[WEB4LIB] Re: Privacy, the USA Patriot Act,electronic

[Dan Lester]

Tuesday, July 30, 2002, 8:16:04 AM, you wrote:
KH> I think we (librarians and IT people in libraries) may have a false
KH> sense of security regarding our library circulation systems

I don't think we really do have any false sense of security.  At least
anyone who's been doing this kind of work for more than a couple of
years and has kept his/her eyes/ears open doesn't.

KH> (aka ILS
KH> (Integrated Library Systems)).  Connections are maintained in all
KH> systems while the item is checked out.

Of course they are.  They have to be.

KH> We really don't have a pragmatic
KH> solution to this, given we need to maintain our collection.  But
KH> remember, backup tapes are maintained, sometimes for beyond 30 days,
KH> which can be requested (or demanded) by authorities.

Absolutely.
 
KH> And people are getting better at recovering tapes that have been
KH> overwritten, "cleared", etc.  Our systems are vulnerable to the
KH> authorities. Whether we should change our procedures and systems for
KH> this protection and open ourselves to risks (such as systems crashing
KH> with no backup) is a something that I have not seen debated much.

I doubt that there are many administrators (library administrators,
not just system administrators) who would be willing to go without
backups because they might on the off chance protect the privacy of
some person.  I also doubt many of us would be doing security
overwrites or security erases for this same reason.
 
KH> And then there are other systems that record usage, sometimes even more
KH> personal info than our ILS. What about those Internet usage logs? A
KH> person who signs in to use a computer can be (theoretically) traced to
KH> what sites he/she visited, by matching ISP logs with the times the user
KH> was at that computer.

That's one of many reasons why some of us don't require logins. When
you have a real problem you can still deal with it.  I had a kiddie
porn viewer taken away in handcuffs last year.  He's still in jail.
The deputy observed the guy using machine E12 for a period of time,
and my proxy server logs for that time period confirmed what he was
viewing.  End of story.  (All of our public machines run through proxy
server for several reasons, this being just one of them)

KH> Privacy is a major concern for librarians, and I am quite proud of the
KH> debate and discussion that does occur, as well as the efforts that my
KH> peers take to protect our clients.  I just don't want us to feel
KH> satisfied with our ILS simply because it breaks the link at a certain
KH> point in time.

As you and others have noted, nothing is perfect.  We'll never see the
perfect system.  Plus, the perfect system for you and me might not be
the same perfect system for the FBI or CIA or whoever else.

cheers

dan


-- 
Dan Lester, Data Wrangler  dan at RiverOfData.com 208-283-7711
3577 East Pecan, Boise, Idaho  83716-7115 USA
www.riverofdata.com  www.gailndan.com  Stop Global Whining!