Magazine article Computers in Libraries

Meta-Privacy

Magazine article Computers in Libraries

Meta-Privacy

Article excerpt

Adobe Digital Editions may or may not be sending users' personal information back to Adobe's servers in plain text. It may also be, in certain contexts, scanning users' hard drives for other ebooks not held within the Adobe Digital Editions environment and conveying that information to Adobe. Other ebook vendors are possibly transmitting information--such as your birthday and home address--in plain text to their servers as part of your ebook-lending transaction. These possible security exposures have come to light and are, as of this writing, still being hotly debated and disputed. So this month, I'm speaking about the general issue of privacy and digital content.

Privacy as Policy

Libraries have privacy policies, and privacy is considered one of the profession's core values. All 50 U.S. states have privacy laws that protect patron data. This includes lists of what they've been reading. It's right there in the Code of Ethics of the American Library Association (ALA): "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted."

See that "transmitted" bit? That's the tricky part. It's relatively uncomplicated for us to ensure that the list of print books you've checked out stays confidential. That information is held by us, often on servers that we own. Our library vendors have agreements with us that are informed and mindful of the legislative environment surrounding library privacy. However, historically, we've mostly looked toward law enforcement or government agents as the people we were protecting our patrons' information from. This is no longer true.

When a Book Is Not a Book

This was simpler when we were dealing with print materials, but the ebook environment is different. In many cases, books are licensed--not owned--by the library. There are additional rules that go along with ebook lending; there are also certain rights removed in an ebook-lending situation.

The ebook marketplace was created as a primarily consumer-facing system in which the expectation of privacy is considerably lower. Lending via Kindle often requires library patrons to log in to an additional system to complete their ebook loan. When this occurs, whose privacy policies are primary? What happens to the agreements that we have with our patrons?

Most savvy online shoppers are aware that companies collect information about them above and beyond what is necessary to sell them a widget. The questions then become, "Is the ebook-lending environment more like the library environment or more like the marketplace? And how do we as librarians set expectations for patrons appropriately?"

At the very least, any ebook transaction involving DRM requires some level of contact or authorization with a licensing server for verification ("Is this person authorized?" "Is this content available?" "Is this lending period still valid?"). Optimally, this authorization contains the minimum amount of information necessary to complete this transaction. If you're taking the user's privacy seriously, any sensitive information that is transmitted should be encrypted or obscured. Is this happening? Can we even tell?

Knowing What You Don't Know

We've known that having an aggressive pro-privacy stance is sometimes at odds with the way people like to do business. In the library world, we've heard that our defense of patron privacy is overkill, outmoded, or otherwise quaint and archaic. And yet, surveys of peoples' internet habits consistently show that they like to have control over what happens to their information, even if they decide to share some of it.

In the days after the initial Adobe Digital Editions allegations, there was a lot of inspection of the content of various transmitted transactions by librarians and others. There was also a dawning awareness that, for many of us, there is more going on behind the scenes than we might have imagined. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.