What Every Librarian Should Know about Electronic Privacy (review)

It is encouraging to see a book about the intersection of privacy issues, a longstanding interest of librarians, with the pervasive use of computers and the Internet as part of modern library operations. It is indisputable, as this author notes, that “computers have totally transformed libraries in recent years” and heartening to hear her testimonial that librarians “have embraced them enthusiastically.” (p. ix) The author, a former academic librarian and accomplished writer on topics related to technology and cyberspace, sends an appropriate cautionary note to the readers to not allow “computers to inadvertently jeopardize the privacy of our users.” (p. ix)

Our sense of privacy is challenged in a world of electronic communication in which bits and bytes are easily captured, leading to temptations to use digital footprints for a variety of purposes. Consequently, this book is a timely resource to educate librarians and library supporters about the challenges and the range of solutions that will allow the maximization of patron privacy. There is no one better than librarians to keep technology staff honest. As the author observes, “Privacy is a cornerstone of our professional ethics. …We have an obligation to protect the privacy of our users as a matter of principle.” (p. xii)

A book about privacy, security, and networked technologies is a challenge to write for a non-technical audience. The author is exceedingly successful, however, in writing a book that is both informative and practical. She writes, “This book is intended to be a practical guide on the issue of electronic privacy in the library.” (p. xiv) She delivers on that promise by providing a comprehensive review of privacy and security implications of computer use in libraries that concludes with two chapters devoted to ready-to-implement safeguards.

The author sets the stage by painting a “Portrait of a Library Computer User” in chapter 1. She reminds us of two important considerations. The first is that the users of library computers, while diverse, are often children and adults who do not have regular access to a computer, thus driving home some of the implications of the so called “digital divide.” Secondly, since library computers are inherently “public” and “shared” by multiple users, the privacy risks are significant, and security challenges in this setting are magnified. She also reminds us that the open nature of libraries makes library computers an attractive resource for criminals, terrorists, and others seeking anonymity for nefarious purposes.

The perceived threat to civil liberties represented by government surveillance is covered in considerable detail in chapter 4 and later in chapter 8, which is devoted to the dilemmas posed by the USA Patriot Act. However, library staff will face their own challenges as they seek to strike the right balance between collecting information for their own internal purposes with the need to destroy it once it is no longer needed. For example, technology staff may maintain computer and network logs that can later provide clues for their own internal investigations into computer misuse. Not surprisingly, the author concludes, “Computer security and privacy protection inevitably go hand-in-hand.” (p. 159)

The emerging compliance frameworks for privacy and security of electronic data refer to the need for administrative, technical, and physical safeguards. Chapter

9, “Protecting Electronic Privacy: A Step-by-Step Plan,” does an outstanding job of describing privacy policies and effective technology solutions, ranging from securing wireless networks to practicing “defense in-depth.” In fact, much of the advice in this chapter contains practical information that the reader could apply to protect computers in the home or staff offices. Chapter 10, “Education and Advocacy,” exposes the reality that, despite best efforts to implement secure technologies, “users repeatedly put themselves in danger”; and librarians have to “protect…users from their own thoughtless actions.” (p. 179) Despite the solid research contained throughout this book, there are some suggested security awareness messages in this chapter that go too far—for example, never access financial information on public computers, never purchase...