THE INDUSTRY RESPONDS
As suppliers of products and services, the information industry takes privacy and security seriously and, alongside libraries, has undertaken initiatives to explore both the privacy of patron data residing within library systems and the security of accessing content that is critical to research.
- ALA Library Privacy & Surveillance Guidelines. Throughout 2015 and 2016, The Intellectual Freedom Committee, part of the American Library Association (ALA), published a set of Library Privacy Guidelines that cover topics including K–12 student privacy, ebook lending and digital content privacy, library management system privacy, and public access computer privacy (ala.org/advocacy/privacyconfidentiality).
- NISO Patron Privacy Framework. As more systems that had historically been physically located in the library have moved toward service providers, a cross-constituency activity was launched by NISO to create a set of principles for libraries, service providers, and publishers. The resulting framework includes key areas of focus such as transparency, the need for certain anonymous functionality, and explicit opt-in for data collection (niso.org/topics/tl/patron_privacy).
- RA21. In 2016, the Resource Access for the 21st Century (RA21) was launched to connect libraries, service providers, and publishers with the goal of helping ensure ease of access to scholarly content while protecting it from unauthorized access and distribution (stm-assoc.org/standards-technology/ra21-resource-access-21st-century).
BALANCE IS KEY
The only perfectly secure system is one that is disconnected from the network, unplugged, and powered off—and not very usable!
In order for users to get the benefits they seek, librarians must make risk-based decisions on the value of the trade-off between security and/or privacy and the value of the service they seek to get from the library.
The key is to give patrons, users, and the community the information and options to make smart, well-informed security and privacy decisions.
American scientist and Hugo, Locus, Campbell, and Nebula award-winning author David Brin puts it best: “When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else” (davidbrin.blogspot.com/2013/04/questions-i-am-frequently-asked-about.html).
Librarians can use their influence and skillsets to get their communities on a path to make patrons, whether inside or outside the library, wiser about their role in security and privacy and empowering them to insist on accountability from everyone around them regarding both areas of concern.
Let’s Encrypt (SSL)