Death Threat Woes
Jim Rosaschi
jimros at sonoma.lib.ca.us
Mon Oct 27 11:44:27 EST 1997
We DID get a call from the FBI, who said a death threat had been sent to
the White House from our domain. The agent I talked with was clear that
these threats are not infrequent, and that each one is pursued with
serious intent.
The agent I spoke with expected complete cooperation, and indicated that in
the interest of national security, this library should stand ready to
provide any information which could lead to the identification of the
guilty party. I think this would have included signup sheets, scanned
barcode/patron information, or anything else which we might have
available to us. When I indicated our policy relative to privacy, I got
the clear message that if we had information which would be useful, it
would be our obligation to provide it, and not require court orders or
other barriers to access.
As it happens, we have anonymous public use text and graphical internet
access on a combination of dumb tubes and in some ways even dumber PCs
at about 300 workstations all over our county system. The authentication
and reservation system we DO have would not be considered authentication
by some, just because it is often first names given to us over the phone.
After understanding that we do not have address specific ability to track
on over 200 workstations (the ones connected through terminal servers),
the FBI agent felt their efforts in tracking the guilty party on our
system would likely not result in useful information, from their
point of view. He did share with me that they are often able to identify
individuals guilty of sending threats, and that the punishment is not
lightweight.
I guess some questions which arise for libraries providing web services, are
- what kind of records does the library keep on web service users (and
why);
- does the library allow use of browser email as a document delivery
option;
- do you have a policy on "about:global" or other search history data
(how long do you keep it, can it be linked to a user, etc.?)
This is an aspect of managing world wide web services in a library that
should be considered along with other setup, access, and authentication
policies/procedures.
Jim Rosaschi
Sonoma County Library
On Sat, 25 Oct 1997, Michael Dargan wrote:
> Yesterday morning my ISP informed me that someone using one my library's
> computers used a form on the Whitehouse website to transmit a death
> threat to the President. It appears that we're likely to soon hear from
> a Secret Service agent who may or may not have some sharp questions for
> us.
>
> Currently we do not authenticate use of our public Internet
> workstations. A patron who wishes to use a machine is simply assigned a
> machine by a librarian. If we're busy, the librarian asks for a name
> which is then written on a waiting list. There's no way for us to tell
> who used a particular machine three weeks ago at 10:35 a.m.
>
> How obligated are libraries to keep records of Internet workstation use?
> Should we be scanning library cards into a spreadsheet and keeping track
> of times and specific PCs? How long should such records be kept? Who's
> entitled to see them?
>
> ---
> Michael J. Dargan office: 319 291 4496
> Technical Systems Administrator fax: 319 291 6736
> Waterloo and Cedar Falls Public Libraries Waterloo, IA 50701
>
>
More information about the Web4lib
mailing list