Rethinking Privacy in the Public Library

Abstract

The past decade has seen the library privacy debate become a kind of ongoing dialogue which endlessly reiterates the prevailing issues of the past — government surveillance and national security — and failing to adjust to the way that changing values and economic forces are redefining privacy. The danger is that by failing to come to terms with the changing nature of privacy, the library community could find itself without a voice. By accepting the existence of new privacy threats within the institution, it becomes possible to see an important new role for librarians.

Introduction

Library privacy is an issue that periodically captures the attention of the media and information professionals. These periods of interest most often correspond to some political or criminal sensation, whether it be the FBI’s Library Awareness Progra[1] or the investigation of the Unabomber’s library visits.[2] It is inevitable that privacy issues again become a topic of discussion within the library community with the current preoccupation with information privacy matters rising from the mass popularity of the World Wide Web and the proliferation of e-commerce. In this paper, I will brie£y discuss the challenge presented to the 21st century library by the evolving nature of privacy concerns.

Public libraries have occupied an important role in American society for over a century. They have long promoted values that are fundamental to a democratic society by offering unrestricted access to essential tools for informed participation in the political process and articulating intellectual freedom.[3] In courts the public library has been recognized as a ‘‘quintessential locus’’ for access to ‘‘the discussion, debate and the dissemination of information and ideas’’ that is guaranteed by the First Amendment to the United States Constitution.[4] Public libraries further fulfill an essential social role by providing public space which serves ‘‘as safe havens for private re£ection and as meeting places for community functions’’.[5]

The concept of privacy is an important one in most discussions of modern life, yet there is little agreement as to what it actually means. Much of the current understanding of privacy developed from a collection of legal judgments combined with philosophers attempts to illuminate what a right to privacy can and should mean.[6] What once dealt primarily with concerns of personal autonomy and the right to be left alone has become part of the economic and technological fabric of contemporary society.

In both law and ethics, privacy is an umbrella term for a wide variety of agendas and interests. A useful typology of privacy concerns is offered by Roger Clarke,[7] which includes:

• privacy of the person which deals with integrity of the individual’s body;

• privacy of personal behavior which relates to sensitive aspects of individual behavior in private and in public places;

• privacy of personal communications addresses the right to communicate, using various media, without routine monitoring of their communications by others; and

• privacy of personal data which addresses whether data about individuals is available to other individuals and organizations, and whether the individual has control over the data and its use.

It is the final two types of privacy that are of particular relevance to the public library.

Privacy and the Public Library

In the library setting, privacy has traditionally refered to the confidentiality of circulation records and other personal information related to patrons, such as the nature of the patron reference questions, and even the materials that are entrusted to libraries by individuals and intended for use by others. In its broadest terms, library privacy has been defined as: ‘‘the ability to keep personal information from others, whether it be one’s thoughts, feelings, beliefs, fears, plans or fantasies, and the control over it and when this information can be shared with others’’.[8]

Library culture has embraced and espoused the philosophy that: ‘‘it’s nobody’s business what you read or .. . what use you make of the library, whether it’s materials or services or facilities’’.[9] History, however, serves as the best introduction to the pragmatic meaning and significance of privacy in libraries. In a series of incidents between 1968 and 1990, government forces justified invasions of privacy in the library under the rubric of national security.

Privacy first emerged as an explosive library issue in the late 1960s when a series of con£icts between law enforcement agencies and librarians set the stage for the American Library Association’s (ALA) development of its first library privacy policy. The first major movement towards in library privacy took place in the aftermath of the Democratic National Convention in Chicago in 1968. In nationwide investigations of radicals and counterculture organizations, United States treasury and FBI agents examined circulation records in several academic and public libraries. Outrage and confusion on the part of librarians and library advocates led the ALA to draft its first privacy statement. The 1970 ‘‘Policy on Confidentiality of Library Records’’ addressed the growing number of attempts by US law enforcement agencies to examine patrons’ library records as part of their investigations.[10]

In the 1980s libraries once again became sites of government surveillance. In a program known as the ‘‘Library Awareness Program’’, (LAP) the FBI began systematically monitoring the behavior of foreigners in public and research libraries.[11] The program was harshly criticized as an unwarranted government intrusion upon personal privacy and a threat to the First Amendment rights of patrons’ free access to information.[12] Librarians across the country also condemned the program for its ‘‘chilling effect” on library patrons: those who fear that they are under surveillance cannot exercise their Constitutional right to gather information there for their free use. Simply put, if people could not use the library because of fear, they would be denied free access.

Realizing the relative powerlessness of professional policies, the ALA and several other professional organizations attempted to work with congress to establish a federal act protecting privacy in the library.[13] With the failure of the act, librarians began to lobby their state legislatures to enact statutes to protect the confidentiality of library users.[14] The first state law was passed by Florida in 1978 and by 1995 49 states and the District of Columbia provided some type of privacy protection to library patrons.[15]

What is notable about the laws and policy statements concerning library privacy is how much of it is directed at protecting libraries and library patrons from abuse committed in the name of national security. Library privacy policy emerged as a reaction to external threats and in response to a vision of the federal government as an omnipotent collector of personal information.

Such a reaction was in keeping with the attitudes towards privacy protection in the 1970s and 1980s when the primary privacy fears were related to excessive and unwarranted accumulation of personal information by the government.[16] Many of the existing privacy laws were intended to protect individuals from the kind of scrutiny that could result from combining data from a variety of sources maintained by government databases, such as health, education, welfare, taxation and licensing, and financial data.[17] It was believed that if people could be monitored through their data, data surveillance provides an economically e/cient means of exercising control over the behavior of individuals and societies.[18]

The New Public Library

Over the past decade, the role of libraries has come under scrutiny as familiar notions of individuality and community have been challenged. It has become a truism to discuss how technology has transformed the library. It is in fact more accurate to say that new information technologies have revolutionized information access, blurring the boundaries between actual library collections and the information stored beyond its walls. The growth of electronic information technologies has challenged the library’s role and resulted in considerable instability and uncertainty among librarians as they have been forced to redefine and restructure library service, and in the process, the library itself.[19]

Most libraries in the United States are now connected to the Internet.[20] The Internet contains an ever-expanding array of information and misinformation. Many librarians are at the front lines of technology training, educating new computer users in search-techniques and helping them evaluate the relevance and validity of on-line information.[21]

As libraries struggle to define their role in the face of these technological advances, numerous questions arise concerning the risks and benefits of Internet use, particularly in helping patrons to use the medium wisely. It is increasingly essential that libraries establish policies that are consistent with First Amendment values. While such policies must touch on issues ranging from access to intellectual property rights, one of the most problematic and misunderstood areas is once again that of privacy.

New Privacy Issues

The phenomenal growth in Internet use has led to a myriad of opportunities for data collection and just as many potential uses for personal data in an unregulated world of Internet commerce. Government resources and government regulated industries are no longer the major collectors and potential abusers of personal information.[22]

When using the Internet, there is an assumption of anonymity, more so than in the physical world where an individual may be observed by others. But because the Internet generates an elaborate trail of data detailing every stop a person makes on the Web, this transactional data can provide a “profile” of an individual’s on-line life.[23]

At a time when more Americans from all backgrounds are using the Internet, the degree of on-line privacy is increasingly dependant on a confusing technical infrastructure. The result is that users are unknowingly surrendering their privacy interests. In the on-line realm, much of digital reality is constructed through the setting of technical standards. Lawrence Lessig uses the term ‘‘code’’ to refer to the underlying infrastructure of cyberspace.[24] Code, as it is now set, limits individual options on accessing on-line information without the voluntary and often unknowing surrender of personal details. Individual ability to exercise any rights has been overwhelmed by the complexities of technology; understanding the meaning of ‘‘code’’ for one’s privacy interests involves comprehending the presence and implications of technical infrastructure as ‘‘cookies’’ and the price of such innocuous actions as surrendering an e-mail address for entry to a web-site.[25]

The increased collection of personal data is part of the growing market in personal information. Because it is largely self-regulated, the on-line industry has little incentive to provide clear and detailed information about individual rights and personal data use.[26] User ignorance works to the benefit of the industries that construct code and profit by it in their business endeavors. The resulting technological naivete creates a climate ripe for privacy abuse by information hungry corporations. There is abundant evidence of the vast market for personal data, whether through personalized search engines and ‘‘portals’’, the pervasive use of ‘‘cookies’’, or the recent controversies by companies such as Doubleclick or Intel to stamp each computer and ultimately each individual with a unique and traceable identity in cyberspace.[27]

To an even greater degree, users are likely to know little or nothing about the circumstances under which personal information is captured, sold, or processed. The greatest difference, however, is that this information is surrendered voluntarily not to government record keepers but to on-line commercial service providers. Personal data use in cyberspace increasingly is structured around an unenforceable process of consent that often leads individuals into making uninformed, involuntary gifts of personal information.[28]

New Library Privacy Issues

The origins of privacy debate in libraries originate from two issues: computer technology and government surveillance of subversive behavior. Each issue was responsible for public and professional anxiety, leading to calls for privacy policies. Both issues have been transformed and distorted with time, so that the remnants of the issues remain alive, but the attempted solutions need to be radically reconsidered.

Library circulation systems have been described as social surveillance systems in which ‘‘[i]nformation on an individual’s past is held in a central place and can be called up anytime. Technology now enables one to query the computer concerning the past performance of any patron within a few seconds’’.[29] The power of a circulation system pales beside many new on-line information systems. Libraries now provide potential access not only to circulation records, but also to a veritable smorgasbord of on-line search systems, Internet usage data, and electronic reference records. The key difference is that, unlike information collected through circulation records, much of this information is collected without librarian knowledge or control. Technology has led the library to unwittingly accumulate the same fragments of information from a plentitude of new sources. The new collector of these personal fragments is not the federal government and the new mode of collection does not come from library records or from covert investigations. It comes from within the very tools embraced by all for information gathering and entertainment. And it is the vessels for these companies, the networked computer, that are at the heart of the new public library.

The past decade has seen the library privacy debate become a kind of ongoing dialogue which endlessly reiterates the prevailing issues of the past — government surveillance and national security — and failing to adjust to changing values and economic forces. As public concern and government reaction picks up, the danger is that by failing to come to terms with the changing nature of privacy, the library community could find itself without a voice.

Conclusion: New Roles for Librarians

As a public institution that must embrace traditional democratic values and embrace new technology, the public library is particularly in need of a pragmatic understanding of privacy protection. It is the shifting nature of privacy that makes it so important and yet so problematic within a library setting.

The Internet is at once a public good and a public threat. This duality lies behind the tensions that exist in establishing a functional library privacy policy. Privacy is no longer threatened by looming external forces; it has become something inexorably interconnected to the modern library and the very information and communication systems which now play an essential role in libraries are the very systems which threaten to undermine individual privacy.

A workable library privacy policy must embrace contradictions: there exists a ‘‘fundamental con£ict between society’s need for information of many kinds and the individuals right to privacy protection".[30] Many of the tools that exist for the public good are also public threats.

Privacy protection comprises a complex of legal, organizational and technological features, that together implement a complex balance among con£icting interests, and re£ect a value system.[31] The establishment of detailed, operational rules about privacy protection is a di/cult exercise in a context of rapid technological change. Howard Besser argues that the evolution of the library calls for librarians to ‘‘not only become aware of this evolution, but that they actively intervene to help reshape the institution in ways that are consistent with the core mission of libraries’’.[32] By accepting the existence of new privacy threats within the institution, it becomes possible to see an important new role for librarians. By building on such traditional responsibilities as evaluation of sources, monitoring of information systems, and keeping abreast of new tools or changes in old ones and addressing internal and external information £ows, the librarian could become something akin to a privacy watchdog or auditor.[33] There is some evidence of such a movement. The ALA recently convened a Task Force on Privacy and Confidentiality in the Electronic Environment. The report serves as a valuable augmentation to the ALA’s idealist privacy policy statements by addressing numerous potential privacy violations that emerge from information technology in the library. By dealing with the vagaries and uncertainities of the technology within the library, librarians could help raise individual consciousness of privacy standards in the public library and in public life. Such an undertaking would be in keeping with the values at the heart of the profession, and ultimately help unite ethical ideals with pragmatic policies.

[1] Foerstel, H.N. (1991) Surveiiiance in the Stacks: The FBI’s Library Awareness Program, New York. Greenwood press.

[2] Chepesiuk, R. (1998) Surviving the Unabomber media circus: an interview: with Sherri Wood. American Libraries 29, pp. 27-28.

[3] Rubin, R.E. (1998) Foundations of Library and Information Science. New York. Neal-Schuman.

[4] Kreimer vs Bureau of Police, 958 F.2d 1242, 1255 (3d Cir. 1992) See also, e.g., Board of Education vs Pico, 457 U.S. at 886 (noting that ‘‘public library is ‘a place dedicated to quiet, to knowledge, and to beauty’ ’’ (quoting Brown vs Louisiana, 383 U.S. 131, 142 (1966)); Minarcini vs Strongsville City School Dist., 541 F.2d 577, 582 (6th Cir. 1976) (‘‘A library is a mighty resource in the free marketplace of ideas.’’).

[5] Molz, K.R. & Phyllis, D. (1999) Civic Space/Cyberspace. Cambridge. MIT Press.

[6] DeCew, J.W. (1997) In Pursuit of Privacy-Law, Ethics, and the Rise of Technology. Ithaca, New York, Cornell University press.

[7] Clarke, R. (1996) Privacy and Dataveillance, and Organisational Strategy. Keynote address to the Conference of the I.S. Audit & Control Association, Perth, Western Australia.

[8] Garoogian, R. (1991) Library/Patron confidentiality: An ethical challenge. Library Trends 40(2), pp. 216-233.

[9] Krug, J.F., (1991) Computer-Based Surveillance of Individuals. The First Conference on Computers, Freedom and Privacy, Burlingame, California. 5http://www.cpsr.org/conferences/ cfp91/nycum.html4

[10] Garoogian, R. (1991) Op. cit.

[11] Foerstel (1991) Op. cit.

[12] Ault, U.E. (1990) Note. The FBI’s Library Awareness Program: Is Big Brother Reading Over Your Shoulder? 65N.Y.U.L. Rev. pp. 1532-1565.

[13] Foerstel (1991) Op. cit.

[14] Bielefield, A. & Cheeseman, L. (1994) Maintaining the Privacy of Library Records: A Handbook and Guide, New York. Neal-Schuman.

[15] Huff, J. (1999) Patron confidentially, millennium style; library confidentiality statutes. American Libraries 30(6), p. 86.

[16] A partial list includes: Privacy Act of 1974; Electronic Communications Privacy Act of 1986; Computer Matching and Privacy Protection Act of 1988.

[17] Flaherty, D.H. (1989) Protecting Privacy in Surveillance Societies. Chapel Hill. Uni. of North Carolina Press.

[18] Clarke, R. (1994) The digital persona and its application to data surveillance. The Information Society 10, pp. 77—92.

[19] Rubin (1998) Op. cit.

[20] Molz & Dain (1999) Op. cit.

[21] Sutton, S.A. (1996) Future service models and the convergence of functions: the reference librarian as technician, author and consultant. The Reference Librarian 54, pp. 125—143.

[22] Berman, J. & Mulligan, D. (1999) Privacy in the Digital Age: Work in Progress. Nova Law Review 23(2), pp. 552-582.

[23] Ibid.

[24] Lessig, L. (1999) Code and Other Laws of Cyberspace. New York. Basic Books.

[25] Ibid.

[26] Schwartz, P.M. (1999) Privacy and Democracy in Cyberspace. 52. Vanderbilt Law Review 1607, pp. 1607-1702.

[27] Berman & Mulligan (1999) Op. cit.

[28] Schwartz (1999) Op. cit.

[29] Garoogian (1991) Op. cit.

[30] Schmidt, C.J. (1989) Rights for users of information: Con£icts and balances among privacy, professional ethics, law, national security. In F. Simora (Ed.), The Bowker Annual Library and Book Trade Almanac 1989-90 (pp. 83—90), New York. Bowker.

[31] Clarke, R. (1999) The Legal Context of Privacy-Enhancing and Privacy-Sympathetic Technologies. Presentation at AT&T Research Labs, Florham Park NJ. http://www.anu.edu.au/people/ Roger.Clarke/DV/Florham.html

[32] Besser, H. (1998) The Shape of the 21st Century Library from Milton Wolf et al. (Eds.), Information Imagineering: Meeting at the Interface, Chicago: American Library Association, pp. 133-146.

[33] The American Library Association’s Task Force on Privacy and Confidentiality in the Electronic Environment (2000) Final Report, 7 July. http://www.lita.org/docs/privcon/ report.html#recommend