[Web4lib] FW: [DIG_REF] IM & Security

Mon Jan 30 17:03:59 EST 2006

> I am curious how the word security is used here. Is Andrea's library
> planning to host the server Jabber etc.,? In this case then the
> concern is warranted *IF* and only if they do not have a good system
> administrator.  If not then I am really confused. Is the concern that
> the use of IM might compromise their network. How is that different
> from any software (including web based chat) that is not kept
> current? Are they allowed to install any other software on these
> computers? Is this how the word "security" is used?
>

Without trying to hard to second-guess Andrea's network operating
environment, one reason I forwarded this post from DIG_REF is that I've
*frequently* heard this statement used to justify...

1. Not installing IM clients on staff workstations (let alone promoting IM
between library users and library staff)
2. Purchasing specialized virtual reference (VR) software
3. Not allowing IM on personal laptops brought into the library (e.g. I've
been blocked on more than one public library wifi network, using *my*
computer, as if I could do the library damage from my IM client)

I've heard it from state library networks; I've heard it from individual
librarians; I've heard it fly here and there. (I've also heard it in
reference to Skype, where it could be more justified--though I gotta say,
luv that skype.)

I just felt like this was a good time to "press to test" on this issue. I
have done a lot of one-on-one virtual training where I work, because we HAVE
no facility. IM for us is as natural as breathing. I could not work without
IM. (I also like it for family, friends, etc. But I *need* it for work.) 

I cannot tell you how often I have had to make convoluted arrangements (or
simply given up) because a librarian cannot use IM at work because the
client is not installed and the librarian tells me that "IT" says it is not
allowed *due to security.* 

I also am a bit concerned how often major product decisions are driven,
sometimes at very high levels, by "because we can't install IM." 

I am also concerned that far too many librarians are unfamiliar or
uncomfortable with IM because they aren't allowed to be exposed to it in a
work setting. (I mean, think of all the damage you can do with one of those
rods that run through card-catalog drawers. You could kill someone...)

> Or do we *also* mean the integrity of logs generated by Trillian or
> <insert preferred chat client>?

Nope. Not really. I mean, that might be a concern, but that's not part of
the justification. 

My cow-manure flag pops way up on this one every time I hear this, and I
thought it would make a good thread to take off the service/reference lists
and pose to the wise and wonderful Web4Lib and LITA gearheads. 

Karen G. Schneider
kgs at bluehighways.com
AIM/Skype: liichief