Library Technology Guides

Document Repository

Smart Libraries Newsletter

The Current State of Privacy Practice in Large Library Organizations

Smart Libraries Newsletter [May 2017]


Securing the actions performed on a web-based service via HTTPS has become well established and may soon become the expected norm. Organizations dealing with financial data, medical records, or other confidential information routinely implement security via HTTPS. Social networks such as Facebook and Twitter, all the services offered by Google, and most news sites now operate entirely over HTTPS. Consistent with this growing expectation for security and privacy, many web browsers, such as Chrome, now display information or warning indicators for any site not using HTTPS.

As a follow-up to the May/June 2016 issue of Library Technology Reports on “Privacy and Security for Library Systems,” which included data gathered in the last quarter of 2015, we have surveyed the websites of several libraries noting whether selected services use HTTP or HTTPS. The sites reviewed included the members of the Association of Research Libraries (ARL) and a selection of large public libraries. These organizations would more likely have the technical and financial resources to manage their webbased services according to current expectations for privacy and security. As some of the largest libraries in North America, they are also most likely to have adopted privacy policies and the technical expertise to implement them.

For each of the organizations selected, we tabulated the status of the library's main website, the primary online catalog, and discovery service. These services remain within the control of the library and can be considered key indicators of the level of privacy possible as patrons make use of the library's online services. Especially for academic libraries, some may offer a link to the online catalog of their ILS as well as an index-based discovery service. The concept of the online catalog does not apply to those using products such as Alma or WorldShare Management Services. The discovery interface provides access to both local holdings and article-level content. There are a small number of academic libraries among those reviewed that offer an online catalog but not a discovery service.

Our review of the web-based resources of these libraries (shown in Tables 1 and 2 on the following page) reveals improvements beyond what was observed in 2015, but shows that the majority continues not to enforce encryption to protect patron privacy. Out of the 124 ARL member libraries considered, only 42 percent present their website using HTTPS. Out of the 25 major public libraries considered, only 36 percent deploy their website using HTTPS. Table 3 breaks down Table 2, revealing the 25 major public libraries in the United States and looking at the security of each library's catalog and website. The following two charts on page 6 shows the percentage of ARL member libraries employing each of the different catalog and discovery services available.

In the context of the prevailing expectation that reputable websites are deployed using HTTPS, libraries lag behind other types of organizations in a wholesale shift toward providing this level of privacy and security for their web-based services. This observation is surprising given the concern libraries state regarding patron confidentiality and privacy. As libraries work to improve their technical infrastructure, those that value the privacy of their patron's use of the online services will want to give high priority to the implementation of HTTPS for the systems under their control.

Beyond the values of the library profession to protect patron privacy, the urgency of this change is also driven by upcoming changes in the way that browsers flag page security. Google's Chrome browser already displays an informational message for sites presented through HTTPS: “your connection to this site is not secure.” Although no specific date has been set, Google states that future versions of its browser will elevate the warning with a conspicuous red “Not secure” indicator. I would urge libraries to move rapidly toward comprehensive use of HTTPS for their web-based resources in advance of this change if they want their resources to be perceived as trusted and reliable.

ARL Member Libraries
Percent https13%13%17%42%29%24%
Largest 25 Public Libraries in North America
Percent https8%28%36%48%
ARL Member Libraries
WebsiteCatalogSecure?Discovery InterfaceDiscovery Secure?
Arizona State UniversityyWebPac PronSummony
Auburn University LibrariesnVuFindnnone
Boston CollegenPrimon
Boston UniversitynPrimon
Boston Public LibrarynBiblioCommonsy
Brigham Young UniversityyeLibrarynLocaly
Brown UniversityyBlacklightySummonn
Case Western Reserve UniversitynWebPac PronSummonn
Center for Research LibrariesnWebPac Pron
Colorado State UniversitynPrimoy
Columbia UniversitynBlacklighty
Cornell UniversityyBlacklighty
Dartmouth CollegeyWebPac PronSummony
Duke UniversityyLocal/EndecayDrupal/Summonn
Emory UniversitynPrimon
Florida State UniversityyMangoySummonn
George Washington UniversitynDrupalnDrupal/Summonn
Georgetown UniversitynWebPac PronSummonn
Georgia Institute of TechnologynPrimon
Harvard UniversitynAlephnPrimon
Howard UniversitynWebVoyagenSummonn
Indiana UniversityyBlacklightyDrupal EDS APIy
Iowa State UniversitynPrimon
Johns Hopkins UniversitynBlacklightyBlacklighty
Kent State UniversitynWebPac ProyEDSn
Louisiana State UniversityneLibraryyEDSn
Massachusetts Institute of TechnologyyEDSyEDSy
McGill UniversitynalephyWorldCatn
McMaster UniversityyVuFindn
Michigan State UniversityyWebPac ProySummony
National Archives and Records Administrationy
National Research Council CanadanWebPac PronSummonn
New York State Libraryn
New York UniversitynPrimonXerxes / EDSy
New York Public LibraryyEncoren
North Carolina State UniversityyLocalyLocal/Summonn
Northwestern Universitynprimon
Ohio State UniversityyWebPac PronWorldcatn
Oklahoma State UniversityyPrimonPrimon
Pennsylvania State Universityye-LibrarynSummony
Princeton UniversitynBlacklight/Primoy
Purdue Universityyprimon
Queen's UniversitynWebVoyageySummonn
Rice UniversityyeLibrarynDrupal EDS APIn
Rutgers UniversityyVuFindyEDS
Smithsonian InstitutionniPacnSummonn
Southern Illinois UniversitynVuFindyEDS?
Stony Brook UniversitynAlephnEDSn
Syracuse UniversityyWebVoyagenSummonn
Temple UniversitynWebPac PronSummonn
Texas A&M UniversitynWebVoyagenEDS
Texas Tech UniversityyPrimoyPrimoy
Tulane UniversitynWebVoyagenPrimon
Library of CongressyLocaly
National Agricultural LibraryyVoyagery
National Library of MedicineyVoyagerypubmedy
Universite LavalnArianen
University at AlbanyyAlephnEDS
University at BuffalonVuFindnSummonn
University of AlabamayWebVoyagenDrupal EDS APIn
University of AlbertayBlacklightyEDSy
University of ArizonanWebPac PronSummonn
University of British ColumbianWebVoyagenSummonn
University of CalgarynDrupal / Summonn
University of California -- BerkeleynWebPac PronEDSn
University of California -- Davisyprimoyprimoy
University of California -- IrvinenWebPac Pron
University of California -- Los AngelesnWebVoyagenSummonn
University of California -- RiversideyWebPac PronWorldCat Localn
University of California -- San DiegoyWebPac Pron
University of California -- Santa BarbaranAlephn
University of ChicagoyVuFindyEDS API
University of CincinnatiyWebPac PronSummonn
University of Colorado -- BouldernWebPac PronSummon
University of Connecticutnprimonprimon
University of DelawareyWorldCatyWorldCaty
University of FloridanMangonSummonn
University of GeorgianVuFindnEDSn
University of GuelphnprimonPrimon
University of Hawaii -- ManoanVoyageryprimon
University of HoustonnWebPac PronPrimon
University of Illinois -- ChicagoyVuFindySummonn
University of Illinois at Urbana-ChampaignnVuFindnLocal?n
University of IowanprimonPrimon
University of KansasyVoyageryPrimon
University of Kentuckynprimonprimon
University of LouisvillenWorldCatyWorldCaty
University of ManitobanPrimonPrimon
University of MarylandnAlephnWorldCaty
University of Massachusetts -- AmherstyAlephyWorldCatn
University of MiamiyPrimonPrimon
University of MichiganyVuFindnDrupaln
University of Minnesota -- Twin CitiesyPrimonPrimon
University of Missouri -- ColumbianWebPac PronEDSn
University of MontrealnPrimonPrimon
University of Nebraska -- LincolnnWebPac PronEncoren
University of New MexiconWorldCatyWorldCaty
University of North Carolina -- Chapel HillnEndecanLocaln
University of Notre Dameyprimonprimo
University of Oklahomayprimonprimon
University of Oregonnprimonprimon
University of OttawayWebPac Proyprimon
University of PennsylvanianLocalnlocaln
University of PittsburghnvoyagernSummonn
University of RochesteryWebVoyagenSummonn
University of SaskatchewannWebPac PronPrimon
University of South CarolinanWebPac PronEncore
University of Southern CaliforniayElibraryySummonn
University of Tennessee -- KnoxvilleyPrimonPrimon
University of Texas -- Austin LibrariesnWebPac PronSummonn
University of TorontoyLocal?nSummon APIy
University of UtahyPrimonPrimon
University of VirginianBlacklightnBlacklightn
University of WashingtonnPrimonPrimon
University of WaterloonPrimonLocaln
University of Western OntarioyWebPac PronSummonn
University of Wisconsin -- MadisonyLocal?yPrimoy
Vanderbilt Universityne-LibrarynLocal / Primon
Virginia TechnWebPac PronSummonn
Washington State UniversitynPrimonPrimon
Washington University in Saint LouisyWebPac PronPrimoy
Wayne State UniversityyWebPac PronLocal / Summonn
Yale UniversitynWebVoyagenLocaln
York UniversityneLibrarynVuFindy
Major Public Libraries in the United States
Los Angeles Public Library, CAnLS2 PACn
New York Public LibrarynEncoren
County of Los Angeles Public Library, CAneLibraryn
Chicago Public Library, ILyBiblioCommonsy
Brooklyn Public Library, NYyBiblioCommonsy
Queens Borough Public Library, NYnLocaln
Miami-Dade Public Library System, FLnPowerPACn
Houston Public Library, TXnPortfolioy
Harris County Public Library, TXnPortfolioy
Broward County Libraries Division, FLnLS2 Pacn
San Antonio Public Library, TXnWebPac Pron
Orange County Public Libraries, CAnEnterprisey
Free Library of Philadelphia, PAnVuFindy
Phoenix Public Library, AZyPowerPACy
Las Vegas-Clark County Library District, NVnWebPac Pron
Hawaii State Public Library System, HInEnterprisen
King County Library System, WAyBiblioCommonsy
Sacramento Public Library, CAyEncoren
San Diego Public Library, CAyBiblioCommonsy
Hillsborough County Public Library Cooperative, FLnPowerPACn
Dallas Public Library, TXyPowerPACn
San Bernardino County Library, CAnPowerPACn
Riverside County Library System, CAyPowerpacy
Hennepin County Library, MNnBibliocommonsy
Orange County Library District, FLyWebPac Proy
View Citation
Publication Year:2017
Type of Material:Article
Language English
Published in: Smart Libraries Newsletter
Publication Info:Volume 37 Number 05
Issue:May 2017
Publisher:ALA TechSource
Place of Publication:Chicago, IL
Record Number:22590
Last Update:2022-11-22 15:38:21
Date Created:2017-05-12 10:47:11