[WEB4LIB] Does Your Library Use SSL to Protect Patron Data?

Mark Pecaut pecautm at missouri.edu
Tue Apr 10 09:17:42 EDT 2001 

On Mon, Apr 09, 2001 at 07:15:12PM -0700, Richard Wiggins wrote:
> 
> IMHO, it's great and good to protect your patrons' transmission of 
> confidential information to your servers.  In practice, I believe 
> for most patrons, the real risk of interception of that information 
> is extremely low -- in most cases, practically nil.  If the patron 
> is dialing into an ISP, I simply refuse to believe that there are 
> people at that ISP, or at the intervening networks between the ISP 
> and the library, intercepting traffic.

It doesn't have to be someone at the ISP.  If someone breaks into an
ISP's computer they could install a packet sniffer and get information 
from there.  Many ISPs don't know anything about security.

> 
> Where there is a risk of interception is where Internet pipes are 
> shared in a way susceptible to sniffing.  Potentially, patrons 
> entering confidential information at a cybercafe, or in a public lab 
> in a university, or over an office LAN, might have their information 
> intercepted.  So that's why it's worth doing SSL.  (Though I think 
> any sniffers probably seek credit card numbers, not library transaction 
> data.)

Yes, but it is not just about protecting against likely threats.  People
don't think about it too much, but they trust the library to guard their
privacy.  We destroy checkout information regularly, but we don't do anything
to protect Social Security Number transmissions on the wire.  This is stupid.
It is not very likely that someone would try to get previous checkout records 
from us, but we still destroy those records.   But why aren't we protecting
the SSNs?

> But the real question is, what do you do to secure the information on 
> your servers?  This is where real compromises of privacy occur.  

This is true, but it is more likely to get attention from the system
administrator.  Why?  Because a breakin is embarassing for the system 
administrator, while someone harvesting private data via packet sniffing 
isn't.  

> There have been a dozen or more stories of real breakins to back-end 
> servers, where thousands of private records, including credit card numbers, 
> have been compromised.  C'mon, when was the last time you read a news story 
> about a SINGLE instance of someone sniffing private information during 
> transmission between end user Web browser and remote e-commerce server?  

But we really have no way of knowing, do we?  This is why the threat is 
easy to ignore - it is impossible to know if someone has stolen the information
on the wire because there is little or no evidence it has been stolen.  Smart 
crackers will always leave some kind of evidence behind during a system breakin, 
but even the stupidest of packet sniffers leaves virtually zero evidence about 
their activities.

> So ask not if the Internet is secure, ask if your servers are secure. 

People aren't asking either question because it is too hard.  Very sad.
I agree that priority should be given to secure your own systems, but
both deserve attention, especially from a trusted institution like a
library.

-Mark

More information about the Web4lib mailing list