1 / 13

Configuring Public Access Computers to Protect Patron Privacy

Explore strategies for configuring public access computers to protect patron privacy. Learn how security measures can limit traceable information and confine user activities to their session, increasing privacy in shared computing environments.

abrahamson
Télécharger la présentation

Configuring Public Access Computers to Protect Patron Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Configuring Public Access Computers to Protect Patron Privacy To Save or Not to Save? Strategies for Protecting Patron Information Revisited Amy West, University of Minnesota, westx045@umn.edu ALA Annual Conference, Chicago, IL - 6/26/2005

  2. The Good News • Security intended to reduce maintenance on public access computers can easily protect patron privacy

  3. Less Maintenance = More Privacy? • When a computer is configured to reduce the effects of malware, less information can be written to it and less is preserved. • The fewer traces left of a patron’s activity that are left, the greater the effective privacy of the patron.

  4. Effective Shared Environments • Because public access workstations are public, some configuration decisions will be made to create a welcoming shared computing environment. • These decisions can also have a positive effect on privacy.

  5. What’s Left to Identify Patrons? • Resources out of the control of the library, such as vendor web sites and central authentication hubs can still provide identifiable information.

  6. Minneapolis Public Library Needs • Timed, limited Internet access • Low-maintenance workstations, especially in branches • Screens not visible to staff

  7. Minneapolis Public Library Solution • Timer software that resets every 24 hours • The reset erases preceding data • Deep Freeze configuration protection • This software re-images computers at log-off to remove all configuration changes since the last image • Privacy Screens on Monitors • Limits viewing of monitors to small area directly in front of computer

  8. Minneapolis Public Library Effects • The resetting of the timer software increases privacy because it erases the record of who was on which computer when that day • By removing software artifacts (word processing files, browsing histories, etc.) resulting from each session, patron activity cannot be traced. • Privacy Screens have no effect on patron privacy because everyone always removes them.

  9. University of Minnesota Needs • Low-maintenance workstations, especially in branches • Secure use of University of Minnesota x.500 Central Authentication Hub • At the University of Minnesota, a user’s x.500 username and password gets to grades, HR/Registrar’s information, email, library resources and more.

  10. A University of Minnesota Solution • Workstation configuration tied down • Partitions modeled on Unix systems with hard drive partitions for system files, program files and user files. • Neither the system nor the program partitions are writable by users. • The user partition is cleared at logout • SSL Login to x.500 database • A generic login for non-affiliated users has also been created with limited permissions in the x.500 database. • Internet Explorer’s and Public Browser’s tracking functions are turned off. • No history, no cache. Cookies are retained, but they are tied to the Windows user account which is a generic “public” account.

  11. University of Minnesota Effects • Workstation tied down • Because users can’t do very much on these computers, there’s no path to follow. • SSL Login to x.500 database • No record in the Libraries is retained of who was on when. It is possible to get that information from the Office of Information Technology, but that’s all the information that is retained. • Browser Tracking turned off • Without the history or cache, finding out what someone did while online is limited to what can be gleaned from cookies. • Extra layer of protection for x.500 usernames and passwords

  12. Comment on Browser Tracking • At the University the decision to eliminate browser tracking was not to facilitate privacy. • It was actually to relieve subsequent users from having to see the list of web sites that preceeding users might have looked at. • This decision didn’t assume that preceeding users would be doing anything wrong. There are many valid research needs that would lead User A to offensive web content. We felt there was no reason why User B should have to confront that content, however inadvertently.

  13. Conclusion • Standard security measures intended to decrease maintenance and facilitate shared computing environments can protect privacy because such measures limit what a user can do on a computer, thus limiting traceable information and confine user activities to that user’s session.

More Related