[Web4lib] [web4lib] survey on library website third partyanalytics privacy concerns

Robert L. Balliot rballiot at oceanstatelibrarian.com
Wed Aug 25 08:35:00 EDT 2010


Andrew,

Libraries cannot protect the privacy of people, other than within their own
networks.  Even then, unscrupulous people can and will use the information
in library networks.  In Rhode Island, a public library employee used
circulation data for identity theft.  That was certainly illegal and a
violation of laws including privacy.  

Having a law is irrelevant to the actual risk of having personal information
compromised, because people break the law and the Internet is not secure. I
did not 'blithely' dismiss anything. An educated consumer who understands
the risk is much safer than one who trusts in the system to manage their
risk for them.

*************************************************
Robert L. Balliot
Skype: RBalliot
Bristol, Rhode Island
http://oceanstatelibrarian.com/contact.htm
*************************************************

-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Mutch, Andrew
Sent: Wednesday, August 25, 2010 8:10 AM
To: web4lib at webjunction.org
Subject: Re: [Web4lib] [web4lib] survey on library website third
partyanalytics privacy concerns

I know in Michigan that libraries have a legal obligation to protect
patron privacy particularly when it comes to information that the
library collects related to patron usage of the library systems. I don't
know the privacy laws in other states but libraries in Michigan don't
have the luxury of blithely dismissing such concerns and claiming that
it's the user's responsibility to ensure the privacy of their data. 

Andrew Mutch
Library Systems Technician
Waterford Township Public Library
Waterford, MI

-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Robert Balliot
Sent: Wednesday, August 25, 2010 8:04 AM
To: David Kane
Cc: web4lib at webjunction.org
Subject: Re: [Web4lib] [web4lib] survey on library website third party
analytics privacy concerns

There is no privacy on the Internet.  You might be able to use
Tor<http://www.torproject.org/> to orchestrate a certain level of
anonymity and use encryption and https to hide information in transit,
but you can't have a reasonable expectation that using a Library website
is private other than it being somewhat private within a library
network.

Given the proliferation of personal information on social network sites,
many users have seemed to value their immediate social status much more
highly than their privacy. The burden is on the user.

R. Balliot
http://oceanstatelibrarian.com


On Wed, Aug 25, 2010 at 4:09 AM, David Kane <dkane at wit.ie> wrote:

> Libraries knowing your IP address is one thing.  I don't think that 
> this is a serious issue because no librarian I know is going to pore 
> over reams of IP addresses to try and connect particular real 
> individuals to possible book crimes.
>
> However, Google analytics works in such a way as to make it possible 
> for individual users to be tracked across all sites that use Google 
> analytics.  If those users also have Google accounts, as many do, then

> suddenly Google is going to know a lot about you, as an individual.
> Using something else would remove any significant privacy concerns 
> that I might have about this.  One such program might  be AWstats, 
> which analyses the server log files.
>
> David.
>
> On 25 August 2010 00:12, Brian Tingle 
> <brian.tingle.cdlib.org at gmail.com>
> wrote:
> > |There are a number of references to 'privacy concerns' in some of 
> > |the responses.
> > |
> > |Do these concerns have any validity, or to they arise from 
> > |uncertainty and insufficient understanding of the technologies used

> > |to gather these data?
> >
> > I think that is an open question.  Like most things, there are trade
> offs.
> >
> > As I understand it, German law considers IP addresses to be 
> > personally identifying information, and .de web site operators are 
> > not allowed to track this.
> >
> >
> http://dees-club.com/google-analytics-german-privacy-paid-analytics-to
> ols/
> >
> > My libraries' current interpretation of privacy policy categorizes 
> > IP addresses as personally identifying information.
> >
> > Even if no personally identifying information is logged, research 
> > suggests that with enough data tied to a specific yet not personally

> > identified user such as with the cookies used by google analytics, 
> > data can be de-anonymized
> >
> > http://en.wikipedia.org/wiki/AOL_search_data_scandal
> >
> http://www.wired.com/politics/security/commentary/securitymatters/2007
> /12/securitymatters_1213
> >
> > I think it is important that a) library privacy policies clearly 
> > indicate the use of google analytics on their websites and b) make 
> > it clear to end users that they may opt-out of behavioral tracking
> >
> > http://tools.google.com/dlpage/gaoptout?hl=en
> >
> > I've put in a proposal to have a discussion on this topic at the 
> > Digital Library Federation Fall Forum.
> >
> > -- Brian
> >
> >
> > _______________________________________________
> > Web4lib mailing list
> > Web4lib at webjunction.org
> > http://lists.webjunction.org/web4lib/
> >
> >
>
>
>
> --
> David Kane, MLIS.
> Systems Librarian
> Waterford Institute of Technology
> Ireland
> http://library.wit.ie/
> T: ++353.51302838
> M: ++353.876693212
>
>
> _______________________________________________
>  Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
>
_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/



_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/







More information about the Web4lib mailing list