Following up on recent posts on libraries and privacy here and at Chronicles of Dissent, CoD contacted Deborah Caldwell-Stone, a Deputy Director at the American Library Association, for reactions of some of the issues we’ve been discussing.
Regarding concerns about libraries requiring a valid library ID in order to access the Internet, Caldwell-Stone stated, in part:
requiring a library card to login is not really a problem in terms of privacy as long as the computer/library discards that information as soon as the user is authenticated if there is no suspicion or evidence of abuse.
Sounds nice, but the problem is that “suspicion or evidence of abuse” seems to lead to two possibilities: either (a) engage in some kind of profiling to determine if this user might engage in abuse, leading to the need to log their usage, or (b) suspicion of abuse is only determined after use of the computer, therefore logs are retained by default, and only deleted if someone deems the activity “unsuspicious”. Both scenarios are problematic.
Caldwee-Stone also expressed concern over other new technologies and practices that might threaten patron privacy at the public library, including having patron’s names attached to particular books held for self-checkout, the use of RFID tags to manage circulation (Olivia Nellums addressed this issue at the IINW symposium), and the increased use of surveillance cameras within the library’s walls.
CoD’s final analysis is worth repeating:
So are libraries still the bastions of privacy or is library-related privacy eroding? I was left with the sense that although the ALA is as protective as ever of the privacy of library records, financial issues, the use of surveillance cameras, technological advances with the potential for abuse, and the local political climate may be combining to somewhat weaken or threaten privacy in some communities. And to the extent that libraries now have greater potential to place patrons under surveillance — including, if they use the CASSIE software, to remotely “look over your shoulder” to see what web page you are viewing – it might not be a bad idea to request a copy of your library’s privacy policies the next time you go there.
I agree with CoD’s overall assessment of the situation: the ALA only provides policy guidelines, and in the face of shrinking budgets and increased suspicion of everyday people’s activities (yellow alert!), I fear that more and more libraries are deferring to increased tracking of user behavior. We can ask for their privacy policies, but ensuring they are actually enforced is the next problem for us to tackle.
MichaelZimmer.org 
Three things:
1. I added a blog entry this morning about an upstate NY library policy dispute that may be of interest to you in terms of what we have been discussing.
2. I emailed the folks at CASSIE a bunch of questions about their software features. If and when I get a reply, I will post it to my blog.
3. The ALA conference is June 21-27 in D.C. According to EPIC’s calendar, Marc Rotenberg will be speaking there on June 22nd, “Is the Library Open?” Maybe we can find out what else might be going on there that is privacy-related. I’d be tempted to drive down there for it.
Cheers,
/Dissent