A few years ago, after the disclosure that Amazon was collecting and storing user data associated with the loan of library e-books to Kindle users, I wrote an article briefly exploring the “digital dilemma” associated with providing users access to e-books and other resources via third party vendors. At the time I noted that
[t]he current model of digital content delivery for libraries places library users’ privacy at risk. Authorizing the loan of an ebook or the use of a database can communicate unique identifiers or personally identifiable information that reveals a user’s identity. Databases and e-readers create records of users’ intellectual activities that can include search terms, highlighted phrases, and what pages the individuals actually read. Easily aggregated—and then associated—with a particular user, such records can be used against the reader as evidence of intent or belief, especially if the records are stored on vendors’ servers, where they are subject to discovery by law enforcement.
Now the same issue has arisen in regards to Adobe Digital Editions’ collection of reader data and its transmission back to Adobe as unencrypted data sent through unsecured networks. The Library Information Technology Association’s LITA Blog outlines the technical issues. ALA President Courtney Young has commented on the issue and outlines ALA’s planned response.
The ethical issues are clear: it is the responsibility of librarians to establish policies to prevent any threat to privacy posed by new technologies. Libraries need to ensure that contracts and licenses reflect their policies and legal obligations concerning user privacy and confidentiality. Whenever a third party has access to personally identifiable information (PII), the agreements need to address appropriate restrictions on the use, aggregation, dissemination, and sale of that information, particularly information about minors. In circumstances in which there is a risk that PII may be disclosed, the library should warn its users. (See Questions 13 and 22 in the IFC’s Q & A on Privacy and Confidentiality, and Privacy: An Interpretation of the Library Bill of Rights.) In addition, careful thought should be given to the kinds of data that are collected and stored about library users’ reading habits; no personally identifiable data should be collected unless it is essential for the provision of resources and services to the library user, and any data collected should be discarded as soon as it is no longer needed (See the 2006 Resolution on the Retention of Library Usage Records.)
The legal issues are murkier. The majority of state library confidentiality records require libraries to prevent disclosure of library users’ records to third parties in the absence of user consent or a court order or other legal process compelling disclosure. But these laws often do not govern the behavior of third party vendors entrusted with library users’ information. Both Missouri and California have tried to address this by amending their library confidentiality laws to extend the duty to protect library user records to vendors. (See Missouri §185.815 – §185.817, amended and Cal. Gov. Code §6267.) Ultimately, however, the library must be responsible for assuring the privacy and confidentiality of their users’ records.
As libraries move to adopt digital content and new technologies, librarians need to assure that the use of library users’ data for these services does not weaken privacy protections for library users’ data or blur the line between public and confidential records. This will require a firm commitment to the profession’s obligation to protect the confidentiality of library users’ information and the will to advocate for greater legal protections for library users’ data that ensure reader privacy and protect against censorship, whether it is a private, contractual arrangement with the vendor or a public policy solution that includes amending or adopting library confidentiality laws that apply equally to any entity, public or private, that manages, stores, or uses library user data.
by Kelly Czarnecki
Charlotte Mecklenburg Library
We might not think too often about privacy issues in regards to the incarcerated. Why should they be online anyway? In most cases, they’re not. However, in some places they are. In my experience for instance, I have provided outreach as a public Librarian to juvenile offenders and we have been able to access the Internet for various purposes. While there is of course the initial hurdle of getting staff on board and structures in place for the incarcerated to access the Internet period, this post will focus on privacy issues once they are able to be online which hopefully goes to say it is possible, and these are some things to consider while figuring out what content could be a part of their experience.
While most of us that work in libraries encourage youth to practice safe habits on the Internet, being incarcerated adds another level. While where they are at is obviously a very big part of their life, it’s important we ask ourselves our responsibility in protecting their privacy from them being associated with being in jail or prison.
For example, in 2012, I helped facilitate a content creation program that was funded by the MacArthur Foundation, where juvenile offenders were able to access various sites online for the purpose of authoring information and interacting with one another as well as teens in another state who were also incarcerated. They used Voice Thread to learn how to leave constructive comments on a post one of their peers in the group uploaded. All of which are very useful skills to have if someone has never experienced this before. One of the programs we used was Bitstrips Comics. With each site, the teens were encouraged to create content based on a choice they had to make-preferably nothing that had anything to do with why they were incarcerated. When working with Bitstrips, one of the teens, aged 18, decided to illustrate what he did to get himself arrested. As librarians, we felt it was our responsibility to have a conversation with him regarding his privacy, as he was pretrial. He felt he wanted to keep the post live and wanted the content to stay.
In another program, I worked with youthful offenders to add content to a podcast called Turn it Up Teen Radio in 2014. The teens reported on the topic of bullying. The librarian at the jail asked that the recorded voices of the teens be disguised. Since there are voice effects for Garageband, they were able to choose their preference and read their researched piece from there.
Sometimes we might not think that those who are incarcerated deserve privacy online or even have that as a concern on our radar of them being content creators. When we think of it in terms of what skills they are building that are useful for future employment or other exploration, and understand that there are ways to protect their privacy for when they are no longer incarcerated, it makes sense to help find the best way to do so.
Kelly Czarnecki, Teen Librarian for the Charlotte Mecklenburg Library, has worked with teens in libraries for over ten years. She was the editor for the gaming column in School Library Journal for many years and is currently the YALSA liaison for the ALA Intellectual Freedom Committee.
by Nancy Kranich
Rutgers School of Communication and Information
Past President, American Library Association
Are librarians hysterical about protecting user privacy, as Attorney General John Ashcroft contended in 2003? That was the question asked when LIS students at Rutgers University heard from two librarians on the front lines defending and promoting intellectual freedom since the September 11th terrorist attacks in 2001. The colloquium entitled Libraries, Privacy, and National Security featured George Christian, the plaintiff in John Doe v. Gonzales who was served a National Security Letter (NSL) in 2005 that demanded patron records from the Library Connection in Connecticut, and Patrice McDermott, Executive Director of the coalition OpenTheGovernment.org, an organization that shines a light on surveillance transparency.
Both colloquium speakers were instrumental in changing the discourse and moving public opinion and policy toward more openness and privacy protection. They not only shared their stories, but addressed the central question: where do you draw the line in a democratic society between safety and freedom?
Attendees learned first hand from a librarian who just said NO to an FBI fishing expedition that demanded records about thousands of innocent readers using his busy library system. They listened to another librarian, a policy negotiator in Washington, who explained why librarians and library users should care about national security issues. Stated one student, “I thought it was interesting that both Christian and McDermott brought up privacy and security as ‘teachable moments.’ Christian discussed how librarians may assume the role of educating a library’s constituents about threats to privacy and Constitutional rights. McDermott referred to the NSA leaks, which created a new public awareness about these issues.”
Ever since the 9-11 attacks, librarians have raised concerns about policy makers’ reactions to the threats. Their concerns initially focused on the USA PATRIOT Act, passed by Congress with virtually no debate. That law, which includes several troubling provisions such as Section 215, grants unprecedented authority to law enforcement agencies to obtain search warrants from a secret court for business records (including educational, library, and bookstore records) without any actual proof or even reasonable suspicion of terrorist activity. Although the word library is not mentioned, this section is often referred to as the “library provision” thanks to the outcry over the possibility of library surveillance. That provision includes a gag order that requires any person or institution served with a warrant to keep secret what transpired. A similar provision, Section 505, permits the use of NSLs to force the instantaneous production of information about targets of investigations without any court order.
What’s the problem with these provisions? First and foremost, they license law enforcement officials to peer into Americans’ most private reading, research, and communications—rights granted under both the 1st Amendment and 4th amendment of the U.S. Constitution. They also sweep aside constitutional checks and balances, eliminate probable cause from terrorist investigations, increase potential for abuse, and break down barriers between criminal and intelligence gathering. In addition, they override existing privacy and confidentiality laws, including those in 48 states protecting library records.
In the John Doe v. Gonzales case, Christian (aka John Doe) described the FBI’s fishing expedition that chilled inquiry by innocent library users in his northern Connecticut library system. Moreover, a gag order imposed on Christian and his colleagues kept them from speaking out when debate about renewal of the USA PATRIOT Act denied that search warrants were issued to libraries. One student responded to Christian’s story, stating he is “truly a hero in the eyes of the library world and should be a hero in the eyes of the public. George stood up for all of our privacy rights.”
For more than a decade, ALA has passed resolutions urging Congress to amend the USA PATRIOT Act and related measures, launched the Campaign for Reader Privacy, and joined with other civil liberties groups like OpenTheGovernment.org to advocate reform. Unfortunately, attempts to modify the law have not yet resulted in substantive changes, even though a series of Amendments in 2006 limited impact on libraries thanks to the John Doe case.
During the Bush Administration, Americans learned about a related measure, a warrantless wiretapping program–legalized by Congress in 2008–that expanded powers to monitor domestic communications and listen to international phone calls without specific reasons. Then, in June 2013, Edward Snowden released highly classified information exposing the National Security Agency’s secret bulk collection of metadata about emails and phone calls made by Americans and the tapping of phones of foreign leaders. These measures have finally prompted a reluctant Congress and outraged public to join the “hysterical” library community in calling for change. Commented one MLIS student, “If librarians were worried in 2005, the whistle-blowing of Edward Snowden should be a wake-up call.”
McDermott described changes under consideration by Congress. One, the USA Freedom Act that ALA and other coalition partners have endorsed, would limit surveillance inquiries to a foreign power or agent actually suspected of terrorist activities, require a court order to search for records in bulk data, and create a special privacy advocate for the FISA court.
One Rutgers student, hearing about these developments for the first time, declared, “George Christian taught us a lot last night, he taught us that what he did was not the ordinary and that we need to be cautious of this ever happening to us. He let us know that the only way to succeed is to be educated and prepared. Patrice McDermott did an excellent follow up by making us aware of how unsecure the world is and that it is up to us to protect our privacy.” Stated another, “This colloquium was an excellent reminder that privacy is still a right and is worth defending, both for ourselves and for our patrons.” A third claimed, “there is so much more to libraries and librarians than meets the eye,” followed by another who affirmed, “This is a field that is growing in its involvement and purpose every day, and I am so excited to be a part of this.”
Nancy Kranich teaches at the Rutgers School of Communication and Information. She is a Past President of ALA, and, as a former Chair of the ALA Intellectual Freedom Committee, spearheaded the drafting of the original 2005 edition of the ALA’s Privacy Toolkit.
A video recording of the Rutgers MLIS Colloquium, “Libraries, Privacy, and National Security,” April 23, 2014, is available online , along with background lectures about libraries, privacy and national security prepared by Nancy Kranich (links below):