« Copyright Term and the Public Domain in the United States | Main | Copyfight: Fair Use in (In)action »


point 2 - it depends on the state law - Arizona says patron information is protected, unlike most others which say patron records.

point 3 - same - most if not all state laws have the administrative exception. You'd have to look to see how this is defined. If the hacking affected the administration of the library it seems like a slam dunk that that exception fits. But you have grayer areas like using library computers to hack into OTHER systems... Then you'd have to make your arguments pro or con based on the language of the state law, I would say.

For option 1, what I was hearing from the IT folks is that they don't want any anonymous users on their networks, even if it is technically possible. The goal is to make sure that if someone does something bad on the network, you can finger who that person is. I think we can agree that crashing the payroll system is bad, but what about gray areas (reading about metamphetamine production, bomb making, or a book by Michael Moore)?

In point 2, you note that librarians have to protect patron records by law. But if police ask for other information, is it ok to give it to them?

A few weeks ago I was watching a Law and Order:CI episode where the police visit a library and the helpful librarian points out which books the suspect had been reading. Was this good professional and ethical practice? There were no patron records involved - but the police learned about his reading habits just as surely as if the suspect had checked them out.

3. I think that IT folks should get court orders of some time to look at library records (including records of who was browsing where) - but I am sure they would just look, under the general escape clause that allows libraries to look at records for management purposes. Most network people also have policies that say they can look at traffic (or even your email) if the proper management of the network requires it. I wonder if state library confidentiality laws would trump these administrative policies?

1 - you mention that with authentication requirements, anonymity is no longer possible. I'm not sure that will always be true. I wish I were more of a techie to understand this, but I've had lots of conversations with techies who tell me that the use of tokens can be used to deal with this problem. That is, the user is authenticated, given an electronic token that is no longer attached in any way to their identity and let through the electronic gates to a database. The Shibboleth Project of Internet2, as I understand it, is concerned with this problem http://shibboleth.internet2.edu/ though as I understand it, it's not operational in a way that people are happy with yet.

2-You mention that half the librarians voluntarily give information to law enforcement. Although the rest of the study was interesting to me, that was the one piece that drove me crazy, since the questionnaire didn't distinguish between patron records (which state laws protect) and other patron information (which state laws generally don't protect.)

3- You raise the fascinating question of inter-institutional information sharing. I imagine it would be quite difficult for the library to ask the university's own IT department to get legal process such as a search warrant. Yet it would have to get such process if the nefarious activities happened elsewhere (and the location was, say a library that protected its patron records). Maybe that is the solution. If the IT dept has a good enough case, the extra hurdle is perhaps something that should be gone through...to protect the rest of the innocents. What do you think?

The comments to this entry are closed.