Blogging has been extremely light as I’m in the process of relocating to Milwaukee. To that end, I recently visited my local community’s public library to sign up for a card, and was shocked to see that they required me to divulge my social security number in order to obtain a library account. I’ve sent the following letter to the library director as well as the library board.
(Please let me know if your public library also requires an SSN to get a card).
July 2, 2008
Elizabeth Carey
Director of Library Services
Shorewood Public Library
Shorewood, WisconsinDear Ms. Carey:
I am a new resident of the village of Shorewood and recently visited the Shorewood Public Library. While I was very impressed with the facilities provided to the residents of our community, I was taken aback when, upon signing up for a library card, I was required to divulge my social security number.
I am a scholar who studies ethics and technology, and much of my research has focused on how new information systems impact personal privacy. For example, my doctoral dissertation, “The Quest for the Perfect Search Engine: Values, Technical Design, and the Flow of Personal Information in Spheres of Mobility,” investigated of how Google’s drive to create the “perfect search engine” empowers the widespread capture of personal information flows across the Internet, threatening the ability to engage in online social, cultural, and intellectual activities free from answerability and oversight, thereby bearing on the values of privacy, autonomy, and liberty. One of the key components in this thesis is that the rise of Web search providers has supplanted the public library as a primary source of information, yet search engines do not have the same historical commitment to protecting intellectual privacy that libraries have shown over the past 100 years.
Certainly, the Shorewood Public Library is committed to patron privacy. Your spring 2008 newsletter highlights how the library complies with the relevant Wisconsin statues concerning the confidentiality of patron records. Yet, requiring the divulgence of a social security number to obtain a library card presents a significant privacy and identity theft risk for each patron who uses your services. [1]
The American Library Association provides a clear view of the threats involved with using social security numbers:
“The widespread use of SSNs by public and private agencies had created a dual threat of fraud victimization and the invasion of privacy, by linking significant amounts of personal and financial information through a single number.” [2]
When I asked the librarian why my social security number was necessary, she replied that it helps with internal tracking. I find this reason unsatisfactory, as my drivers license number (also required) should be sufficiently unique to enable tracking of my account. Further, since each patron is assigned a unique library account number, the need for a SSN in order to facilitate internal tracking is redundant and exposes patrons to unnecessary risks.
Perhaps the Shorewood Public Library is recording patrons’ social security numbers to assist in tracing patrons who having outstanding fines or overdue materials. Again, I question the need for a social security number to perform this function. Neither the Milwaukee Public Library, nor the New York Public Library (my previous library system) require patrons to reveal their social security number, and presumably these larger, urban library systems face greater occurrences of outstanding fines, overdue items, or theft. Even the ALA notes that: “Libraries have long used SSNs to trace patrons who have outstanding fines or overdue materials, often through collection agencies. In fact, the current state of internet technology often allows an individual to be located without the use of an SSN.” [2]
What kind of policy should the Shorewood Public Library have regarding the collection and use of patrons’ social security numbers? We can again turn to the ALA for guidance, who states that libraries that choose to use SSNs in patron databases or to identify users should:
* inform patrons whether providing their SSNs is mandatory or voluntary, and under what statutory authority the SSNs are solicited;
* inform patrons of the purpose for which SSNs will be used;
* use encryption to protect SSNs within patron databases, and;
* investigate other methods of uniquely identifying patrons and tracing those who have outstanding fines or overdue materials. [2]From my experience, it does not appear that the first two items where met, and I do not have the information to determine whether items 3 and 4 are being followed at Shorewood Public Library.
Let me be clear that this is not simply a lengthy complaint; I would like to offer my help and expertise. This fall, I am joining the faculty at the School of Information Studies at the University of Wisconsin-Milwaukee, and I would be happy to make myself (and my students) available to help the Shorewood Public Library address these issues and enact privacy-protecting policies regarding the collection and use of patron social security numbers.
Sincerely,
Michael Zimmer
Cc: Shorewood Public Library Board
[1] For more on the privacy concerns with the widespread use of social security numbers, see http://epic.org/privacy/ssn/.
[2] http://www.ala.org/ala/oif/statementspols/statementsif/interpretations/questionsanswers.cfm
MichaelZimmer.org 
Well done, Michael!
Let us know if they take you up on your offer.
And if this works, maybe we should just have you keep moving around the country. 🙂
/Dissent