My library has been researching the SirsiDynix® Social Library app for Facebook. While there appears to be incredible potential in such social media-based library apps (friend recommendations, reviews, wish-lists, in-platform catalog interactions), for me it raises some serious concerns about patron data and privacy.
And it’s not just my innate antipathy to the thought of sharing any of our patron information with Facebook – an organization that sets the standard of notoriety for selling users’ personal info to any advertiser that wants it…
Hypothetical scenario: You’ve heard people talking about The Anarchist Cookbook and you’re curious to know why it’s such a controversial work. You get ahold of a copy and read it, and you find yourself surprisingly impressed by it. You rate it well on Goodreads, and recommend it to your friends on Facebook using a social book app in hopes of spurring some interesting discussion… Six months later, some nutjob in your town bombs a federal building. The next thing you know, the FBI is very interested in you because, not only does your social media profile state that you read The Anarchist Cookbook – a book that espouses anarchy, teaches people how run agitprop campaigns, and, oh yeah, contains instructions on how to make homemade explosives – you also spoke well of it in public forums, you openly stated that it impressed you.
Sound far-fetched? After Timothy McVeigh and Terry Nichols bombed the Alfred P. Murrah Federal Building in Oklahoma City in 1995, it came to light in interviews and during the trial that both men were profoundly influenced by The Anarchist Cookbook. Suddenly, the FBI and other law enforcement agencies became very keen to know who else in the country was reading this book. Many libraries were asked to provide patron usage data to investigators for this purpose.
In 1995, libraries had well-established legal grounds to deny such requests to law enforcement agencies on the basis of patron privacy. Access to information is crucial to the maintenance of a healthy democracy – but it doesn’t work if people are scared to take advantage of that access for fear of exposing themselves to suspicion. Accessing information resources must be free from the possibility of reprisal or it cannot fulfill its purpose in our society and culture.
After 9/11, the FBI, along with other investigative and law enforcement agencies, served thousands of requests for information – including court orders, subpoenas, and national security letters – to libraries throughout the country, demanding to know what local library patrons were reading and consuming. In some cases, they were looking for data to confirm suspicions about particular persons of interest; in many cases, though, they just wanted raw data to profile the community to try and identify potentially suspicious persons. With the passage of the USA PATRIOT Act, the legal groundwork for libraries to refuse such information requests was deeply undermined. In order to protect patron privacy, many libraries ceased keeping such data at all. After all, it’s not a refusal to comply if you honestly don’t have the information to give. They set up their record-keeping (those libraries that weren’t already doing it this way, at any rate) so that their circ data only attached to item records and kept no connection to patron records. That way, they still knew which items circulated how often and when – sufficient for collection planning and budgeting purposes – but they couldn’t know who checked out or used any given items. It maintained patron privacy such that there could be no possibility of violating it.
The purpose of rehashing this history is to illustrate the fundamental and inviolate importance of patron privacy in library services. Patron privacy is the bedrock ethic that governs all of our data collection policies and procedures.
In order to work, social book services (like SirsiDynix® Social Library) require patrons to expose their library usage in public. These services function, essentially, by largely undoing the patron privacy protections that we set up on our end. Yes, it’s a patron’s choice to use these services, so technically it’s not the library exposing their data. And no, these services don’t expose any behavior online that isn’t exposed by a service like Goodreads. But remember – Goodreads isn’t attached to any particular library; that may seem like a specious distinction, but it means that, while Goodreads and similar services expose reader behavior, they don’t expose library usage… and that can be crucial for libraries to maintain that sense of patron privacy and safety of exploration.
Patrons can’t be expected to realize the potential dangers of publicly exposing their library usage data; but librarians know those dangers all too well. If we encourage our patrons to use social book apps that we select and implement, and that they can only access using their library-specific credentials, by actively assisting our patrons to expose their own library usage – are we not violating the ethical responsibility that has guided our patron privacy policies thus far? Are we not then failing in our duty to protect patron privacy within the library’s sphere of influence to the greatest extent that we can?
I realize that this is an overly paranoid reaction on my part… but something about all these social media-based services makes me nervous. While I love many aspects of these services – and the extended library services they allow us to provide – I’m not sure I like all of the doors they’re potentially opening. I’m not certain that this is the best way to future proof our patrons’ privacy. It may be that these services won’t be worth the price we pay for them.