[Web4lib] Public computers & security of personal info

Karen Coyle kcoyle at kcoyle.net
Thu Oct 27 15:00:52 EDT 2005


I don't see a difference in security between someone using a library 
computer and that same someone using a home computer. The security is 
part of the end-to-end connection (i.e. https) and that should be the 
same regardless of where the computer is located, unless you feel that 
your library's server is not well-secured (but if it isn't, it should 
be). There could be differences in *privacy*, however, depending on how 
you manage those computers, e.g. if people don't close down the browser 
as they leave or if your setup doesn't eliminate caches and cookies on 
browser close-down. If the library's setup does do this kind of cleanup 
between users, then the library users actually have better privacy than 
they do at home, where data tends to stay on the computer for a longer time.

My guess is that your policy dates from the years when people were just 
beginning to use the web for things like shopping and filing their 
taxes, and there were concerns about security. Although the web isn't 
100% secure, I think that most of us feel comfortable sending in our tax 
returns and applying for government services online. It would seem 
reasonable to me that people should be able to use the library's 
computers for these activities.

kc

Alan Stewart wrote:

>(Cross-posted to PUBLIB, WEB4LIB, LITA-L, and the ULC Digital Managers
>Discussion Group.  Please forgive duplication.)
>
>Like many public libraries, the Memphis Public Library and Information
>Center has a formal policy discouraging customers from using our public
>PCs to disclose personal information over the Internet.  Our policy
>says: "The library is not responsible for any liability that may occur
>as a result of the disclosure of financial or other personal information
>over the library's public computer services. Users should be aware that
>use of public computers is not a secure medium and that third parties
>may be able to obtain information regarding user's activities."  In
>practice, we know that customers do online shopping, file their taxes,
>complete job applications, and so on using our computers, and if they
>need staff assistance while doing these tasks, we don't deny it to them;
>but our official stance has been not to promote this kind of use.
>
>We found ourselves relaxing on this position during the recent hurricane
>disasters.  Like many libraries, we offered our PCs to hurricane
>evacuees who needed to file their FEMA aid applications as soon as
>possible.  Not only did we provide the computers, but we made a special
>effort to promote this service to local emergency responders and to the
>news media.  Staff created guides to help evacuees navigate the FEMA web
>site and successfully complete the online form.  No one thought too much
>about the inconsistency with our computer usage policy - after all, this
>was an emergency situation.
>
>Now, we are beginning to worry if we have let the genie out of the
>bottle.  In the last few weeks, our staff has been asked by local human
>services agencies about the possibility of library computers being used
>by seniors to apply online for Medicare Part D before the December 31
>deadline.  In addition, at a recent local conference, a judge suggested
>that individuals needing to complete a credit counseling briefing before
>filing for bankruptcy under the new federal law could use public library
>computers to do this online.
>
>All of this raises some questions for us:
>
>Do we need to revisit our policy regarding public library computer
>usage?  Are our concerns over security overstated?
>
>If our concerns are valid, how do we deal with the demonstrated need for
>public computers that people can use to *securely* transmit personal
>information as a requisite to receiving critical services?
>
>We are very interested in learning if some of our colleagues are facing
>similar questions, and what decisions you may have reached.
>
>Thank you,
>
>Alan Stewart
>Electronic Services Coordinator
>Memphis Public Library & Information Center
>3030 Poplar Ave.
>Memphis, TN 38111
>phone: (901) 415-2856
>fax: (901) 323-7108
>e-mail: stewarta at memphislibrary.org
>
>_______________________________________________
>Web4lib mailing list
>Web4lib at webjunction.org
>http://lists.webjunction.org/web4lib/
>
>
>  
>

-- 
-----------------------------------
Karen Coyle / Digital Library Consultant
kcoyle at kcoyle.net http://www.kcoyle.net
ph.: 510-540-7596
fx.: 510-848-3913
mo.: 510-435-8234
------------------------------------



More information about the Web4lib mailing list