Why Does Library Privacy Matter?

In 2009 Eric Schmidt, then CEO of Google, was asked whether users should be willing to share information with Google as if it were a trusted friend –and Schmidt famously replied, "If you have something you don't want anyone to know, maybe you shouldn't be doing it in the first place."  The Electronic Frontier Foundation noted that this is very close to the famous phrase, "if you've done nothing wrong, you've got nothing to worry about" –beloved of those who are seeking greater law-enforcement powers or processes.  It implies that people who seek to preserve privacy are doing something to worry about, not those who place them under surveillance.

That was then.  In the aftermath of Edward Snowdon's revelations –in particular those that detail the very cozy relationships between the NSA, major firms such as Google, and telecommunications giants such as Verizon– privacy has returned as a positive right, not merely a historical left-over.

A library is probably one of the last places where one can pursue interests and information unobserved.  A mere few years ago this was a sign of obsolescence rather than currency.  Libraries made data surveillance difficult because they weren't high-tech enough.  That has changed too.  Suddenly that obsolescence has become a feature (as in, "that's not a bug, it's a feature!").

Why does it matter?  If there is one thing that Pew survey after Pew survey has found –as well as OCLC and other survey producers– that thing surely has to be: people feel positive about the library "brand."  They want a vibrant, useful library in their academic, residential, or business community whether or not they intend to use it (or have used it).  A library is a "good thing."  People trust libraries, and trust librarians.

Trust is a huge asset, not to be thrown away or discounted casually.  Just ask General Motors, or for that matter, the NSA itself.

In general, libraries do a fairly accurate job of maintaining trust, but could do a lot better.  Circulation records of tangible items are not easily available for public discovery, depending on the laws of state and local jurisdictions.  (Connecticut has alarming little provision of the privacy of library records, for example.)  In any case, circulation records are hard to locate digitally because they are held in highly particular formats in integrated library systems, formats that don't translate readily to standards and common practices outside.  That's wasn't a bug, and now it's a feature.

Library use of external databases is a different matter.  In many systems, all traffic routed through a library proxy will be seen by parties outside the proxy as coming from one machine, one Internet Protocol address.  Separating the sessions would be far harder.  That doesn't cover all library database transactions, however, or even a large portion of them.  Google, Apple, Facebook, and Amazon —in French, GAFA— can monitor a great deal of transactions on library workstations unless those are properly protected.

Eric Hellman has written persuasively (to my mind, at least) about the Library Digital Privacy Pledge here and here.  It's an interesting concept, whether or not the pledge ever receives wide adoption.  Eric's primary focus at this point is to get libraries to use the secure HTTP protocol –HTTPS– as much as possible.  Library digital privacy has, of course, many other aspects that will need to be addressed.

Recently the small New Hampshire public library in West Lebanon (near Dartmouth College) was for the most part bullied away from using the secure browser system TOR by the NSA –although now they have recovered their courage.  TOR has been targeted in the past as the province of drug-dealers, pedophiles, and terrorists –what lovely company– and who would want to be associated with them?  The topic invariably circles back to law enforcement: if you haven't done anything wrong, you've got nothing to hide (even when grammatically challenged!).

In the library no one ever used to track your reading, and no one should now: 3rd article of the American Library Association's Code of Ethics.  Trust is easily lost.  Privacy is easily lost.  A library is a great place to think, write, and read privately.  It's not a bug, it's a feature.