1 / 77

Library Privacy Audits and Search Warrants: Preparing for Inquiries into User Records

Library Privacy Audits and Search Warrants: Preparing for Inquiries into User Records. Karen Coyle and Mary Minow. Infopeople Webcast November 4, 2004. Library Privacy Audits. Karen Coyle. Infopeople Webcast November 4, 2004. Housekeeping. New interface! HorizonLive is now HorizonWimba

nuncio
Télécharger la présentation

Library Privacy Audits and Search Warrants: Preparing for Inquiries into User Records

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Library Privacy Audits and Search Warrants: Preparing for Inquiries into User Records Karen Coyle and Mary Minow Infopeople Webcast November 4, 2004

  2. Library Privacy Audits Karen Coyle Infopeople Webcast November 4, 2004

  3. Housekeeping • New interface! HorizonLive is now HorizonWimba • Today’s webcast: • presentation: 100 minutes • Q&A: final 20 minutes • Submit your questions via ‘Chat’ during webcast so presenter gets them in time • Fill out evaluation during Q&A Don’t wait for Q&A to submit questions Webcast Archives: http://infopeople.org/training/webcasts/archived.html

  4. When to Use Chat • Get help with technical difficulties • send message to “HorizonHelp” • Ask presenter questions • send message to “ALL” • Chat with other participants • “select name from dropdown list” Chat Area There List of Participants There

  5. Privacy Today

  6. Privacy Today

  7. Privacy Today 111-22-3333

  8. “Data Mining” SSN zip code date of birth public records

  9. “Data Mining” SSN zip code date of birth public records

  10. Privacy Today – in Libraries • Computer systems create records where none existed before

  11. Privacy Today – in Libraries • Computer systems create records where none existed before • Library services go beyond library walls

  12. Privacy Today – in Libraries • Computer systems create records where none existed before • Library services go beyond library walls • Library network is part of a larger networked world

  13. Privacy Today – in Libraries • Computer systems create records where none existed before • Library services go beyond library walls • Library network is part of a larger networked world • Any library data is in the context of the “data soup”

  14. What libraries can do.... Be responsible keepers of information about our patrons and library use Be honest and informative

  15. Service and Privacy More service can require more user information “Personalization” is ... personal

  16. Security and Privacy An insecure system cannot protect the privacy of users Desire for security can lead to monitoring and logging of use

  17. Rules for data collection • Only gather data that is absolutely necessary to perform the function • Do not keep data longer than is needed to perform the function • Limit access to those persons who must work with the data

  18. Library Application Systems Circulation and Borrower Records • Patron database • Circulation records • Fines and payments • Document delivery • ILL requests and fulfillments • Electronic reserves • OPAC logs

  19. Library Application Systems Personalized Services • Saved searches or bibliographies • Automated search profiles (SDI) • Virtual reference • “my library” personal view • email services

  20. Library Web Site • Web server logs • Proxy server logs • Cookies • Forms and email

  21. Sample web log 204.123.28.31 - - [23/Jun/2002:02:21:31 -0400] "GET /reach.html HTTP/1.0" 200 2186 "-" "Mercator-2.0" 204.123.28.31 - - [23/Jun/2002:02:21:39 -0400] "GET /htdig/search.html HTTP/1.0" 200 1083 "-" "Mercator-2.0" 204.123.28.31 - - [23/Jun/2002:02:21:47 -0400] "GET /privacy-policy.html HTTP/1.0" 200 4406 "-" "Mercator-2.0" 204.123.28.31 - - [23/Jun/2002:02:21:54 -0400] "GET /best.html HTTP/1.0" 200 5780 "-" "Mercator-2.0" 204.123.28.31 - - [23/Jun/2002:02:22:01 -0400] "GET /upto.html HTTP/1.0" 200 4171 "-" "Mercator-2.0" 204.123.28.31 - - [23/Jun/2002:02:22:13 -0400] "GET /cfp2002.html HTTP/1.0" 200 4745 "-" "Mercator-2.0"

  22. Sample web log 204.123.28.31 - - [23/Jun/2002:02:21:23 -0400] "GET /topiclist.html HTTP/1.0" 200 17602 "-" "Mozilla/3.01-C-MACOS8 (Macintosh; I; PPC)"" Internet address of user: 204.123.28.31 Date and time: [23/Jun/2002:02:21:23 -0400] Requested document: "GET /topiclist.html " Browser: "Mozilla/3.01-C-MACOS8 (Macintosh; I; PPC)"

  23. Sample web log 204.123.28.31 - - [23/Jun/2002:02:21:23 -0400] "GET /topiclist.html HTTP/1.0" 200 17602 "-" "Mozilla/3.01-C-MACOS8 (Macintosh; I; PPC)"" Internet address of user: 204.123.28.31 Date and time: [23/Jun/2002:02:21:23 -0400] Requested document: "GET /topiclist.html " Browser: "Mozilla/3.01-C-MACOS8 (Macintosh; I; PPC)"

  24. Sample web log 204.123.28.31 - - [23/Jun/2002:02:21:23 -0400] "GET /topiclist.html HTTP/1.0" 200 17602 "-" "Mozilla/3.01-C-MACOS8 (Macintosh; I; PPC)"" Internet address of user: 204.123.28.31 Date and time: [23/Jun/2002:02:21:23 -0400] Requested document: "GET /topiclist.html " Browser: "Mozilla/3.01-C-MACOS8 (Macintosh; I; PPC)"

  25. Sample web log 204.123.28.31 - - [23/Jun/2002:02:21:23 -0400] "GET /topiclist.html HTTP/1.0" 200 17602 "-" "Mozilla/3.01-C-MACOS8 (Macintosh; I; PPC)"" Internet address of user: 204.123.28.31 Date and time: [23/Jun/2002:02:21:23 -0400] Requested document: "GET /topiclist.html " Browser: "Mozilla/3.01-C-MACOS8 (Macintosh; I; PPC)"

  26. Sample Web Log Can include searches “http:www.google.com/search?hl=en&ie=UTF-8&oe=UTF8&q=library+not+safe+place"

  27. Public Workstations • Browser cache and history • Cookies • Saved data • Login records • Sign-up sheets or systems

  28. Remote Services Databases and licensed services • Logons (in library or from home) • Personalization • Statistics

  29. Remote Services Internet use User education The Internet is outside of the library

  30. Privacy audit materials http://www.kcoyle.net/infopeople/

  31. For each: • What data exists? • Where is it located? • Who has access? • How long is the data kept?

  32. For each: • What data exists? • Where is it located? • Who has access? • How long is the data kept? What is gathered and what does reveal? Is it within the library’s control? Who must have access to do their job? How long is this data really needed?

  33. Example: Saved bibliography

  34. Example: Saved bibliography • Remind users to delete saved bibliographies they are no longer using • Remove bibliographies for user accounts that are no longer active • Inform users that although the library wishes to provide a secure environment, it cannot guarantee the privacy of these files.

  35. Example: Web logs

  36. Example: Web logs • If using web logs for statistics, gather statistics immediately and then purge the logs • If logs must be kept, “anonymize” the user’s identity by removing all or part of the user’s incoming Internet address

  37. Summary • Identify system areas where data is stored • Determine how long it is needed, and who should have access • Educate staff and educate users

  38. Thank You. Karen Coyle http://www.kcoyle.net

  39. Search Warrants: Preparing for Inquiries into User Records Mary Minow Infopeople Webcast November 4, 2004

  40. Legal Disclaimer Legal information Not legal advice!

  41. Responding to Requests for Patron Records Federal, State, Local Requests for records Records vs Observations Subpoenas vs Search Warrants Responding to Search Warrants

  42. Records vs. Observations Records circulation registration Internet sign-ups (maybe) Observations “plain view” (what’s visible on screen) patron behavior physical descriptions

  43. California Law Protects Library Registration and Circulation Records Administration of the library Consent – Written Order of superior Exceptions ACC Court California Govt Code Sect. 6267

  44. Records vs. Observations Records circulation registration Internet sign-ups (maybe) Observations “plain view” (what’s visible on screen) patron behavior physical descriptions Records vs. Observations Need Court Order

  45. Records vs. Observations Records circulation registration Internet sign-ups (maybe) Observations “plain view” (what’s visible on screen) patron behavior physical descriptions Records vs. Observations Need Court Order Don’t Need Court Order

  46. Observations: Dead Body in Library Parking Lot Memphis Public Library Green Plymouth Fury “massive amount of flies” Police found dead body Tennessee v. Rickman, 2002 Tenn. Crim. App. LEXIS 449 (May 17, 2002)

  47. Observations: Tylenol Murders Librarian tipped off FBI

  48. Observations: Library Security Videotapes Children reported man in bookshelves exposing himself Library security tapes showed man leaning forward in bookshelves Convicted - criminal sexual conduct Minnesota v. Sihler, 2002 Minn. App. LEXIS 376

  49. Observation or Records? Facts: Sept 15, 2001 Kathleen Hensman, reference librarian, Delray Beach recognized name of patron Talked to library director Called local police; forwarded to FBI

More Related