Weakening of Online Privacy at Libraries

Chronicles of Dissent points to some discouraging trends at public libraries that potentially threaten patron anonymity and privacy.

First, it appears more and more libraries are requiring those wishing to use their Internet services to produce a valid library card. This is troubling since, at most every library I’ve been to, individuals can enter and wander the shelves, sit and read a book, take notes, make copies, etc without ever having to provide identification, let alone register for a library card. There is no way to track what books someone looks at, what magazines they page through, or even to track who has been in the library at all. By requiring an ID to do many of these same activities via the Internet, these libraries threaten the ability to read, inquire, and learn anonymously.

Second, many libraries are turning to technological solutions to help “manage” their Internet access services. One example of such a solution is CASSIE, “a powerful, easy-to-use integrated solution that automates the management of your public access computers and printers.” While increasing efficiencies within libraries is a laudable goal (especially since budgets are shrinking), these systems often come with privacy-threatening externalities. For example, users typically need to login to gain access, potentially linking a patron with any caches or logs on the computer. Even more threatening is the ability for library staff to view the contents of a patron’s screen remotely, a serious dampening of a patron’s ability to access knowledge free from oversight and answerability.

UPDATE: Prompted by comments below, I’ve dug up some relevant policy links from the ALA regarding online privacy at libraries:


  1. Precisely, Michael. And Chris’s comment to your last post on libraries notwithstanding, I think we may need to explore how privacy is protected when it comes to computers in public libraries, as there does not seem to be the same degree of privacy if one is required to produce an ID to simply use the computer and the librarian can virtually “look over your shoulder,” track all of your computer usage in terms of dates and times, and theoretically — if they don’t disable that feature or clear cache, link your ID to specific sites visited.

    I hope that the ALA will have a good explanation and reassurance. I do intend to follow up and call them this week to describe what’s being reported to me and to ask them to respond.

  2. Thanks for the links, Michael. I’ll post a pointer over on Chronicles to here. And yes, I’ll follow-up with the ALA and post their response/comments.

  3. Certainly in medieval England the concept of community responsibility was firmly rooted in the evolving legal system.

    Would you argue that the history of the American colonies was other than

  4. I’m seeing that it takes more resources to preserve privacy than it does to let it slip away.

    You create the policy, you develop the trust with the community that you will follow the policy (ie deleting logs, or not keeping them to begin with), and the relationship with information technologists and policymakers to be sure it is correctly implemented.

    Balance that against more people needing access to the internet than you have computers to give out, and some kind of management system – often automated – is the result.

    There are technical solutions to this problem (that comes with their own new problems), but I think the key is developing the trust that the policies will be followed, and then making sure they are. In Dissent’s post, the user has an uneasy feeling that the logs won’t actually be deleted. How to mend that breach?

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s