, in my estimation, the proposed amendment seems to be written more broadly than it need be.

5) Library records may be released for administrative library purposes, including establishment or maintenance of a system to manage the library records or to assist in the transfer of library records from one records management system to another, compilation of statistical data on library use, collection of fines and penalties, and the protection of library staff, library users, and library property. Records released to third parties for administrative library purposes may not be used or disclosed for any other purpose.

Protection of staff, users, property? Who decides? Isn't that exactly the reason law enforcement generally ASKS for patron records? The library shouldn't decide when patron records should be turned over, and neither should law enforcement. A neutral, detached magistrate should decide, evaluating the context -- weighing both security and privacy. The magistrate will then issue court orders in some cases and deny them in others.

It seems that the problem could be better cured by defining library records more narrowly.

Posted by Mary on May 24, 2007 in Patron Records, Privacy | Permalink | Comments (0)

Technorati Tags: libraries, patron records, state laws, surveillance, surveillance tapes, wisconsin

LibraryLaw Blog

Issues concerning libraries and the law - with latitude to discuss any other interesting issues Note: Not legal advice - just a dangerous mix of thoughts and information. Brought to you by Mary Minow, J.D., A.M.L.S. [California, U.S.] and Peter Hirtle, M.A., M.L.S. Follow us on twitter @librarylaw

Categories

Contributing Authors

Recent Comments

Recent Posts