« Charts to Understand Patriot Act Reauthorization | Main | International Copyright Issues Claimed as Basis for Withdrawing Maps »


"I see the elf as moving our library user records from a kind of weak-security-but-lying-in-practical-obscurity to a weak-security-and-easily-exploitable scenario."

I think library records came out of practical obscurity as soon as we added online access. It's not as if someone could log on to Library Elf and access all the patron records anywhere. They still have to get the patron numbers; anyone who really wants that info will already have done that, and LE makes no difference at all. If the malefactors don't have the patron numbers, LE doesn't make getting them any easier. If you do have the number, all ILSs I am familiar with still only show you what is currently checked out, and possibly what materials have fines owed on them, not the patron's entire reading history. We don't keep that information for a reason.

My concern would be more that if someone did get my number, they could change email addresses or other info on my LE account so that I would no longer get my notifications. As with this whole issue, that risk will seem larger to some folks than others. I just found out about Library Elf recently and like the idea. For all practical purposes, it's "out of the bag" now - we can choose not to advertise it as a service, but if our patrons find out about it and want to use it, they will whether we want them to or not!

Thanks Philip - since I doubt folks will see your comment here, I posted it as a new entry at http://blog.librarylaw.com/librarylaw/2007/08/library-elf-and.html

I know I am coming very late into this debate, but Elf is just beginning to get publicity here in the UK, and so the issues are becoming relevant. It has also widened its coverage to library management systems (LMSs) which are mainstream over here.

An interesting slant which is emerging is around Elf's choice not to develop full working agreements with the LMS suppliers themselves. I know of one LMS company which regards with concern and suspicion any attempt by a third-party system to draw down data from its LMS installations unless there is a formal agreement in place which formalises the whole process and includes all appropriate legal protections for both parties and their customers.

I think the LMS suppliers' view is that they implicitly authorise a library service, and its registered customers, to gain access to data on its system in specific ways defined by the system. However, they argue that they do not authorise a third-party system, such as Elf, to act as an intermediary between the end user and the LMS system and to manipulate the data provided. And further that one or more end users cannot legitimately empower Elf to act on their behalf as an intermediary service simply by the process of providing their card number and PIN code to Elf for that purpose. It all seems to hinge on whom the LMS supplier believe they have authorised to gain access to their data files.

I agree that changing your PIN is a good idea.

Many libraries don't even have PINs. I just went to a library yesterday that uses your zip code as the pin - period. Can't change it.

If you are worried about people seeing what you are reading with Library Elf, is it absolutely no different than logging in through the library's own web catalogue.

If people can get your barcode nad pin by peering over your shoulder at selfcheck - they would be just as likely to view your books by the online catalogue itself as through Library Elf. The barcoade and PIN number are one and the same.

If you are really concerned about privacy - I would use the option most libraries have to change your PIN to something other than the last 4 digits of your barcode. Easy to do through the library's web portal - and infinately more secure.

Update: I'm still using the Elf, as I see its great convenience, and I don't believe that not using it increases my security.

I agree that the real problem lies with poor library user database security. Some libraries have no PINS, use last names, phone numbers etc. This is clearly weak. Even four digit numbers (and that's all I've ever seen), I'm told by hackers, are very easy to crack with simple password cracking programs.

What the elf does, though, is shine a floodlight on this security weak point. A third party service that delivers confidential user information to your laptop so easily - blows the issue open.

Think about all the public records about us with private information that used to rest in dusty offices of county clerks - sure someone could go in and get it, but by and large the information was hidden by "practical obscurity." Once that information shifted to online, services started to sell it to customers with one-click ease - dispensing your personal information to anyone with a passing interest in you.

I see the elf as moving our library user records from a kind of weak-security-but-lying-in-practical-obscurity to a weak-security-and-easily-exploitable scenario.

It should be a wake-up call for libraries to upgrade the passwording and security of patron databases.

Put me down as a LibraryElf fan. I love getting the email, reminding me what is due and when.

As for looking up someone else's info, based on the card number and PIN: you don't need L'Elf to do that, you can do that via any online catalog that requires card number/PIN to access an account. The issue of who is seeing what based on arguably poor access security (card no./4 digit PIN) is one for libraries & how customers can access accounts online, balancing security and convenience. It exists independent of Elf. All Elf is doing differently is sending that daily email reminder; a parent, spouse, or interested stranger, without Elf, can still sit down at an online catalog, at home or in the library, and plug in those numbers by themselves.

As for people in situations who don't want another to know their accounts, and think they are at risk, whether it's Elf or someone accesing via an online catalog: get a new card. Change your PIN frequently.

I use Library Elf and have it on my website so that it will be more convenient for people having multiple cards in the family to get a notice when things are about to be due. I think it is a great idea and I am not sure why the library doesn't do this on it's own. I also think that the libraries should have more than a 4 digit pin number to protect the information- more like a complicated password and never just the last four digits of their phone. Library Elf is an excellent idea though and I recommend it to help keep track of books. It's still in the beta stage and changes could be made to it. I have an event planner reminder on my computer and I could be reminded that way but Elf tells me more and is a lot easier.

One of the reasons that libraries set the patron pin to the last 4 digits of the phone number is that they have recently converted to a new ILS. The old patron PINs were encrypted on the legacy system and could not be migrated to the new system, so as a convenience, the ILS vendor sets the PIN to either CHANGEME or the last 4 digits of a phone number. The library staff is should point this out to the patron and advise them to change their PIN--either to a new one or back to the old one.

If you want your automated ILS to provide a better system of notification, ask them to do so. Put it in the next RFP for a new system that your library requires your new ILS to provide all the services that Library Elf does in a secure environment. Talk to the other users of your ILS at user group meetings, etc., and band together to ask that this be submitted as an enhancement to your current ILS. Talk to the competition's vendor when s/he makes that cold call one day and asks what would make you buy a new system...if one vendor does it, they all follow suit in some form or fashion. Your dollar is your voice in this case.

I admit I'm kind of curious about what books you have checked out - anything you'd recommend to a friend? :>)

Library Elf logs into the library system using the same login screen and password that the user does. Unscrupulous people who steal cards or look over shoulders have no easier access to other people's information through Lbrary Elf than they do directly through the library system.

It's important for library systems to develop strong policies to protect users. Where I work, we do not give patrons PINs to access their record except in person, with positive ID. If libraries choose to assign default PINs to patrons, they're the ones that are being lax with privacy.

As for Library Elf's privacy policy, it is what it is, and it's up to users to decide whether or not they consider it adequate-- the same issue they have with every other account they use.

If there are privacy issues here, it's our libraries, and not Library Elf, that are responsible. To me, the real shame here is that a free service from outside the library world provides a much better system of notification than any of our library systems.

For encrypting email try PGP. You can check out the International PGP home page (http://www.pgpi.org/) to see where you can download it. There are freeware, open access, and paid versions.

Michael and Luke -

Thanks - I see how it can be a hack, and that the weak spot is the pathetic security most libraries give in the way of PINs. Even those with user-created PINs seem to be four digits, which password cracking programs have no trouble with.

Yet the Elf makes it easier for the regular Joe or Jane to see others' cards. It invites you to enter multiple cards, easily and conveniently. It makes it so effortless to enter other people's card numbers that it seems like a seismic shift to expand the population of looky-loos.

Yes, most people don't care about most other people's records. But if you've worked in a library, you know that some people care deeply what others are reading. They ask staff for these records and ... don't get them without legal process.

The divorced parents who are trying to locate their kids and monitor their activities...

The spouse who suspects the other of planning a divorce...

The list goes on and on.

I think the service that Library Elf provides is great and it's too bad that the ILS vendors themselves aren't providing this themselves in an easy to implement, yet privacy aware manner. In fact our library uses Innovative Interfaces and Library Elf works with that although I am sure that Innovative would prefer that it did not. Clearly this application is meeting a demand, and for "free". It would have been nice if Innovative could have provided us with a simple way to do what Library Elf does.

good way to check to see if our kids are reading books with gay characters!

"Did my library actually agree to this, or was it a Dynix-wide decision?" Neither one. ELF is an independent service, and although it appears they have fine-tuned their "hack" for Dynix systems, there are plenty of libraries on that list that use other ILS systems, not just Dynix. Basically, it's on you -- if you sign up for the service and hand over your barcode number and PIN to a third party, you've agreed to accept how they manage that information, what information they can access with it, and to whom they release all that data. It's an interesting social phenomenon, giving up a measure of privacy in exchange for a measure of convenience. I think of it kinda like an EZPass here in Houston. How many people with EZPasses pasted on their windshield to avoid stopping at tollbooths consider that the same technology allows their vehicle to be "tracked" along freeways all over the metro area? Would those people feel any better when they realize that the aggregated "tracking" of millions of EZPasses is what makes possible the advanced real-time traffic reporting that we see on houstontranstar.org?

If you've described it correctly, "Library Elf" makes the Patriot Act irrelevant; the feds can just enter your library card number and phone number and find out what you've been reading. Not using the system yourself wouldn't protect you. This sounds like an absolute disaster.

> Did my library actually agree to this, or was it a Dynix-wide decision?

Your library had absolutely nothing to do with it. Their program is taking your log-in information, logging in on your behalf and getting the information out of your account. As far as the library can tell, you're the one logging into the system.

> Am I putting my privacy at risk by using it

Yes, no, and maybe. It really depends on how much you trust the company running LibraryElf with your information. Assuming they don't sell your library login information (it would seem unlikely) then the risk is minimal. If you think they might, then the risk would be high.

As for library's setting user's PINs to the last four digits of their phone number or other such stupid, non-secure number, that's hardly LibraryElf's fault.

I'm a user of LibraryElf and I love it. I did have to think about these issues first and I decided that I was willing to accept the potential sacrifice or privacy for the convienence of the service. As soon as my libraries start offering me RSS and SMS updates on my account, I'll gladly cancel my LibraryElf account. Unfortunately, I don't see that happening in the immediate future.

The comments to this entry are closed.