Death Threat Woes

Jim Rosaschi jimros at sonoma.lib.ca.us
Mon Oct 27 11:44:27 EST 1997


We DID get a call from the FBI, who said a death threat had been sent to 
the White House from our domain.  The agent I talked with was clear that 
these threats are not infrequent, and that each one is pursued with 
serious intent. 

The agent I spoke with expected complete cooperation, and indicated that in 
the interest of national security, this library should stand ready to 
provide any information which could lead to the identification of the 
guilty party. I think this would have included signup sheets, scanned 
barcode/patron information, or anything else which we might have 
available to us.  When I indicated our policy relative to privacy, I got 
the clear message that if we had information which would be useful, it 
would be our obligation to provide it, and not require court orders or 
other barriers to access.

As it happens, we have anonymous public use text and graphical internet 
access on a combination of dumb tubes and in some ways even dumber PCs 
at about 300 workstations all over our county system.  The authentication 
and reservation system we DO have would not be considered authentication 
by some, just because it is often first names given to us over the phone.

After understanding that we do not have address specific ability to track 
on over 200 workstations (the ones connected through terminal servers), 
the FBI agent felt their efforts in tracking the guilty party on our 
system would likely not result in useful information, from their 
point of view.  He did share with me that they are often able to identify 
individuals guilty of sending threats, and that the punishment is not 
lightweight.

I guess some questions which arise for libraries providing web services, are

  - what kind of records does the library keep on web service users (and 
why);

  - does the library allow use of browser email as a document delivery 
option;

  - do you have a policy on "about:global" or other search history data 
(how long do you keep it, can it be linked to a user, etc.?)

This is an aspect of managing world wide web services in a library that 
should be considered along with other setup, access, and authentication 
policies/procedures.

Jim Rosaschi
Sonoma County Library

On Sat, 25 Oct 1997, Michael Dargan wrote:

> Yesterday morning my ISP informed me that someone using one my library's 
> computers used a form on the Whitehouse website to transmit a death 
> threat to the President.  It appears that we're likely to soon hear from 
> a Secret Service agent who may or may not have some sharp questions for 
> us.  
> 
> Currently we do not authenticate use of our public Internet 
> workstations.  A patron who wishes to use a machine is simply assigned a 
> machine by a librarian.  If we're busy, the librarian asks for a name 
> which is then written on a waiting list.  There's no way for us to tell 
> who used a particular machine three weeks ago at 10:35 a.m.
> 
> How obligated are libraries to keep records of Internet workstation use?  
> Should we be scanning library cards into a spreadsheet and keeping track 
> of times and specific PCs?  How long should such records be kept?  Who's 
> entitled to see them?  
> 
> ---
> Michael J. Dargan                               office: 319 291 4496
> Technical Systems Administrator                    fax: 319 291 6736
> Waterloo and Cedar Falls Public Libraries         Waterloo, IA 50701
> 
> 


More information about the Web4lib mailing list