The e-reader privacy paradox

In his book “Intellectual privacy: rethinking civil liberties in the digital age. Oxford University Press”, Neil Richards talks about the ereader privacy paradox

He uses Fifty shades of grey to illustrate the point he wants to make. Though print editions of the book were hard to find in Britain and the United States, the book sold millions of copies as an e-book. Its largely female readership repeatedly praised the privacy that the ebook version allowed.

An article in the New York Times makes the same point (Julie Bosman Discreetly digital, erotic novel sets American women abuzz http://www.nytimes.com/2012/03/10/business/media/an-erotic-novel-50-shades-of-grey-goes-viral-with-women.html It quotes Valerie Hoskins, agent to the author of Shades of Grey as saying “…women have the ability to read this kind of material without anybody knowing what they’re reading, because they can read them on their iPads and Kindles.”

But of course, Amazon knows what you read on your Kindle, what pages you have looked at, what annotations you have made, how long you have spent reading the novel, where you are up to and so on. The same would be true of Adobe if you had used the Adobe Digital Editions software.

Richards is quite right to speak of there being an e-reader privacy paradox. Isn’t that true of the internet too – that people are lured into a false sense of security. They can search the web from the privacy of their own homes, but those searches are far from being private and yet it creates the illusion of privacy.

If you went into a library, and were followed around by someone – whether it were a member of library staff, or a library user – wouldn’t you start to feel uncomfortable, almost as though someone was stalking you, watching your every move – what books you browsed on the shelves, which subject areas you headed towards, which titles you picked off the shelves to scan through, which books you took to the self-checkout machine etc. Wouldn’t you be outraged? So why are people not outraged by the tracking that takes place on the web which is far more pernicious – for example the tracking that occurs if they use Google Books, or Amazon’s “search inside the book” feature. Surely that sort of tracking is exponentially worse, because with ruthless efficiency huge quantities of data are being gathered, building up a profile about you where the data is kept permanently.

And what about the tracking that takes place when you use some library websites – ones that track in the form of analytics software, advertisers, social networking plugins, and the like)? Marshall Breeding (IN Privacy and security for library systems – Chapter 3:Data from library implementations. Library Technology Reports, 52(4) 2016, pp. 29-35) notes the tracking that was found on library websites / discovery services / online catalogs. It included (among others) Google Analytics, Google Ajax search API, Google AdSense, Google Translate, Google Tag Manager, DoubleClick, Yahoo Analytics, Adobe Omniture Analytics, Adobe Tag Manager, Adobe TypeKit, Facebook Connect, Facebook Social Plugin, Twitter Button, WebTrends.

In theory librarians are committed to protecting user privacy. What happens in practice?

The brief title of my PhD research is “Protecting the privacy of library users”. From the desk research that I have done so far, and the work to date on my literature review I have found evidence that what happens in reality doesn’t always live up to the theoretical commitment to protect user privacy: examples of data breaches, of library websites that leak privacy, of critical vulnerabilities in digital libraries (see for example KUZMA, J., 2010. European digital libraries: web security vulnerabilities. Library Hi Tech, 28(3), pp. 402-413) etc.

I am interested to know what are the root cause(s) of this failure to deliver on protecting user privacy.

Huang (HUANG, S., HAN, Z. and YANG, B., 2016. Factor identification and computation in the assessment of information security risks for digital libraries. Journal of Librarianship and Information Science, , pp. 1-17) says “Vulnerabilities may arise out of deficiencies in organizational structure, personnel, management, procedures and assets”.

I have put together a set of rough notes about a number of areas where I suspect that some clues as to the causes(s) might be found – or at least, where there might be potential for things to go wrong. But have I listed the right areas, am I missing any key ones, or should I be zooming in on any in particular:

  • Education/training
  • Contracts/licences
  • Law/regulation
  • Ethics/values
  • Technology
  • Information security
  • Who takes overall responsibility
  • Compliance issues
  • Physical (rather than digital) world
  • Vendors
  • Standards/guidelines
  • Third parties
  • Visibility/transparency
  • Privacy by design/by default

I can flesh these out a bit further if anyone is interested.

My research is in its early stages, so I haven’t yet reached the point of finalising the research questions I want to examine

Of course it is also worth asking the questions:

          Do library users actually worry about privacy in libraries?

          If so, why?

          If so, what in particular concerns them?

          And how would a failure to protect their privacy impact upon them?

Zines, libraries & privacy issues

Zines are usually devoted to specialized and often unconventional subject matter. They are often a vehicle for radical voices. They could be a political zine, a feminist zine, an LGBT zine and so on. They are ephemeral in nature, and often have very small print-runs.

The idea of privacy and trackless searching/use is often a very important principle for infoshops

Not all zine makers want their names listed on the internet

There’s a risk that easy availability of information about zine makers, and those who are interested in their zines could be used to flag people up to the authorities.

There’s a need for searching and using the library with a degree of privacy and untraceability (“rather than give the government fodder to harass them” (Hedtke, 2007 p41)

There are a number of examples of people talking of setting up separate public and private catalogues in order to keep certain information such as zine makers names more private

Vermillion (2009) writes that “we have been contacted to remove a last name from our database that was associated with a zine title that the author felt damaged her reputation in her current career—at age 16, she had no idea that the flippant title would ever be available online”.

Digitization of fanzines from many decades ago can throw up privacy issues – fans may have used their formal legal name (rather than a pseudonym), fully in the expectation of privacy, where the material was produced a long time before the world wide web was invented, and where the circulation of the fanzines was quite limited. In a chapter entitled “Identity, ethics, and fan privacy” written by Kristina Bussee and Karen Hellekson (in “Fan culture: theory/practice” edited by Katherine Larsen and Lynn Zubernis) they say “…many fans published under their legal names, before the adoption of pseudonyms became commonplace. The full names of many fans thus appear in print on the cover of fanzines, in their tables of contents, and in ads circulated to market the zines….These fans…deserve privacy”

Zine librarians code of ethics http://zinelibraries.info/code-of-ethics/

Siobhan Britton dissertation What we do is secret? A study of issues relating to the collection, care, and accessibility of zines in institutional and alternative collections in the UK https://hcommons.org/deposits/item/hc:10951/

Legal cases relevant to library privacy

I have been slowly putting together a listing of legal cases relevant to library privacy. If there are any that I have missed and may not be aware of, do let me know

John Doe v Gonzales 2005 (the case of the “Connecticut Four”)

Quad Graphics v Southern Adirondack Library System 1997 174 Misc.2d 291 (1997) 664 N.Y.S.2d 225 (on obtaining electronically stored information if warranted)

Tattered Cover, Inc. v. City of Thornton, 44 P. 3d 1044 – Colo: Supreme Court 2002 which looked at how the court must balance the law enforcement officials’ need for bookstore records against the harm caused to constitutional interests by execution of a search warrant.

Brown v Johnston 328 N.W. 2d 510 (Iowa) At issue was whether a county attorney subpoena for certain library circulation records is limited or restricted by section 68A.7(13) of the Iowa Code.

re Grand Jury Subpoena to Kramerbooks & Afterwords Inc 26 Med. L. Rptr. 1599 (D.D.C. 1998) (Kenneth Starr’s demand for the book buying habits of Monica Lewinsky)

United States v Rumley 1953. In the early 1950s the Supreme Court found it unconstitutional to convict a bookseller for refusing “…to provide the government with a list of individuals who had purchased political books.”   Justice Douglas observed, “Once the government can demand of a publisher the names of the purchasers of his publications . . . [f]ear of criticism goes with every person into the bookstall . . . [and] inquiry will be discouraged.”

re Grand Jury Subpoena to Amazon.com 2007 (demand for identities of 24,000 Amazon. com book buyers)

United States v Curtin. whether reading habits can be used to prove criminal intent in trials http://digitalcommons.law.ggu.edu/ggulrev/vol38/iss3/7/

 

Working on Literature Review

I’m currently working on a review of the literature around protecting the privacy of library users. The whole exercise is a learning experience in so many different ways. Its fascinating how the process of working through the literature makes you step back and try to take a “helicopter view”, where you take a step back to try and identify key themes and issues; as well as going to the other extreme and reading individual items and going into a lot of depth about a particular and very specific aspect of the topic.

The process of importing references from a number of different sources into a citation software package comes up with a number of formatting inconsistencies, and I know that I need to spend time checking and rechecking the details below.

There’s loads more work to do. The list below is by no means complete, and indeed I need to work my way through the list to see whether to keep all of the items listed. But I thought people might be interested to see the literature I have selected.

BIBLIOGRAPHY

ADAMS, H.R., 2005. Privacy in the 21st century: issues for public, school, and academic libraries. Libraries Unlimited.

AL-SUQRI, M. and AKOMOLAFE-FATUYI, E., 2012. Security and privacy in digital libraries: challenges, opportunities and prospects. International Journal of Digital Library Systems, 3(4), pp. 54-61.

AMERICAN LIBRARY ASSOCIATION, 2017. Library privacy checklist 3: e-book lending and digital content vendors.

AMERICAN LIBRARY ASSOCIATION, 2010. Intellectual freedom manual.

AMERICAN LIBRARY ASSOCIATION, 2009. Choose privacy week: resource guide. American Librarian Association.

ANONYMOUS, 1995. Seizure of library user records on a court warrant: a case of investigation relating to the subway sarin nerve gas attack. Toshokan Zasshi (Library Journal), 89(10), pp. 808-810.

ARCH, X., FALKOWSKI, J., PENDSE, L. and SYMONDS, E., 2009. Orienting and educating new librarians about privacy obligations: guidelines for administrators.

ARD, B.J., 2013. Confidentiality and the problem of third parties: protecting reader privacy in the age of intermediaries. Yale Journal of Law and Technology, 16(1), pp. 1-58.

AULETTA, K.[.A., 2010. Googled : the end of the world as we know it. London: Virgin.

BALAS, J.L., 2005. Should there be an expectation of privacy in the library? Computers in Libraries, 25(6), pp. 33-35.

BALAS, J.L., 2001. How should privacy be protected in the electronic library? Computers in Libraries, .

BATTELLE, J., 1965, 2006. The search: how Google and its rivals rewrote the rules of business and transformed our culture. Rev. edn. London: Nicholas Brealey.

BECKSTROM, M., 2015. Protecting patron privacy: safe practices for library computers. Libraries Unlimited.

BIELEFELD, A. and CHEESEMAN, L., 1994. Maintaining the privacy of library records: a handbook and guide. Neal Schuman Pub.

BOWERS, S.L., 2006. Privacy and Library Records. Journal of Academic Librarianship, 32(4), pp. 377-383.

BREEDING, M., 2016. Data from library implementations. Library Technology Reports, 52(4), pp. 29-35.

BREEDING, M., 2014. Swords, Dragons, and Spells: Vendor study on Security and Privacy controls. Library Technology Guide, .

BROCK, G., 2016. The right to be forgotten: privacy and the media in the digital age. London: I.B. Tauris.

BROWN-SYED, C., 2003. The Changing faces of library privacy. Library & Archival Security, 18(1), pp. 3-8.

BRYMAN, A., 2016. Social research methods. Fifth edn. Oxford: Oxford University Press.

BURKELL, J. and CAREY, R., 2011. Personal Information and the Public Library: Compliance with Fair Information Practice Principles/Les renseignements personnels dans les bibliothèques publiques : le respect des principes d’équité dans les pratiques de collecte de renseignements. Canadian Journal of Information and Library Science, 35(1), pp. 1.

BUSCHMAN, J., 2016. The Structural Irrelevance of Privacy: A Provocation. LIBRARY QUARTERLY, 86(4), pp. 419-433.

BUTTERS, A., 2007. RFID systems, standards and privacy within libraries. The Electronic Library, 25(4), pp. 430-439.

CALDWELL-STONE, D., 2012. A digital dilemma: ebooks and users’ rights. American Libraries, .

CAMPBELL, D.G. and COWAN, S.R., 2016. The paradox of privacy: revisiting a core library value in an age of big data and linked data. Library Trends, 64(3), pp. 492-511.

CANNATACI, J.A., 2016. Report of the Special Rapporteur on the right to privacy. , pp. A/HRC/31/64-A/HRC/31/64.

CARLSON, S., 2004. To use that library computer, please identify yourself. Chronicle of Higher Education, 50(42),.

CHMARA, T., 2008. Privacy and confidentiality issues: a guide for libraries and their lawyers. ALA Editions.

CLARK, I., 2016. The digital divide in the post-Snowden era. Journal of Radical Librarianship, 2, pp. 1-32.

COHEN, J., 2013. The private life : why we remain in the dark. Granta Publications.

COOKE, L., 2014. Managing access to the internet in public libraries: findings from the MAIPLE project.

COOKE, L., SPACEY, R., MUIR, A. and CREASER, C., 2014. Filtering access to the internet in public libraries: an ethical dilemma? Globethics.net, pp. 179-190.

COOMBS, K.A., 2005. Protecting user privacy in the age of digital libraries. Computers in Libraries, 25(6),.

COOMBS, K.A., 2004. Walking a tightrope: academic libraries and privacy. Journal of Academic Librarianship, 30(6), pp. 493-497.

COOPER, A., 2016. Safeguarding what’s personal: privacy and data protection perspectives of Library Association of Ireland members.

CYRUS, J.W.W. and BAGGETT, M.P., 2012. Mobile technology: implications for privacy and librarianship. Reference Librarian, 53(3), pp. 284-296.

DAVIES, J.E., 1997. Managing information about people: data protection issues for academic library managers. Library Management, 18(1), pp. 42-52.

DETTLAFF, C., 2007. Protecting user privacy in the library. Community & Junior College Libraries, 13(4), pp. 7-8.

DIXON, P., 2008. Ethical issues implicit in library authentication and access management: risks and best practices. Journal of Library Administration, 47(3-4), pp. 142-162.

DOMINGOS, P.[., 2015. The master algorithm : how the quest for the ultimate learning machine will remake our world. New York: Basic Books.

DROBNICKI, J.A., 1992. The confidentiality of library users’ records. ERIC Document Reproduction Service, .

FALK, H., 2004. Privacy in libraries. The Electronic Library, 22(3), pp. 281-284.

FALLIS, D., 2007. Information ethics for twenty‐first century library professionals. Library Hi Tech, 25(1), pp. 23-36.

FARKAS, M., 2007. The blog. Library journal, (December), pp. 40-43.

FERGUSON, S., THORNLEY, C. and GIBB, F., 2014. How do libraries manage the ethical and privacy issues of RFID implementation? A qualitative investigation into the decision-making processes of ten libraries. Journal of Librarianship and Information Science, 47(2), pp. 117-130.

FERGUSON, S., THORNLEY, C. and GIBB, F., 2016. Beyond codes of ethics: how library and information professionals navigate ethical dilemmas in a complex and dynamic information environment. International Journal of Information Management, 36(4), pp. 543-556.

FERNANDEZ, P., 2010. Privacy and Generation Y: Applying library values to social networking sites. Community & Junior College Libraries, 16(2), pp. 100-113.

FERNANDEZ, P., 2009. Online social networking sites and privacy: revisiting ethical considerations for a new generation of technology. Library Philosophy and Practice, .

FERTIK, M. and THOMPSON, D.C., 2015. The reputation economy: how to optimize your digital footprint in a world where your reputation is your most valuable asset. Penguin Random House.

FIELDING, D., 1978. Librarians, civil liberties and privacy. The Australian Library Journal, 27(12), pp. 181-189.

FIFAREK, A., 2002. Technology and privacy in the academic library. Online Information Review, 26(6), pp. 366-374.

FINN, R.L., WRIGHT, D. and FRIEDEWALD, M., 2013. Seven types of privacy. In: S. GUTWIRTH ET AL. (EDS.), ed, European Data Protection: Coming of Age. Springer Netherlands, pp. 3.

FLORIDI, L., 2014. The 4th revolution: how the infosphere is reshaping human reality. Oxford, United Kingdom: Oxford University Press.

FLORIDI, L., 2006a. Four challenges for a theory of informational privacy. Ethics and Information Technology, 8, pp. 109-119.

FLORIDI, L., 2006b. Informational privacy and its ontological interpretation. SIGCAS Computers and Society, 36(3),.

FLORIDI, L., 2005. The ontological interpretation of informational privacy. Ethics and Information Technology, 7.

FOERSTEL, H.N., 1991. Surveillance in the stacks: the FBI’s library awareness program. New York: Greenwood Press.

FORMANEK, M. and ZABORSKY, M., 2017. Web Interface Security Vulnerabilities of European Academic Repositories. Liber Quarterly, 27(1),.

FORTIER, A. and BURKELL, J., 2015. Hidden online surveillance: what librarians should know to protect their own privacy and that of their patrons. Information technology and libraries, 34(3), pp. 59-72.

FOUCAULT, M., 1977. Discipline and punish: the birth of the prison. Pantheon Books.

FOUTY, K.G., 1993. Online patron records and privacy: Service vs. security. The Journal of Academic Librarianship, 19(5), pp. 289-293.

GALIC, M., TIMAN, T. and KOOPS, B., 2016. Bentham, Deleuze and beyond: an overview of surveillance theories from the panopticon to participation. Philosophy & Technology, , pp. 1-29.

GAROOGIAN, R., 1991. Librarian/patron confidentiality: an ethical challenge. Library Trends, 40(2), pp. 216-233.

GHEZZI, A., 1975, PEREIRA, A., 1966 and VESNIĆ-ALUJEVIĆ, L., 1981, 2014. The ethics of memory in a digital age: interrogating the right to be forgotten. Houndmills, Basingstoke, Hampshire: Palgrave Macmillan.

GIVENS, C.L., 2015. Information privacy fundamentals for librarians and information professionals. Rowman & Littlefield.

GOGOI, N., 2014. Challenges to privacy and risk oriented RFID system implementation in libraries. International Journal of Innovative Research in Computer and Communication Engineering, 2(10),.

GOODMAN, A. and GOODMAN, D., 2008. Librarians unbound. Standing up to the madness: ordinary heroes in extraordinary times. Hyperion Books, pp. 52-71.

GORMAN, M., 2015. Our enduring values revisited: librarianship in an ever-changing world. Chicago: ALA Editions, an imprint of the American Library Association.

GORMAN, M., 2000. Our enduring values: librarianship in the 21st century. Chicago; London: American Library Association.

GREENE, J.K., 2014. Before Snowden: privacy in an earlier digital age. International Journal of Philosophy and Theology, 2(1), pp. 93-118.

GREENLAND, K., 2013. Negotiating self-presentation, identity, ethics, readership and privacy in the LIS blogosphaere: a review of the literature. Australian Academic & Research Libraries, 44(4),.

GREENWALD, G., 2014. No place to hide: Edward Snowden, the NSA, and the U.S. surveillance state. Toronto: Signal, McClelland & Stewart.

GRESSEL, M., 2014. Are Libraries Doing Enough to Safeguard Their Patrons’ Digital Privacy? Serials Librarian, 67(2), pp. 137-142.

HARDING, L.1.[., 2014. The Snowden files : the inside story of the world’s most wanted man. London: Guardian Books : Faber and Faber Ltd.

HARTZOG, W. and STUTZMAN, F., 2013. The case for online obscurity. California Law Review, 101(1), pp. 1-49.

HASSELBACH, G. and TRANBERG, P., 2016. Privacy is creating a new digital divide between the rich and poor. Daily Dot, (October 23),.

HESS, A.N., LAPORTE-FIORI, R. and ENGWALL, K., 2015. Preserving patron privacy in the 21st century academic library. Journal of Academic Librarianship, 41(1), pp. 105-114.

HOFFMANN, A.L., 2016. Privacy, Intellectual Freedom, and Self-Respect: Technological and Philosophical Lessons for Libraries. Perspectives on Libraries as Institutions of Human Rights and Social Justice. Emerald Group Publishing Limited, pp. 49-69.

HORN, Z., 1995. Zoia! : memoirs of Zoia Horn, battler for people’s right to know – zoiamemoirsofzoi00horn.pdf. McFarland & Company Inc.

HUANG, S., HAN, Z. and YANG, B., 2016. Factor identification and computation in the assessment of information security risks for digital libraries. Journal of Librarianship and Information Science, , pp. 1-17.

ICOLC, 2002. Privacy guidelines for electronic resource vendors.

IMLS, 2016. Privacy literacy training.

JOHNS, S. and LAWSON, K., 2005. University undergraduate students and library-related privacy issues. Library & Information Science Research, 27(4), pp. 485-495.

JOHNSTON, S.D., 2000. Rethinking Privacy in the Public Library. The International Information & Library Review, 32(3-4), pp. 509-517.

JONES, M.L., 2016. Ctrl + Z: the right to be forgotten. New York: New York University Press.

JORDANCO, S., 2016. The Panopticon factor: privacy and surveillance in the digital age. Departmental Bulletin Paper, 21(9), pp. 61-76.

KHOO, M., 2002. Privacy in the “library without wall”: Library practice in an age of digital content. Library and Information science Research Electronic Journal, 12(1),.

KIM, B., 2016. Cybersecurity and digital surveillance versus usability and privacy: why libraries need to advocate for online privacy. C&RL News, .

KLINEFELTER, A., 2007. Privacy and Library Public Services: Or, I Know What You Read Last Summer. Legal Reference Services Quarterly, 26(1), pp. 253-279.

KONTAXIS, G., POLYCHRONAKIS, M. and MARKATOS, E.P., 2012. Minimising information disclosure to third parties in social login platforms. International Journal of Information Security, 11, pp. 321-332.

KONTAXIS, G., POLYCHRONAKIS, M. and MARKATOS, E.P., 2011. Sudoweb: minimising information disclosure to third parties in single sign-on platforms.

KRANTZ, P., 2016. Protection of privacy in the library environment.

KUZMA, J., 2010. European digital libraries: web security vulnerabilities. Library Hi Tech, 28(3), pp. 402-413.

LAMBERT, A.D., PARKER, M. and BASHIR, M., 2015. Library patron privacy in jeopardy: an analysis of the privacy policies of digital content vendors. Proceedings of the 78th ASIS&T Annual Meeting: Information Science with Impact: Research in and for the Community., .

LAMDAN, S., 2015a. Librarians as feisty advocates for privacy. CUNY Academic works, .

LAMDAN, S., 2015b. Social media privacy: a rallying cry to librarians. Library Quarterly, 85(3), pp. 261-277.

LAMDAN, S., 2014. Library patron privacy in 2014 – honoring the legacy of Zoia Horn. CUNY Academic Works, (58),.

LAMDAN, S.S., 2013. Why library cards offer more privacy rights than proof of citizenship: Librarian ethics and Freedom of Information Act requestor policies. Government Information Quarterly, 30(2), pp. 131-140.

LIBERT, T., 2015. Exposing the hidden web: an analysis of third-party HTTP requests on 1 million websites. International Journal of Communication, 9, pp. 3544-3561.

MAGI, T.J., 2010. A content analysis of library vendor privacy policies: Do they meet our standards? College & Research Libraries, 71(3), pp. 254-272.

MAGI, T.J., 2013. A fresh look at privacy – why does it matter, who cares, and what should librarians do about it? Indiana Libraries, 32(1), pp. 5-5 pages.

MAGI, T.J., 2008. A study of US library directors’ confidence and practice regarding patron confidentiality. Library Management, 29(8/9), pp. 746-756.

MAGI, T.J., 2007. The gap between theory and practice: a study of the prevalence and strength of patron confidentiality policies in public and academic libraries. Library & Information Research, 29, pp. 455-470.

MAI, J., 2016. Big data privacy: the datafication of personal information. Information Society, 32(3), pp. 192-199.

MAKHIJA, D.G. and CHUGAN, P., K., 2016. RFID based library management system: the benefits and challenges. In: PAWAN K. CHUGAN, DEEPAK SRIVASTAVA, NIKUNJ PATEL AND NIRMAL C. SONI, ed, New Age Ecosystem for Empowering Trade, Industry and Society. Ahmedabad, India: New Delhi, for Institute of Management, Nirma University, .

MANNHEIMER, S., YOUNG, S.W.H. and ROSSMANN, D., 2016. On the ethics of social network research in libraries. Libraries, Journal of Information, Communication, and Ethics in Society, 14(2),.

MARGULIS, S.T., 2011. Three theories of privacy: An overview. Privacy Online. Springer, pp. 9-17.

MARKMAN, C., 2016. Measuring vendor cybersecurity. Internet Librarian 2016, .

MARKMAN, C., 2015. Cybersecurity risk management for public libraries: weapons of mass instruction.

MARSHALL, S.D.[. and GREEN, N.1.[., 2011. Your PhD companion : the insider guide to mastering the practical realities of getting your PhD. Revised and updated third edition. edn. Oxford: How To Books.

MASSIS, B., 2016. The Internet of Things and its impact on the library. New Library World, 117(3), pp. 289-292.

MATHSON, S. and HANCKS, J., 2008. Privacy Please? A comparison between self-checkout and book checkout desk circulation rates for LGBT and other books. Journal of Access Services, 4(3-4), pp. 27-37.

MATTLAGE, A., 2015. Responsibilities of information professionals vis-a-vis information rights. Journal of Information Ethics, 24(1), pp. 65-81.

MCCORD, G., 2013. What you need to know about privacy law: a guide for librarians and educators. Libraries Unlimited.

MCCULLAGH, K., 2008. Blogging: self presentation and privacy. Information & Communications Technology Law, 17(1), pp. 3-23.

MIKETA, A., 2012. Library diaries. CreateSpace Independent Publishing Platform.

MIRMINA, S.A., 2016. Translating justice Brandeis’s views on privacy for the 21st century.

MOHSENZADEH, F. and ISFANDYARI-MOGHADDAM, A., 2011. Perceptions of library staff regarding challenges of developing digital libraries The case of an Iranian university. PROGRAM-ELECTRONIC LIBRARY AND INFORMATION SYSTEMS, 45(3), pp. 346-355.

MOLNAR, D. and WAGNER, D., 2004. Privacy and security in library RFID: Issues, practices, and architectures. Proceedings of the 11th ACM conference on Computer and Communications Security, , pp. 210-219.

MURRAY, P.E., 2003. Library patron privacy. Washington DC.: Association of Research Libraries.

NAGALAKSHMI, V., RAMESHBABU, I. and BHASKARI, D.L., 2013. A security mechanism for library management system using low cost RFID tags. Systemics, cybernetics and informatics, 5(1), pp. 92-96.

NGIMWA, P. and ADAMS, A., 2011. Role of policies in collaborative design process for digital libraries within African higher education. Library Hi Tech, 29(4), pp. 678-696.

NICHOLSON, S. and CATHERINE ARNOTT SMITH, 2007. Using lessons from health care to protect the privacy of library users: Guidelines for the de-identification of library data based on HIPAA. Journal of the American Society for Information Science and Technology, 58(8), pp. 1198.

NISO, 2015. Consensus framework to support patron privacy in digital library and information systems (supporting materials).

NISSENBAUM, H., 2011. A contextual approach to privacy online. Daedalus, the Journal of the American Academy of Arts & Sciences, 140(4), pp. 32-48.

NOH, Y., 2016. A comparative study of public libraries’ contribution to digital inclusion in Korea and the United States. Journal of Librarianship and Information Science, .

NOH, Y., 2014. Digital library user privacy: changing librarian viewpoints through education. Library Hi Tech, 32(2),.

O’NEIL, C., 2016. Weapons of math destruction: how big data increases inequality and threatens democracy. UK: Allen Lane.

OZER, N.A. and LYNCH, J.A., 2010. Protecting reader privacy in digital books. Association for the Advancement of Artificial Intelligence Privacy 2010 Symposium, , pp. 136-141.

PAAKKONEN, T., 2016. Increasing availability, data privacy and copyrights of digital content via a pilot project of the National Library of Finland. LIBER quarterly, 26(3), pp. 163-180.

PARISER, E., 2012. The filter bubble: what the internet is hiding from you. London: Penguin.

PECK, R.S., 1999. Libraries, the First Amendment and cyberspace: what you need to know. ALA Editions.

PENNEY, J., 2016. Chilling effects: Online surveillance and wikipedia use.

PICKARD, A.J., 2013. Research methods in information. 2nd edn. London: Facet.

PINNELL-STEPHENS, J., 2012. Protecting intellectual freedom in your public library: scenarios from the front line. American Library Association.

PREDDY, L., 2016. The critical role of the school librarian in digital citizenship education. Knowledge Quest, 44(4),.

PRIMARY RESEARCH GROUP, R.G., 2014. The survey of library database licensing practices. 2014-15 edition. edn. New York, NY]: Primary Research Group, Inc.

REIMAN, J.H., 1995. Driving to the panopticon: a philosophical exploration of the risks to privacy posed by the highway technology of the future. Santa Clara High Technology Law Journal, 11, pp. 27-43.

REZGUI, A., BOUGUETTAYA, A. and ELTOWEISSY, M., 2004. SemWebDL: A privacy-preserving Semantic Web infrastructure for digital libraries. International Journal on Digital Libraries, 4(3), pp. 171-184.

RICHARDS, N., 2015. Intellectual privacy: rethinking civil liberties in the digital age. Oxford University Press.

RICHARDS, N. and HARTZOG, W., 2017. Privacy’s trust gap. Yale Law Journal, (17-02),.

RONI, N.A.M., NAPIAH, M.K.M. and HASSAN, B., 2011. Impact of ICT on privacy and personal data protection in two Malaysian academic libraries. Asia Pacific Conference Library & Information Education & Practice, .

ROTENBERG, M. and AGRE, P.E., 1998. Technology and privacy: the new landscape. MIT Press.

RUBEL, A., 2014. Libraries, electronic resources, and privacy: the case for positive intellectual freedom. Library Quarterly, 84(2), pp. 183-208.

SABISCH, D.A., 2014. Using your library software: What third parties will know about our library customers.

SAEEDNIA, S., 2000. How to maintain both privacy and authentication in digital libraries. International Journal on Digital Libraries, 2(4), pp. 251-258.

SARCHAMI, A. and MOHSENZADEH, F., 2012. Investigating the role of libertarians and information specialists in management of digital libraries in libraries of Islamic Azad university-region seven. International Proceedings of Economics Development & Research, 42, pp. 239-243.

SCHNEIER, B., 2015. Data and Goliath: The hidden battles to collect your data and control your world. WW Norton & Company.

SCHOPFEL, J., 2016. Open access, privacy and human rights. A case study in ethics in library and information sciences education. Perspectives on libraries as institutions of human rights and social justice, 41, pp. 349-371.

SHACHAF, P., 2005. A global perspective on library association codes of ethics. Library & Information Science Research, 27(4), pp. 513-533.

SHULER, J., 2004. Privacy and academic libraries: widening the frame of discussion. Journal of Academic Librarianship, .

SOLOVE, D.J., 2013. Nothing to Hide: The False Tradeoff Between Privacy and Security. New Haven: Yale University Press.

SPEARS, J.L. and ERETE, S.L., “I have nothing to hide; thus nothing to fear”: defining a framework for examining the “Nothing to hide” persona. 2014.

STARK, L., 2016. The emotional context of information privacy. The Information Society, 32(1), pp. 14-27.

STEFANIDIS, K. and TSAKONAS, G., 2015. Integration of library services with internet of thing technologies. code4lib, (30),.

STEVENS, R., BRAVENDER, P. and WITTEVEEN-LANE, C., 2012. Self service holds in libraries: is patron privacy being sacrificed for patron convenience. Reference and User Services Quarterly, 52(1),.

STRAHILEVITZ, L.J., 2005. A social networks theory of privacy. University of Chicago Law Reivew, 72(3),.

STURGES, P., DAVIES, E., DEARNLEY, J., ILIFFE, U. and ET AL, 2003. User privacy in the digital library environment: An investigation of policies and preparedness. Library Management, 24(1/2), pp. 44-50.

STURGES, P., ILIFFE, U. and DEARNLEY, J., 2001. Privacy in the digital library environment.

STURGES, P., TENG, V. and ILIFFE, U., 2001. User privacy in the digital library environment: a matter of concern for information professionals. Library Management, 22(8), pp. 364-370.

SUSSER, D., 2016. Information Privacy and Social Self-Authorship. Techné: Research in Philosophy and Technology, .

SUTLIEFF, L. and CHELIN, J., 2010. `An absolute prerequisite’: The importance of user privacy and trust in maintaining academic freedom at the library. Journal of Librarianship and Information Science, 42(3), pp. 163-177.

TRIPATHI, M. and JAGJEEVAN, V.K., 2015. Analysis of e-resources’ licence agreements: disagreeing for user rights. 10th International CABLIBER 2015, .

TRIPATHI, S. and TRIPATHI, A., 2010. Privacy in libraries: the perspective from India. Library Review, 59(8), pp. 615-623.

TSOMPANAKIS, S., 2014. A discussion and suggestions on ethical barriers in librarianship: information privacy, controversial materials, and personal beliefs. Library Philosophy and Practice, .

WARREN, A., 2002. Right to privacy? The protection of personal data in UK public organisations. New Library World, 103(11), pp. 446-456.

WARREN, S.D. and BRANDEIS, 1890. The right to privacy. Harvard law review, 4(5),.

WESTIN, A.F., 1967. Privacy and freedom. (1st ed.). edn. New York: Atheneum.

WILKES, A.W. and GRANT, S.M., 1995. Confidentiality policies and procedures of the reference departments in Texas academic libraries. RQ, 34(4), pp. 473-485.

WILLEMS, H., 2003. Confidentiality in the school library. In: C. SIMPSON, ed, Ethics in school librarianship: a reader
.
Linworth, pp. 45-63.

WINSLETT, M., CHING, N., JONES, V. and SLEPCHIN, I., 1997. Assuring security and privacy for digital library transactions on the Web: client and server security policies, 1997, pp. 140-151.

WOHLGEMUTH, S., ECHIZEN, I., SONEHARA, N. and MULLER, G., 2010. Tagging disclosures of personal data to third parties to preserve privacy. Berlin: Springer, pp. 241-252.

WOODWARD, J., 2007. What every librarian should know about electronic privacy. Westport, CT.: Libraries Unlimited.

WU, Q., LIU, Q., ZHANG, Y. and WEN, G., 2015. TrackerDetector: a system to detect third-party trackers through machine learning. Computer networks, 91, pp. 164-173.

WYATT, A.M., 2006. Do librarians have an ethical duty to monitor patrons’ internet usage in the public library? Journal of Information Ethics, , pp. 70-79.

ZENG, Y., 2015. On the analysis of library information ethics and the standard construction in the era of big data. Studies in literature and language, 11(4), pp. 25-28.

ZHAO, L., 2008. Protection of library users’ privacy: an analysis of US state laws on the issue. Chinese librarianship: an international electronic journal, (29),.

ZIMERMAN, M., 2010. Technology and privacy erosion in United States libraries: a personal viewpoint. New Library World, 111(1), pp. 7-15.

ZIMMER, M., 2015-last update, Privacy and cloud computing in public libraries: the case of BiblioCommons.

ZIMMER, M., 2014. Librarians’ attitudes regarding information and internet privacy. Library Quarterly, 84(2), pp. 123-151.

ZIMMER, M., 2013a. Assessing the treatment of patron privacy in library 2.0 literature. Information Technology and Libraries, 32(2), pp. 29-41.

ZIMMER, M., 2013b. Patron privacy in the 2.0 era: avoiding the Faustian bargain of library 2.0. Journal of Information Ethics, 22(1), pp. 44-59.

ZITTRAIN, J., 2008. The future of the internet and how to stop it. Penguin Books.

 

 

How many vulnerabilities do library websites have?

In a study by Joanne Kuzma (European digital libraries: web security vulnerabilities. Library Hi Tech, 28(3), 2010, pp. 402-413) a web vulnerability testing tool was used to analyse 80 European library sites in four countries to determine how many security vulnerabilities each had and what were the most common types of problems.

Her analysis showed that the majority of the libraries surveyed had serious security flaws in their web applications. Indeed, the UK accounted for the highest proportion of high level (critical vulnerabilities) and medium level (moderate ranked problems that could pose some risk to web applications) security flaws.

A report by Cenzic (Web application security trends report Q3-Q4,2008) found that nearly 80% of web-related flaws were caused by web application vulnerabilities:

  • Cross site scripting (XSS)
  • Denial of service
  • Structured query language

 

In the WhiteHat security “web applications security statistics report 2016” https://info.whitehatsec.com/rs/675-YBI-674/images/WH-2016-Stats-Report-FINAL.pdf they list vulnerability likelihood by class (in descending order of likelihood). The top ones they listed for 2016 were:

  1. Insufficient transport layer protection (Not all traffic flowing between two endpoints is properly secured, which makes it possible for attackers to perform man-in-the-middle attacks)
  2. Information leakage
  3. Cross site scripting
  4. Content spoofing
  5. Brute force
  6. Cross site request forgery

Kunza holds that systems librarians should monitor security alerts from CERT and immediately install software patches and update their software to defend against attacks.

But should responsibility be placed solely on the systems librarian? It is all very well for librarians to hold privacy as one of their core values if they fail to take account of web security risks, whether through lack of awareness or some other reason.

Library procedures & privacy

I have put together a set of powerpoint slides setting out examples of how privacy impacts upon the work of libraries. The slides cover things like : physical layout of the library; co-location with other services; the procedures relating to self-service holds; the length of time users’ reading histories are retained and more. If you have other examples that I haven’t covered, do by all means get in touch (libraryprivacy @ yandex.com).   practical-examples