[Web4lib] IM Security

TUCKER-RAYMOND Caleb calebt at multcolib.org
Tue Mar 6 19:08:58 EST 2007


Hi,

I wanted to follow up on Ilana Kingsley's concerns, since I share them.

Just as it is the IT staff's responsibility to find a way to deploy the
services we want to provide, it's the library's responsibility to find a
way to provide those services in a way that encourages open inquiry,
which includes ensuring patron privacy (whether they ask for it or not).

AOL spokespeople say, "It would be very costly, and we have no desire to
record all IM traffic. We don't do it."
(http://journals.aol.com/juberti/runningman/entries/2005/03/14/aim-priva
cy-and-slashdot/128) 

They also say that they work with law enforcement on "... every
imaginable classification of traditional crimes, from murder to the
whole scope of criminal behavior, because AOL was used to communicate or
there is some trace evidence" ("Increasingly, Internet's Data Trail
Leads to Court", Saul Hansell.  New York Times. New York, N.Y.: Feb 4,
2006.)

The "bottom line" is that connecting to the library through commercial
services does not guarantee the same freedom of inquiry that
face-to-face library services are supposed to. 

I'll bet you my lucky socks that sometime, somebody somewhere is
sniffing your packets, so this problem isn't specific to IM, but there
are a few IM-specific things that libraries can do about it:

 ~ offer (but not demand) encrypted services
 ~ steer conversations heading towards personal information in another
direction
 ~ talk to patrons using IM about privacy
 ~ if personal information gets sent, be okay with that

e.g. "Before you give me your card number, I want to give you the option
of calling me over the phone..."

Caleb T-R

(503) 988-5438
calebt at multcolib.org
AIM/Y!: calebMCL
www.oregonlibraries.net






> -----Original Message-----
> From: web4lib-bounces at webjunction.org 
> [mailto:web4lib-bounces at webjunction.org] On Behalf Of Ilana Kingsley
> Sent: Tuesday, March 06, 2007 10:34 AM
> To: web4lib at webjunction.org
> Subject: Re: [Web4lib] IM Security
> 
> 
> Here's a different view of IM Security....using AOL, Yahoo, 
> MSN, Google, 
> etc. for chat is insecure in that
> 
> a) data are not encrypted....so you'll 
> have the occasional student or librarian who posts personal 
> ID information 
> (e.g., social security #, Univ. ID #)
> 
> b) who owns the data? If you're chatting with Yahoo-- then does Yahoo 
> archive whatever is being transmitted?
> 
> It seems just safer to use Jabber, Rakim, or some other Chat software 
> installed on your own server.
> 
> --Ilana
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
> 


More information about the Web4lib mailing list