Concern for keeping records related to the details and borrowing activity of patrons has been a longstanding priority for libraries. We expect integrated library systems and related applications to include features to handle any data that specifically identifies a patron securely. As with any computer application, security features should be in place to prevent unauthorized intrusion. Beyond industry-standard security practices, libraries have an additional set of requirements related to protecting the identity and privacy of their patrons, especially related to any materials or electronic content borrowed or consulted.
Many libraries require the ability to remove links or data related to items charged out to a patron out of concern for privacy. Should a library receive an order from law enforcement or should an intrusion attempt succeed, only a minimal amount of data related to reading history would be available. This approach of anonymizing circulation transactions addresses privacy concerns, retains statistical data needed for creating reports describing collection use, but also limits the capability to use previous search and borrowing history to deliver personalized services to community members. Online catalog or discovery services might enable borrowers to set a preference to preserve their borrowing or search history, but few may be aware of the option or its implications. In the context where commercial entities aggressively collect personal data, individuals may both have concerns about the invasion of their privacy, but also appreciate personalized services.
Scrubbing circulation transaction histories, however, only scratches the surface of the larger set of vulnerabilities that library systems must address to effectively manage patron privacy. A variety of other security features must be employed related to the storage and transmission of patron details and activity.
In support of circulation, integrated library systems manage records for each library patron, including a variety of personal details. Although these records may not include credit card numbers, they do contain information of considerable interest to identity thieves. When stored as clear text, any intruder to the system gains easy access to these sensitive details. Encryption technologies provide an additional layer of protection that keeps data secure even when an unauthorized entity gains physical access. Computer applications regularly use encryption to protect the files that contain usernames and passwords, credit card data, or other categories of sensitive data. While most library systems follow industry practices to encrypt login credentials, encrypting the patron files themselves is not a common practice.
Beyond the internal storage of data files, how systems transmit patron sessions over the web represents one of the most troubling vulnerabilities for privacy. In today's environment, it should be assumed that any text sent over the web as clear text can be intercepted and used by any unknown third party. The session of a patron searching and viewing items through a library's catalog or discovery service includes potentially sensitive data regarding content consumption, including any queries typed by the user, items displayed in response to that query, and those selected, viewed or downloaded. If logged in, any text displayed form their account profile, including items currently charged, fines owed, or personal details would likewise be exposed. Other clues can tie session data to a particular individual, including their IP address, geolocation data, serial numbers from their devices, or data gleaned from e-mail or other applications that might transmit personal details.
As with the internal storage of sensitive of files, encryption provides a high level of security to text transmitted via the Internet. It is universally expected that Web pages involving credit card payments and user-logins be delivered securely. By now, we all know to check for the padlock on our Web browsers before entering a credit card number on any Web site.
Use of encryption for patron session in library catalog or discovery services can be employed to vastly improve the privacy of patrons. In current practice, many library systems use selective encryption, primarily for log-in sequences and for the display of patron profiles. Encryption of the entire session to protect queries, results, and selections has not been widely deployed.
In the past, encryption of Web pages required considerable hardware and software resources, and was activated only for sensitive transactions. Now encryption consumes only a small increment of resources. Major destinations including Facebook, Google, Twitter employ encryption comprehensively, as would e-banking and any other site involving financial, proprietary, or financial data. Libraries can close a major vulnerability in patron privacy through the use of comprehensive encryption for their entire Web presence, especially their online catalogs or discovery services. Making this change requires only a moderate level of technical difficulty and involves obtaining digital certificates and changing Web server configuration. In many cases, the library may need to work with the vendor that provides the product to make these changes. Encrypting patron sessions addresses a significant vulnerability, but shouldn't be considered the only area of concern. Libraries and their system vendors need to diligently analyze and assess all aspect of their systems and services to discover and close any other cracks from which patron details may leak.
See the January 2015 issue of Smart Libraries Newsletter published by ALA TechSource for more detailed discussion and results of a brief vendor survey on how the major online catalogs and discovery services handle security and patron privacy.