Minow Privacy Libraries

Drop that book and back away slowly…: 

Electronic Privacy Information Center Freedom 2.0 Distributed Democracy Dialogue for a Connected World May 22, 2004 Washington Club Washington, D.C. Drop that book and back away slowly…

Privacy, Libraries, and the Law: 

Privacy, Libraries, and the Law Mary Minow, J.D., A.M.L.S. LibraryLaw.com consult@librarylaw.com Infopeople Webcast Thursday October 21, 2004 12:00 noon to 1:00 p.m.

Housekeeping : 

Housekeeping New interface! HorizonLive is now HorizonWimba Today’s webcast: presentation: 50 minutes Q&A: final 10 minutes Submit your questions via ‘Chat’ during webcast so presenter gets them in time Fill out evaluation during Q&A Don’t wait for Q&A to submit questions Webcast Archives: http://infopeople.org/training/webcasts/archived.html

When to Use Chat: 

When to Use Chat Chat Area There List of Participants There Get help with technical difficulties send message to “HorizonHelp” Ask presenter questions send message to “ALL” Chat with other participants “select name from dropdown list”

Legal Disclaimer: 

Legal Disclaimer Legal information Not legal advice!

Privacy Agenda: 

Privacy Agenda Professional ethics Legal Framework because ethics aren’t enough 3. Library Policies can strengthen user privacy 4. Emerging issues RFID, Biometrics ethics law

National Attention on Library Privacy: 

National Attention on Library Privacy We worship an awesome God in the Blue States, and we don’t like federal agents poking around in our libraries in the Red States. Barak Obama at Democratic National Convention 2004

Still, We Need to Communicate Professional Ethics to Others: 

Still, We Need to Communicate Professional Ethics to Others “County doesn’t understand library’s ethical concerns. They just want to turn over the records.” – library attorney Staff – when hiring Volunteers

Communicating Concerns Not Enough Tell History: 

Communicating Concerns Not Enough Tell History Library Awareness Program

Slide10: 

Librarian Code of Ethics "It is the librarian's obligation to treat as confidential any private information obtained through contact with library patrons.“ 1939

Why Privacy Matters: 

“You’re only as sick as your secrets” Yet research disease, depression, abuse Behave differently when we are watched Why Privacy Matters

Professional Ethics: Anonymity: 

Professional Ethics: Anonymity “When you speak with a librarian, it is similar to speaking with a holy person. …Wild partners could not drag this type of confidence from a librarian.” Eric Kaufman, “Firm Librarians: How They Enrich Your Experience,” New York Law Journal (June 5, 2000).

Anonymity vs. Confidentiality: 

Anonymity vs. Confidentiality Confidentiality Records created Library will not disclose … except under specified circumstances Anonymity No records created No personal information required to use library services

Honor System experiment …is WORKING: 

Honor System experiment …is WORKING depression, drug abuse, sex, contraception Pam Davis, “The honor system: a library encourages kids to take books without checking them out,” School Library Journal, (March 2004).

Law Outweighs Professional Ethics: 

Law Outweighs Professional Ethics ethics LAW

LEGAL FRAMEWORK: 

LEGAL FRAMEWORK Federal, State, Local Laws Records v. Observations Type of Record Request Librarian Suspicion

Federal, State, Local Laws: 

Federal, State, Local Laws Constitution Federal Law State Laws Local laws Library Policies

U.S. Constitution Fourth Amendment quite weak: 

U.S. Constitution Fourth Amendment quite weak allows third parties to reveal user information …even if user believed the information was confidential United States v. Miller, 425 U.S. 435, 443 (1979)

U.S. Constitution First Amendment and the Right to Read: 

See also Susan Nevelow Mart, “The Right to Receive Information,” http://www.aallnet.org/products/2003-11.pdf U.S. Constitution First Amendment and the Right to Read Unconventional ideas might disturb the complacent … but essential if vigorous enlightenment is to triumph over slothful ignorance necessarily protects the right to receive information Martin v. Struthers, 319 U.S. 141, 143 (1943).

U.S. ConstitutionFirst Amendment and Anonymity: 

See also Julie Cohen, A Right to Read Anonymously http://www.law.georgetown.edu/faculty/jec/read_anonymously.pdf U.S. Constitution First Amendment and Anonymity Once the government can demand of a publisher the names of the purchasers … the spectre of a government agent will look over the shoulder of everyone who reads. United States v. Rumely, 345 U.S. 41, 57-58 (1953) (Douglas, J., concurring)

48 State Laws Protect  Library Records: 

48 State Laws Protect Library Records www.ala.org/alaorg/oif/stateprivacylaws.html Hawaii and Kentucky have Atty Gen. opinions

Local Laws, Library Policies: 

Local Laws, Library Policies www.ss.ca.gov/archives/locgov/localgovrm6.pdf Local Government Records Management Guidelines (2004) www.ss.ca.gov/archives/locgov/localgovrm6.pdf Local - Possible record retention laws Library policies May offer greater protection than state law

Slide23: 

Records Documents, writing, recording on any media Observations “plain view” (what’s visible on screen) patron behavior physical descriptions Records vs. Observations

Observations: Dead Body in Library Parking Lot: 

Observations: Dead Body in Library Parking Lot Memphis Public Library Green Plymouth Fury “massive amount of flies” Police found dead body Tennessee v. Rickman, 2002 Tenn. Crim. App. LEXIS 449 (May 17, 2002)

Observations: Tylenol Murders: 

Observations: Tylenol Murders Librarian tipped off FBI

Observations: Library Security Videotapes: 

Observations: Library Security Videotapes Children reported man in bookshelves exposing himself Library security tapes showed man leaning forward in bookshelves Convicted - criminal sexual conduct Minnesota v. Sihler, 2002 Minn. App. LEXIS 376

Slide27: 

Don’t Need Court Order for Observations UCLA Library –manipulating NEI Webworld stock FBI tracked extortion messages –quiet stakeouts Crofton (MD), Falls Church (VA) libraries FBI used “BACK Button” to find embassy addresses SEC v. Aziz Golshani; Tarpon Springs FL, U.S. v. Regan

Slide28: 

Records Documents, writing, recording on any media Observations “plain view” (what’s visible on screen) patron behavior physical descriptions Records vs. Observations Protected by State Law

Slide29: 

Records Documents, writing, recording on any media Observations “plain view” (what’s visible on screen) patron behavior physical descriptions Records vs. Observations Protected by State Law Not Protected by State Law

Types of Record Requests: 

Types of Record Requests Federal Library and Information Center Committee (FLICC) and Family Educational Rights and Privacy Act (FERPA) 20 U.S.C. § 1232g; 34 CFR Part 99 Federal libraries – subject to Privacy Act Schools with federal funds – subject to FERPA confidential “student records” Federal

Videos Protected by Federal Law: 

Videos Protected by Federal Law Video Privacy Protection Act, 18 U.S.C. § 2710 et seq.

State Libraries in California: 

California Civil Code Sect. 1798 et seq. Plus required to set privacy policies per California Govt Code Sect. 11019.9 State Libraries in California Information Practices Act governs state collection of personal info

All Libraries in California:May not display Social Security Numbers : 

All Libraries in California: May not display Social Security Numbers nor embed them on a barcode, chip, etc. www.privacy.ca.gov/recommendations/ssnrecommendations.pdf Calif. Civil Code Sects. 1798.85-1798.86, 1785.11.1, 1785.11.6 and 1786.60

Local Libraries: 

California Govt Code Sect. 6252(d) Local Libraries California Public Records Law requires disclosure of "Public records" - any writing relating to the conduct of the public's business used by any state or local agency regardless of physical form

Incident Reports are Public Records: 

Incident Reports are Public Records Expunge names

“Balancing Test” Exception: 

“Balancing Test” Exception When public interest in confidentiality clearly outweighs the public interest in disclosure Cal. Govt. Code Sect. 6255(a)

Not Protected by Public Records law: Library Registration and Circulation Records: 

Registration records any information which a library requires a patron to provide in order to become eligible to borrow books and other materials California Govt Code Sect. 6267 Must disclose statistical reports of registration and circulation and fine records Circulation records information which identifies the patrons borrowing particular books and other material. Not Protected by Public Records law: Library Registration and Circulation Records

Unclear Status: Reference Records, Online Searches etc.: 

Unclear Status: Reference Records, Online Searches etc. Virtual Reference chats Need to broaden legal definitions

Slide39: 

Administration of the library Consent – Written Order of superior Exceptions ACC California Govt Code Sect. 6267 Court

Court Orders: 

Court Orders Search warrants are court orders Try for delay to get lawyer Immediately executable Subpoenas are not court orders (unless signed by a judge) Gives time to see a lawyer e.g. five days Come back Nov 4 webcast responding to search warrants

What about Parents?: 

What about Parents? 8 states amended laws to give parents access in past three years (Alabama, Florida, Louisiana, Massachusetts, Ohio, South Dakota, West Virginia, Wisconsin) Failed attempts: Alaska, New Hampshire California law: No parental exception

Parents – Technology Solution: 

Parents – Technology Solution User types in PIN to see record Teenager has PIN Parent has PIN

Librarian Suspicion: 

Librarian Suspicion May release electronic communications if Reasonable belief emergency involving immediate death or serious physical injury Sect. 212 Patriot Act, amending ECPA Sect. 2702

Librarian Initiated 9-11: 

Librarian Initiated 9-11 Facts: Sept 15, 2001 Kathleen Hensman, reference librarian, Delray Beach recognized name of patron Talked to library director Called local police; forwarded to FBI

Delray Beach FL Library’s Legal Opinion: Observation: 

Delray Beach FL Library’s Legal Opinion: Observation Legal opinion by library’s lawyers: Recollection not records Records released only after “properly drawn” order

Bottom Line: 

Bottom Line Never respond to informal request for user records Local libraries – user records private unless court order Search warrant – on the spot Subpoena – date to respond

POLICIES: 

POLICIES Notice & Openness Choice & Consent Access by Users Data Integrity & Security Enforcement & Redress tinyurl.com/32xhc American Library Association Model Library Privacy Policy

Notice & Openness: 

Notice & Openness Post personal information-gathering policies where stored, how long, who has access, how used e.g. User Registration Circulation Internet Sign-ups

Disclosure to Patrons Santa Cruz: 

Disclosure to Patrons Santa Cruz

Choice and Consent: 

Choice and Consent OPT-IN *Registration Form* Permission to share with Friends Offer Anonymity On-site database use Internet use Virtual reference

Anonymous Internet Useat SOME LIBRARIES: 

Anonymous Internet Use at SOME LIBRARIES Anonymous when No sign-ups Paper sign-ups “Mickey Mouse” Automated sign-ups “guest cards”

Anonymous Internet Useat SOME LIBRARIES: 

Anonymous Internet Use at SOME LIBRARIES Anonymous when No sign-ups Paper sign-ups “Mickey Mouse” Automated sign-ups “guest cards” Librarians can still be called to testify Surveillance Cameras

Virtual Reference: 

Virtual Reference Many more records Or GREATER anonymity?

Paul Neuhaus – Chart on Virtual Reference Software Privacy Features :>: 

www.library.cmu.edu/People/neuhaus/software.html Paul Neuhaus – Chart on Virtual Reference Software Privacy Features :>

Access by Users: 

Access by Users Personally identifiable information Addresses, circulation records, fines, blocks… User has PIN

Data Integrity & Security : 

Data Integrity & Security Integrity use only reputable sources destroy old data or strip PII Shared Data (Consortia, Collection Agencies): Arrangements include confidentiality policies ensure timely corrections, deletions Security – Block unauthorized access – Avoid social security PIN's

Destroy Records When No Longer Needed: 

Destroy Records When No Longer Needed PUT RECORD RETENTION POLICY IN WRITING

Remote Databases  Need Authentication: 

Remote Databases Need Authentication

Privacy Guidelines for VENDORS: 

Privacy Guidelines for VENDORS International Coalition of Library Consortia 2002 (ICOLC) PUBLISHER will not disclose information about any user … without permission of user, except as required by law. www.library.yale.edu/consortia/2002privacyguidelines.html

Solution: Shibboleth?: 

Solution: Shibboleth? Authenticate Let pass through without attaching PII

Enforcement & Redress : 

Enforcement & Redress Regular privacy audits Procedure for complaints Training

Further Resources on Privacy Policies: 

Further Resources on Privacy Policies For Librarians and Libraries | American Library Basics | Developing a Confidentiality Policy | State Statutes on Library Confidentiality | Privacy Resources for Librarians, Library Patrons, and Families | ALA Policies and Guidelines | Access to Electronic Information, Services, and Networks | Questions and Answers: Access to Electronic Information, Services, and Networks | Code of Ethics | Freedom to Read Statement | Freedom to View Statement | Library Bill of Rights | Policy concerning Confidentiality of Personally Identifiable Information about Library Users | Policy on Confidentiality of Library Records | Suggested Procedures for Implementing Policy on Confidentiality of Library Records | Privacy: An Interpretation of the Library Bill of Rights Privacy: An Interpretation of the Library Bill of Rights  Questions and Answers on Privacy and Confidentiality Privacy Tool Kit Privacy Tool Kit www.ala.org/privacy - then click “privacy resources”

EMERGING TechnologySelf Check, RFID, Biometrics, Keyloggers: 

EMERGING Technology Self Check, RFID, Biometrics, Keyloggers Privacy enhancing IF Patron information is not seen by all

RIFD – Follow that Koran?: 

RIFD – Follow that Koran? Tiny tags report data by radio Less staff Privacy concerns galecia.com/included/docs/rfid_position_paper_rev2.pdf

Beware of Key Loggers: 

Beware of Key Loggers Thieves go to public terminals to scour for user info in cache Automatic log out Now: watch out for keyloggers that capture every key stroke http://www.amecisco.com/keylogger.after.jpg

Biometrics: Fingerprints: 

www.buffalolib.org/events/touchngo.asp Biometrics: Fingerprints Micro Librarian Systems IdentiKit in U.K. Retinal scans at Venerable Bede Church of England Aided School

Slide68: 

http://www.smartid.gov.hk/en/library/index.html Hong Kong smart card with thumb prints immigration status Optional: use as library card

Slide69: 

www.ala.org/ala/washoff/WOissues/civilliberties/privacy/privacyrelated.htm

Further Resources: 

Further Resources American Library Association Privacy and Confidentiality http://tinyurl.com/3oun4 Office for Intellectual Freedom. Call if FBI visits. Just say “I need to speak with an attorney” 1-800-545-2433 ext. 4223

Library Privacy Audits and Search Warrants: Preparing for Inquiries into User Records : 

Library Privacy Audits and Search Warrants: Preparing for Inquiries into User Records Karen Coyle and Mary Minow Infopeople Webcast Thursday November 4, 2004 12 noon – 1 p.m.