I work occasionally as a fill-in librarian at a local public library that serves a community of about 5,000 people. This is the community I am moving to next month, up the road from where I live now, and while technically it puts me out of the “rural” designation, it’s still pretty rural. Last week and the week before there was a horrible tragedy that rocked the whole community. Short form: a local girl Brooke Bennett, went missing and her body was discovered a few days ago. The most likely suspect at this point is an uncle who is on the state sex offender list.
First off let me say that I’m quoting from news stories only. Our official staff position is “no comment” and I’m sticking to that. Here is why this is a library issue.
The initial reports, when the girl was simply missing, was that she had met a sexual predator online via her MySpace page. That garnered the predictable media outcry as well as some very good stories about safety online.
It also resulted in law enforcement coming to the library to take the public PCs. You can read the library director’s statements about this in this article in the Burlington Free Press. The librarians waited for a court order, and gave the computers to the police once they received one. The computers have since been returned. The library had an internet policy in place to guide their actions in this situation.
As more details emerged it became clear that the MySpace angle was not just untrue, it was the opposite of what people had thought. The person who abducted Brooke had actually logged in to her MySpace page to try to create a fake scenario where she was meeting a “predator” when in reality she was meeting him. IP addresses from these interactions were given to law enforcement by MySpace and were, as near as I can tell, instrumental in helping them determine the sequence of events of this crime and narrow down the suspect list considerably. The older articles still reflect the “internet predator” angle when, like most abductions, the criminal was someone from the victim’s own family.
And as far as data goes, danah boyd has a very good article about MySpace when DOPA was more on the table in 2006. One of her useful facts “Statistically speaking, kids are more at risk at a church picnic or a boy scout outing than they are when they go on MySpace. Less than .01% of all youth abductions nationwide are stranger abductions and as far as we know, no stranger abduction has occurred because of social network services.”
The accused man is being charged, as of this writing, with kidnaping. This is because kidnaping at a federal level carries a possible death penalty sentence and is, I assume, a bargaining chip. The law regarding this is one that I wasn’t totally aware of “the 2006 Adam Walsh law — named for another abducted child — allowed federal prosecution of such crimes when they are facilitated by the Internet.” Worth knowing for any of us who provide Internet access to the public, I think.
The library has set up a book display dealing with this very difficult topic — books on MySpace, the death of a child, dealing with grief — and encouraging conversations.
So, this is all incredibly upsetting and destabilizing to the community here. While I hope that you never have to deal with something like this at your library, there may be some instructive or useful pieces of information here that I felt might be worthwhile to pass on.
Now that I’ve gotten back from ALA and gotten some sleep, I’ve been ruminating over privacy topics some more. The panel went well. I also read Cory Doctorow’s book Little Brother on the way home — they were giving away copies at the panel — and enjoyed it quite a lot. It’s a YA just-barely-dystopian book about a terrorist-seeming event and the Bay Area lockdown that follows and how a group of tech savvy teens respond, and how others respond. It’s a good book.
During the panel, we were talking about things you’d want to keep private that you don’t necessarily need to keep secret. Sex and bathroom activities were two obvious examples. This then led to a discussion, more like hitting on a few points, about library records and how there is a difference between trashing them — so you can legitimately say “we don’t have any records to show you” — and obscuring them, say through encryption, so that the records are available to, say, patrons and yet not to librarians or, it follows, to law enforcement. I found this idea intriguing. Now that we’ve done a decent job making the point that patron library data is data that we protect, maybe we can make that protection more sophisticated so we don’t have to protect it by completely eradicating it. Maybe.
Anyhow, I got grabbed outside of the panel by Library Journal and I talked a little bit about this.
Also can I just say that Library Journal’s coverage of ALA was really engaging and worth reading this year? I haven’t been following ALA conferences in a while but I was surprised how much I enjoyed reading about this one in addition to attending it.
I enjoyed the panel presentation. Jenny Levine and Kate Sheehan were both there blogging along with me. It was fun to keep an eye on twitter/chat/email and still pay enough attention to manage to ask a few questions and just learn things. Here is a slightly edited version of what I was writing during the event. My apologies of the lateness of this post. As I was heading home my own local library where I am a sometimes employee was dealing with their own privacy and law enforcement issue. Tough stuff. Click through for details, didn’t want to put this all on the front page. (more…)
I was invited to be a blogger for the Privacy: Is it Time for a Revolution? panel happening this Sunday from 1:30-3:00 in room 201D at the convention center. Speakers will be Cory Doctorow, Dan Roth from Wired, and Beth Givens, the director of the Privacy Rights Clearinghouse. This is supposed to be a “debate” but I really sort of think it’s mostly going to be a discussion of the erosion of the idea of privacy and what librarians are or should be doing about it. I’m looking forward to hearing it all three of these speakers have years (decades?) of experience and sharp minds. Cory I know is an engaging and at times provocative speaker.
I’m assuming they got some grant money for this, because I got a very slick looking concept paper about the idea with a lot of good backgrounder information (email me if you’d like me to send you a copy) and they ponied up money for a domain: PrivacyRevolution.org. Unfortunately, the domain has been parked at GoDaddy until pretty much today, so my blogging about it is going to be minimal since I’m getting on a plane in 12 hours and will have minimal net access until sometime Friday. There is a survey there that I encourage you to take.
You can also follow their twitter stream and they will be following the Librarian Society of the World Meebo chatroom. I’ve offered to pose some questions to the panelists from people who can’t be there [i.e. you, dear readers] though I’m a little worried this is late in the game for anyone heading to ALA. In any case, if there is a privacy-and-librarians topic that you are dying to ask a question about to these panelists, please put it in the comments here and I’ll be happy to do my best. Jenny Levine is the other guest blogger so stay tuned here and there for more information about this as it comes in.
This is big news. The Vermont Library Association and the Vermont School Library Association have succeeded in passing “An Act Related to the Confidentiality of Library Patron Records” which tightens up some loose areas in Vermont’s current patron confidentiality laws. The governor signed the bill on Tuesday, just in time for the Vermont Library Conference.
You can read more about the process of getting the bill drafted and passed by looking at the Intellectual Freedom section of the Vermont Library Association website. Minor point of pride: I designed the VLA website, enabling just this sort of information sharing and updates and it makes me happy to see it being used to announce such good news.
So, I don’t make you all sit through my deli.cio.us links auto-posting, but sometimes I have a few unrelated things to share that don’t really have their own full posts to go along with them. So here are a few things that are only sort of library related that I think you might be interested in.
StopBadware has published a very east to understand Trends in Badware report (pdf) with simple steps you can take to try to keep your computers and your computer users safe and happy.
Fred Stutzman warns that having Google toolbar on public computers can, if the advanced mode is activated, constitute a serious privacy leak.
Would a university export its user’s server logs to third parties in any other circumstance? Not without a subpoena. Is it time to call on universities, libraries and other public computing spaces to remove the Google Toolbar? I think so.
Please read this newspaper’s account of how 15,000 library patrons’ personal information — names, phone numbers, e-mail addresses, street addresses, children’s names and library card numbers — wound up accessible to the public as a result of… something happening to the systems at the Lakeland Library Cooperative in Michigan. That’s the rub, they’re not even sure. The interim director (what a lousy time to be an interim director) said that they “think there was a software malfunction” and then later in the article is paraphrased as saying “the library last month underwent a software upgrade on their system, but was not able to determine if that was the source of the problem.” Does this inspire confidence? No, it does not. E-problems?
Mistakes happen, we all know that, but this story tells me that either the reporter doesn’t understand computers enough to write about this incident, or that the person who runs the Library Cooperative does not understand what happened, or possibly both. I’m aware that there is always a third option, that they are trying to be deliberately obscure to keep people from hacking into their system, but if I were a patron of one of the affected libraries, I’d like mor information, a lot more. This is a file that is on the web, right? There should be log files that show how many times that page was accessed. Wouldn’t it be reassuring if that number was, say, three instead of perhaps a hundred? There is nothing on any of the Coop’s web sites about this incident even though the news story has been online all day (I found it through LISNews).
Oddly it looks like the previous director left the job somewhat mysteriously a few weeks ago. According to this short story, all the member libraries will be notified and 15000 new bar codes will be issued.
As he waves the reader over a book’s spine, ID numbers pop up on his monitor. “I can definitely overwrite these tags,” Molnar says. He finds an empty page in the RFID’s memory and types “AB.” When he scans the book again, we see the barcode with the letters “AB” next to it. (Molnar hastily erases the “AB,” saying that he despises library vandalism.) He fumes at the Oakland library’s failure to lock the writable area. “I could erase the barcodes and then lock the tags. The library would have to replace them all.”
The American Library Association was one of many companies and public interest groups that helped create a set of best practices for RFID. They include these three general principles about RFID, as it relates to privacy:
Technology Neutrality: RFID technology in and of itself does not impose threats to privacy. Rather privacy breaches occur when RFID, like any technology, is deployed in a way that is not consistent with responsible information management practices that foster sound privacy protection.
Privacy and Security as Primary Design Requirements: Users of RFID technology should address the privacy and security issues as part of its initial design. Rather than retrofitting RFID systems to respond to privacy and security issues, it is much preferable that privacy and security should be designed in from the beginning.
Consumer Transparency: There should be no secret RFID tags or readers. Use of RFID technology should be as transparent as possible, and consumers should know about the implementation and use of any RFID technology (including tags, readers and storage of PII) as they engage in any transaction that utilizes an RFID system. At the same time, it is important to recognize that notice alone does not mitigate all concerns about privacy. Notice alone does not, for example, justify any inappropriate data collection or sharing, and/or the failure to deploy appropriate security measures. Notice must be supplemented by thoughtful, robust implementation of responsible information practices.
Hi. I’m back and very tired. Midwinter went fairly well from my perspective. Council meetings seemed effective. I got to see most of the people i tried to see and had some nice serendipitous meetings with others. My company was part usual suspects and part people I’d never met before including a healthy dose of library students. I learned things. I took a lot of public transportation in an unfamiliar city. I stayed within my budget and I got home feeling smarter than when I left. I have a stack of paperwork that I’d like to share parts of with you but it will need to wait until the weekend.
In the meantime, while we were all at the meeting, this happened “City stalls FBI access in library” referring to the librarian at the Newton Free Library in Massachusetts who wouldn’t let FBI agents in to search library computers without a warrant after there had been emailed threats directed towards Brandeis University sent from one of the library computers. According to an article in the Boston Herald, this was done with the mayor’s knowledge and backing but everyone seems set to blame the librarian anyhow. This was a big enough news items to be the butt of a lot of jokes on talk radio by the time I was driving home from the airport. I’m just starting to read about this story, but correct me if I’m wrong, couldn’t the agents have just asked for the data on the computers, using the USA PATRIOT Act as their legal justification? This seems like a case where they were reluctant to for some reason. The Boston Globe article on the subject says this
[B]y the time a warrant became an issue, law enforcement officials had determined there was no imminent danger and decided to cooperate with Newton officials, Marcinkiewicz said. She said no arrests had been made as of yesterday afternoon. [emphasis mine]
Hi. My name is Jessamyn West and I'll be your librarian today. I work in rural Vermont as a library consultant and also am a moderator at MetaFilter.com. My personal blog is at jessamyn.com. Feel free to contact me if you have questions or comments.
