![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
silveradept[This year's December Days are categorized! Specifically: "Things I should have learned in library school, had (I/they) been paying attention. But I can make that out of just about anything you'd like to know about library school or the library profession, so if you have suggestions, I'll happily take them.]
Libraries take confidentiality seriously. Because we think of ourselves as one of the few places in the world that's not actively trying to gather and sell your data to someone else so that they can make a few bucks off of it and possibly give us a few bucks back. (Our vendor partners do, of course, because gouging us for access to their resources isn't enough, they want to get people buying or suggesting for us to buy all the things they want to read or listen to digitally as well.)
Libraries don't keep user-specific records without the specific opt-in of our users. Anonymized aggregation can help us determine where to target services, so we do use data that we collect on things like checkouts of items, computer session usage, and so forth, but we don't collect the data based on the person, we collect it based on items or terminals or door counters, plus any specific feedback that we receive about services, collections, and the like - and those are anonymized as well unless we get a release from you to use your name, possibly likeness, and a choice quote that someone thinks will sell the library to the community.
The reason we don't keep data on you unless you explicitly say it's okay (and not in some tl:dr portion of a EULA, eiher) is because we want to make sure that you are private in your selection of materials. USAPATRIOT contained provisions that allowed government agents to examine library records and then order the library not to reveal that a patron's privacy had been breached. But a government cannot obtain a record that doesn't exist, so libraries do a lot of scrubbing and not holding on to data for very long, if they collect it at all, to minimize the possibility of a breach, even with a properly executed order or warrant. My organization has very clear policies about where requests for records must go, and has designated a person at our main building as the person who gets called if there are records requests made in any fashion other than through the documented process for law enforcement to obtain those records. (Or, Hell forbid, a USAPATRIOT-type request and accompanying gag order comes with it to a location other than where such things should be served.) It is a thing that must be learned, even though it can be very frightening, on how to tell a law enforcement officer that they are welcome to look around and see if the person they seek is inside the library building, but if they want to know if they were just on one of the computers, that request has to be served at the proper place and in the correct form, and if the library has that record when the correct procedure has been followed, then the library will release that information.
Most of the time, the requests will not be made by a person with a badge, uniform, and weapon in as intimidating a manner as possible.
Matters of privacy and confidentality do produce interesting ethical quandaries when someone is exercising their private right to view whatever they wish in a public space where others who have not consented to viewing that material can see it accidentally or inadvertently. There are laws that govern the access of minors that have been tied to receiving discounted rates for technology and Internet access which I find odious and that generally encourage the adoption of filtering software as the mechanism for controlling minor access. Filters don't work because they block what they shouldn't and allow what they shouldn't and place the burden on a minor to ask for something to be exempted from the filters rather than having someone ask for a thing to be blocked. (The filters that govern the work computers are more restrictive than the ones that govern the public computers, which has hindered legitimate research for users because they're asking about, for example, the latest video game property or are trying to do research on various biological processes that have been deemed unfit for their eyes. Filters impede my work, and they impede access by minors to useful information that can be helpful to them, in the name of protecting them from things someone else has deemed they can't handle.
It's nobody's business but the person with the library card what they do with their reading, viewing, and access. That's our rule, and it's laid out in our policies and procedures. Staff are instructed not to give out any details about another person's library card, although in practice, we can bend some of that to help a caregiver find a lost book or pay fines on their charge's library card. Usually, that bending happens because we tell the person whose library card it is about the issues with their card within earshot of the other person that needs the information. And, if someone else has the library card, or its number and PIN, they can log in to the computer systems and examine the data contained therein. So there are ways to get information that rely, essentially, on what are bad infosec practices. If someone wants to, however, they are perfectly within their privilege to insist on private conversation about account matters, to never give out their card number to anyone and always retain possession of it themselves, and to guard their library priacy with the same vigor that they would other personal data.
This also applies to minor cards, which is where I think my organization breaks ever so slightly with other library systems in the area. We treat each and every card as separate and individual, which means that the grownups get squat for privileges with regard to access on their children's accounts. I had a conversation today at work about this topic, which prompts the writing. The grownups wanted to know if their child had a library card and what the number was for it. I told them that I couldn't tell them that, but if their child was here in the library, I could tell the child that information. The grownups seemed incredulous that this was the case, given that they were going to be responsible for any fines and fees owed on the card or any lost books.
Here's the other part where I think we diverge from other systems. Because we treat each card separately and confidentially, it also means that nobody has responsibility for any charges or other elements associated with the card other than the cardholder. Yes, including minors. There's no obligation for any guardian, parent, or other grownup to do anything regarding the fines and fees on a child's card. Which is what I told the grownups when they told me about their expectation that they would be responsible for the child's card. We don't go out of our way to say that the grownups don't have to do anything about the child's card, and most of our grownups want their children to have the privilege of library borrowing and access. But they don't have to do anything about it.
Our policies essentially say that we respect parents and caregivers' decisions on how to best manage their children, but that we also respect children as individual entities that are able to make decisions on their own. Yes, a parent or caregiver can request a child's card and account be closed. That's within their rights. The next day, the child can come back to the library and re-open an account of their own, and we will do that, too.
Whenever I'm making library cards for children, I try to make sure their attending grownups understand what's going on with the library card, who has the power to change account information, including the PIN (the cardholder), what sorts of things the card can check out (anything, including stuff that a caregiver would deem inappropriate for their child), how I don't get to talk to anyone about what's going on in their account, the big exception to that rule (due and overdue items to assist in finding them before they go to lost or large fine statuses), and so forth. Since most grownups are getting cards for their small children, the confidentiality issues aren't a problem at the time of registration. But I also remind the grownups that children grow and mature, and what might be no problem now might be a rift later, and that I'm telling them this right now so that they can be informed about what's going to happen later on if they start asking for information they're not entitled to have (not in that particular phrasing, but something similar).
Library school will go over things like intellectual freedom, the right to read and view, and core library beliefs about access to information and leisure through the library. They may not go over quite as much about what that might mean for minors, and how that might be implemented as policies in the organization that a student will join when they are hired on, and how you stand on those policies in the face of a parent that is demanding that you turn over confidential information to them about their child's choices for checkout when there's no cause in the policy or the procedure to do so. Like today's conversation. Being able to stick to your policy guns even when it would be a lot easier to give in takes a lot of things that library school can't provide - like knowing whether or not your administration will back you if you stand on your policy.
Libraries take confidentiality seriously. Because we think of ourselves as one of the few places in the world that's not actively trying to gather and sell your data to someone else so that they can make a few bucks off of it and possibly give us a few bucks back. (Our vendor partners do, of course, because gouging us for access to their resources isn't enough, they want to get people buying or suggesting for us to buy all the things they want to read or listen to digitally as well.)
Libraries don't keep user-specific records without the specific opt-in of our users. Anonymized aggregation can help us determine where to target services, so we do use data that we collect on things like checkouts of items, computer session usage, and so forth, but we don't collect the data based on the person, we collect it based on items or terminals or door counters, plus any specific feedback that we receive about services, collections, and the like - and those are anonymized as well unless we get a release from you to use your name, possibly likeness, and a choice quote that someone thinks will sell the library to the community.
The reason we don't keep data on you unless you explicitly say it's okay (and not in some tl:dr portion of a EULA, eiher) is because we want to make sure that you are private in your selection of materials. USAPATRIOT contained provisions that allowed government agents to examine library records and then order the library not to reveal that a patron's privacy had been breached. But a government cannot obtain a record that doesn't exist, so libraries do a lot of scrubbing and not holding on to data for very long, if they collect it at all, to minimize the possibility of a breach, even with a properly executed order or warrant. My organization has very clear policies about where requests for records must go, and has designated a person at our main building as the person who gets called if there are records requests made in any fashion other than through the documented process for law enforcement to obtain those records. (Or, Hell forbid, a USAPATRIOT-type request and accompanying gag order comes with it to a location other than where such things should be served.) It is a thing that must be learned, even though it can be very frightening, on how to tell a law enforcement officer that they are welcome to look around and see if the person they seek is inside the library building, but if they want to know if they were just on one of the computers, that request has to be served at the proper place and in the correct form, and if the library has that record when the correct procedure has been followed, then the library will release that information.
Most of the time, the requests will not be made by a person with a badge, uniform, and weapon in as intimidating a manner as possible.
Matters of privacy and confidentality do produce interesting ethical quandaries when someone is exercising their private right to view whatever they wish in a public space where others who have not consented to viewing that material can see it accidentally or inadvertently. There are laws that govern the access of minors that have been tied to receiving discounted rates for technology and Internet access which I find odious and that generally encourage the adoption of filtering software as the mechanism for controlling minor access. Filters don't work because they block what they shouldn't and allow what they shouldn't and place the burden on a minor to ask for something to be exempted from the filters rather than having someone ask for a thing to be blocked. (The filters that govern the work computers are more restrictive than the ones that govern the public computers, which has hindered legitimate research for users because they're asking about, for example, the latest video game property or are trying to do research on various biological processes that have been deemed unfit for their eyes. Filters impede my work, and they impede access by minors to useful information that can be helpful to them, in the name of protecting them from things someone else has deemed they can't handle.
It's nobody's business but the person with the library card what they do with their reading, viewing, and access. That's our rule, and it's laid out in our policies and procedures. Staff are instructed not to give out any details about another person's library card, although in practice, we can bend some of that to help a caregiver find a lost book or pay fines on their charge's library card. Usually, that bending happens because we tell the person whose library card it is about the issues with their card within earshot of the other person that needs the information. And, if someone else has the library card, or its number and PIN, they can log in to the computer systems and examine the data contained therein. So there are ways to get information that rely, essentially, on what are bad infosec practices. If someone wants to, however, they are perfectly within their privilege to insist on private conversation about account matters, to never give out their card number to anyone and always retain possession of it themselves, and to guard their library priacy with the same vigor that they would other personal data.
This also applies to minor cards, which is where I think my organization breaks ever so slightly with other library systems in the area. We treat each and every card as separate and individual, which means that the grownups get squat for privileges with regard to access on their children's accounts. I had a conversation today at work about this topic, which prompts the writing. The grownups wanted to know if their child had a library card and what the number was for it. I told them that I couldn't tell them that, but if their child was here in the library, I could tell the child that information. The grownups seemed incredulous that this was the case, given that they were going to be responsible for any fines and fees owed on the card or any lost books.
Here's the other part where I think we diverge from other systems. Because we treat each card separately and confidentially, it also means that nobody has responsibility for any charges or other elements associated with the card other than the cardholder. Yes, including minors. There's no obligation for any guardian, parent, or other grownup to do anything regarding the fines and fees on a child's card. Which is what I told the grownups when they told me about their expectation that they would be responsible for the child's card. We don't go out of our way to say that the grownups don't have to do anything about the child's card, and most of our grownups want their children to have the privilege of library borrowing and access. But they don't have to do anything about it.
Our policies essentially say that we respect parents and caregivers' decisions on how to best manage their children, but that we also respect children as individual entities that are able to make decisions on their own. Yes, a parent or caregiver can request a child's card and account be closed. That's within their rights. The next day, the child can come back to the library and re-open an account of their own, and we will do that, too.
Whenever I'm making library cards for children, I try to make sure their attending grownups understand what's going on with the library card, who has the power to change account information, including the PIN (the cardholder), what sorts of things the card can check out (anything, including stuff that a caregiver would deem inappropriate for their child), how I don't get to talk to anyone about what's going on in their account, the big exception to that rule (due and overdue items to assist in finding them before they go to lost or large fine statuses), and so forth. Since most grownups are getting cards for their small children, the confidentiality issues aren't a problem at the time of registration. But I also remind the grownups that children grow and mature, and what might be no problem now might be a rift later, and that I'm telling them this right now so that they can be informed about what's going to happen later on if they start asking for information they're not entitled to have (not in that particular phrasing, but something similar).
Library school will go over things like intellectual freedom, the right to read and view, and core library beliefs about access to information and leisure through the library. They may not go over quite as much about what that might mean for minors, and how that might be implemented as policies in the organization that a student will join when they are hired on, and how you stand on those policies in the face of a parent that is demanding that you turn over confidential information to them about their child's choices for checkout when there's no cause in the policy or the procedure to do so. Like today's conversation. Being able to stick to your policy guns even when it would be a lot easier to give in takes a lot of things that library school can't provide - like knowing whether or not your administration will back you if you stand on your policy.
no subject
Date: 2017-12-04 03:19 pm (UTC)no subject
Date: 2017-12-04 04:03 pm (UTC)also, the policies wrt minor cards have probably kept queer-kids-who-don't-want-their-parents-to-know from being outed to their parents while said kids venture forth on their journey of self-discovery
this is also a good
thank you,
no subject
Date: 2017-12-05 12:53 am (UTC)no subject
Date: 2017-12-05 09:40 pm (UTC)Smol!Six practiced infosec by just not checking those books out, but smol!Six also had hours of time spent in the library, and the local adults didn't care if one occasionally wandered off to the shelves not marked for children.
no subject
Date: 2017-12-05 09:58 pm (UTC)There was one or two other breaches on a different topic, but given that the material in question was almost always digital, it was sacrificed for the appearance of not having done more than what was observed. And then the vigilance tightened up again so as to make sure there were no further breaches of infosec.
no subject
Date: 2017-12-05 11:14 pm (UTC)Digital information is a lot easier to sacrifice, yeah. I got good at memorizing URLs; that skill helps me out to this very day. It also helps when the relevant adults aren't as good at computers as they think they are, because I'm pretty sure I left tracks I didn't even know I'd left, but to my knowledge they weren't found.
There's a lot of veiled pain in this thread, I think. *hugs* for all who want them, because comparing childhood information security practices implies a whole lot of suck.
no subject
Date: 2017-12-05 07:26 am (UTC)no subject
Date: 2017-12-04 04:02 pm (UTC)no subject
Date: 2017-12-04 04:10 pm (UTC)I was a work-study kid in a library when USPATRIOT passed. I remember some very angry librarians splitting, researching, then reconvening and sharing their findings. There were posters all over the internal works of the library describing exactly what one /had/ to say and exactly what one did not under the new provisions, and the latter list was a lot bigger.
That, actually, is how I learned that the librarians were some of the most radical and furiously intelligent people I knew, then or since. (Insert 'always the quiet ones' joke here.)
no subject
Date: 2017-12-05 01:22 am (UTC)no subject
Date: 2017-12-04 04:21 pm (UTC)"If you can read this sign, the FBI has not been here."
(and then a link or a bit more info about the Patriot Act)
Both our then library director and head of circ had one up at previous job.
There are also always complexities - that job had a computer which was only used to access the microfilm digital reader, and because of a series of necessary network things, it would create a profile if you logged in with your unique username and password.
(It wouldn't retain data: that got wiped when you logged off, but the profile folder with your username was technically findable if you were technically ept enough to do several steps and dig down into the user files. I took steps to hide them.)
I went back and forth with staff who were even more adamant about privacy than I am, (because I was in the 'Look, this is not a thing we can fix with the current computer setup for technical reasons that don't apply to our other machines, so it's the choice of having a privacy gap we don't like and solving it some other ways, or not having the machine' role.)
The machine in question could also do some really useful things (like scan to image files you could then drop into your network storage) but only if it had your network credentials.
The end result was a note that mentioned we were glad to log on people with a default password if they preferred (but they'd have to bring a large enough USB to move files or figure out another route) and someone would go into the machine and delete profiles regularly, but not necessarily weekly (because it took a while, because network issues.)
no subject
Date: 2017-12-05 01:34 am (UTC)I do (and did) like those signs, and I would really like it if the idea of public libraries as TOR exit relays would take off, assuming they could be set up correctly and maintained easily. (Like having Anonaboxes or something.)
I'd also like it if we weren't quite as dependent on Windows and Microsoft software, but that's another issue involving customer service versus privacy.
no subject
Date: 2017-12-05 09:41 pm (UTC)Everything gets more difficult when a network is involved; a good network admin can trace an awful lot of things. Your solution of a default account used by lots of people and removable storage is a good one.
no subject
Date: 2017-12-04 09:48 pm (UTC)no subject
Date: 2017-12-05 01:56 am (UTC)no subject
Date: 2017-12-05 08:36 pm (UTC)no subject
Date: 2017-12-05 01:42 am (UTC)no subject
Date: 2017-12-05 04:39 am (UTC)no subject
Date: 2017-12-05 10:18 pm (UTC)